[Cerowrt-devel] Turning off the probe blocker

[Cerowrt-devel] Turning off the probe blocker

[Richard A. Smith]

How to I disable the probe blocker?  I'm trying to do some port 
forwarding and every time I nmap my box trying to figure out if its 
working I get banned from ssh for 2 hours.

-- 
Richard A. Smith  <richard@laptop.org>
One Laptop per Child

Re: [Cerowrt-devel] Turning off the probe blocker

[Dave Taht]

On Thu, Jul 11, 2013 at 9:42 AM, Richard A. Smith <richard@laptop.org> wrote:
> How to I disable the probe blocker?  I'm trying to do some port forwarding
> and every time I nmap my box trying to figure out if its working I get
> banned from ssh for 2 hours.

Heh. See the relevant telnet (and ftp, I think) entries in
/etc/xinetd.d and change them to disable = yes. You can probably do
this at a finer grained basis

>
> --
> Richard A. Smith  <richard@laptop.org>
> One Laptop per Child
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] Turning off the probe blocker

[Richard A. Smith]

On 07/11/2013 01:00 PM, Dave Taht wrote:
> On Thu, Jul 11, 2013 at 9:42 AM, Richard A. Smith <richard@laptop.org> wrote:
>> How to I disable the probe blocker?  I'm trying to do some port forwarding
>> and every time I nmap my box trying to figure out if its working I get
>> banned from ssh for 2 hours.
>
> Heh. See the relevant telnet (and ftp, I think) entries in
> /etc/xinetd.d and change them to disable = yes. You can probably do
> this at a finer grained basis

Thanks.  I'll mess with that once I have local access again.

-- 
Richard A. Smith  <richard@laptop.org>
One Laptop per Child

Re: [Cerowrt-devel] Turning off the probe blocker

[Dave Taht]

I incidentally got smokeping up and running on a beaglebone black to
monitor latencies better across the whole network at the yurtlab. For
those of you with ipv6, it's currently globally reachable:

http://monitor.lab.taht.net/cgi-bin/smokeping.cgi?target=Campground-5ghz-Radios

There are numerous options (like traceroute, etc) to put into
smokeping, which I'd like to add but haven't wrapped my head around.
Can't get fastcgi to work with it on lighttpd, either.

I have mrtg running on a pi, too, that I will move over to the blacks.
Also have the nifty babelweb utility running on the pi - but the pi
just doesn't have the oomph (nor does it has fq_codel) to do much
more, so...

I had really once hoped to make cerowrt "do everything", but the black
+ debian makes doing "everything" a lot easier when you can easily run
perl and python...

The monitor box is running over a minimum of 3 hops right now before
running across the rest of the mesh network.

... just wish the beaglebone black had a case I could wallmount with
screws rather than velcro...

On Thu, Jul 11, 2013 at 10:31 AM, Richard A. Smith <richard@laptop.org> wrote:
> On 07/11/2013 01:00 PM, Dave Taht wrote:
>>
>> On Thu, Jul 11, 2013 at 9:42 AM, Richard A. Smith <richard@laptop.org>
>> wrote:
>>>
>>> How to I disable the probe blocker?  I'm trying to do some port
>>> forwarding
>>> and every time I nmap my box trying to figure out if its working I get
>>> banned from ssh for 2 hours.
>>
>>
>> Heh. See the relevant telnet (and ftp, I think) entries in
>> /etc/xinetd.d and change them to disable = yes. You can probably do
>> this at a finer grained basis
>
>
> Thanks.  I'll mess with that once I have local access again.
>
>
> --
> Richard A. Smith  <richard@laptop.org>
> One Laptop per Child



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] Turning off the probe blocker

[Jim Gettys]

[-- Attachment #1: Type: text/plain, Size: 2578 bytes --]

On Thu, Jul 11, 2013 at 1:40 PM, Dave Taht <dave.taht@gmail.com> wrote:

> I incidentally got smokeping up and running on a beaglebone black to
> monitor latencies better across the whole network at the yurtlab. For
> those of you with ipv6, it's currently globally reachable:
>
>
> http://monitor.lab.taht.net/cgi-bin/smokeping.cgi?target=Campground-5ghz-Radios
>
> There are numerous options (like traceroute, etc) to put into
> smokeping, which I'd like to add but haven't wrapped my head around.
> Can't get fastcgi to work with it on lighttpd, either.
>
> I have mrtg running on a pi, too, that I will move over to the blacks.
> Also have the nifty babelweb utility running on the pi - but the pi
> just doesn't have the oomph (nor does it has fq_codel) to do much
> more, so...
>
> I had really once hoped to make cerowrt "do everything", but the black
> + debian makes doing "everything" a lot easier when you can easily run
> perl and python...
>
> The monitor box is running over a minimum of 3 hops right now before
> running across the rest of the mesh network.
>
> ... just wish the beaglebone black had a case I could wallmount with
> screws rather than velcro...
>

Very cool.

What frequency is smoke ping probing at?  This is tunable, you know.

It's also possible to configure smokeping to report from multiple probing
locations, and have the rollup on a central web site; I dunno if you had
come across that in your adventures.

Jim

>
> On Thu, Jul 11, 2013 at 10:31 AM, Richard A. Smith <richard@laptop.org>
> wrote:
> > On 07/11/2013 01:00 PM, Dave Taht wrote:
> >>
> >> On Thu, Jul 11, 2013 at 9:42 AM, Richard A. Smith <richard@laptop.org>
> >> wrote:
> >>>
> >>> How to I disable the probe blocker?  I'm trying to do some port
> >>> forwarding
> >>> and every time I nmap my box trying to figure out if its working I get
> >>> banned from ssh for 2 hours.
> >>
> >>
> >> Heh. See the relevant telnet (and ftp, I think) entries in
> >> /etc/xinetd.d and change them to disable = yes. You can probably do
> >> this at a finer grained basis
> >
> >
> > Thanks.  I'll mess with that once I have local access again.
> >
> >
> > --
> > Richard A. Smith  <richard@laptop.org>
> > One Laptop per Child
>
>
>
> --
> Dave Täht
>
> Fixing bufferbloat with cerowrt:
> http://www.teklibre.com/cerowrt/subscribe.html
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>

[-- Attachment #2: Type: text/html, Size: 4333 bytes --]

Re: [Cerowrt-devel] Turning off the probe blocker

[Dave Taht]

On Thu, Jul 11, 2013 at 11:27 AM, Jim Gettys <jg@freedesktop.org> wrote:
>
>
>
> On Thu, Jul 11, 2013 at 1:40 PM, Dave Taht <dave.taht@gmail.com> wrote:
>>
>> I incidentally got smokeping up and running on a beaglebone black to
>> monitor latencies better across the whole network at the yurtlab. For
>> those of you with ipv6, it's currently globally reachable:
>>
>>
>> http://monitor.lab.taht.net/cgi-bin/smokeping.cgi?target=Campground-5ghz-Radios
>>
>> There are numerous options (like traceroute, etc) to put into
>> smokeping, which I'd like to add but haven't wrapped my head around.
>> Can't get fastcgi to work with it on lighttpd, either.
>>
>> I have mrtg running on a pi, too, that I will move over to the blacks.
>> Also have the nifty babelweb utility running on the pi - but the pi
>> just doesn't have the oomph (nor does it has fq_codel) to do much
>> more, so...
>>
>> I had really once hoped to make cerowrt "do everything", but the black
>> + debian makes doing "everything" a lot easier when you can easily run
>> perl and python...
>>
>> The monitor box is running over a minimum of 3 hops right now before
>> running across the rest of the mesh network.
>>
>> ... just wish the beaglebone black had a case I could wallmount with
>> screws rather than velcro...
>
>
> Very cool.

Nice stats for an oft-loaded fq_codel based wifi mesh network with not
a lot of fixes (besides disabling 802.11e at key points so far)!

I have seen much, much, much, worse from most other meshes.

> What frequency is smoke ping probing at?  This is tunable, you know.

The defaults, whatever they are.

> It's also possible to configure smokeping to report from multiple probing
> locations, and have the rollup on a central web site; I dunno if you had
> come across that in your adventures.

Intent is to deploy at 3 locations internally (at the middle of the
mesh and two of the furthest end points), and to also be probing
through the link from a box colocated with the gateway.

Ran out of time to muck with it this week, was delighted with the
dataset so far on a live network, would like to be able to compare
mrtg and smokeping more directly however.

>
> Jim
>>
>>
>> On Thu, Jul 11, 2013 at 10:31 AM, Richard A. Smith <richard@laptop.org>
>> wrote:
>> > On 07/11/2013 01:00 PM, Dave Taht wrote:
>> >>
>> >> On Thu, Jul 11, 2013 at 9:42 AM, Richard A. Smith <richard@laptop.org>
>> >> wrote:
>> >>>
>> >>> How to I disable the probe blocker?  I'm trying to do some port
>> >>> forwarding
>> >>> and every time I nmap my box trying to figure out if its working I get
>> >>> banned from ssh for 2 hours.
>> >>
>> >>
>> >> Heh. See the relevant telnet (and ftp, I think) entries in
>> >> /etc/xinetd.d and change them to disable = yes. You can probably do
>> >> this at a finer grained basis
>> >
>> >
>> > Thanks.  I'll mess with that once I have local access again.
>> >
>> >
>> > --
>> > Richard A. Smith  <richard@laptop.org>
>> > One Laptop per Child
>>
>>
>>
>> --
>> Dave Täht
>>
>> Fixing bufferbloat with cerowrt:
>> http://www.teklibre.com/cerowrt/subscribe.html
>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] Turning off the probe blocker

[Robert Bradley]

On 11/07/13 19:41, Dave Taht wrote:
> Nice stats for an oft-loaded fq_codel based wifi mesh network with not
> a lot of fixes (besides disabling 802.11e at key points so far)!
>
> I have seen much, much, much, worse from most other meshes.

I noticed yesterday that disabling WMM/802.11e in CeroWRT limited me to 
54 Mb/s.  The reduced rates are probably not an issue for the mesh 
network, especially with 11g nodes present.  Would it be better though 
to force the traffic into one queue (BE, presumably) and keep the higher 
data rates?

-- 
Robert Bradley

Re: [Cerowrt-devel] Turning off the probe blocker

[Dave Taht]

On Thu, Jul 11, 2013 at 12:46 PM, Robert Bradley
<robert.bradley1@gmail.com> wrote:
> On 11/07/13 19:41, Dave Taht wrote:
>>
>> Nice stats for an oft-loaded fq_codel based wifi mesh network with not
>> a lot of fixes (besides disabling 802.11e at key points so far)!
>>
>> I have seen much, much, much, worse from most other meshes.
>
>
> I noticed yesterday that disabling WMM/802.11e in CeroWRT limited me to 54
> Mb/s.

Hmm. That shouldn't be the case...

>The reduced rates are probably not an issue for the mesh network,
> especially with 11g nodes present.

Well, the mesh is all 5ghz presently. The 2Ghz nodes are dedicated to
users (presently) and yes, 11g is everpresent...

>Would it be better though to force the
> traffic into one queue (BE, presumably) and keep the higher data rates?

That's what I did. I just squashed the TOS/TCLASS values to BE at
various chokepoints with iptables. It made an enormous difference,
even when the main codepoints were BE and CS1.

Maximizing for better aggregation and smartly managing the one queue
worked tons better than keeping the diffserv markings "sane". In the
long run, I think, I'm going to disable diffserv in the wifi driver
itself and try to do something saner in a fq_codel derivative.
Someday.

A truly stupendous amount of traffic entering from the internet was
(mis)marked CS1, so all traffic is squashed to BE there too, although
on obviously torrent traffic the ingress rate limiter is doing the
right thing.... at the netfiltter conference there was some discussion
about doing "pairing" in conttrack between output flows (hopefully
appropriately marked) and input flows (usually mismarked) in order to
carry the intent around the internal net

In fact, I just figured out why 172.20.142.10 was showing the latency
spikes it was, it wasn't mashing its traffic, I'd forgot to make the
masher be the default in the build.

I am not huge on smashing the codepoint (I could explicitly set the
packet priority field to 256 instead)

#!/bin/sh

ipt() {
iptables $*
ip6tables $*
}

#iptables doesn't support an inverted match
#iptables -t mangle -A PREROUTING -m dscp ! --dscp-class BE -j DSCP --set-dscp 0
ipt -t mangle -N FIX_TOS
ipt -t mangle -A FIX_TOS -m dscp --dscp-class BE -j ACCEPT
ipt -t mangle -A FIX_TOS -j DSCP --set-dscp 0
ipt -t mangle -A POSTROUTING -o wlan0 -j FIX_TOS


>
> --
> Robert Bradley
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html