[Cerowrt-devel] cerowrt 3.7.2-3 released, still in a battle with ipv6

Dave Taht dave.taht at gmail.com
Wed Jan 16 03:37:16 PST 2013


It's at:

http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.7.2-3/

It seems pretty stable but with the ipv6 churn...

[insert my std hyperbolic warnings about exposing the release to
default gws in front of spouses or young children]

features:

+ dnsmasq 2.66test10
+ merge with openwrt head
+ new unaligned access code from openwrt head (by nbd) and the
remainder of the older unaligned patch set (by robert bradley) ported
to work on top of that

I have not checked to see if all traps are gone, you can look at that via
files in /sys/debug/kernel/mips/

 - it's mostly the ipv6 related traps I'm concerned about...

The checksum routine changed and I did check checksums on a variety of
ipv4 ethernet traffic, but not enough to feel assured.

+ Bug fixed https://www.bufferbloat.net/issues/418

BUG_ON removed on TFO support in the kernel. TFO works. I tested it by:

echo 3 > /proc/sys/net/ipv4/tcp_fastopen
editing /etc/init.d/polipo to add support for a boolean useTCPFastOpen parameter
adding that parameter to /etc/config/polipo
testing with the current version of httping

I will update the init script and config in the next spin.

...

The churn in how to setup ipv6 sanely continues. The configuration for
how to do it has changed significantly again and is documented at:

http://wiki.openwrt.org/doc/uci/network6

It's not clear to me to state of the ipv6 dnsmasq integration now.
There is much discussion on the dnsmasq-discuss list as to how to do
prefix-independent configuration as one example.

as for the ipv6 related changes just now come down from openwrt,
steven barth tells me that:

"6distributed functionality (prefix delegation) was merged into netifd
for size reasons.
The shell mess which was ipv6-support was abandoned.

dhcpv6 is now a regular network proto in netifd (which can be added
ontop of other ipv4-wan types or separately for ipv6-only).

network6 is unnecessary now. 6rd, 6to4 now automatically publish their
prefix. 6in4 adds a new option ip6prefix for adding the routed prefix.

LANs / WLANs which want a prefix now just add a option ip6assign 64 to
the interface definition.

See examples in: http://wiki.openwrt.org/doc/uci/network6

Prefix Announcement / DHCPv6 / Relaying has been untangled and should
be moved into the respective daemon config / init. I've done this for
6relayd.

For dnsmasq you will have to add config support similar to what is
done for DHCP in IPv4, so it should be easy to adapt. Maybe some of
the CeroWrt contributors like to add that.

I also haven't looked at NPT yet. I've removed the shell-script mess
for now as we will not have all targets up to 3.7 in the coming weeks
and therefore also not a new ip6tables."

AHCP is still lost and lonely in the configuration.

I took a stab at enabling ipv6 NPT support myself in this release, but
the changes I'd made to the openwrt configuration didn't successfully
get the modules to compile nor create a package. My *non-working
patch* looked like this, and suggestions as to what sort of magic wand
to wave over it welcomed.

diff --git a/include/netfilter.mk b/include/netfilter.mk
index 1d89e6d..3d65f76 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -154,10 +154,14 @@ $(eval $(call
nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))

 $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG))
 $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_NAT, $(P_V6)nf_nat_ipv6))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_MASQUERADE,
$(P_V6)ip6t_MASQUERADE))
+$(eval $(call nf_add,IPT_IPv6,CONFIG_IP6_NF_TARGET_NPT, $(P_V6)ip6t_NPT))

 # nat

 # kernel only
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_NAT,
$(P_V6)nf_nat_ipv6, ge 3.7.0),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT,
$(P_XT)nf_nat $(P_V4)nf_nat_ipv4 $(P_XT)xt_nat $(P_V4)iptable_nat, ge
3.7.0),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT,
$(P_V4)nf_nat $(P_V4)iptable_nat, lt 3.7.0),))

diff --git a/package/kernel/modules/netfilter.mk
b/package/kernel/modules/netfilter.mk
index 69bdba0..d862c32 100644
--- a/package/kernel/modules/netfilter.mk
+++ b/package/kernel/modules/netfilter.mk
@@ -164,6 +164,23 @@ endef

 $(eval $(call KernelPackage,ipt-nat))

+define KernelPackage/ipt-nat6
+  TITLE:=Basic NAT targets for IPv6
+  KCONFIG:=$(KCONFIG_IPT_NAT6)
+  FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
+  AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_NAT6-m)))
+  $(call AddDepends/ipt)
+endef
+
+define KernelPackage/ipt-nat6/description
+ Netfilter (IPv6) kernel modules for basic NAT targets
+ Includes:
+ - MASQUERADE
+ - NPT
+endef
+
+$(eval $(call KernelPackage,ipt-nat6))
+

 define KernelPackage/ipt-nat-extra
   TITLE:=Extra NAT targets


-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html


More information about the Cerowrt-devel mailing list