BTW: how are you selecting the different gui? On Mon, Mar 24, 2014 at 9:32 AM, Rich Brown <richb.hano...@gmail.com> wrote: > Folks, > > I updated the wiki to incorporate features of 3.10.32-12. > > - The SQM page has been updated to include current screen shots and describe > the options. A question: what are the units for the Hard Limit on > ingress/egress? > > http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_SQM_for_CeroWrt_310
Usually packets, unless you are using the undocumented bfifo qdisc option. > > - The Release Notes page has been updated to mention DNSSEC and BCP38. I'm > still not clear whether DNSSEC is turned on/operational by default. What > should that page say? > > http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_310_Release_Notes It's on by default, however, we MUST decide on some 100% robust method for getting time on boot before the stable release. Otherwise boxes that sit for a while before being turned on (consider boxes shipped on a boat from china) or those that can't get ntp at all will be locked out. I am enjoying the flood of ideas on this topic going by on another thread. (it would be good to broaden the thread to relevant ntp, dnssec mailing lists) > - I have added a BCP38 page to give an overview of that page. A question that > I haven't seen addressed in the commentary on the list: Does this BCP38 > implement also filter out spoofed source addresses? (I imagine it would, but > the pages don't specifically say so.) Depends on your definition of "spoof". 1) For example a babel node with a real IP inside of a natted network would still be accepted (and natted) on egress. Can't solve everything... 2) The implementation is capable of filtering out or accepting a large number of networks, as per bcp38. The default is basically the best that can be done for a home/natted network. Given that this is intended to give a cluebat, showing an example for a provider with a real network would be useful... > > http://www.bufferbloat.net/projects/cerowrt/wiki/CeroWrt_and_BCP38 > > Although I try to write carefully, sometimes I'm just makin' stuff up. > Comments requested. Thanks. good work! > Rich > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html _______________________________________________ Cerowrt-devel mailing list Cerowrt-devel@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cerowrt-devel
