[Ewrt-devel] Configuration

Tom Goetz
Thu Jun 10 06:57:36 PDT 2004 

Irving Popovetsky wrote:

>Hi Tom,
>
>On Wed, 2004-06-09 at 05:34, Tom Goetz wrote:
>  
>
>>There are two competing configuration systems for the router. 
>>src/cy_config.mak and make menuconfig in src/router. Both define 
>>CONFIG_* variables. I would like to move variables that EWRT will allow  
>>configuration changes to from cy_config.mak into the menuconfig system. 
>>This would allow building of various flavors of EWRT with a make 
>>menuconfig in src/router alone.
>>
>>What do you think?
>>    
>>
>
>You're right, it is somewhat convoluted.   I haven't really used the
>supplied conf/mconf tool.  cy_conf.mak is included by lots of makefiles
>and seems to lay out the default variables (which are then overridden?)
>but I never really touch that either.
>
>Do you think you could get the menuconfig tool to do something useful? 
>If not, I'm thinking about just removing it.
>
>
>  
>
I think menuconfig offers a little more value if a broad group of people 
are building. If its just a core group of developers, than it offers no 
extra value. The extra value is in the text explanations attached to the 
config value in the menu. If your moving towards just using 
cy_config.mak I can move my new config options and any options that just 
appear in router/.config into cy_config.mak.

I've also been working on a fix to path mtu issues. Here's a patch 
relative to ewrt/src :

Index: Linux/Linux/.config
===================================================================
RCS file: /home/cvs/cvsroot/ewrt/src/linux/linux/.config,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 .config
*** linux/linux/.config 24 Mar 2004 00:08:47 -0000      1.1.1.1
--- linux/linux/.config 10 Jun 2004 13:52:01 -0000
***************
*** 311,317 ****
  # CONFIG_IP_NF_MATCH_AH_ESP is not set
  # CONFIG_IP_NF_MATCH_LENGTH is not set
  # CONFIG_IP_NF_MATCH_TTL is not set
! # CONFIG_IP_NF_MATCH_TCPMSS is not set
  # CONFIG_IP_NF_MATCH_HELPER is not set
  CONFIG_IP_NF_MATCH_STATE=y
  # CONFIG_IP_NF_MATCH_CONNTRACK is not set
--- 311,317 ----
  # CONFIG_IP_NF_MATCH_AH_ESP is not set
  # CONFIG_IP_NF_MATCH_LENGTH is not set
  # CONFIG_IP_NF_MATCH_TTL is not set
! CONFIG_IP_NF_MATCH_TCPMSS=y
  # CONFIG_IP_NF_MATCH_HELPER is not set
  CONFIG_IP_NF_MATCH_STATE=y
  # CONFIG_IP_NF_MATCH_CONNTRACK is not set
Index: router/rc/firewall.c
===================================================================
RCS file: /home/cvs/cvsroot/ewrt/src/router/rc/firewall.c,v
retrieving revision 1.2
diff -c -r1.2 firewall.c
*** router/rc/firewall.c        21 Apr 2004 20:28:15 -0000      1.2
--- router/rc/firewall.c        10 Jun 2004 13:52:02 -0000
***************
*** 1182,1190 ****
        save2file("-A FORWARD -m state --state INVALID -j DROP\n");

        /* Clamp TCP MSS to PMTU of WAN interface */
!       if( nvram_match("wan_proto", "pppoe") || 
nvram_match("mtu_enable", "1") )
!               save2file("-A FORWARD -p tcp --tcp-flags SYN,RST SYN -m 
tcpmss --mss %d: -j TCPMSS "
!                         "--set-mss %d\n", 
atoi(nvram_safe_get("wan_mtu"))-39, atoi(nvram_safe_get("wan_mtu"))-40);

        /* DROP packets for PPTP pass through. */
        if (nvram_match("pptp_pass", "0"))
--- 1182,1204 ----
        save2file("-A FORWARD -m state --state INVALID -j DROP\n");

        /* Clamp TCP MSS to PMTU of WAN interface */
! #ifdef HAVE_PPTPD
!       #define IP_OVERHEAD     40
!       #define PPTP_OVERHEAD   108
!       int mtu, mss;
!
!       if( nvram_match("mtu_enable", "1") )
!               mtu = atoi(nvram_safe_get("wan_mtu"));
!       else
!               mtu = 1500;
!       /* adjust for tunneling overhead (mtu - 40 byte IP - tunnel 
overhead) */
!       mss = mtu - IP_OVERHEAD - PPTP_OVERHEAD;
!       save2file("-A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss 
--mss %d: -j TCPMSS --set-mss %d\n",
!                 mss-1, mss);
! #else
!       /* sets mss to mtu - 40 */
!       save2file("-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
--clamp-mss-to-pmtu\n");
! #endif

        /* DROP packets for PPTP pass through. */
        if (nvram_match("pptp_pass", "0"))

The non PPTPD part provides a a better and simpler form  of what was 
originally there and the PPTPD part takes into account the additional 
overhead of the tunnel. BTW the original rule also requires the TCPMSS 
target to be configed in the kernel. So if that rule was included 
without the change to the kernel config, it would not function.

Tom Goetz
tom at goetz-family.org

More information about the Ewrt-devel mailing list