From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oa0-f51.google.com (mail-oa0-f51.google.com [209.85.219.51]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id A5D7C21F1DA for ; Wed, 16 Jan 2013 13:12:24 -0800 (PST) Received: by mail-oa0-f51.google.com with SMTP id n12so1915195oag.38 for ; Wed, 16 Jan 2013 13:12:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=qKkS9AzP9k38n3VaqVyXUiVQrg9hQGSjSAmr9XtAWqs=; b=enRwI26OUT17z8oYsL7FRYQ3P0oexCDhsmhavVbEGrPfCV8/gRUPFPNgukCAbt/vYh Rtst/MYOSw1ycHDyWZNLBbk1PhmGVZ8vOHdlwEaSQrW7cxm0/bAYSplc9r4X4OLRMYiT 6DAERHYEwQDObrPBX9Ez4YbackHmwND98YIUAZ5HBUsCiFTvsUhKK4lt0FTKQx0TE5jW /CT12uxe/uvWV7jneUp8nd8nPsC2EUioMxI5Fy6n6JElmJbdf/EDrfjpSYz45k8x7JY1 K3LOGIuqGh48i5Ms6+b65u9Tvph/932d+9Vo20w2b9xxK2NbuvXHbcGpRXFZLWocbl/S 5DPQ== MIME-Version: 1.0 X-Received: by 10.182.54.103 with SMTP id i7mr2035627obp.62.1358370743823; Wed, 16 Jan 2013 13:12:23 -0800 (PST) Received: by 10.76.82.73 with HTTP; Wed, 16 Jan 2013 13:12:23 -0800 (PST) X-Originating-IP: [77.65.47.165] In-Reply-To: References: Date: Wed, 16 Jan 2013 22:12:23 +0100 Message-ID: From: Maciej Soltysiak To: Dave Taht Content-Type: multipart/alternative; boundary=14dae93a113da8aeed04d36e5528 X-Gm-Message-State: ALoCoQmmzruQjQgnBkFzKoZZyxzvPCMLJRePC6QWttrq6dRsI7WLVxJUNxDlsO6OHZHUWp4jGLSj Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] cerowrt 3.7.2-3 released, still in a battle with ipv6 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2013 21:12:24 -0000 --14dae93a113da8aeed04d36e5528 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Good build! I have to report that the issue with polipo, DNS and TFO that I observed with 3.7.1-1 seems resolved. Test with and without TFO. Ketan, I won't post a bug unless it appears again. Regards. Maciej On Wed, Jan 16, 2013 at 12:37 PM, Dave Taht wrote: > It's at: > > http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.7.2-3/ > > It seems pretty stable but with the ipv6 churn... > > [insert my std hyperbolic warnings about exposing the release to > default gws in front of spouses or young children] > > features: > > + dnsmasq 2.66test10 > + merge with openwrt head > + new unaligned access code from openwrt head (by nbd) and the > remainder of the older unaligned patch set (by robert bradley) ported > to work on top of that > > I have not checked to see if all traps are gone, you can look at that via > files in /sys/debug/kernel/mips/ > > - it's mostly the ipv6 related traps I'm concerned about... > > The checksum routine changed and I did check checksums on a variety of > ipv4 ethernet traffic, but not enough to feel assured. > > + Bug fixed https://www.bufferbloat.net/issues/418 > > BUG_ON removed on TFO support in the kernel. TFO works. I tested it by: > > echo 3 > /proc/sys/net/ipv4/tcp_fastopen > editing /etc/init.d/polipo to add support for a boolean useTCPFastOpen > parameter > adding that parameter to /etc/config/polipo > testing with the current version of httping > > I will update the init script and config in the next spin. > > ... > > The churn in how to setup ipv6 sanely continues. The configuration for > how to do it has changed significantly again and is documented at: > > http://wiki.openwrt.org/doc/uci/network6 > > It's not clear to me to state of the ipv6 dnsmasq integration now. > There is much discussion on the dnsmasq-discuss list as to how to do > prefix-independent configuration as one example. > > as for the ipv6 related changes just now come down from openwrt, > steven barth tells me that: > > "6distributed functionality (prefix delegation) was merged into netifd > for size reasons. > The shell mess which was ipv6-support was abandoned. > > dhcpv6 is now a regular network proto in netifd (which can be added > ontop of other ipv4-wan types or separately for ipv6-only). > > network6 is unnecessary now. 6rd, 6to4 now automatically publish their > prefix. 6in4 adds a new option ip6prefix for adding the routed prefix. > > LANs / WLANs which want a prefix now just add a option ip6assign 64 to > the interface definition. > > See examples in: http://wiki.openwrt.org/doc/uci/network6 > > Prefix Announcement / DHCPv6 / Relaying has been untangled and should > be moved into the respective daemon config / init. I've done this for > 6relayd. > > For dnsmasq you will have to add config support similar to what is > done for DHCP in IPv4, so it should be easy to adapt. Maybe some of > the CeroWrt contributors like to add that. > > I also haven't looked at NPT yet. I've removed the shell-script mess > for now as we will not have all targets up to 3.7 in the coming weeks > and therefore also not a new ip6tables." > > AHCP is still lost and lonely in the configuration. > > I took a stab at enabling ipv6 NPT support myself in this release, but > the changes I'd made to the openwrt configuration didn't successfully > get the modules to compile nor create a package. My *non-working > patch* looked like this, and suggestions as to what sort of magic wand > to wave over it welcomed. > > diff --git a/include/netfilter.mk b/include/netfilter.mk > index 1d89e6d..3d65f76 100644 > --- a/include/netfilter.mk > +++ b/include/netfilter.mk > @@ -154,10 +154,14 @@ $(eval $(call > nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) > > $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG)= ) > $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, > $(P_V6)ip6t_REJECT)) > +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_NAT, $(P_V6)nf_nat_ipv6)) > +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_MASQUERADE, > $(P_V6)ip6t_MASQUERADE)) > +$(eval $(call nf_add,IPT_IPv6,CONFIG_IP6_NF_TARGET_NPT, $(P_V6)ip6t_NPT)= ) > > # nat > > # kernel only > +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_NAT, > $(P_V6)nf_nat_ipv6, ge 3.7.0),)) > $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, > $(P_XT)nf_nat $(P_V4)nf_nat_ipv4 $(P_XT)xt_nat $(P_V4)iptable_nat, ge > 3.7.0),)) > $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, > $(P_V4)nf_nat $(P_V4)iptable_nat, lt 3.7.0),)) > > diff --git a/package/kernel/modules/netfilter.mk > b/package/kernel/modules/netfilter.mk > index 69bdba0..d862c32 100644 > --- a/package/kernel/modules/netfilter.mk > +++ b/package/kernel/modules/netfilter.mk > @@ -164,6 +164,23 @@ endef > > $(eval $(call KernelPackage,ipt-nat)) > > +define KernelPackage/ipt-nat6 > + TITLE:=3DBasic NAT targets for IPv6 > + KCONFIG:=3D$(KCONFIG_IPT_NAT6) > + FILES:=3D$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) > + AUTOLOAD:=3D$(call AutoLoad,42,$(notdir $(IPT_NAT6-m))) > + $(call AddDepends/ipt) > +endef > + > +define KernelPackage/ipt-nat6/description > + Netfilter (IPv6) kernel modules for basic NAT targets > + Includes: > + - MASQUERADE > + - NPT > +endef > + > +$(eval $(call KernelPackage,ipt-nat6)) > + > > define KernelPackage/ipt-nat-extra > TITLE:=3DExtra NAT targets > > > -- > Dave T=C3=A4ht > > Fixing bufferbloat with cerowrt: > http://www.teklibre.com/cerowrt/subscribe.html > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > --14dae93a113da8aeed04d36e5528 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Good build! I have to report that the issue with polipo, DNS and TFO t= hat I observed with 3.7.1-1 seems resolved.
Test with and without= TFO.
Ketan, I won't post a bug unless it appears again.<= /div>
=C2=A0
Regards.
Maciej
On Wed, Jan 16, 2013 at 12:37 PM, Dave Taht <= dave.taht@gmail.co= m> wrote:
It's at:

http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.7= .2-3/

It seems pretty stable but with the ipv6 churn...

[insert my std hyperbolic warnings about exposing the release to
default gws in front of spouses or young children]

features:

+ dnsmasq 2.66test10
+ merge with openwrt head
+ new unaligned access code from openwrt head (by nbd) and the
remainder of the older unaligned patch set (by robert bradley) ported
to work on top of that

I have not checked to see if all traps are gone, you can look at that via files in /sys/debug/kernel/mips/

=C2=A0- it's mostly the ipv6 related traps I'm concerned about...
The checksum routine changed and I did check checksums on a variety of
ipv4 ethernet traffic, but not enough to feel assured.

+ Bug fixed https://www.bufferbloat.net/issues/418

BUG_ON removed on TFO support in the kernel. TFO works. I tested it by:

echo 3 > /proc/sys/net/ipv4/tcp_fastopen
editing /etc/init.d/polipo to add support for a boolean useTCPFastOpen para= meter
adding that parameter to /etc/config/polipo
testing with the current version of httping

I will update the init script and config in the next spin.

...

The churn in how to setup ipv6 sanely continues. The configuration for
how to do it has changed significantly again and is documented at:

http= ://wiki.openwrt.org/doc/uci/network6

It's not clear to me to state of the ipv6 dnsmasq integration now.
There is much discussion on the dnsmasq-discuss list as to how to do
prefix-independent configuration as one example.

as for the ipv6 related changes just now come down from openwrt,
steven barth tells me that:

"6distributed functionality (prefix delegation) was merged into netifd=
for size reasons.
The shell mess which was ipv6-support was abandoned.

dhcpv6 is now a regular network proto in netifd (which can be added
ontop of other ipv4-wan types or separately for ipv6-only).

network6 is unnecessary now. 6rd, 6to4 now automatically publish their
prefix. 6in4 adds a new option ip6prefix for adding the routed prefix.

LANs / WLANs which want a prefix now just add a option ip6assign 64 to
the interface definition.

See examples in: http://wiki.openwrt.org/doc/uci/network6

Prefix Announcement / DHCPv6 / Relaying has been untangled and should
be moved into the respective daemon config / init. I've done this for 6relayd.

For dnsmasq you will have to add config support similar to what is
done for DHCP in IPv4, so it should be easy to adapt. Maybe some of
the CeroWrt contributors like to add that.

I also haven't looked at NPT yet. I've removed the shell-script mes= s
for now as we will not have all targets up to 3.7 in the coming weeks
and therefore also not a new ip6tables."

AHCP is still lost and lonely in the configuration.

I took a stab at enabling ipv6 NPT support myself in this release, but
the changes I'd made to the openwrt configuration didn't successful= ly
get the modules to compile nor create a package. My *non-working
patch* looked like this, and suggestions as to what sort of magic wand
to wave over it welcomed.

diff --git a/include/netf= ilter.mk b/include/ne= tfilter.mk
index 1d89e6d..3d65f76 100644
--- a/include/netfilter.m= k
+++ b/include/netfilter.m= k
@@ -154,10 +154,14 @@ $(eval $(call
nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))

=C2=A0$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_L= OG))
=C2=A0$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6= t_REJECT))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_NAT, $(P_V6)nf_nat_ipv6))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_MASQUERADE,
$(P_V6)ip6t_MASQUERADE))
+$(eval $(call nf_add,IPT_IPv6,CONFIG_IP6_NF_TARGET_NPT, $(P_V6)ip6t_NPT))<= br>
=C2=A0# nat

=C2=A0# kernel only
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_NAT,
$(P_V6)nf_nat_ipv6, ge 3.7.0),))
=C2=A0$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT,
$(P_XT)nf_nat $(P_V4)nf_nat_ipv4 $(P_XT)xt_nat $(P_V4)iptable_nat, ge
3.7.0),))
=C2=A0$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT,
$(P_V4)nf_nat $(P_V4)iptable_nat, lt 3.7.0),))

diff --git a/package/kernel/modules/netfilter.mk
b/package/kernel/modules/= netfilter.mk
index 69bdba0..d862c32 100644
--- a/package/kernel/modules/netfilter.mk
+++ b/package/kernel/modules/netfilter.mk
@@ -164,6 +164,23 @@ endef

=C2=A0$(eval $(call KernelPackage,ipt-nat))

+define KernelPackage/ipt-nat6
+ =C2=A0TITLE:=3DBasic NAT targets for IPv6
+ =C2=A0KCONFIG:=3D$(KCONFIG_IPT_NAT6)
+ =C2=A0FILES:=3D$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) + =C2=A0AUTOLOAD:=3D$(call AutoLoad,42,$(notdir $(IPT_NAT6-m)))
+ =C2=A0$(call AddDepends/ipt)
+endef
+
+define KernelPackage/ipt-nat6/description
+ Netfilter (IPv6) kernel modules for basic NAT targets
+ Includes:
+ - MASQUERADE
+ - NPT
+endef
+
+$(eval $(call KernelPackage,ipt-nat6))
+

=C2=A0define KernelPackage/ipt-nat-extra
=C2=A0 =C2=A0TITLE:=3DExtra NAT targets


--
Dave T=C3=A4ht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscrib= e.html
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.= bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

--14dae93a113da8aeed04d36e5528--