[Cerowrt-devel] cerowrt-3.10.34-4 dev build released

Dave Taht dave.taht at gmail.com
Sat Apr 5 08:53:07 PDT 2014


On Sat, Apr 5, 2014 at 1:34 AM, Török Edwin <edwin+ml-cerowrt at etorok.net> wrote:
> Hi,
>
> On 04/03/2014 04:17 AM, Dave Taht wrote:> + resync with openwrt
>>    they seem to be settling down...
>> + Toke's ntp + dnssec stuff
>> + Yet Another Patch to try and isolate the wireless hang problem
>>     that happens to jg every day or so and nearly no-one else.
>> + Fix to babel's meshing interfaces
>> + dnsmasq updated to head (seems to be stabilizing)
>> + Tested for a couple hours
>
> Just upgraded to 3.10.34-4, works great!
>
> On 03/21/2014 07:47 PM, Dave Taht wrote:
>> + This is the first release with toke's bcp38 code installed (and
>> enabled by default). I am hoping people simply don't even notice it's
>> there... (it's off the firewall web page)
>
> I just tested BCP38, but it looks like it doesn't filter anything with PPPoE.
> My outgoing interface is actually called pppoe-ge00, so adding filter rules on ge00 doesn't have any impact.
>
> I hacked the script to set the interface name for iptables to pppoe-ge00 (not for uci, cause uci
> doesn't have an enabled=1 for pppoe):
>                 setup_ipset
> +               interface=pppoe-ge00
>                 setup_iptables "$interface"
>
> Any idea how to fix this properly without hardcoding the interface name?
>
> With this hack the bcp38 filtering works (10.0.0.1 is the P-t-P address on pppoe-ge00):
> # ping 192.168.1.1
> PING 192.168.1.1 (192.168.1.1): 56 data bytes
> ping: sendto: Operation not permitted
>
> # ipset list
> Name: bcp38-ipv4
> Type: hash:net
> Revision: 4
> Header: family inet hashsize 1024 maxelem 65536
> Size in memory: 8856
> References: 2
> Members:
> 127.0.0.0/8
> 192.0.2.0/24
> 203.0.113.0/24
> 0.0.0.0/8
> 192.168.0.0/16
> 198.51.100.0/24
> 169.254.0.0/16
> 10.0.0.0/8
> 10.0.0.1 nomatch
> 172.16.0.0/12
> 240.0.0.0/4
>
>
> FWIW this is how my /etc/config/network entry looks like for PPPoE:
> config interface 'ge00'
>         option ifname 'ge00'
>         option _orig_ifname 'ge00'
>         option _orig_bridge 'false'
>         option proto 'pppoe'
>         option username '<user>'
>         option password '<pass>'
>         option ipv6 '1'
>
> Best regards,
> --Edwin
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel

I_have_no_spacebar_this_morning_(too_damp).

One_thought_had_been_to_hook_it_into_the_wan_firewall_chains.

another_would_be_to_more_deeply_inspect_the_interface_definition
and_"do_the_right_thing"_against_various_protos.

-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html


More information about the Cerowrt-devel mailing list