From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wg0-x22c.google.com (mail-wg0-x22c.google.com [IPv6:2a00:1450:400c:c00::22c]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 98DB621F2D8 for ; Sat, 5 Apr 2014 08:53:09 -0700 (PDT) Received: by mail-wg0-f44.google.com with SMTP id m15so4777761wgh.15 for ; Sat, 05 Apr 2014 08:53:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=kZeruKjAE7cffE6de3CkdR4ppiVsyj5Whz6yXwjLeSs=; b=q/fdaMxpZcwOVb+D/3gmEqCkNibiobpAxc7dvr6G040rPRebB4gHXaDHYyv8zAQJgn kdVZY0VT/Xv4xi5VV5MnHb7McQGKM/2+uPkYMgXUkSSs7bCQnMmUqp8L3t6vMGxm3+fA 6W1KxQsOpiWSqv02kVYCW6esILY5fDgyrkZoYSVgOkBta4xGi3InjvuoyQ+kHUx2cwGf cdH1sr9cQthCMtikFLs82p+zcUQCJCv0t6S2xqeb8z9L0A3EtJoLdkCGmIbqcM1wN9kU uccj+l3N5FxfDOh/WONxj/9dIHKPkV9z2eXGBSHbqg4mS5BPC2b2UwXHh5cHBy8pA19T g8Zw== MIME-Version: 1.0 X-Received: by 10.180.97.37 with SMTP id dx5mr12664798wib.53.1396713187427; Sat, 05 Apr 2014 08:53:07 -0700 (PDT) Received: by 10.216.8.1 with HTTP; Sat, 5 Apr 2014 08:53:07 -0700 (PDT) In-Reply-To: <533FC007.3010700@etorok.net> References: <533FC007.3010700@etorok.net> Date: Sat, 5 Apr 2014 08:53:07 -0700 Message-ID: From: Dave Taht To: =?ISO-8859-1?Q?T=F6r=F6k_Edwin?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] cerowrt-3.10.34-4 dev build released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Apr 2014 15:53:10 -0000 On Sat, Apr 5, 2014 at 1:34 AM, T=F6r=F6k Edwin wrote: > Hi, > > On 04/03/2014 04:17 AM, Dave Taht wrote:> + resync with openwrt >> they seem to be settling down... >> + Toke's ntp + dnssec stuff >> + Yet Another Patch to try and isolate the wireless hang problem >> that happens to jg every day or so and nearly no-one else. >> + Fix to babel's meshing interfaces >> + dnsmasq updated to head (seems to be stabilizing) >> + Tested for a couple hours > > Just upgraded to 3.10.34-4, works great! > > On 03/21/2014 07:47 PM, Dave Taht wrote: >> + This is the first release with toke's bcp38 code installed (and >> enabled by default). I am hoping people simply don't even notice it's >> there... (it's off the firewall web page) > > I just tested BCP38, but it looks like it doesn't filter anything with PP= PoE. > My outgoing interface is actually called pppoe-ge00, so adding filter rul= es on ge00 doesn't have any impact. > > I hacked the script to set the interface name for iptables to pppoe-ge00 = (not for uci, cause uci > doesn't have an enabled=3D1 for pppoe): > setup_ipset > + interface=3Dpppoe-ge00 > setup_iptables "$interface" > > Any idea how to fix this properly without hardcoding the interface name? > > With this hack the bcp38 filtering works (10.0.0.1 is the P-t-P address o= n pppoe-ge00): > # ping 192.168.1.1 > PING 192.168.1.1 (192.168.1.1): 56 data bytes > ping: sendto: Operation not permitted > > # ipset list > Name: bcp38-ipv4 > Type: hash:net > Revision: 4 > Header: family inet hashsize 1024 maxelem 65536 > Size in memory: 8856 > References: 2 > Members: > 127.0.0.0/8 > 192.0.2.0/24 > 203.0.113.0/24 > 0.0.0.0/8 > 192.168.0.0/16 > 198.51.100.0/24 > 169.254.0.0/16 > 10.0.0.0/8 > 10.0.0.1 nomatch > 172.16.0.0/12 > 240.0.0.0/4 > > > FWIW this is how my /etc/config/network entry looks like for PPPoE: > config interface 'ge00' > option ifname 'ge00' > option _orig_ifname 'ge00' > option _orig_bridge 'false' > option proto 'pppoe' > option username '' > option password '' > option ipv6 '1' > > Best regards, > --Edwin > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel I_have_no_spacebar_this_morning_(too_damp). One_thought_had_been_to_hook_it_into_the_wan_firewall_chains. another_would_be_to_more_deeply_inspect_the_interface_definition and_"do_the_right_thing"_against_various_protos. --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html