1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Compiling tomato beta 11 (MIPS2)

Discussion in 'Tomato Firmware' started by onehomelist, May 8, 2010.

  1. onehomelist

    onehomelist Addicted to LI Member

    I am trying to compile from MIPS2 build from the source. I did the following

    mkdir tomato_git
    cd tomato_git

    git clone --depth 1 git://repo.or.cz/tomato.git

    cd tomato
    git tag | grep tomato*

    git checkout tomatousb-K26-1.27.9045.beta11

    After moving the extracted contents to ~/tomato I created the symlink
    sudo ln -s ~/tomato/tools/brcm /opt/brcm

    Then added PATH

    export PATH=$PATH:/opt/brcm/hndtools-mipsel-uclibc/bin;export PATH=$PATH:/opt/brcm/hndtools-mipsel-linux/bin

    Then I did
    cd /tomato/release/src

    make clean

    make

    But i get this error

    Code:
    grep: tomato_profile.mak: No such file or directory
    grep: tomato_profile.mak: No such file or directory
    
    Version: 1.27.0000 ND (Sat, 08 May 2010 09:27:53 +0530)
     
  2. teddy_bear

    teddy_bear Network Guru Member

    Code:
    cd /tomato/release/src-rt
    make V1=9045 V2=MIPSR2-beta11 r2m
    
     
  3. onehomelist

    onehomelist Addicted to LI Member

    Thanks teddy_bear. It worked flawlessly. I wanted to try out netfilter string support module. It is already enabled in the kernel. If i did insmod xt_string.ko or ipt_string.ko, the router says that module was not found. Probably I am not getting its name correct.
     
  4. teddy_bear

    teddy_bear Network Guru Member

    Why do you think it's enabled in the kernel?
    Code:
    # CONFIG_NETFILTER_XT_MATCH_STRING is not set
    
    You either need to enable it, or use another one... You can try ipt_web match which is included by default, and is used internally by Access Restrictions.
     
  5. onehomelist

    onehomelist Addicted to LI Member

    Yes, you are right. It's not enabled. I enabled it by adding
    'CONFIG_NETFILTER_XT_MATCH_STRING=m' to the following files config_base, config_current, config_m in the ../src-rt/linux/linux-2.6 directory. Then I recompiled it, but I was not able to find the module. Again I tried to enable it by doing 'make menuconfig' in the /src-rt/linux/linux-2.6 directory and I selected 'M' for that module and issued 'make modules' command, but it stopped with an error.
     
  6. teddy_bear

    teddy_bear Network Guru Member

    The "config_base" is only one that's used, the other config files are getting re-generated during make.
    If you change the config_base correctly and do a clean rebuild, the xt_string.ko module will be in the /lib/modules/2.6.22.19/kernel/net/netfilter directory.
     
  7. onehomelist

    onehomelist Addicted to LI Member

    After following what you told I was able to get xt_string.ko module, and loaded it with insmod. It got listed when I did lsmod. But when I tried to specify a iptables rule

    Code:
    iptables -A INPUT -m string --string 'cmd.exe' -j QUEUE
    It shows this error

    Code:
    iptables v1.3.8: Couldn't load match `string':File not found
    
    Try `iptables -h' or 'iptables --help' for more information.
     
  8. teddy_bear

    teddy_bear Network Guru Member

    You also need to compile a corresponding iptables extension.
     
  9. onehomelist

    onehomelist Addicted to LI Member

    Yes. The file is libxt_string.so or libipt_string.so. I just found libipt_string.so in the source. In the netfilter IRC i was told that it's libxt_string.so. Looks like it's somewhat difficult to include that extension into iptables. I can't move on. Anyway, Thanks teddy_bear.
     
  10. teddy_bear

    teddy_bear Network Guru Member

    Actually, it's easy - just add it to this Makefile. But I got bored - you can google if you have further questions ;)...
     
  11. onehomelist

    onehomelist Addicted to LI Member

    Thanks teddy_bear. I was able to include the libipt_string.so extension into the iptables by modifying the Makefile. I get one more erorr. When I type in a chain like
    Code:
    iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j DROP  
    It gives the following error.
    Code:
    iptables: No chain/target/match by that name
     
  12. playdude

    playdude Networkin' Nut Member

    Thanks onehomelist and teddy_bear. Using the information in the first 2 posts I was able to compile the firmware for my dir320.
     
  13. onehomelist

    onehomelist Addicted to LI Member

    I figured out the solution. I knew it but I had forgotten. Only thing i had to do was.

    Code:
    insmod xt_string.ko
    Many thanks to teddy-bear, you have successfully guided me towards achieving what I was trying to figure out for many months.

    Here is a snap shot of my success

    Code:
    root@unknown:/tmp/home/root# iptables -L
    Chain INPUT (policy DROP)
    target     prot opt source               destination
    DROP       all  --  anywhere             110.123.222.111
    DROP       all  --  anywhere             anywhere            state INVALID
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    DROP       all  --  anywhere             anywhere            STRING match "BitTorrent" ALGO name bm TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "BitTorrent protocol" ALGO name bm TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "peer_id=" ALGO name bm TO 65535
    DROP       all  --  anywhere             anywhere            STRING match ".torrent" ALGO name bm TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "announce.php?passkey=" ALGO name bm TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "torrent" ALGO name bm TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "announce" ALGO name bm TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "info_hash" ALGO name bm TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "/default.ida?" ALGO name bm TO 65535
    DROP       all  --  anywhere             anywhere            STRING match ".exe?/c+dir" ALGO name bm TO 65535
    DROP       all  --  anywhere             anywhere            STRING match ".exe?/c_tftp" ALGO name bm TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "peer_id" ALGO name kmp TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "BitTorrent" ALGO name kmp TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "BitTorrent protocol" ALGO name kmp TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "bittorrent-announce" ALGO name kmp TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "announce.php?passkey=" ALGO name kmp TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "info_hash" ALGO name kmp TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "get_peers" ALGO name kmp TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "announce" ALGO name kmp TO 65535
    DROP       all  --  anywhere             anywhere            STRING match "announce_peers" ALGO name kmp TO 65535
    
    The only thing remaining is to find out if it works or not.
     
  14. luckman212

    luckman212 LI Guru Member

    So.... did it work? you never posted back :smile:

    also, have you compiled any newer builds yet for RT-N16?
    I have one myself, and am very curious about these custom compiled builds.
    I am a little scared to try it myself, fearing I might brick the router.
    How can you tell if you've build a "working" trx? or is there no way
     
  15. onehomelist

    onehomelist Addicted to LI Member

    I did compile it successfully. Even the string match rules got loaded properly. But the string match feature ddin't work. I found web_ipt module better and efficient (it's already included in the official build), you can use it at "access restriction" page on the GUI.

    Yes, I have successfully installed custom compiles many times. If you do a successfull compilation, you'll get a binary image in the "image" directory. When you give the "make" command don't forget to mention appropriate profile name. If you have the recent source code from the git you can give this command
    Code:
    make V1=9047 V2=MIPSR2-beta16 r2m
    After the successfull compilation, compare the image file name with the one which is officially released by teddy_bear for Asus-RT N16. If they are same, you can go ahead to flash it to the router.
     
  16. luckman212

    luckman212 LI Guru Member

    thank you. actually a couple days after that, I had the courage to compile my own build for RT-N16. it was hard to do but once I got it, I was able to add a field to the gui and fix a problem I had with QoS by adding r2q field. It worked great!

    the only problem- the newer build with its updated Broadcom driver still doesn't fix the issue on my RT-N16 where the wireless radio just "dies" after 1-2 days. So I have unhooked the RT-N16 again and gone back to the Engenius 9855G for now which has more reliable Atheros chipset.
     

Share This Page