From: Dave Taht <dave.taht@gmail.com>
To: "Török Edwin" <edwin+ml-cerowrt@etorok.net>
Cc: "cerowrt-devel@lists.bufferbloat.net"
<cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] cerowrt-3.10.34-4 dev build released
Date: Sat, 5 Apr 2014 08:53:07 -0700 [thread overview]
Message-ID: <CAA93jw7r4Ru6KXJnVm7XO+dWHyS7o--8bY+okGSw+rGwEGv5ew@mail.gmail.com> (raw)
In-Reply-To: <533FC007.3010700@etorok.net>
On Sat, Apr 5, 2014 at 1:34 AM, Török Edwin <edwin+ml-cerowrt@etorok.net> wrote:
> Hi,
>
> On 04/03/2014 04:17 AM, Dave Taht wrote:> + resync with openwrt
>> they seem to be settling down...
>> + Toke's ntp + dnssec stuff
>> + Yet Another Patch to try and isolate the wireless hang problem
>> that happens to jg every day or so and nearly no-one else.
>> + Fix to babel's meshing interfaces
>> + dnsmasq updated to head (seems to be stabilizing)
>> + Tested for a couple hours
>
> Just upgraded to 3.10.34-4, works great!
>
> On 03/21/2014 07:47 PM, Dave Taht wrote:
>> + This is the first release with toke's bcp38 code installed (and
>> enabled by default). I am hoping people simply don't even notice it's
>> there... (it's off the firewall web page)
>
> I just tested BCP38, but it looks like it doesn't filter anything with PPPoE.
> My outgoing interface is actually called pppoe-ge00, so adding filter rules on ge00 doesn't have any impact.
>
> I hacked the script to set the interface name for iptables to pppoe-ge00 (not for uci, cause uci
> doesn't have an enabled=1 for pppoe):
> setup_ipset
> + interface=pppoe-ge00
> setup_iptables "$interface"
>
> Any idea how to fix this properly without hardcoding the interface name?
>
> With this hack the bcp38 filtering works (10.0.0.1 is the P-t-P address on pppoe-ge00):
> # ping 192.168.1.1
> PING 192.168.1.1 (192.168.1.1): 56 data bytes
> ping: sendto: Operation not permitted
>
> # ipset list
> Name: bcp38-ipv4
> Type: hash:net
> Revision: 4
> Header: family inet hashsize 1024 maxelem 65536
> Size in memory: 8856
> References: 2
> Members:
> 127.0.0.0/8
> 192.0.2.0/24
> 203.0.113.0/24
> 0.0.0.0/8
> 192.168.0.0/16
> 198.51.100.0/24
> 169.254.0.0/16
> 10.0.0.0/8
> 10.0.0.1 nomatch
> 172.16.0.0/12
> 240.0.0.0/4
>
>
> FWIW this is how my /etc/config/network entry looks like for PPPoE:
> config interface 'ge00'
> option ifname 'ge00'
> option _orig_ifname 'ge00'
> option _orig_bridge 'false'
> option proto 'pppoe'
> option username '<user>'
> option password '<pass>'
> option ipv6 '1'
>
> Best regards,
> --Edwin
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
I_have_no_spacebar_this_morning_(too_damp).
One_thought_had_been_to_hook_it_into_the_wan_firewall_chains.
another_would_be_to_more_deeply_inspect_the_interface_definition
and_"do_the_right_thing"_against_various_protos.
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
next prev parent reply other threads:[~2014-04-05 15:53 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-03 1:17 Dave Taht
2014-04-03 1:48 ` Stephen Hemminger
2014-04-03 1:58 ` Dave Taht
2014-04-03 2:43 ` Dave Taht
2014-04-03 10:09 ` David Personette
2014-04-03 15:17 ` Jim Gettys
2014-04-03 18:20 ` Neil Shepperd
2014-04-03 22:36 ` Dave Taht
2014-04-03 22:51 ` Maxim Kharlamov
2014-04-03 22:54 ` Dave Taht
2014-04-03 22:56 ` Aaron Wood
2014-04-03 22:57 ` Aaron Wood
2014-04-03 22:58 ` Dave Taht
2014-04-03 23:01 ` Maxim Kharlamov
2014-04-04 1:26 ` David Personette
2014-04-04 7:04 ` Aaron Wood
2014-04-04 6:57 ` Toke Høiland-Jørgensen
2014-04-05 12:49 ` Neil Shepperd
2014-04-05 16:02 ` Dave Taht
2014-04-05 16:15 ` Dave Taht
2014-04-05 8:34 ` Török Edwin
2014-04-05 15:53 ` Dave Taht [this message]
2014-04-05 21:25 ` Török Edwin
2014-04-07 14:45 ` Toke Høiland-Jørgensen
2014-04-07 15:27 ` Török Edwin
2014-04-07 15:31 ` Toke Høiland-Jørgensen
2014-04-07 17:58 ` Dave Taht
2014-04-07 18:51 ` Török Edwin
2014-04-05 19:11 ` Jim Reisert AD1C
2014-04-05 19:26 ` Dave Taht
2014-04-06 0:15 ` Jim Reisert AD1C
2014-04-06 10:23 ` Robert Bradley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAA93jw7r4Ru6KXJnVm7XO+dWHyS7o--8bY+okGSw+rGwEGv5ew@mail.gmail.com \
--to=dave.taht@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=edwin+ml-cerowrt@etorok.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox