* [Cerowrt-devel] Updates to the wiki for 3.10.32-12
@ 2014-03-24 16:32 Rich Brown
2014-03-24 16:55 ` Sebastian Moeller
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Rich Brown @ 2014-03-24 16:32 UTC (permalink / raw)
To: cerowrt-devel
Folks,
I updated the wiki to incorporate features of 3.10.32-12.
- The SQM page has been updated to include current screen shots and describe the options. A question: what are the units for the Hard Limit on ingress/egress?
http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_SQM_for_CeroWrt_310
- The Release Notes page has been updated to mention DNSSEC and BCP38. I'm still not clear whether DNSSEC is turned on/operational by default. What should that page say?
http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_310_Release_Notes
- I have added a BCP38 page to give an overview of that page. A question that I haven't seen addressed in the commentary on the list: Does this BCP38 implement also filter out spoofed source addresses? (I imagine it would, but the pages don't specifically say so.)
http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_and_BCP38
Although I try to write carefully, sometimes I'm just makin' stuff up. Comments requested. Thanks.
Rich
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Cerowrt-devel] Updates to the wiki for 3.10.32-12
2014-03-24 16:32 [Cerowrt-devel] Updates to the wiki for 3.10.32-12 Rich Brown
@ 2014-03-24 16:55 ` Sebastian Moeller
2014-03-24 16:55 ` Toke Høiland-Jørgensen
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Sebastian Moeller @ 2014-03-24 16:55 UTC (permalink / raw)
To: Rich Brown; +Cc: cerowrt-devel
Hi Rich,
On Mar 24, 2014, at 17:32 , Rich Brown <richb.hanover@gmail.com> wrote:
> Folks,
>
> I updated the wiki to incorporate features of 3.10.32-12.
>
> - The SQM page has been updated to include current screen shots and describe the options. A question: what are the units for the Hard Limit on ingress/egress?
In most cases its packets, but with bfifo (which currently can not be selected? its bytes (the b in bfifo stands for bytes, if no value given this defaults to txquelength * MTU). I think it should be okay to ignore bfifo for now and just explain this as packets. If we expose bfifo as a selection we can always revisit that…
Best Regards
Sebastian
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_SQM_for_CeroWrt_310
>
> - The Release Notes page has been updated to mention DNSSEC and BCP38. I'm still not clear whether DNSSEC is turned on/operational by default. What should that page say?
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_310_Release_Notes
>
> - I have added a BCP38 page to give an overview of that page. A question that I haven't seen addressed in the commentary on the list: Does this BCP38 implement also filter out spoofed source addresses? (I imagine it would, but the pages don't specifically say so.)
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_and_BCP38
>
> Although I try to write carefully, sometimes I'm just makin' stuff up. Comments requested. Thanks.
>
> Rich
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Cerowrt-devel] Updates to the wiki for 3.10.32-12
2014-03-24 16:32 [Cerowrt-devel] Updates to the wiki for 3.10.32-12 Rich Brown
2014-03-24 16:55 ` Sebastian Moeller
@ 2014-03-24 16:55 ` Toke Høiland-Jørgensen
2014-03-24 17:38 ` Dave Taht
2014-03-24 18:23 ` Jim Gettys
3 siblings, 0 replies; 7+ messages in thread
From: Toke Høiland-Jørgensen @ 2014-03-24 16:55 UTC (permalink / raw)
To: Rich Brown; +Cc: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 749 bytes --]
Rich Brown <richb.hanover@gmail.com> writes:
> - I have added a BCP38 page to give an overview of that page. A
> question that I haven't seen addressed in the commentary on the list:
> Does this BCP38 implement also filter out spoofed source addresses? (I
> imagine it would, but the pages don't specifically say so.)
It blocks the configured subnets:
- at ingress on one
- at egrees on destination.
I.e. a packet arriving on the WAN interface *from* one of the configured
subnets or a packet departing the WAN interface *towards* one of the
configured subnets will get dropped.
You could presumably still send a packet from the inside with a spoofed
source address, but that source address would then get rewritten by the
NAT filter...
-Toke
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 489 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Cerowrt-devel] Updates to the wiki for 3.10.32-12
2014-03-24 16:32 [Cerowrt-devel] Updates to the wiki for 3.10.32-12 Rich Brown
2014-03-24 16:55 ` Sebastian Moeller
2014-03-24 16:55 ` Toke Høiland-Jørgensen
@ 2014-03-24 17:38 ` Dave Taht
2014-03-25 11:41 ` Rich Brown
2014-03-24 18:23 ` Jim Gettys
3 siblings, 1 reply; 7+ messages in thread
From: Dave Taht @ 2014-03-24 17:38 UTC (permalink / raw)
To: Rich Brown; +Cc: cerowrt-devel
BTW: how are you selecting the different gui?
On Mon, Mar 24, 2014 at 9:32 AM, Rich Brown <richb.hanover@gmail.com> wrote:
> Folks,
>
> I updated the wiki to incorporate features of 3.10.32-12.
>
> - The SQM page has been updated to include current screen shots and describe the options. A question: what are the units for the Hard Limit on ingress/egress?
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_SQM_for_CeroWrt_310
Usually packets, unless you are using the undocumented bfifo qdisc option.
>
> - The Release Notes page has been updated to mention DNSSEC and BCP38. I'm still not clear whether DNSSEC is turned on/operational by default. What should that page say?
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_310_Release_Notes
It's on by default, however, we MUST decide on some 100% robust method
for getting time on boot
before the stable release.
Otherwise boxes that sit for a while before being turned on (consider
boxes shipped on a boat
from china) or those that can't get ntp at all will be locked out.
I am enjoying the flood of ideas on this topic going by on another
thread. (it would be good
to broaden the thread to relevant ntp, dnssec mailing lists)
> - I have added a BCP38 page to give an overview of that page. A question that I haven't seen addressed in the commentary on the list: Does this BCP38 implement also filter out spoofed source addresses? (I imagine it would, but the pages don't specifically say so.)
Depends on your definition of "spoof".
1) For example a babel node with a real IP inside of a natted network
would still be accepted (and natted) on egress. Can't solve everything...
2) The implementation is capable of filtering out or accepting a large
number of networks, as per bcp38. The default is basically the best
that can be done for a home/natted network.
Given that this is intended to give a cluebat, showing an example for
a provider with a real network would be useful...
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_and_BCP38
>
> Although I try to write carefully, sometimes I'm just makin' stuff up. Comments requested. Thanks.
good work!
> Rich
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Cerowrt-devel] Updates to the wiki for 3.10.32-12
2014-03-24 16:32 [Cerowrt-devel] Updates to the wiki for 3.10.32-12 Rich Brown
` (2 preceding siblings ...)
2014-03-24 17:38 ` Dave Taht
@ 2014-03-24 18:23 ` Jim Gettys
3 siblings, 0 replies; 7+ messages in thread
From: Jim Gettys @ 2014-03-24 18:23 UTC (permalink / raw)
To: Rich Brown; +Cc: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 941 bytes --]
On Mon, Mar 24, 2014 at 12:32 PM, Rich Brown <richb.hanover@gmail.com>wrote:
> Folks,
>
> I updated the wiki to incorporate features of 3.10.32-12.
>
> - The SQM page has been updated to include current screen shots and
> describe the options. A question: what are the units for the Hard Limit on
> ingress/egress?
>
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_SQM_for_CeroWrt_310
>
> - The Release Notes page has been updated to mention DNSSEC and BCP38. I'm
> still not clear whether DNSSEC is turned on/operational by default. What
> should that page say?
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_310_Release_Notes
>
>
DNSSEC works for me...
There are plug-ins for both firefox and chrome for dnssec, so it's easy to
know if it is working. www.bufferbloat.net is signed (even for IPv6) so
it's easy to check (cheery green key in the URL bar on my chrome).
- Jim
[-- Attachment #2: Type: text/html, Size: 1956 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Cerowrt-devel] Updates to the wiki for 3.10.32-12
2014-03-24 17:38 ` Dave Taht
@ 2014-03-25 11:41 ` Rich Brown
2014-03-25 13:15 ` David Personette
0 siblings, 1 reply; 7+ messages in thread
From: Rich Brown @ 2014-03-25 11:41 UTC (permalink / raw)
To: cerowrt-devel
Thanks for those comments. I have updated these pages:
http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_310_Release_Notes
http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_SQM_for_CeroWrt_310
Rich
PS The updated GUI is available through System -> Language and Style (select "Bootstrap")
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Cerowrt-devel] Updates to the wiki for 3.10.32-12
2014-03-25 11:41 ` Rich Brown
@ 2014-03-25 13:15 ` David Personette
0 siblings, 0 replies; 7+ messages in thread
From: David Personette @ 2014-03-25 13:15 UTC (permalink / raw)
To: Rich Brown; +Cc: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 1398 bytes --]
Rich,
Sorry for the late input. I didn't really think about it until you
mentioned the updated GUI, as I so seldom use it. About the screenshots,
should they use the default theme? The options I see are:
A) Use "openwrt.org" theme that a new user would see
B) Update the default theme to "bootstrap"
Personally I find the new "bootstrap" theme more esthetically pleasing and
modern. It's hard for me to generalize (I'm not neuro-typical, in the
autistic spectrum, albeit in the highly functional group thankfully). That
being said, IIRC (If I Recall Correctly) I found the double layers of tabs
mildly confusing at first. The menu system is something that (nearly) all
users are already familiar with (particularly those that would be
configuring a router...).
Thanks for your work on the wiki.
--
David P.
On Tue, Mar 25, 2014 at 7:41 AM, Rich Brown <richb.hanover@gmail.com> wrote:
> Thanks for those comments. I have updated these pages:
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_310_Release_Notes
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_SQM_for_CeroWrt_310
>
> Rich
>
> PS The updated GUI is available through System -> Language and Style
> (select "Bootstrap")
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
[-- Attachment #2: Type: text/html, Size: 2433 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-03-25 13:15 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-24 16:32 [Cerowrt-devel] Updates to the wiki for 3.10.32-12 Rich Brown
2014-03-24 16:55 ` Sebastian Moeller
2014-03-24 16:55 ` Toke Høiland-Jørgensen
2014-03-24 17:38 ` Dave Taht
2014-03-25 11:41 ` Rich Brown
2014-03-25 13:15 ` David Personette
2014-03-24 18:23 ` Jim Gettys
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox