On Mon, Mar 17, 2014 at 7:30 AM, Toke Høiland-Jørgensen <[email protected]> wrote: > Dave Taht <[email protected]> writes: > >> At least one blueray player we know of isn't working through the >> default dhcp/dns/upnp setup. > > Why would a bluray player need upnp? *shudder*
It's a sony. Where products from that org are concerned, I tend to suspect they will be reporting back to the mothership. >> I've modeled something that basically should work in my bcp38 repo. > > So, not sure exactly how it's supposed to work; does this hook into the > firewall after NAT'ing has been applied? Otherwise you'd presumably need > to add exceptions for the configured internal network(s)? (I think that > may be what is going on in the bcp script at ln 38, but some sort of > auto-detection of the relevant network(s) would be needed? Or as a > minimum a whitelist configuration option?) It would hook into the wan firewall rules regardless of NAT. So there is no need to specifically exempt internal addresses. The situation we want to prevent is packets sourced from a NATted address exiting the wan say your network is 172.30.42.0/24. Someone starts pinging 172.29.42.1 from inside your network. The default non-source-specific route will then send those packets out the wan, with a source address of your default gw and a destination of 172.29.42.1... where they will wander the internet until someone drops them, which can be quite far out. In the case of the dsl box I'm testing today, they do get dropped at the first hop. On cable I've seen 3-5 hops. I didn't claim it all worked yet. The core remaining problem is detecting a double nat situation via some dhcp hook and adding an exception for that network and it's default netmask and default gateway. > > Could double-nat be detected from wan iface hotplug or somesuch? I would hope so. But haven't found the hook yet. (and the resulting table needs to be preserved across dhcp renews and other network activity, which is in part why it's not setup in the firewall rules in the testy scripts...) >> That said, surviving an ipv6 renumber is a problem. Many clients >> probably don't respect an address assignment lifetime. > > Application-transparent MPTCP from the operating system with automatic > failover? Pretty please? :) Linux kernel patches for that are available. They are quite invasive and I don't know when they will make mainline linux. http://multipath-tcp.org/pmwiki.php?n=Main.Release88 I'd like to see netperf support added to that. > > -Toke -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
