From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ie0-x22d.google.com (mail-ie0-x22d.google.com [IPv6:2607:f8b0:4001:c03::22d]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id D151721F203 for ; Sun, 16 Jun 2013 15:35:21 -0700 (PDT) Received: by mail-ie0-f173.google.com with SMTP id k13so5452709iea.18 for ; Sun, 16 Jun 2013 15:35:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=HMsinT11p9aiantULRPHwaRUL2hsOTHQ4WuMJ/y2NIg=; b=I8U74qsdO6bJJH+s/Bw1uMXIZFoPXsqyDxu2PkK+5EHtkFCj00RLWi/9XjNcmH478l gVgnBY0q2QgiTHOJsKo5Vnb5n6h74eEaIN0GNFwqT07L+HVl+nlY5qvLCcqJIzpGUMVR 1+yiDeaOyfH4iOw2PqThUkgFMXkprTvpwQBTGuNE1zi+fR03F6NUMsB4L7a3I40bYqfk N2MB0UnHHMfecX9oWQx/0ppGMyX6lR1E0NPJIWUqQ3OsJ8OKQjxHcwZ/ZwTm///znGs/ r6zK+mHrBkNee8Jy9veCRt4jfNfFCByJAoHR7dbjsOgiLb9vdXgV9FWoikPFlJmmqdoX +qRQ== MIME-Version: 1.0 X-Received: by 10.50.134.136 with SMTP id pk8mr3446254igb.32.1371422121166; Sun, 16 Jun 2013 15:35:21 -0700 (PDT) Received: by 10.64.45.137 with HTTP; Sun, 16 Jun 2013 15:35:21 -0700 (PDT) In-Reply-To: <87sj0hofjf.fsf@toke.dk> References: <87ip1dpw2y.fsf@toke.dk> <87sj0hofjf.fsf@toke.dk> Date: Sun, 16 Jun 2013 15:35:21 -0700 Message-ID: From: Dave Taht To: =?ISO-8859-1?Q?Toke_H=F8iland=2DJ=F8rgensen?= Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] Field Report - installing 3.8.13-7 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jun 2013 22:35:22 -0000 On Sun, Jun 16, 2013 at 3:29 PM, Toke H=F8iland-J=F8rgensen = wrote: > Rich Brown writes: > >> As noted above, 6in4 addresses seem to work, however, I did see a lot >> of error messages as a result of running the 6in4 tunnel configuration >> script. I've attached it to see if there's anything amiss=85 I'm still looking for benchmark data on the rrul test over 6in4. I spoke to a hurricane guy about how they do tunnelling, I think there is some fq_codel work to be done over there to help their gateways out in the long run. > Have never used the 6in4 script, but a few of the messages have to do > with the new firewall script: > >> Warning: Option @defaults[0].synflood_rate has invalid value '200' > > This is because the value is wrong. It should be '200/s' and not '200'. It used to be right. > That's a bug, I believe (though a minor one). Fixed in git; you can THX! Polishing up the fenders... > manually add the /s in your /etc/config/firewall if you want to shut it > up. :) I note that in older versions of openwrt the synflood rate was set very low, low enough to be triggered by benchmarks like google chrome's web page benchmark. I don't know the default now. Worse, fixed rate limits like this don't scale up or down well. There are similar fixed rate limits for ipv6 icmp traffic (which cero doesn't do) in the default openwrt firewall rules. I would definately argue that icmp and icmpv6 should be rate limited as a percentage of your overall bandwidth and/or tossed into a special fq_codel class and/or classified background, as someone doing a fast ping probe from a fast host of your entire /48 will eat your entire uplink easily without some limits in place. > >> Warning: Section @rule[0] (domain) does not specify a protocol, >> assuming TCP+UDP > > The new firewall script complains when no protocol is set, but it does > the right thing, so not really sure if I would call it a bug; should be > fixed in git as well, though. > > The rest of the output is because the new firewall is more verbose than > the old one. > > -Toke > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html