From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ie0-f173.google.com (mail-ie0-f173.google.com [209.85.223.173]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 5548621F1D4 for ; Wed, 16 Jan 2013 03:37:17 -0800 (PST) Received: by mail-ie0-f173.google.com with SMTP id e13so2231969iej.18 for ; Wed, 16 Jan 2013 03:37:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=cAJYqgk9QGM8WPdKCdJySc6MC3IhG1o215FaFxk2nss=; b=YpUw6EeNgJFwXyiotMiQG6G55SNMDlVFA1Y6rT6f54gwkQZhBkbRYrTypbVwSEQsWk rLJyR7vPo0SQDPL5PlnqEZQCzPHrUtwuBZcAdeu4DknHNvbb/pgyk2H8RllJi9W2Gon4 lsSe5BY6tZpzZs1Ko4VuoflTcshwDE8AR1PKwvhkLDqcTemKPHWSjnybHsSw+hYF1IXZ 8cqV2mu0g6pGaK2lMv+rFdkGgwlp8XY6CPFTjIq0GYsAuT06qsovdTLz681Hyqwgg/wX c8cv/fLDIcKXYK5JbQnfRXlvF0htglFDMD+oxWWRVvSM9YBRlNgXLcw0ly9oWqmIDmFu T4cQ== MIME-Version: 1.0 X-Received: by 10.50.180.200 with SMTP id dq8mr557100igc.27.1358336236654; Wed, 16 Jan 2013 03:37:16 -0800 (PST) Received: by 10.64.135.39 with HTTP; Wed, 16 Jan 2013 03:37:16 -0800 (PST) Date: Wed, 16 Jan 2013 03:37:16 -0800 Message-ID: From: Dave Taht To: cerowrt-devel@lists.bufferbloat.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: [Cerowrt-devel] cerowrt 3.7.2-3 released, still in a battle with ipv6 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2013 11:37:17 -0000 It's at: http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.7.2-3/ It seems pretty stable but with the ipv6 churn... [insert my std hyperbolic warnings about exposing the release to default gws in front of spouses or young children] features: + dnsmasq 2.66test10 + merge with openwrt head + new unaligned access code from openwrt head (by nbd) and the remainder of the older unaligned patch set (by robert bradley) ported to work on top of that I have not checked to see if all traps are gone, you can look at that via files in /sys/debug/kernel/mips/ - it's mostly the ipv6 related traps I'm concerned about... The checksum routine changed and I did check checksums on a variety of ipv4 ethernet traffic, but not enough to feel assured. + Bug fixed https://www.bufferbloat.net/issues/418 BUG_ON removed on TFO support in the kernel. TFO works. I tested it by: echo 3 > /proc/sys/net/ipv4/tcp_fastopen editing /etc/init.d/polipo to add support for a boolean useTCPFastOpen para= meter adding that parameter to /etc/config/polipo testing with the current version of httping I will update the init script and config in the next spin. ... The churn in how to setup ipv6 sanely continues. The configuration for how to do it has changed significantly again and is documented at: http://wiki.openwrt.org/doc/uci/network6 It's not clear to me to state of the ipv6 dnsmasq integration now. There is much discussion on the dnsmasq-discuss list as to how to do prefix-independent configuration as one example. as for the ipv6 related changes just now come down from openwrt, steven barth tells me that: "6distributed functionality (prefix delegation) was merged into netifd for size reasons. The shell mess which was ipv6-support was abandoned. dhcpv6 is now a regular network proto in netifd (which can be added ontop of other ipv4-wan types or separately for ipv6-only). network6 is unnecessary now. 6rd, 6to4 now automatically publish their prefix. 6in4 adds a new option ip6prefix for adding the routed prefix. LANs / WLANs which want a prefix now just add a option ip6assign 64 to the interface definition. See examples in: http://wiki.openwrt.org/doc/uci/network6 Prefix Announcement / DHCPv6 / Relaying has been untangled and should be moved into the respective daemon config / init. I've done this for 6relayd. For dnsmasq you will have to add config support similar to what is done for DHCP in IPv4, so it should be easy to adapt. Maybe some of the CeroWrt contributors like to add that. I also haven't looked at NPT yet. I've removed the shell-script mess for now as we will not have all targets up to 3.7 in the coming weeks and therefore also not a new ip6tables." AHCP is still lost and lonely in the configuration. I took a stab at enabling ipv6 NPT support myself in this release, but the changes I'd made to the openwrt configuration didn't successfully get the modules to compile nor create a package. My *non-working patch* looked like this, and suggestions as to what sort of magic wand to wave over it welcomed. diff --git a/include/netfilter.mk b/include/netfilter.mk index 1d89e6d..3d65f76 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -154,10 +154,14 @@ $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG)) $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJ= ECT)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_NAT, $(P_V6)nf_nat_ipv6)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_MASQUERADE, $(P_V6)ip6t_MASQUERADE)) +$(eval $(call nf_add,IPT_IPv6,CONFIG_IP6_NF_TARGET_NPT, $(P_V6)ip6t_NPT)) # nat # kernel only +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_NAT, $(P_V6)nf_nat_ipv6, ge 3.7.0),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat $(P_V4)nf_nat_ipv4 $(P_XT)xt_nat $(P_V4)iptable_nat, ge 3.7.0),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_V4)nf_nat $(P_V4)iptable_nat, lt 3.7.0),)) diff --git a/package/kernel/modules/netfilter.mk b/package/kernel/modules/netfilter.mk index 69bdba0..d862c32 100644 --- a/package/kernel/modules/netfilter.mk +++ b/package/kernel/modules/netfilter.mk @@ -164,6 +164,23 @@ endef $(eval $(call KernelPackage,ipt-nat)) +define KernelPackage/ipt-nat6 + TITLE:=3DBasic NAT targets for IPv6 + KCONFIG:=3D$(KCONFIG_IPT_NAT6) + FILES:=3D$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=3D$(call AutoLoad,42,$(notdir $(IPT_NAT6-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-nat6/description + Netfilter (IPv6) kernel modules for basic NAT targets + Includes: + - MASQUERADE + - NPT +endef + +$(eval $(call KernelPackage,ipt-nat6)) + define KernelPackage/ipt-nat-extra TITLE:=3DExtra NAT targets --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html