[OpenWrt-Devel] move OpenWrt codebase to Git and GitHub

Abhijit Mahajani Abhijit.Mahajani at imgtec.com
Tue May 31 09:44:56 EDT 2016


Hello Luka,

First of all, we would welcome the move of openwrt into GitHub. We have been using openwrt for one of the project and we have already opensourced our port on GitHub (https://github.com/IMGCreator/openwrt) . And willing to upstream this to the openwrt community. So having openwrt codebase in the GitHub will certainly help in the upstreaming. Any guidance is highly appreciated. 


Thanks and Regards,
Abhijit A. Mahajani


-----Original Message-----
From: openwrt-devel [mailto:openwrt-devel-bounces at lists.openwrt.org] On Behalf Of openwrt-devel-request at lists.openwrt.org
Sent: Thursday, May 26, 2016 8:34 AM
To: openwrt-devel at lists.openwrt.org
Subject: openwrt-devel Digest, Vol 125, Issue 104

Send openwrt-devel mailing list submissions to
	openwrt-devel at lists.openwrt.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
or, via email, send a message with subject or body 'help' to
	openwrt-devel-request at lists.openwrt.org

You can reach the person managing the list at
	openwrt-devel-owner at lists.openwrt.org

When replying, please edit your Subject line so it is more specific than "Re: Contents of openwrt-devel digest..."


Today's Topics:

   1. Re: OpenWrt / LEDE (Bjørn Mork)
   2. Re: OpenWrt / LEDE (Rafał Miłecki)
   3. Re: [PROPOSAL] move OpenWrt codebase to Git and GitHub
      (Luka Perkov)
   4. Re: [PROPOSAL] move OpenWrt codebase to Git and GitHub
      (Luka Perkov)
   5. Re: [OpenWrt-Users] [PROPOSAL] move OpenWrt codebase to Git
      and GitHub (Luka Perkov)
   6. Re: [OpenWrt-Users] [PROPOSAL] move OpenWrt codebase to Git
      and GitHub (Valent Turkovic)
   7. How to debug/config qos-scripts to work with	OpenWRT AA? (Danng)


----------------------------------------------------------------------

Message: 1
Date: Wed, 25 May 2016 12:55:43 +0200
From: Bjørn Mork <bjorn at mork.no>
To: mbm <mbm at openwrt.org>
Cc: Rafał Miłecki <zajec5 at gmail.com>,
	openwrt-devel at lists.openwrt.org, LEDE Development List
	<lede-dev at lists.infradead.org>
Subject: Re: [OpenWrt-Devel] OpenWrt / LEDE
Message-ID: <8760u2pftc.fsf at nemi.mork.no>
Content-Type: text/plain; charset=utf-8

mbm <mbm at openwrt.org> writes:

> The hackers email address represents the primary point of contact for 
> OpenWrt, particularly in regards to donations. Following the surprise 
> LEDE announcement, forwarding rules for @openwrt.org email addresses 
> were disabled. This was done to mitigate further damage to OpenWrt due 
> to misrepresentation, intentional or otherwise.

Failing to see the damage your action has caused is your biggest problem right now. Even if we accept the rather far fetched possibilty of misrepresentation, there is no way that can outweight the effect on the maintainership status OpenWrt.

Right now, 95 of the 145 (PKG_)MAINTAINER entries for OpenWrt packages points to an openwrt.org email address belonging to a LEDE committer:

 bjorn at canardo:/usr/local/src/openwrt$ git grep 'MAINTAINER:=.*<\(lynxis\|noltari\|dangole\|nbd\|hauke\|jow\|blogic\|neoraider\|rmilecki\|cyrus\|stintel\|thess\)@openwrt.org>' origin/master -- package/|wc -l
95
 bjorn at canardo:/usr/local/src/openwrt$ git grep 'MAINTAINER' origin/master -- package/|wc -l
145

I don't know if all these were disabled, but the package I tried to submit to after the split was one of these.  You don't seem to understand the devastating effect it has on OpenWrt if occasional contributors gets an email bounce from the published maintainer address.  There is no way you can blame those maintainers for this situation.  The problem is solely the responsibility of whoever decided to disable those addresses.


Bjørn


------------------------------

Message: 2
Date: Wed, 25 May 2016 13:52:54 +0200
From: Rafał Miłecki <zajec5 at gmail.com>
To: mbm <mbm at openwrt.org>
Cc: OpenWrt Development List <openwrt-devel at lists.openwrt.org>,  LEDE
	Development List <lede-dev at lists.infradead.org>
Subject: Re: [OpenWrt-Devel] OpenWrt / LEDE
Message-ID:
	<CACna6rxziUF+z3_AU4xGxB+my63bCTHeRJ0Yp3oU2wwfX3A-Ag at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

On 25 May 2016 at 10:09, mbm <mbm at openwrt.org> wrote:
> The hackers email address represents the primary point of contact for 
> OpenWrt, particularly in regards to donations. Following the surprise 
> LEDE announcement, forwarding rules for @openwrt.org email addresses 
> were disabled. This was done to mitigate further damage to OpenWrt due 
> to misrepresentation, intentional or otherwise.

Hackers e-mail address (mailing list) was also used for internal discussions. You not only disabled forwarding rules for @openwrt.org personal e-mails but also kicked out private e-mails from the hackers mailing list.
I never really cared about hardware donations offered to hackers, but knowing what's going on (like release plans) is important for contributing.

--
Rafał


------------------------------

Message: 3
Date: Wed, 25 May 2016 18:25:54 +0200
From: Luka Perkov <luka at openwrt.org>
To: Eric Schultz <eschultz at prplfoundation.org>
Cc: openwrt-users at lists.openwrt.org, openwrt-devel
	<openwrt-devel at lists.openwrt.org>
Subject: Re: [OpenWrt-Devel] [PROPOSAL] move OpenWrt codebase to Git
	and GitHub
Message-ID: <20160525162554.GA11029 at localhost.localdomain>
Content-Type: text/plain; charset=us-ascii

On Tue, May 24, 2016 at 10:51:46AM -0500, Eric Schultz wrote:
> My free-software side worries about using something non-free like drone.io
> for CI but this is a huge task certainly and I'm not sure a free tool would
> meet everyone's needs (plus there's the huge added burden of maintenance).

The drone.io is actually Apache 2.0 [1] and the example build was
configured on a private machine.

Luka

[1] https://github.com/drone/drone


------------------------------

Message: 4
Date: Wed, 25 May 2016 18:46:27 +0200
From: Luka Perkov <luka at openwrt.org>
To: David Lang <david at lang.hm>
Cc: openwrt-users at lists.openwrt.org, openwrt-devel at lists.openwrt.org
Subject: Re: [OpenWrt-Devel] [PROPOSAL] move OpenWrt codebase to Git
	and GitHub
Message-ID: <20160525164627.GB11029 at localhost.localdomain>
Content-Type: text/plain; charset=us-ascii

On Tue, May 24, 2016 at 10:29:30AM -0700, David Lang wrote:
> OpenWRT has already moved to using Git instead of SVN,

No, it has not. To users is exposed the Git frontend while the commits
are made to the SVN repo.

> so why do they need to move from hosting the git repository themselves to
> having it hosted on github?

See the reasons below.

> There can be a mirror of the repo on github (remember that git is a
> Decentralized VCS)

Also, we have discussed of having a mirror on our server and this is something
that we can do. If everything happens on GitHub then I don't see a point in
having clone on GitHub instead of a having the main repo on GitHub and having
clone elsewhere.

> > * GitHub and similar services will allow us to integrate more easily
> > with other projects
> > 
> > Here specifically I mean integration with modern CI. Here is an example
> > of integration with drone.io [3][4]. At the moment this is only in the
> > POC stage but what I'd like to do down the line is to:
> > 
> > - build OpenWrt images for all architectures for every pull request
> > - build OpenWrt package binary for every package pull request for all
> > architectures and make it available for download
> > 
> > - build and host OpenWrt qemu and/or Docker image for every pull request
> 
> the build farm isn't large enough to do this

Current one is not.
 
> It's also not neccessary to move to github to be able to do this, it just
> needs more systems in the build farm to be able to build things fast enough.

With GitHub it will be able to see compile status of each pull request. If it
is not GitHub or simmilar service then this would need to be developed and I
think we have better things to do then that :)

> > This will allow easy review of the work since flags will be shown in the
> > pull request if the build was sucessful or not. Also, this will allow
> > people to test changes without building the image and thus lowering the
> > time that needs to be spent on maintenance work.
> > 
> > If this proposal gets accepted I'll be sending out an email to get
> > access to more build servers so this new build infrastructure can
> > properly support the project in a timely fashion.
> 
> why should providing more build servers be contingent on moving to a
> commercial hosting provider vs running things themselves?

IMO move to GitHub will allow us to manage contributions more easily and handle
them in timely fashion. This, combined with other perks explained in my
previous email is possible today without need to develop the features that
others provide today.

Luka


------------------------------

Message: 5
Date: Wed, 25 May 2016 18:55:38 +0200
From: Luka Perkov <luka at openwrt.org>
To: Jo-Philipp Wich <jo at mein.io>
Cc: OpenWrt User List <openwrt-users at lists.openwrt.org>, OpenWrt
	Development List <openwrt-devel at lists.openwrt.org>
Subject: Re: [OpenWrt-Devel] [OpenWrt-Users] [PROPOSAL] move OpenWrt
	codebase to Git and GitHub
Message-ID: <20160525165538.GA11417 at localhost.localdomain>
Content-Type: text/plain; charset=us-ascii

Thanks for the numbers Jo. The current hello-world setup with drone.io
was done on cheap SSD based VPS. That said, with some "optimizations"
(or hacks if you want) I think it should be possible to have less
powerful servers but more of them to do what is needed.

For example, if one makes pull request for package A. Then for every
target only the core system with package A and it's dependencies should
be built. That said, if pull request is valid it will result with a
successful build. We should avoid situations where somebody makes a patch
for package A and if fails to build because package Z unrelated to
package A is broken.

Luka

On Tue, May 24, 2016 at 10:35:42PM +0200, Jo-Philipp Wich wrote:
> Hi,
> 
> here's a few numbers we gathered with our buildbot setup:
> 
> We currently need roughly 35GB per target when building OpenWrt plus the
> entire package world and currently there are roughly ~70
> target/subtarget combinations in the OpenWrt tree.
> 
> If fast build tests are desired then the only way to do so is by
> implementing incremental building which only works if there's enough
> space to retain all build trees at once which means there need to be
> about 2.5TB of storage available.
> 
> For only building all base systems without package feeds the entire
> required space is around 800GB.
> 
> A base system build currently requires 1 hour and 15 minutes on a
> machine having a Xeon E3-1246 v3 4 core / 8 thread CPU with prepopulated
> dl/, ccache and make -j8.
> 
> A build of all packages from all feeds takes around 70 minutes on a Xeon
> E5-2630 v3 8 core / 16 thread machine with 12GB ram and make -j16.
> 
> HTH,
> Jo
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


------------------------------

Message: 6
Date: Wed, 25 May 2016 22:49:49 +0200
From: Valent Turkovic <valent at otvorenamreza.org>
To: Benjamin Henrion <zoobab at gmail.com>, OpenWrt User List
	<openwrt-users at lists.openwrt.org>
Cc: Jo-Philipp Wich <jo at mein.io>, Luka Perkov <luka at openwrt.org>,
	OpenWrt Development List <openwrt-devel at lists.openwrt.org>
Subject: Re: [OpenWrt-Devel] [OpenWrt-Users] [PROPOSAL] move OpenWrt
	codebase to Git and GitHub
Message-ID:
	<CAGOios7Egk5UU23fGmqSpjvU9wC3=2b6qHtRF0K-S3y4tPFqdg at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

On Wed, May 25, 2016 at 7:06 PM, Benjamin Henrion <zoobab at gmail.com> wrote:
> On Tue, May 24, 2016 at 10:35 PM, Jo-Philipp Wich <jo at mein.io> wrote:
>> Hi,
>>
>> here's a few numbers we gathered with our buildbot setup:
>>
>> We currently need roughly 35GB per target when building OpenWrt plus the
>> entire package world and currently there are roughly ~70
>> target/subtarget combinations in the OpenWrt tree.
>>
>> If fast build tests are desired then the only way to do so is by
>> implementing incremental building which only works if there's enough
>> space to retain all build trees at once which means there need to be
>> about 2.5TB of storage available.
>
> A BTRFS volume with deduplication would help here?

I wouldn't trust BTRFS with photo album of my cats... I had it running
and couldn't compile OpenWrt on BTRFS volume because it ran out of
space, it was a knows bug that small files used up more space than df
and other tools saw...

But I as an advanced OpenWrt user and beginner openwrt developer would
love to see move to github, it would make things much, much easier,
please go for it.


------------------------------

Message: 7
Date: Thu, 26 May 2016 03:03:39 +0000
From: Danng <huynhminhdang at gmail.com>
To: "openwrt-devel at lists.openwrt.org"
	<openwrt-devel at lists.openwrt.org>
Subject: [OpenWrt-Devel] How to debug/config qos-scripts to work with
	OpenWRT AA?
Message-ID:
	<CAG=y+tyUMQR7O2sBoSMtChmJ53rBSq36VVkm3S0GO=8JmSkFqQ at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hello,

I am trying to use qos-scripts in OpenWRT AA. I have an issue that the
qos-scripts can limit uplink speed but not downlink speed.

For example: I set 128kbit uplink and 1024kbit downlink, however, the
downlink is limitless

This is the speedtest I captured

http://speedof.me/show.php?img=160526022701-7038.png

- uplink can go up to 104kbps
- downlink can go up to 7861kbps (which is higher than the limitation I set)

---

I also tried with wshaper and the got same result.

Here is my setup:
- eth1 is the WAN port
- eth0 is connect to my PC
- OpenWRT AA
- Linux kernel 3.3.8

****************************************************************************
* cmd: cat /etc/config/qos
****************************************************************************

# QoS configuration for OpenWrt

# INTERFACES:
config interface wan
	option classgroup  "Default"
	option enabled      1
	option upload       128
	option download     1024

# RULES:
config classify
	option target       "Priority"
	option ports        "22,53"
	option comment      "ssh, dns"
config classify
	option target       "Normal"
	option proto        "tcp"
	option ports        "20,21,25,80,110,443,993,995"
	option comment      "ftp, smtp, http(s), imap"
config classify
	option target       "Express"
	option ports        "5190"
	option comment      "AOL, iChat, ICQ"
config default
	option target       "Express"
	option proto        "udp"
	option pktsize      "-500"
config reclassify
	option target       "Priority"
	option proto        "icmp"
config default
	option target       "Bulk"
	option portrange    "1024-65535"


# Don't change the stuff below unless you
# really know what it means :)

config classgroup "Default"
	option classes      "Priority Express Normal Bulk"
	option default      "Normal"


config class "Priority"
	option packetsize  400
	option avgrate     10
	option priority    20
config class "Priority_down"
	option packetsize  1000
	option avgrate     10


config class "Express"
	option packetsize  1000
	option avgrate     50
	option priority    10

config class "Normal"
	option packetsize  1500
	option packetdelay 100
	option avgrate     10
	option priority    5
config class "Normal_down"
	option avgrate     20

config class "Bulk"
	option avgrate     1
	option packetdelay 200

****************************************************************************
* cmd: /usr/lib/qos/generate.sh all
****************************************************************************
| insmod cls_u32 >&- 2>&-
| insmod em_u32 >&- 2>&-
| insmod act_connmark >&- 2>&-
| insmod act_mirred >&- 2>&-
| insmod sch_ingress >&- 2>&-
| insmod cls_fw >&- 2>&-
| insmod sch_hfsc >&- 2>&-
| insmod sch_fq_codel >&- 2>&-
| ifconfig eth1 up txqueuelen 5 >&- 2>&-
| tc qdisc del dev eth1 root >&- 2>&-
| tc qdisc add dev eth1 root handle 1: hfsc default 30
| tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 128kbit ul
rate 128kbit
| tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt m1 74kbit d
6103us m2 12kbit ls m1 74kbit d 6103us m2 71kbit ul rate 128kbit
| tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt m1 68kbit d
15258us m2 64kbit ls m1 68kbit d 15258us m2 35kbit ul rate 128kbit
| tc class add dev eth1 parent 1:1 classid 1:30 hfsc ls m1 0kbit d
100000us m2 17kbit ul rate 128kbit
| tc class add dev eth1 parent 1:1 classid 1:40 hfsc ls m1 0kbit d
200000us m2 3kbit ul rate 128kbit
| tc qdisc add dev eth1 parent 1:10 handle 100: fq_codel
| tc qdisc add dev eth1 parent 1:20 handle 200: fq_codel
| tc qdisc add dev eth1 parent 1:30 handle 300: fq_codel
| tc qdisc add dev eth1 parent 1:40 handle 400: fq_codel
| tc filter add dev eth1 parent 1: prio 1 protocol ip handle 1/0xff fw
flowid 1:10
| tc filter add dev eth1 parent 1: prio 2 protocol ip handle 2/0xff fw
flowid 1:20
| tc filter add dev eth1 parent 1: prio 3 protocol ip handle 3/0xff fw
flowid 1:30
| tc filter add dev eth1 parent 1: prio 4 protocol ip handle 4/0xff fw
flowid 1:40
| ifconfig ifb0 up txqueuelen 5 >&- 2>&-
| tc qdisc del dev ifb0 root >&- 2>&-
| tc qdisc add dev ifb0 root handle 1: hfsc default 30
| tc class add dev ifb0 parent 1: classid 1:1 hfsc sc rate 1024kbit ul
rate 1024kbit
| tc qdisc del dev eth1 ingress >&- 2>&-
| tc qdisc add dev eth1 ingress
| tc filter add dev eth1 parent ffff: protocol ip prio 1 u32 match u32
0 0 flowid 1:1 action connmark action mirred egress redirect dev ifb0
| tc class add dev ifb0 parent 1:1 classid 1:10 hfsc rt m1 232kbit d
1907us m2 102kbit ls m1 232kbit d 1907us m2 568kbit ul rate 1024kbit
| tc class add dev ifb0 parent 1:1 classid 1:20 hfsc rt m1 533kbit d
1907us m2 512kbit ls m1 533kbit d 1907us m2 284kbit ul rate 1024kbit
| tc class add dev ifb0 parent 1:1 classid 1:30 hfsc ls m1 0kbit d
100000us m2 142kbit ul rate 1024kbit
| tc class add dev ifb0 parent 1:1 classid 1:40 hfsc ls m1 0kbit d
200000us m2 28kbit ul rate 1024kbit
| tc qdisc add dev ifb0 parent 1:10 handle 100: fq_codel
| tc qdisc add dev ifb0 parent 1:20 handle 200: fq_codel
| tc qdisc add dev ifb0 parent 1:30 handle 300: fq_codel
| tc qdisc add dev ifb0 parent 1:40 handle 400: fq_codel
| tc filter add dev ifb0 parent 1: prio 1 protocol ip handle 1/0xff fw
flowid 1:10
| tc filter add dev ifb0 parent 1: prio 2 protocol ip handle 2/0xff fw
flowid 1:20
| tc filter add dev ifb0 parent 1: prio 3 protocol ip handle 3/0xff fw
flowid 1:30
| tc filter add dev ifb0 parent 1: prio 4 protocol ip handle 4/0xff fw
flowid 1:40
|
|
|
| iptables -t mangle -F qos_Default
| iptables -t mangle -F qos_Default_ct
| iptables -t mangle -D FORWARD -o eth1 -j qos_Default
| iptables -t mangle -D OUTPUT -o eth1 -j qos_Default
| iptables -t mangle -X qos_Default
| iptables -t mangle -X qos_Default_ct
| insmod ipt_multiport >&- 2>&-
| insmod ipt_CONNMARK >&- 2>&-
| insmod ipt_length >&- 2>&-
| iptables -t mangle -N qos_Default >&- 2>&-
| iptables -t mangle -N qos_Default_ct >&- 2>&-
| iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -m tcp -p
tcp -m multiport --ports 22,53 -j MARK --set-mark 1/0xff
| iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -p udp -m
udp -m multiport --ports 22,53 -j MARK --set-mark 1/0xff
| iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -p tcp -m
tcp -m multiport --ports 20,21,25,80,110,443,993,995 -j MARK
--set-mark 3/0xff
| iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -m tcp -p
tcp -m multiport --ports 5190 -j MARK --set-mark 2/0xff
| iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -p udp -m
udp -m multiport --ports 5190 -j MARK --set-mark 2/0xff
| iptables -t mangle -A qos_Default_ct -j CONNMARK --save-mark --mask 0xff
| iptables -t mangle -A qos_Default -j CONNMARK --restore-mark --mask 0xff
| iptables -t mangle -A qos_Default -m mark --mark 0/0xff -j qos_Default_ct
| iptables -t mangle -A qos_Default -m mark --mark 0/0xff -p udp -m
length --length :500 -j MARK --set-mark 2/0xff
| iptables -t mangle -A qos_Default -p icmp -j MARK --set-mark 1/0xff
| iptables -t mangle -A qos_Default -m mark --mark 0/0xff -m tcp -p
tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-mark 4/0xff
| iptables -t mangle -A qos_Default -m mark --mark 0/0xff -p udp -m
udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-mark 4/0xff
| iptables -t mangle -A OUTPUT -o eth1 -j qos_Default
| iptables -t mangle -A FORWARD -o eth1 -j qos_Default
\---------------------------------------------------------------------------

****************************************************************************
* cmd: iptables -L
****************************************************************************
| Chain INPUT (policy ACCEPT)
| target     prot opt source               destination
| ACCEPT     all  --  anywhere             anywhere            ctstate
RELATED,ESTABLISHED
| ACCEPT     all  --  anywhere             anywhere
| syn_flood  tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,ACK/SYN
| input_rule  all  --  anywhere             anywhere
| input      all  --  anywhere             anywhere
|
| Chain FORWARD (policy DROP)
| target     prot opt source               destination
| ACCEPT     all  --  anywhere             anywhere            ctstate
RELATED,ESTABLISHED
| forwarding_rule  all  --  anywhere             anywhere
| forward    all  --  anywhere             anywhere
| reject     all  --  anywhere             anywhere
|
| Chain OUTPUT (policy ACCEPT)
| target     prot opt source               destination
| ACCEPT     all  --  anywhere             anywhere            ctstate
RELATED,ESTABLISHED
| ACCEPT     all  --  anywhere             anywhere
| output_rule  all  --  anywhere             anywhere
| output     all  --  anywhere             anywhere
|
| Chain MINIUPNPD (1 references)
| target     prot opt source               destination
|
| Chain forward (1 references)
| target     prot opt source               destination
| zone_lan_forward  all  --  anywhere             anywhere
| zone_wan_forward  all  --  anywhere             anywhere
|
| Chain forwarding_lan (1 references)
| target     prot opt source               destination
|
| Chain forwarding_rule (1 references)
| target     prot opt source               destination
|
| Chain forwarding_wan (1 references)
| target     prot opt source               destination
|
| Chain input (1 references)
| target     prot opt source               destination
| zone_lan   all  --  anywhere             anywhere
| zone_wan   all  --  anywhere             anywhere
|
| Chain input_lan (1 references)
| target     prot opt source               destination
|
| Chain input_rule (1 references)
| target     prot opt source               destination
|
| Chain input_wan (1 references)
| target     prot opt source               destination
|
| Chain output (1 references)
| target     prot opt source               destination
| zone_lan_ACCEPT  all  --  anywhere             anywhere
| zone_wan_ACCEPT  all  --  anywhere             anywhere
|
| Chain output_rule (1 references)
| target     prot opt source               destination
|
| Chain reject (5 references)
| target     prot opt source               destination
| REJECT     tcp  --  anywhere             anywhere
reject-with tcp-reset
| REJECT     all  --  anywhere             anywhere
reject-with icmp-port-unreachable
|
| Chain syn_flood (1 references)
| target     prot opt source               destination
| RETURN     tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
| DROP       all  --  anywhere             anywhere
|
| Chain zone_lan (1 references)
| target     prot opt source               destination
| input_lan  all  --  anywhere             anywhere
| zone_lan_ACCEPT  all  --  anywhere             anywhere
|
| Chain zone_lan_ACCEPT (2 references)
| target     prot opt source               destination
| ACCEPT     all  --  anywhere             anywhere
| ACCEPT     all  --  anywhere             anywhere
|
| Chain zone_lan_DROP (0 references)
| target     prot opt source               destination
| DROP       all  --  anywhere             anywhere
| DROP       all  --  anywhere             anywhere
|
| Chain zone_lan_REJECT (1 references)
| target     prot opt source               destination
| reject     all  --  anywhere             anywhere
| reject     all  --  anywhere             anywhere
|
| Chain zone_lan_forward (1 references)
| target     prot opt source               destination
| zone_wan_ACCEPT  all  --  anywhere             anywhere
| forwarding_lan  all  --  anywhere             anywhere
| zone_lan_REJECT  all  --  anywhere             anywhere
|
| Chain zone_wan (1 references)
| target     prot opt source               destination
| ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootpc
| ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
| input_wan  all  --  anywhere             anywhere
| zone_wan_REJECT  all  --  anywhere             anywhere
|
| Chain zone_wan_ACCEPT (2 references)
| target     prot opt source               destination
| ACCEPT     all  --  anywhere             anywhere
| ACCEPT     all  --  anywhere             anywhere
|
| Chain zone_wan_DROP (0 references)
| target     prot opt source               destination
| DROP       all  --  anywhere             anywhere
| DROP       all  --  anywhere             anywhere
|
| Chain zone_wan_REJECT (2 references)
| target     prot opt source               destination
| reject     all  --  anywhere             anywhere
| reject     all  --  anywhere             anywhere
|
| Chain zone_wan_forward (1 references)
| target     prot opt source               destination
| MINIUPNPD  all  --  anywhere             anywhere
| forwarding_wan  all  --  anywhere             anywhere
| zone_wan_REJECT  all  --  anywhere             anywhere
\---------------------------------------------------------------------------

****************************************************************************
* cmd: iptables -t nat -L
****************************************************************************
| Chain PREROUTING (policy ACCEPT)
| target     prot opt source               destination
| prerouting_rule  all  --  anywhere             anywhere
| zone_lan_prerouting  all  --  anywhere             anywhere
| zone_wan_prerouting  all  --  anywhere             anywhere
|
| Chain INPUT (policy ACCEPT)
| target     prot opt source               destination
|
| Chain OUTPUT (policy ACCEPT)
| target     prot opt source               destination
|
| Chain POSTROUTING (policy ACCEPT)
| target     prot opt source               destination
| postrouting_rule  all  --  anywhere             anywhere
| zone_lan_nat  all  --  anywhere             anywhere
| zone_wan_nat  all  --  anywhere             anywhere
|
| Chain MINIUPNPD (1 references)
| target     prot opt source               destination
|
| Chain postrouting_rule (1 references)
| target     prot opt source               destination
|
| Chain prerouting_lan (1 references)
| target     prot opt source               destination
|
| Chain prerouting_rule (1 references)
| target     prot opt source               destination
|
| Chain prerouting_wan (1 references)
| target     prot opt source               destination
|
| Chain zone_lan_nat (1 references)
| target     prot opt source               destination
|
| Chain zone_lan_prerouting (1 references)
| target     prot opt source               destination
| prerouting_lan  all  --  anywhere             anywhere
|
| Chain zone_wan_nat (1 references)
| target     prot opt source               destination
| MASQUERADE  all  --  anywhere             anywhere
|
| Chain zone_wan_prerouting (1 references)
| target     prot opt source               destination
| MINIUPNPD  all  --  anywhere             anywhere
| prerouting_wan  all  --  anywhere             anywhere
\---------------------------------------------------------------------------

****************************************************************************
* cmd: iptables -t mangle -L
****************************************************************************
| Chain PREROUTING (policy ACCEPT)
| target     prot opt source               destination
|
| Chain INPUT (policy ACCEPT)
| target     prot opt source               destination
|
| Chain FORWARD (policy ACCEPT)
| target     prot opt source               destination
| zone_wan_MSSFIX  all  --  anywhere             anywhere
| qos_Default  all  --  anywhere             anywhere
|
| Chain OUTPUT (policy ACCEPT)
| target     prot opt source               destination
| qos_Default  all  --  anywhere             anywhere
|
| Chain POSTROUTING (policy ACCEPT)
| target     prot opt source               destination
|
| Chain qos_Default (2 references)
| target     prot opt source               destination
| CONNMARK   all  --  anywhere             anywhere
CONNMARK restore mask 0xff
| qos_Default_ct  all  --  anywhere             anywhere
mark match 0x0/0xff
| MARK       udp  --  anywhere             anywhere            mark
match 0x0/0xff length 0:500 MARK xset 0x2/0xff
| MARK       icmp --  anywhere             anywhere            MARK
xset 0x1/0xff
| MARK       tcp  --  anywhere             anywhere            mark
match 0x0/0xff tcp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
| MARK       udp  --  anywhere             anywhere            mark
match 0x0/0xff udp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
|
| Chain qos_Default_ct (1 references)
| target     prot opt source               destination
| MARK       tcp  --  anywhere             anywhere            mark
match 0x0/0xff tcp multiport ports ssh,domain MARK xset 0x1/0xff
| MARK       udp  --  anywhere             anywhere            mark
match 0x0/0xff udp multiport ports ssh,domain MARK xset 0x1/0xff
| MARK       tcp  --  anywhere             anywhere            mark
match 0x0/0xff tcp multiport ports
ftp-data,ftp,smtp,www,pop3,https,imaps,pop3s MARK xset 0x3/0xff
| MARK       tcp  --  anywhere             anywhere            mark
match 0x0/0xff tcp multiport ports 5190 MARK xset 0x2/0xff
| MARK       udp  --  anywhere             anywhere            mark
match 0x0/0xff udp multiport ports 5190 MARK xset 0x2/0xff
| CONNMARK   all  --  anywhere             anywhere
CONNMARK save mask 0xff
|
| Chain zone_wan_MSSFIX (1 references)
| target     prot opt source               destination
| TCPMSS     tcp  --  anywhere             anywhere            tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
\---------------------------------------------------------------------------

****************************************************************************
* cmd: tc -s qdisc show dev eth0
****************************************************************************
| qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1
1 1 1 1 1 1 1
|  Sent 278256856 bytes 260097 pkt (dropped 0, overlimits 0 requeues 0)
|  backlog 0b 0p requeues 0
\---------------------------------------------------------------------------

****************************************************************************
* cmd: tc -s qdisc show dev eth1
****************************************************************************
| qdisc hfsc 1: root refcnt 2 default 30
|  Sent 1447188 bytes 7376 pkt (dropped 0, overlimits 12468 requeues 0)
|  backlog 0b 0p requeues 0
| qdisc fq_codel 100: parent 1:10 limit 10240p flows 1024 quantum 1518
target 5.0ms interval 100.0ms ecn
|  Sent 5000 bytes 55 pkt (dropped 0, overlimits 0 requeues 0)
|  backlog 0b 0p requeues 0
|   maxpacket 256 drop_overlimit 0 new_flow_count 27 ecn_mark 0
|   new_flows_len 1 old_flows_len 0
| qdisc fq_codel 200: parent 1:20 limit 10240p flows 1024 quantum 1518
target 5.0ms interval 100.0ms ecn
|  Sent 19246 bytes 145 pkt (dropped 0, overlimits 0 requeues 0)
|  backlog 0b 0p requeues 0
|   maxpacket 350 drop_overlimit 0 new_flow_count 80 ecn_mark 0
|   new_flows_len 0 old_flows_len 2
| qdisc fq_codel 300: parent 1:30 limit 10240p flows 1024 quantum 1518
target 5.0ms interval 100.0ms ecn
|  Sent 720529 bytes 2687 pkt (dropped 223, overlimits 0 requeues 0)
|  backlog 0b 0p requeues 0
|   maxpacket 1514 drop_overlimit 0 new_flow_count 750 ecn_mark 0
|   new_flows_len 1 old_flows_len 5
| qdisc fq_codel 400: parent 1:40 limit 10240p flows 1024 quantum 1518
target 5.0ms interval 100.0ms ecn
|  Sent 702413 bytes 4489 pkt (dropped 1461, overlimits 0 requeues 0)
|  backlog 0b 0p requeues 0
|   maxpacket 1514 drop_overlimit 0 new_flow_count 271 ecn_mark 0
|   new_flows_len 0 old_flows_len 1
| qdisc ingress ffff: parent ffff:fff1 ----------------
|  Sent 1639987 bytes 3843 pkt (dropped 0, overlimits 0 requeues 0)
|  backlog 0b 0p requeues 0
\---------------------------------------------------------------------------

****************************************************************************
* cmd: tc -s qdisc show dev ifb0
****************************************************************************
| qdisc hfsc 1: root refcnt 2 default 30
|  Sent 1391951 bytes 2762 pkt (dropped 0, overlimits 2001 requeues 0)
|  backlog 0b 0p requeues 0
| qdisc fq_codel 100: parent 1:10 limit 10240p flows 1024 quantum 1514
target 5.0ms interval 100.0ms ecn
|  Sent 4723 bytes 23 pkt (dropped 0, overlimits 0 requeues 0)
|  backlog 0b 0p requeues 0
|   maxpacket 299 drop_overlimit 0 new_flow_count 21 ecn_mark 0
|   new_flows_len 1 old_flows_len 0
| qdisc fq_codel 200: parent 1:20 limit 10240p flows 1024 quantum 1514
target 5.0ms interval 100.0ms ecn
|  Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
|  backlog 0b 0p requeues 0
|   maxpacket 256 drop_overlimit 0 new_flow_count 0 ecn_mark 0
|   new_flows_len 0 old_flows_len 0
| qdisc fq_codel 300: parent 1:30 limit 10240p flows 1024 quantum 1514
target 5.0ms interval 100.0ms ecn
|  Sent 1387228 bytes 2739 pkt (dropped 127, overlimits 0 requeues 0)
|  backlog 0b 0p requeues 0
|   maxpacket 1518 drop_overlimit 0 new_flow_count 1052 ecn_mark 0
|   new_flows_len 1 old_flows_len 1
| qdisc fq_codel 400: parent 1:40 limit 10240p flows 1024 quantum 1514
target 5.0ms interval 100.0ms ecn
|  Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
|  backlog 0b 0p requeues 0
|   maxpacket 256 drop_overlimit 0 new_flow_count 0 ecn_mark 0
|   new_flows_len 0 old_flows_len 0
\---------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20160526/209125a9/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


------------------------------

End of openwrt-devel Digest, Vol 125, Issue 104
***********************************************
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list