From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: IPFire 2.21 test report Date: Fri, 29 Jun 2018 22:55:51 +0200 Message-ID: In-Reply-To: <4b191285-03f9-6b48-0080-0e2729ea4a86@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0499681852153742335==" List-Id: --===============0499681852153742335== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, while testing some firewall stuff, I stumbled across bug #11777 (https://bugzilla.ipfire.org/show_bug.cgi?id=3D11777): In some cases, GeoIP country data in firewall rules and WebUI seem to differ. :-( Since this makes debugging extremely hard and unreliable, could someone have a look at this please? Sorry for the noise, but this is a nasty one... Thanks and best regards, Peter M=C3=BCller > Hello, >=20 > just installed IPFire 2.21 - Core Update 122 on a testing machine. >=20 > Issues noticed during update: > (a) Update to 122 was not installed automatically, but needs user > interaction. > (b) Machine rebooted properly and came up again without manual action > required. > (c) WebUI shortly displays "local recursor" for DNS status at > the main page - DNSSEC status of nameservers, however, is green. > These were displayed correctly again after ~ 2 minutes. > (d) NRPE addon required reinstallation (probably due to some > configuration changes). The service did not appear in the list at > the WebUI; this needs some bugfixing. > (e) charon displays connection errors "could not write to socket: > operation not permitted" which disappeared after ~ 2 minutes and > everything was properly established. >=20 > Summary: > Reboot, basic functions WORKS > Squid web proxy + URL filter WORKS > IDS WORKS > OpenVPN (N2N only) WORKS > IPsec (N2N only) WORKS > SSH WORKS > QoS WORKS > NRPE WORKS (after reinstallation, some bugs left) >=20 > CPU load (especially when it comes to HW interrupts) is a bit > (but not significant) lower than it was while running C120. > RAM consumption stays at the same level. Entropy is ~ 400 bits > higher. Kernel reports two interesting log lines on boot: >=20 > 19:02:35 kernel: alg: No test for seqiv(rfc4106(gcm(aes))) (seqiv(rfc4106-= gcm-aesni)) >=20 > 18:57:49 kernel: xt_geoip: loading out-of-tree module taints kernel. >=20 > Just for the records. :-) >=20 > Systems seems to be safe against Spectre/Meltdown: >=20 > /sys/devices/system/cpu/vulnerabilities/meltdown: > Mitigation: PTI > /sys/devices/system/cpu/vulnerabilities/spec_store_bypass: > Not affected > /sys/devices/system/cpu/vulnerabilities/spectre_v1: > Mitigation: __user pointer sanitization > /sys/devices/system/cpu/vulnerabilities/spectre_v2: > Mitigation: Full generic retpoline >=20 > In case any issues occur within the next time, I'll let you know. > Excellent work so far! >=20 > Thanks, and best regards, > Peter M=C3=BCller >=20 --=20 "We don't care. We don't have to. We're the Phone Company." --===============0499681852153742335== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUVCQ2dBZEZpRUV2UDRTaUdoRVlE SnlyUkxrMlVqeUQzMTduMmdGQWxzMm5OOEFDZ2tRMlVqeUQzMTcKbjJqMXBRLzZBK2t4RElqS3U3 a01wT294R0l4OFpEWnVCc0dlNE5xVzBpQk0ycUI3MXZUUmxVV0NOVGY3VDdROApxT0VjNVhGcGhU RUpFOTQ0K2hNdU5aR3ltQXJXTWt4STdXaXF4K0VKM2FtUWhheFRNK21PUXJIcWlpYjVYMzZsCjJt UUExUmZvem84NDc5ZlVQV0YvZXJyenl2WWRXQzVMbnhBMXFlQVdZUDljN0NjaXZza3ZpWmdWQkNp RHptR2IKL3NOTWlBUDk3WHVlUG14aG81cFlTeUtOdDNRdFUzbFVYY2hjRXdlTDU2Z0xNalVpMStJ enVkM3pjR3c4Q2ljYgpCUUNUZjI0dzVpRndWVFdaaWkxUHA4bTVaZUVKWWFFRVNYUis4eEpTc292 WXJleUdyMUNmclFKcW1kU0Fla05XCjJWVytUNE1wSFJ5M0pSWTJMdDRvT0FaZWZEZXNzcU5Xdkw1 RW1nVG5PS0d1emRob3psdElYdG03NjFPWDZjOWYKSEk4NEozYTVHYm54RG5od1JMWEJUSzZaSTYv cjQxVVVOWnJvaXdvcjBReXlQeWYwSTh6U2RXRVIxR08zMDA4Mwp0VU5qNHBqdEpxSjU5Ui9QRXV3 TFBMSDgybW5NU2NMYUQzNGZ0UmRlRnVtd0lTSzF1YUhPaDUzNFRnZkx2ZmZZCmJ4ejkzdXk5cTRE Tmo2Y3RmRkhjSUk3Y3hzMWp0aHJxMjYyeXFocHpudGttbHFFOHFEQ0ZmQS8wSUR5QkNuUG8KRWRT elVuTU1RM2pMV2llL0FISXhiUk9HbXpyZTRwcG54OVlpUDZLak1uTFE0MWZkaWxXbHVDRlVuQ1R3 MGlsdQovdTY5WTZyZUYyZlVxd0o0TnhEZkdOY0taUVRYczNIZ0dyTDMyaG5ScWxGMjFyRm5qd289 Cj13K3hCCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============0499681852153742335==--