[LEDE-DEV] Fwd: Re: [OpenWrt-Devel] move OpenWrt codebase to Git and GitHub
tapper
j.lancett at ntlworld.com
Tue May 31 09:59:40 PDT 2016
-------- Forwarded Message --------
Subject: Re: [OpenWrt-Devel] move OpenWrt codebase to Git and GitHub
Date: Tue, 31 May 2016 13:44:56 +0000
From: Abhijit Mahajani <Abhijit.Mahajani at imgtec.com>
To: openwrt-devel at lists.openwrt.org <openwrt-devel at lists.openwrt.org>
Hello Luka,
First of all, we would welcome the move of openwrt into GitHub. We have
been using openwrt for one of the project and we have already
opensourced our port on GitHub (https://github.com/IMGCreator/openwrt) .
And willing to upstream this to the openwrt community. So having openwrt
codebase in the GitHub will certainly help in the upstreaming. Any
guidance is highly appreciated.
Thanks and Regards,
Abhijit A. Mahajani
-----Original Message-----
From: openwrt-devel [mailto:openwrt-devel-bounces at lists.openwrt.org] On
Behalf Of openwrt-devel-request at lists.openwrt.org
Sent: Thursday, May 26, 2016 8:34 AM
To: openwrt-devel at lists.openwrt.org
Subject: openwrt-devel Digest, Vol 125, Issue 104
Send openwrt-devel mailing list submissions to
openwrt-devel at lists.openwrt.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
or, via email, send a message with subject or body 'help' to
openwrt-devel-request at lists.openwrt.org
You can reach the person managing the list at
openwrt-devel-owner at lists.openwrt.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of openwrt-devel digest..."
Today's Topics:
1. Re: OpenWrt / LEDE (Bjørn Mork)
2. Re: OpenWrt / LEDE (Rafał Miłecki)
3. Re: [PROPOSAL] move OpenWrt codebase to Git and GitHub
(Luka Perkov)
4. Re: [PROPOSAL] move OpenWrt codebase to Git and GitHub
(Luka Perkov)
5. Re: [OpenWrt-Users] [PROPOSAL] move OpenWrt codebase to Git
and GitHub (Luka Perkov)
6. Re: [OpenWrt-Users] [PROPOSAL] move OpenWrt codebase to Git
and GitHub (Valent Turkovic)
7. How to debug/config qos-scripts to work with OpenWRT AA? (Danng)
----------------------------------------------------------------------
Message: 1
Date: Wed, 25 May 2016 12:55:43 +0200
From: Bjørn Mork <bjorn at mork.no>
To: mbm <mbm at openwrt.org>
Cc: Rafał Miłecki <zajec5 at gmail.com>,
openwrt-devel at lists.openwrt.org, LEDE Development List
<lede-dev at lists.infradead.org>
Subject: Re: [OpenWrt-Devel] OpenWrt / LEDE
Message-ID: <8760u2pftc.fsf at nemi.mork.no>
Content-Type: text/plain; charset=utf-8
mbm <mbm at openwrt.org> writes:
> The hackers email address represents the primary point of contact for
> OpenWrt, particularly in regards to donations. Following the surprise
> LEDE announcement, forwarding rules for @openwrt.org email addresses
> were disabled. This was done to mitigate further damage to OpenWrt due
> to misrepresentation, intentional or otherwise.
Failing to see the damage your action has caused is your biggest problem
right now. Even if we accept the rather far fetched possibilty of
misrepresentation, there is no way that can outweight the effect on the
maintainership status OpenWrt.
Right now, 95 of the 145 (PKG_)MAINTAINER entries for OpenWrt packages
points to an openwrt.org email address belonging to a LEDE committer:
bjorn at canardo:/usr/local/src/openwrt$ git grep
'MAINTAINER:=.*<\(lynxis\|noltari\|dangole\|nbd\|hauke\|jow\|blogic\|neoraider\|rmilecki\|cyrus\|stintel\|thess\)@openwrt.org>'
origin/master -- package/|wc -l
95
bjorn at canardo:/usr/local/src/openwrt$ git grep 'MAINTAINER'
origin/master -- package/|wc -l
145
I don't know if all these were disabled, but the package I tried to
submit to after the split was one of these. You don't seem to
understand the devastating effect it has on OpenWrt if occasional
contributors gets an email bounce from the published maintainer address.
There is no way you can blame those maintainers for this situation.
The problem is solely the responsibility of whoever decided to disable
those addresses.
Bjørn
------------------------------
Message: 2
Date: Wed, 25 May 2016 13:52:54 +0200
From: Rafał Miłecki <zajec5 at gmail.com>
To: mbm <mbm at openwrt.org>
Cc: OpenWrt Development List <openwrt-devel at lists.openwrt.org>, LEDE
Development List <lede-dev at lists.infradead.org>
Subject: Re: [OpenWrt-Devel] OpenWrt / LEDE
Message-ID:
<CACna6rxziUF+z3_AU4xGxB+my63bCTHeRJ0Yp3oU2wwfX3A-Ag at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
On 25 May 2016 at 10:09, mbm <mbm at openwrt.org> wrote:
> The hackers email address represents the primary point of contact for
> OpenWrt, particularly in regards to donations. Following the surprise
> LEDE announcement, forwarding rules for @openwrt.org email addresses
> were disabled. This was done to mitigate further damage to OpenWrt due
> to misrepresentation, intentional or otherwise.
Hackers e-mail address (mailing list) was also used for internal
discussions. You not only disabled forwarding rules for @openwrt.org
personal e-mails but also kicked out private e-mails from the hackers
mailing list.
I never really cared about hardware donations offered to hackers, but
knowing what's going on (like release plans) is important for contributing.
--
Rafał
------------------------------
Message: 3
Date: Wed, 25 May 2016 18:25:54 +0200
From: Luka Perkov <luka at openwrt.org>
To: Eric Schultz <eschultz at prplfoundation.org>
Cc: openwrt-users at lists.openwrt.org, openwrt-devel
<openwrt-devel at lists.openwrt.org>
Subject: Re: [OpenWrt-Devel] [PROPOSAL] move OpenWrt codebase to Git
and GitHub
Message-ID: <20160525162554.GA11029 at localhost.localdomain>
Content-Type: text/plain; charset=us-ascii
On Tue, May 24, 2016 at 10:51:46AM -0500, Eric Schultz wrote:
> My free-software side worries about using something non-free like drone.io
> for CI but this is a huge task certainly and I'm not sure a free tool would
> meet everyone's needs (plus there's the huge added burden of maintenance).
The drone.io is actually Apache 2.0 [1] and the example build was
configured on a private machine.
Luka
[1] https://github.com/drone/drone
------------------------------
Message: 4
Date: Wed, 25 May 2016 18:46:27 +0200
From: Luka Perkov <luka at openwrt.org>
To: David Lang <david at lang.hm>
Cc: openwrt-users at lists.openwrt.org, openwrt-devel at lists.openwrt.org
Subject: Re: [OpenWrt-Devel] [PROPOSAL] move OpenWrt codebase to Git
and GitHub
Message-ID: <20160525164627.GB11029 at localhost.localdomain>
Content-Type: text/plain; charset=us-ascii
On Tue, May 24, 2016 at 10:29:30AM -0700, David Lang wrote:
> OpenWRT has already moved to using Git instead of SVN,
No, it has not. To users is exposed the Git frontend while the commits
are made to the SVN repo.
> so why do they need to move from hosting the git repository themselves to
> having it hosted on github?
See the reasons below.
> There can be a mirror of the repo on github (remember that git is a
> Decentralized VCS)
Also, we have discussed of having a mirror on our server and this is
something
that we can do. If everything happens on GitHub then I don't see a point in
having clone on GitHub instead of a having the main repo on GitHub and
having
clone elsewhere.
> > * GitHub and similar services will allow us to integrate more easily
> > with other projects
> >
> > Here specifically I mean integration with modern CI. Here is an example
> > of integration with drone.io [3][4]. At the moment this is only in the
> > POC stage but what I'd like to do down the line is to:
> >
> > - build OpenWrt images for all architectures for every pull request
> > - build OpenWrt package binary for every package pull request for all
> > architectures and make it available for download
> >
> > - build and host OpenWrt qemu and/or Docker image for every pull request
>
> the build farm isn't large enough to do this
Current one is not.
> It's also not neccessary to move to github to be able to do this, it
just
> needs more systems in the build farm to be able to build things fast enough.
With GitHub it will be able to see compile status of each pull request.
If it
is not GitHub or simmilar service then this would need to be developed and I
think we have better things to do then that :)
> > This will allow easy review of the work since flags will be shown in the
> > pull request if the build was sucessful or not. Also, this will allow
> > people to test changes without building the image and thus lowering the
> > time that needs to be spent on maintenance work.
> >
> > If this proposal gets accepted I'll be sending out an email to get
> > access to more build servers so this new build infrastructure can
> > properly support the project in a timely fashion.
>
> why should providing more build servers be contingent on moving to a
> commercial hosting provider vs running things themselves?
IMO move to GitHub will allow us to manage contributions more easily and
handle
them in timely fashion. This, combined with other perks explained in my
previous email is possible today without need to develop the features that
others provide today.
Luka
------------------------------
Message: 5
Date: Wed, 25 May 2016 18:55:38 +0200
From: Luka Perkov <luka at openwrt.org>
To: Jo-Philipp Wich <jo at mein.io>
Cc: OpenWrt User List <openwrt-users at lists.openwrt.org>, OpenWrt
Development List <openwrt-devel at lists.openwrt.org>
Subject: Re: [OpenWrt-Devel] [OpenWrt-Users] [PROPOSAL] move OpenWrt
codebase to Git and GitHub
Message-ID: <20160525165538.GA11417 at localhost.localdomain>
Content-Type: text/plain; charset=us-ascii
Thanks for the numbers Jo. The current hello-world setup with drone.io
was done on cheap SSD based VPS. That said, with some "optimizations"
(or hacks if you want) I think it should be possible to have less
powerful servers but more of them to do what is needed.
For example, if one makes pull request for package A. Then for every
target only the core system with package A and it's dependencies should
be built. That said, if pull request is valid it will result with a
successful build. We should avoid situations where somebody makes a patch
for package A and if fails to build because package Z unrelated to
package A is broken.
Luka
On Tue, May 24, 2016 at 10:35:42PM +0200, Jo-Philipp Wich wrote:
> Hi,
>
> here's a few numbers we gathered with our buildbot setup:
>
> We currently need roughly 35GB per target when building OpenWrt plus the
> entire package world and currently there are roughly ~70
> target/subtarget combinations in the OpenWrt tree.
>
> If fast build tests are desired then the only way to do so is by
> implementing incremental building which only works if there's enough
> space to retain all build trees at once which means there need to be
> about 2.5TB of storage available.
>
> For only building all base systems without package feeds the entire
> required space is around 800GB.
>
> A base system build currently requires 1 hour and 15 minutes on a
> machine having a Xeon E3-1246 v3 4 core / 8 thread CPU with prepopulated
> dl/, ccache and make -j8.
>
> A build of all packages from all feeds takes around 70 minutes on a Xeon
> E5-2630 v3 8 core / 16 thread machine with 12GB ram and make -j16.
>
> HTH,
> Jo
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
------------------------------
Message: 6
Date: Wed, 25 May 2016 22:49:49 +0200
From: Valent Turkovic <valent at otvorenamreza.org>
To: Benjamin Henrion <zoobab at gmail.com>, OpenWrt User List
<openwrt-users at lists.openwrt.org>
Cc: Jo-Philipp Wich <jo at mein.io>, Luka Perkov <luka at openwrt.org>,
OpenWrt Development List <openwrt-devel at lists.openwrt.org>
Subject: Re: [OpenWrt-Devel] [OpenWrt-Users] [PROPOSAL] move OpenWrt
codebase to Git and GitHub
Message-ID:
<CAGOios7Egk5UU23fGmqSpjvU9wC3=2b6qHtRF0K-S3y4tPFqdg at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
On Wed, May 25, 2016 at 7:06 PM, Benjamin Henrion <zoobab at gmail.com> wrote:
> On Tue, May 24, 2016 at 10:35 PM, Jo-Philipp Wich <jo at mein.io> wrote:
>> Hi,
>>
>> here's a few numbers we gathered with our buildbot setup:
>>
>> We currently need roughly 35GB per target when building OpenWrt plus the
>> entire package world and currently there are roughly ~70
>> target/subtarget combinations in the OpenWrt tree.
>>
>> If fast build tests are desired then the only way to do so is by
>> implementing incremental building which only works if there's enough
>> space to retain all build trees at once which means there need to be
>> about 2.5TB of storage available.
>
> A BTRFS volume with deduplication would help here?
I wouldn't trust BTRFS with photo album of my cats... I had it running
and couldn't compile OpenWrt on BTRFS volume because it ran out of
space, it was a knows bug that small files used up more space than df
and other tools saw...
But I as an advanced OpenWrt user and beginner openwrt developer would
love to see move to github, it would make things much, much easier,
please go for it.
------------------------------
Message: 7
Date: Thu, 26 May 2016 03:03:39 +0000
From: Danng <huynhminhdang at gmail.com>
To: "openwrt-devel at lists.openwrt.org"
<openwrt-devel at lists.openwrt.org>
Subject: [OpenWrt-Devel] How to debug/config qos-scripts to work with
OpenWRT AA?
Message-ID:
<CAG=y+tyUMQR7O2sBoSMtChmJ53rBSq36VVkm3S0GO=8JmSkFqQ at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hello,
I am trying to use qos-scripts in OpenWRT AA. I have an issue that the
qos-scripts can limit uplink speed but not downlink speed.
For example: I set 128kbit uplink and 1024kbit downlink, however, the
downlink is limitless
This is the speedtest I captured
http://speedof.me/show.php?img=160526022701-7038.png
- uplink can go up to 104kbps
- downlink can go up to 7861kbps (which is higher than the limitation I set)
---
I also tried with wshaper and the got same result.
Here is my setup:
- eth1 is the WAN port
- eth0 is connect to my PC
- OpenWRT AA
- Linux kernel 3.3.8
****************************************************************************
* cmd: cat /etc/config/qos
****************************************************************************
# QoS configuration for OpenWrt
# INTERFACES:
config interface wan
option classgroup "Default"
option enabled 1
option upload 128
option download 1024
# RULES:
config classify
option target "Priority"
option ports "22,53"
option comment "ssh, dns"
config classify
option target "Normal"
option proto "tcp"
option ports "20,21,25,80,110,443,993,995"
option comment "ftp, smtp, http(s), imap"
config classify
option target "Express"
option ports "5190"
option comment "AOL, iChat, ICQ"
config default
option target "Express"
option proto "udp"
option pktsize "-500"
config reclassify
option target "Priority"
option proto "icmp"
config default
option target "Bulk"
option portrange "1024-65535"
# Don't change the stuff below unless you
# really know what it means :)
config classgroup "Default"
option classes "Priority Express Normal Bulk"
option default "Normal"
config class "Priority"
option packetsize 400
option avgrate 10
option priority 20
config class "Priority_down"
option packetsize 1000
option avgrate 10
config class "Express"
option packetsize 1000
option avgrate 50
option priority 10
config class "Normal"
option packetsize 1500
option packetdelay 100
option avgrate 10
option priority 5
config class "Normal_down"
option avgrate 20
config class "Bulk"
option avgrate 1
option packetdelay 200
****************************************************************************
* cmd: /usr/lib/qos/generate.sh all
****************************************************************************
| insmod cls_u32 >&- 2>&-
| insmod em_u32 >&- 2>&-
| insmod act_connmark >&- 2>&-
| insmod act_mirred >&- 2>&-
| insmod sch_ingress >&- 2>&-
| insmod cls_fw >&- 2>&-
| insmod sch_hfsc >&- 2>&-
| insmod sch_fq_codel >&- 2>&-
| ifconfig eth1 up txqueuelen 5 >&- 2>&-
| tc qdisc del dev eth1 root >&- 2>&-
| tc qdisc add dev eth1 root handle 1: hfsc default 30
| tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 128kbit ul
rate 128kbit
| tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt m1 74kbit d
6103us m2 12kbit ls m1 74kbit d 6103us m2 71kbit ul rate 128kbit
| tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt m1 68kbit d
15258us m2 64kbit ls m1 68kbit d 15258us m2 35kbit ul rate 128kbit
| tc class add dev eth1 parent 1:1 classid 1:30 hfsc ls m1 0kbit d
100000us m2 17kbit ul rate 128kbit
| tc class add dev eth1 parent 1:1 classid 1:40 hfsc ls m1 0kbit d
200000us m2 3kbit ul rate 128kbit
| tc qdisc add dev eth1 parent 1:10 handle 100: fq_codel
| tc qdisc add dev eth1 parent 1:20 handle 200: fq_codel
| tc qdisc add dev eth1 parent 1:30 handle 300: fq_codel
| tc qdisc add dev eth1 parent 1:40 handle 400: fq_codel
| tc filter add dev eth1 parent 1: prio 1 protocol ip handle 1/0xff fw
flowid 1:10
| tc filter add dev eth1 parent 1: prio 2 protocol ip handle 2/0xff fw
flowid 1:20
| tc filter add dev eth1 parent 1: prio 3 protocol ip handle 3/0xff fw
flowid 1:30
| tc filter add dev eth1 parent 1: prio 4 protocol ip handle 4/0xff fw
flowid 1:40
| ifconfig ifb0 up txqueuelen 5 >&- 2>&-
| tc qdisc del dev ifb0 root >&- 2>&-
| tc qdisc add dev ifb0 root handle 1: hfsc default 30
| tc class add dev ifb0 parent 1: classid 1:1 hfsc sc rate 1024kbit ul
rate 1024kbit
| tc qdisc del dev eth1 ingress >&- 2>&-
| tc qdisc add dev eth1 ingress
| tc filter add dev eth1 parent ffff: protocol ip prio 1 u32 match u32
0 0 flowid 1:1 action connmark action mirred egress redirect dev ifb0
| tc class add dev ifb0 parent 1:1 classid 1:10 hfsc rt m1 232kbit d
1907us m2 102kbit ls m1 232kbit d 1907us m2 568kbit ul rate 1024kbit
| tc class add dev ifb0 parent 1:1 classid 1:20 hfsc rt m1 533kbit d
1907us m2 512kbit ls m1 533kbit d 1907us m2 284kbit ul rate 1024kbit
| tc class add dev ifb0 parent 1:1 classid 1:30 hfsc ls m1 0kbit d
100000us m2 142kbit ul rate 1024kbit
| tc class add dev ifb0 parent 1:1 classid 1:40 hfsc ls m1 0kbit d
200000us m2 28kbit ul rate 1024kbit
| tc qdisc add dev ifb0 parent 1:10 handle 100: fq_codel
| tc qdisc add dev ifb0 parent 1:20 handle 200: fq_codel
| tc qdisc add dev ifb0 parent 1:30 handle 300: fq_codel
| tc qdisc add dev ifb0 parent 1:40 handle 400: fq_codel
| tc filter add dev ifb0 parent 1: prio 1 protocol ip handle 1/0xff fw
flowid 1:10
| tc filter add dev ifb0 parent 1: prio 2 protocol ip handle 2/0xff fw
flowid 1:20
| tc filter add dev ifb0 parent 1: prio 3 protocol ip handle 3/0xff fw
flowid 1:30
| tc filter add dev ifb0 parent 1: prio 4 protocol ip handle 4/0xff fw
flowid 1:40
|
|
|
| iptables -t mangle -F qos_Default
| iptables -t mangle -F qos_Default_ct
| iptables -t mangle -D FORWARD -o eth1 -j qos_Default
| iptables -t mangle -D OUTPUT -o eth1 -j qos_Default
| iptables -t mangle -X qos_Default
| iptables -t mangle -X qos_Default_ct
| insmod ipt_multiport >&- 2>&-
| insmod ipt_CONNMARK >&- 2>&-
| insmod ipt_length >&- 2>&-
| iptables -t mangle -N qos_Default >&- 2>&-
| iptables -t mangle -N qos_Default_ct >&- 2>&-
| iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -m tcp -p
tcp -m multiport --ports 22,53 -j MARK --set-mark 1/0xff
| iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -p udp -m
udp -m multiport --ports 22,53 -j MARK --set-mark 1/0xff
| iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -p tcp -m
tcp -m multiport --ports 20,21,25,80,110,443,993,995 -j MARK
--set-mark 3/0xff
| iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -m tcp -p
tcp -m multiport --ports 5190 -j MARK --set-mark 2/0xff
| iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -p udp -m
udp -m multiport --ports 5190 -j MARK --set-mark 2/0xff
| iptables -t mangle -A qos_Default_ct -j CONNMARK --save-mark --mask 0xff
| iptables -t mangle -A qos_Default -j CONNMARK --restore-mark --mask 0xff
| iptables -t mangle -A qos_Default -m mark --mark 0/0xff -j qos_Default_ct
| iptables -t mangle -A qos_Default -m mark --mark 0/0xff -p udp -m
length --length :500 -j MARK --set-mark 2/0xff
| iptables -t mangle -A qos_Default -p icmp -j MARK --set-mark 1/0xff
| iptables -t mangle -A qos_Default -m mark --mark 0/0xff -m tcp -p
tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-mark 4/0xff
| iptables -t mangle -A qos_Default -m mark --mark 0/0xff -p udp -m
udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-mark 4/0xff
| iptables -t mangle -A OUTPUT -o eth1 -j qos_Default
| iptables -t mangle -A FORWARD -o eth1 -j qos_Default
\---------------------------------------------------------------------------
****************************************************************************
* cmd: iptables -L
****************************************************************************
| Chain INPUT (policy ACCEPT)
| target prot opt source destination
| ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
| ACCEPT all -- anywhere anywhere
| syn_flood tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN
| input_rule all -- anywhere anywhere
| input all -- anywhere anywhere
|
| Chain FORWARD (policy DROP)
| target prot opt source destination
| ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
| forwarding_rule all -- anywhere anywhere
| forward all -- anywhere anywhere
| reject all -- anywhere anywhere
|
| Chain OUTPUT (policy ACCEPT)
| target prot opt source destination
| ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
| ACCEPT all -- anywhere anywhere
| output_rule all -- anywhere anywhere
| output all -- anywhere anywhere
|
| Chain MINIUPNPD (1 references)
| target prot opt source destination
|
| Chain forward (1 references)
| target prot opt source destination
| zone_lan_forward all -- anywhere anywhere
| zone_wan_forward all -- anywhere anywhere
|
| Chain forwarding_lan (1 references)
| target prot opt source destination
|
| Chain forwarding_rule (1 references)
| target prot opt source destination
|
| Chain forwarding_wan (1 references)
| target prot opt source destination
|
| Chain input (1 references)
| target prot opt source destination
| zone_lan all -- anywhere anywhere
| zone_wan all -- anywhere anywhere
|
| Chain input_lan (1 references)
| target prot opt source destination
|
| Chain input_rule (1 references)
| target prot opt source destination
|
| Chain input_wan (1 references)
| target prot opt source destination
|
| Chain output (1 references)
| target prot opt source destination
| zone_lan_ACCEPT all -- anywhere anywhere
| zone_wan_ACCEPT all -- anywhere anywhere
|
| Chain output_rule (1 references)
| target prot opt source destination
|
| Chain reject (5 references)
| target prot opt source destination
| REJECT tcp -- anywhere anywhere
reject-with tcp-reset
| REJECT all -- anywhere anywhere
reject-with icmp-port-unreachable
|
| Chain syn_flood (1 references)
| target prot opt source destination
| RETURN tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
| DROP all -- anywhere anywhere
|
| Chain zone_lan (1 references)
| target prot opt source destination
| input_lan all -- anywhere anywhere
| zone_lan_ACCEPT all -- anywhere anywhere
|
| Chain zone_lan_ACCEPT (2 references)
| target prot opt source destination
| ACCEPT all -- anywhere anywhere
| ACCEPT all -- anywhere anywhere
|
| Chain zone_lan_DROP (0 references)
| target prot opt source destination
| DROP all -- anywhere anywhere
| DROP all -- anywhere anywhere
|
| Chain zone_lan_REJECT (1 references)
| target prot opt source destination
| reject all -- anywhere anywhere
| reject all -- anywhere anywhere
|
| Chain zone_lan_forward (1 references)
| target prot opt source destination
| zone_wan_ACCEPT all -- anywhere anywhere
| forwarding_lan all -- anywhere anywhere
| zone_lan_REJECT all -- anywhere anywhere
|
| Chain zone_wan (1 references)
| target prot opt source destination
| ACCEPT udp -- anywhere anywhere udp
dpt:bootpc
| ACCEPT icmp -- anywhere anywhere icmp
echo-request
| input_wan all -- anywhere anywhere
| zone_wan_REJECT all -- anywhere anywhere
|
| Chain zone_wan_ACCEPT (2 references)
| target prot opt source destination
| ACCEPT all -- anywhere anywhere
| ACCEPT all -- anywhere anywhere
|
| Chain zone_wan_DROP (0 references)
| target prot opt source destination
| DROP all -- anywhere anywhere
| DROP all -- anywhere anywhere
|
| Chain zone_wan_REJECT (2 references)
| target prot opt source destination
| reject all -- anywhere anywhere
| reject all -- anywhere anywhere
|
| Chain zone_wan_forward (1 references)
| target prot opt source destination
| MINIUPNPD all -- anywhere anywhere
| forwarding_wan all -- anywhere anywhere
| zone_wan_REJECT all -- anywhere anywhere
\---------------------------------------------------------------------------
****************************************************************************
* cmd: iptables -t nat -L
****************************************************************************
| Chain PREROUTING (policy ACCEPT)
| target prot opt source destination
| prerouting_rule all -- anywhere anywhere
| zone_lan_prerouting all -- anywhere anywhere
| zone_wan_prerouting all -- anywhere anywhere
|
| Chain INPUT (policy ACCEPT)
| target prot opt source destination
|
| Chain OUTPUT (policy ACCEPT)
| target prot opt source destination
|
| Chain POSTROUTING (policy ACCEPT)
| target prot opt source destination
| postrouting_rule all -- anywhere anywhere
| zone_lan_nat all -- anywhere anywhere
| zone_wan_nat all -- anywhere anywhere
|
| Chain MINIUPNPD (1 references)
| target prot opt source destination
|
| Chain postrouting_rule (1 references)
| target prot opt source destination
|
| Chain prerouting_lan (1 references)
| target prot opt source destination
|
| Chain prerouting_rule (1 references)
| target prot opt source destination
|
| Chain prerouting_wan (1 references)
| target prot opt source destination
|
| Chain zone_lan_nat (1 references)
| target prot opt source destination
|
| Chain zone_lan_prerouting (1 references)
| target prot opt source destination
| prerouting_lan all -- anywhere anywhere
|
| Chain zone_wan_nat (1 references)
| target prot opt source destination
| MASQUERADE all -- anywhere anywhere
|
| Chain zone_wan_prerouting (1 references)
| target prot opt source destination
| MINIUPNPD all -- anywhere anywhere
| prerouting_wan all -- anywhere anywhere
\---------------------------------------------------------------------------
****************************************************************************
* cmd: iptables -t mangle -L
****************************************************************************
| Chain PREROUTING (policy ACCEPT)
| target prot opt source destination
|
| Chain INPUT (policy ACCEPT)
| target prot opt source destination
|
| Chain FORWARD (policy ACCEPT)
| target prot opt source destination
| zone_wan_MSSFIX all -- anywhere anywhere
| qos_Default all -- anywhere anywhere
|
| Chain OUTPUT (policy ACCEPT)
| target prot opt source destination
| qos_Default all -- anywhere anywhere
|
| Chain POSTROUTING (policy ACCEPT)
| target prot opt source destination
|
| Chain qos_Default (2 references)
| target prot opt source destination
| CONNMARK all -- anywhere anywhere
CONNMARK restore mask 0xff
| qos_Default_ct all -- anywhere anywhere
mark match 0x0/0xff
| MARK udp -- anywhere anywhere mark
match 0x0/0xff length 0:500 MARK xset 0x2/0xff
| MARK icmp -- anywhere anywhere MARK
xset 0x1/0xff
| MARK tcp -- anywhere anywhere mark
match 0x0/0xff tcp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
| MARK udp -- anywhere anywhere mark
match 0x0/0xff udp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
|
| Chain qos_Default_ct (1 references)
| target prot opt source destination
| MARK tcp -- anywhere anywhere mark
match 0x0/0xff tcp multiport ports ssh,domain MARK xset 0x1/0xff
| MARK udp -- anywhere anywhere mark
match 0x0/0xff udp multiport ports ssh,domain MARK xset 0x1/0xff
| MARK tcp -- anywhere anywhere mark
match 0x0/0xff tcp multiport ports
ftp-data,ftp,smtp,www,pop3,https,imaps,pop3s MARK xset 0x3/0xff
| MARK tcp -- anywhere anywhere mark
match 0x0/0xff tcp multiport ports 5190 MARK xset 0x2/0xff
| MARK udp -- anywhere anywhere mark
match 0x0/0xff udp multiport ports 5190 MARK xset 0x2/0xff
| CONNMARK all -- anywhere anywhere
CONNMARK save mask 0xff
|
| Chain zone_wan_MSSFIX (1 references)
| target prot opt source destination
| TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
\---------------------------------------------------------------------------
****************************************************************************
* cmd: tc -s qdisc show dev eth0
****************************************************************************
| qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1
1 1 1 1 1 1 1
| Sent 278256856 bytes 260097 pkt (dropped 0, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
\---------------------------------------------------------------------------
****************************************************************************
* cmd: tc -s qdisc show dev eth1
****************************************************************************
| qdisc hfsc 1: root refcnt 2 default 30
| Sent 1447188 bytes 7376 pkt (dropped 0, overlimits 12468 requeues 0)
| backlog 0b 0p requeues 0
| qdisc fq_codel 100: parent 1:10 limit 10240p flows 1024 quantum 1518
target 5.0ms interval 100.0ms ecn
| Sent 5000 bytes 55 pkt (dropped 0, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
| maxpacket 256 drop_overlimit 0 new_flow_count 27 ecn_mark 0
| new_flows_len 1 old_flows_len 0
| qdisc fq_codel 200: parent 1:20 limit 10240p flows 1024 quantum 1518
target 5.0ms interval 100.0ms ecn
| Sent 19246 bytes 145 pkt (dropped 0, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
| maxpacket 350 drop_overlimit 0 new_flow_count 80 ecn_mark 0
| new_flows_len 0 old_flows_len 2
| qdisc fq_codel 300: parent 1:30 limit 10240p flows 1024 quantum 1518
target 5.0ms interval 100.0ms ecn
| Sent 720529 bytes 2687 pkt (dropped 223, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
| maxpacket 1514 drop_overlimit 0 new_flow_count 750 ecn_mark 0
| new_flows_len 1 old_flows_len 5
| qdisc fq_codel 400: parent 1:40 limit 10240p flows 1024 quantum 1518
target 5.0ms interval 100.0ms ecn
| Sent 702413 bytes 4489 pkt (dropped 1461, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
| maxpacket 1514 drop_overlimit 0 new_flow_count 271 ecn_mark 0
| new_flows_len 0 old_flows_len 1
| qdisc ingress ffff: parent ffff:fff1 ----------------
| Sent 1639987 bytes 3843 pkt (dropped 0, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
\---------------------------------------------------------------------------
****************************************************************************
* cmd: tc -s qdisc show dev ifb0
****************************************************************************
| qdisc hfsc 1: root refcnt 2 default 30
| Sent 1391951 bytes 2762 pkt (dropped 0, overlimits 2001 requeues 0)
| backlog 0b 0p requeues 0
| qdisc fq_codel 100: parent 1:10 limit 10240p flows 1024 quantum 1514
target 5.0ms interval 100.0ms ecn
| Sent 4723 bytes 23 pkt (dropped 0, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
| maxpacket 299 drop_overlimit 0 new_flow_count 21 ecn_mark 0
| new_flows_len 1 old_flows_len 0
| qdisc fq_codel 200: parent 1:20 limit 10240p flows 1024 quantum 1514
target 5.0ms interval 100.0ms ecn
| Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
| maxpacket 256 drop_overlimit 0 new_flow_count 0 ecn_mark 0
| new_flows_len 0 old_flows_len 0
| qdisc fq_codel 300: parent 1:30 limit 10240p flows 1024 quantum 1514
target 5.0ms interval 100.0ms ecn
| Sent 1387228 bytes 2739 pkt (dropped 127, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
| maxpacket 1518 drop_overlimit 0 new_flow_count 1052 ecn_mark 0
| new_flows_len 1 old_flows_len 1
| qdisc fq_codel 400: parent 1:40 limit 10240p flows 1024 quantum 1514
target 5.0ms interval 100.0ms ecn
| Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
| backlog 0b 0p requeues 0
| maxpacket 256 drop_overlimit 0 new_flow_count 0 ecn_mark 0
| new_flows_len 0 old_flows_len 0
\---------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20160526/209125a9/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
------------------------------
End of openwrt-devel Digest, Vol 125, Issue 104
***********************************************
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the Lede-dev
mailing list