[Cerowrt-devel] cerowrt-3.10.34-4 dev build released

Török Edwin edwin+ml-cerowrt at etorok.net
Sat Apr 5 01:34:15 PDT 2014


Hi,

On 04/03/2014 04:17 AM, Dave Taht wrote:> + resync with openwrt
>    they seem to be settling down...
> + Toke's ntp + dnssec stuff
> + Yet Another Patch to try and isolate the wireless hang problem
>     that happens to jg every day or so and nearly no-one else.
> + Fix to babel's meshing interfaces
> + dnsmasq updated to head (seems to be stabilizing)
> + Tested for a couple hours

Just upgraded to 3.10.34-4, works great!

On 03/21/2014 07:47 PM, Dave Taht wrote:
> + This is the first release with toke's bcp38 code installed (and
> enabled by default). I am hoping people simply don't even notice it's
> there... (it's off the firewall web page)

I just tested BCP38, but it looks like it doesn't filter anything with PPPoE.
My outgoing interface is actually called pppoe-ge00, so adding filter rules on ge00 doesn't have any impact.

I hacked the script to set the interface name for iptables to pppoe-ge00 (not for uci, cause uci
doesn't have an enabled=1 for pppoe):
                setup_ipset
+               interface=pppoe-ge00
                setup_iptables "$interface"

Any idea how to fix this properly without hardcoding the interface name?

With this hack the bcp38 filtering works (10.0.0.1 is the P-t-P address on pppoe-ge00):
# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: sendto: Operation not permitted

# ipset list
Name: bcp38-ipv4
Type: hash:net
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 8856
References: 2
Members:
127.0.0.0/8
192.0.2.0/24
203.0.113.0/24
0.0.0.0/8
192.168.0.0/16
198.51.100.0/24
169.254.0.0/16
10.0.0.0/8
10.0.0.1 nomatch
172.16.0.0/12
240.0.0.0/4


FWIW this is how my /etc/config/network entry looks like for PPPoE:
config interface 'ge00'
        option ifname 'ge00'
        option _orig_ifname 'ge00'
        option _orig_bridge 'false'
        option proto 'pppoe'
        option username '<user>'
        option password '<pass>'
        option ipv6 '1'

Best regards,
--Edwin


More information about the Cerowrt-devel mailing list