From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: IPFire 2.21 test report Date: Fri, 29 Jun 2018 19:26:58 +0200 Message-ID: <4b191285-03f9-6b48-0080-0e2729ea4a86@link38.eu> In-Reply-To: <001201d40f21$d9ec33a0$8dc49ae0$@ministc.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6144951341979648464==" List-Id: --===============6144951341979648464== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, just installed IPFire 2.21 - Core Update 122 on a testing machine. Issues noticed during update: (a) Update to 122 was not installed automatically, but needs user interaction. (b) Machine rebooted properly and came up again without manual action required. (c) WebUI shortly displays "local recursor" for DNS status at the main page - DNSSEC status of nameservers, however, is green. These were displayed correctly again after ~ 2 minutes. (d) NRPE addon required reinstallation (probably due to some configuration changes). The service did not appear in the list at the WebUI; this needs some bugfixing. (e) charon displays connection errors "could not write to socket: operation not permitted" which disappeared after ~ 2 minutes and everything was properly established. Summary: Reboot, basic functions WORKS Squid web proxy + URL filter WORKS IDS WORKS OpenVPN (N2N only) WORKS IPsec (N2N only) WORKS SSH WORKS QoS WORKS NRPE WORKS (after reinstallation, some bugs left) CPU load (especially when it comes to HW interrupts) is a bit (but not significant) lower than it was while running C120. RAM consumption stays at the same level. Entropy is ~ 400 bits higher. Kernel reports two interesting log lines on boot: 19:02:35 kernel: alg: No test for seqiv(rfc4106(gcm(aes))) (seqiv(rfc4106-gc= m-aesni)) 18:57:49 kernel: xt_geoip: loading out-of-tree module taints kernel. Just for the records. :-) Systems seems to be safe against Spectre/Meltdown: /sys/devices/system/cpu/vulnerabilities/meltdown: Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spec_store_bypass: Not affected /sys/devices/system/cpu/vulnerabilities/spectre_v1: Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2: Mitigation: Full generic retpoline In case any issues occur within the next time, I'll let you know. Excellent work so far! Thanks, and best regards, Peter M=C3=BCller --=20 "We don't care. We don't have to. We're the Phone Company." --===============6144951341979648464== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUVCQ2dBZEZpRUV2UDRTaUdoRVlE SnlyUkxrMlVqeUQzMTduMmdGQWxzMmEra0FDZ2tRMlVqeUQzMTcKbjJpdE1nLytPQ1RsNzBOUXlh cFpDd0ZKZ0p3VVp4cGUzcTBFejlQQlpCL054ZE0wUitaNzVsS3dySTlqanpzMgp2cmRGSWNMWjNN bk9RMU1WWmZpaHRzbHdLVk1rcC9LOEJIU2ovelYxSEpZckJ5dlVTeEUvNXlyN0FzUWg5VENpCnAr QThWZGhLS1l1ZzUzRzVhTHlVSmF4ZFA0SEdLWENiY2dvZVpRTUhmUm4zaWZYUzRHOGM5YkJCaWRE MkRtZmIKWkUyRE5lbjNQVW85ekNyZVFtT09TS2s2NWFUMlg2WkJlYmRaTGd1aHlHYmFuVjhqYStu eXMyU29aSCtqVHkwYwpuTVBNYXZ3dytXWk82ZnVYWVVHdXZWZUtDTzQ5ODdlS1IrcUZRazBFc0xm ODJUd0tSa0lVM0J5TkF1a0NQdzdZCk5WM1hhd2ZOU1pQd1pQaUR6OHcrTFV4R2t1WE1OaERZeUho RXpobWxlVTc3MFdLZDZiS1pIa0Y1bGJPUjh6VmwKazVlQnlxR1BEQmdNRlUvTVNZTmo4a282TmUz K3dXdlRXenhqQVFhQUNla0ZHQnphOWJmS0JFaVFTZVNVd0dUaQpObytOY2htQnliYXpBTGpFNmpx N1NCSzdQTGZRM1IrR3lBS1E5c3ZDV3lFa2l1MFhDbjI5aVFWNmc1dmZudGJyCmlPbTNidlhEaGZF YUFENmk5MlNhcGkyMXY3eWN4TmNXSEtQUVdKUFAwSS9pZGhqdFFpTmJFRVVmanpHQUtLcWIKVmtP enNwNjFYYlFRQ0c2WVpMSFVManpSVUlWWEFETTRDVG1VdGx5eWNGYzAwY09EYWxmUVdqZTRlL3Rv d0g0UgpDTCt1V2VqODhkcjBPV2l6TWFmWXVmQ0RSNjVhQnNqQTJNU1EyNk52QzZkZHJnVzk1SUU9 Cj1QV1dVCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============6144951341979648464==--