1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Source code Tarifa bxxx

Discussion in 'Tarifa Firmware' started by jchuit, Oct 19, 2005.

  1. jchuit

    jchuit Network Guru Member

    The source of the Tarifa b007 build:

    This source contains only the changed files.
    Busybox has been updated to v1.0, this is not in the archive, because it was to big.

    Greetings
    Jchuit
     
  2. jchuit

    jchuit Network Guru Member

    Changes in source Tarifa b008

    Last week I received mail from The_Real_Thibor (HyperWrt).

    This about a problem with the current Linksys firmware concerning the incoming log, which will stay empty, when switched on.

    I tested the solution and it really seems to solve this problem about the missing log files.

    The code below will repair iptables, replace print_num with this in router/iptables/iptables.c

    static void
    print_num(u_int64_t number, unsigned int format)
    {
    if ((format & FMT_KILOMEGAGIGA) == 0) {
    printf(FMT("%8llu ","%llu "), number);
    return;
    }

    if (number <= 99999) {
    printf(FMT("%5llu ","%llu "), number);
    return;
    }

    char *kmgt = "KMGT";
    while (1) {
    number += 500;

    // hello SIGSEGV ---> number /= 1000;

    // divide the long way (google rocks!)
    u_int64_t d = 1;
    u_int64_t e = 1ll << 63;
    u_int64_t y = 1000;
    u_int64_t x = number;
    number = 0;
    while ((x & e) == 0)
    e >>= 1;
    while (y < e) {
    y <<= 1;
    d <<= 1;
    }
    do {
    if (x >= y) {
    x -= y;
    number += d;
    }
    y >>= 1;
    d >>= 1;
    } while (d);

    if ((number <= 9999) || (*kmgt == 'T')) break;
    ++kmgt;
    }
    printf(FMT("%4llu%c ","%llu%c "), number, *kmgt);
    }
     
  3. jchuit

    jchuit Network Guru Member

    Source code Tarifa b008

    The source of the Tarifa b008 build:

    This source contains only the changed files (patch).

    Busybox has been updated to v1.01, this is not in the archive, because it was to big.

    It is based on the 4.20.9 firmware from linksys, if this is pacthed over the 4.20.8 source, you will get a 4.20.9 firmware. For this you must compile in english.
    (LANG_SEL=EN ===> LANG_SEL is not SC)

    Greetings
    Jchuit
     
  4. tuntun

    tuntun Network Guru Member

    do you have Tarifa008 firmware? Thanks
     
  5. jchuit

    jchuit Network Guru Member

    Changes in source Tarifa b009

    Today the compiled binary's of the Tarifa b008 are available, this in english and in spanish.

    At this moment the firmware has only 10 fields for port-forwarding, and this is on the low side.
    A way to deal with this problem is to use Upnp, this is fully scale-able (having 1..?? users) , an other way is to make 20 fields in http://192.168.1.1/Forward.asp

    Change:
    http://192.168.1.1/Forward.asp +> will get 20 fields
    FORWARDING_NUM 10 +> FORWARDING_NUM 20

    This is a patch which can be copied over the Tarifa b008 based on 4.20.9 source.
     
  6. jchuit

    jchuit Network Guru Member

    Source code Tarifa b009

    The Tarifa b009 build.

    This build has 2 new features:
    Increased Forward.asp from 10 to 20 fields.
    Added Receiving Radio Signal Strength for clients and WDS to Status_Wireless.asp.
     
  7. jchuit

    jchuit Network Guru Member

    Tarifa b010, features.

    The next build will have some new features:

    Based on the 4.30.xx source.

    4.20.8 versus 4.30.0:
    Results of diff. (object files are not included =>> only source) : http://members.chello.nl/j.huitema2/WRT54G/diff430_420.txt

    4.30.0 versus 4.30.1:
    Results of diff. (object files are not included =>> only source) : http://members.chello.nl/j.huitema2/WRT54G/diff430_430.txt


    A wireless Transmit Signal Strength Indicator, this tssi value can give extra connection quality info for clients and WDS.

    The current transmit power estamated by the radio transmitter circuit.

    14 channels radio channels

    A rate indicator will give the wireless rate.

    A antenna selector: TXant for transmission and anddiv for reception.

    More space for Rc_startup and ... scripts and for Static DHCP. (255 bytes=>?? kByte)

    Ram and NVRam status info.
     
  8. stedy6

    stedy6 Network Guru Member

    Could you add a simple Reboot button in the Web interface?
    Maybe under the Administration page?
    Instead of use telnet to reboot the router it would be nice to do this in the web interface.
     
  9. katsyonak

    katsyonak Network Guru Member

    I'd like to join this request for a Reboot button.

    Thank you for your work :)
     
  10. jchuit

    jchuit Network Guru Member

    Source code Tarifa b010

    The Tarifa b010 build.

    The reboot button is included in this build and many enhancements like a loopback option.

    This is a patch which can be copied over the Tarifa b008/b009 patch and is based on the 4.30.1 source.
     
  11. jchuit

    jchuit Network Guru Member

  12. jchuit

    jchuit Network Guru Member

    Tarifa b011 source

    The complete Tarifa b011 source, this must be copied over the original linksys firmware 4.30.1.

    Before copying rename (or remove) in the original Linksys source the busybox and udhcpd directory, go to release/src/router/ and rename the busybox and udhcpd directory to resp. busybox_old and udhcpd_old.
     
  13. jchuit

    jchuit Network Guru Member

    Diff. in source between 4.30.1_DE and 4.30.2

    Today I compared the source of the 4.30.1_DE 4.30.2, this is the source for the WRT54G and the WRT54GL.

    Results of diff. (object files are not included =>> only source) : http://members.chello.nl/j.huitema2/WRT54G/diff4301_4302.txt

    Compiled and tested the original 4.30.2 firmware, seems to have a minor problem in the webpages, the index file (in english) isn't loading when using Linux:

    REMARK!!!!! Tofu wrote me: two files are missing in the 4.30.2 release this is tzo.asp and dyndns.asp, this means that the ddns can't be configured by use of the web-admin.

    Also busy building and testing the new firmware Tarifa b012 based on 4.30.2.

    Edit (27 dec): After testing the tarifa b012 firmware for a couple of days the pages are loaded correctly under windows, maybe the problem was that I didn't reset to the defalt factory settings.
    Edit: This problem only happens in Linux, there some Admin-pages are not loaded correctly.
     
  14. jchuit

    jchuit Network Guru Member

    Tarifa b012 source

    The Tarifa b012 source, this must be copied over the original linksys firmware 4.30.2.

    Before copying rename (or remove) in the original Linksys source the busybox and udhcpd directory, go to release/src/router/ and rename the busybox and udhcpd directory to resp. busybox_old and udhcpd_old.

    The new 4.30.2 source misses 2 files and has a error in the java script. I have made a patch for the original 4.30.2 firmware, this Patch is included in the Tarifa b012 source.
     
  15. jchuit

    jchuit Network Guru Member

    Tofu's solution for the 4.30.2 webpage loading problem

    Tofu's solution for the 4.30.2 webpage loading problem:

    ddns.static in capsetup.js

    Because static = reserved keyword in Javascript.

    I removed it (it's not used anywhere):

    //ddns.static="Static";

    And it it seems to work in Ubuntu/Firefox and XP/Firefox. I don't have konqueror so I haven't tried it with that.

    Edit (jchuit): I tested tofu's solution for english, and this is the good solution.
     
  16. jchuit

    jchuit Network Guru Member

    Linksys 4.30.2 Firmware binary and changed source (PATCH).

    As I wrote earlier the new 4.30.2 source misses 2 files and has a (fatal) error in the java script.

    I have made a patch for the original 4.30.2 firmware, this patch also repairs the not working incoming log file.

    The Tarifa_4302_patch, this must be copied over the original linksys source 4.30.2:

    http://members.chello.nl/j.huitema2/WRT54G/Tarifa_4302_patch.tar

    The Tarifa b012 will now be based upon this patched source!
    Greetings,
    Jchuit
     
  17. jchuit

    jchuit Network Guru Member

    Busybox 1.1.0-pre1 and squashfs 2.2-r2 update

    Today I made two updates, the first update is busybox. Busybox is the mini-linux command line package.

    The second update, is un update of the linux 2.4.20 kernel. Squash file system is the place where all the programs are stored, the new squashFS will give the router more 'disk' speed.
    The patch for the linux 2.4.20 kernel: http://members.chello.nl/j.huitema2/WRT54G/squashfs22r2.tar

    Tarifa b013 will be released with these updates and a small update off the loopback setting.
     
  18. jchuit

    jchuit Network Guru Member

    Tarifa b013 source

    The Tarifa b013 source, this must be copied over the original linksys firmware 4.30.2.

    Before copying rename (or remove) in the original Linksys source the busybox and udhcpd directory, go to release/src/router/ and rename the busybox and udhcpd directory to resp. busybox_old and udhcpd_old.
     
  19. jchuit

    jchuit Network Guru Member

    The new squashfs 2.2-r2 file system

    Squash file system is the place where all the programs are stored, the new squashFS will give the router more 'disk' speed.

    Tarifa b014 will be formatted in the new squash file system, for building the new file system, the source need an updated.

    The patch for the linux 2.4.20 kernel including the script for building the mksquash 2.1 file system: http://members.chello.nl/j.huitema2/WRT54G/squashfs22r2_mksquashfs.tar

    Tarifa b014 and b015 source:

    Before compiling, don't forget to do a MAKE in the LINUX/scripts/squashfs !

    This must be copied over the original linksys firmware 4.30.2.

    Before copying rename (or remove) in the original Linksys source the busybox and udhcpd directory, go to release/src/router/ and rename the busybox and udhcpd directory to resp. busybox_old and udhcpd_old.
     
  20. jchuit

    jchuit Network Guru Member

    Difference in source: 4.30.2_US 4.30.4_DE

    I compared the source of the 4.30.2_US 4.30.4_DE, this is the source for the WRT54GL.

    Results of diff. (object files are not included =>> only source) : http://members.chello.nl/j.huitema2/WRT54G/diff4302_4304.txt

    Copied (from the 4.30.4 source) dyndns.asp and tzo.asp to Tarifa b016 source:
     
  21. jchuit

    jchuit Network Guru Member

    Tarifa b017 source, PPTP and L2TP support for DDNS

    Tarifa b017 source:

    The firmware will now support PPTP and L2TP for DDNS.
    (updated ../rc/ddns.c)
     
  22. jchuit

    jchuit Network Guru Member

    Tarifa b018 source.

    The next build is Tarifa b018:

    The "firmware upgrade" is able to flash WRT54GS firmware, this for easy loading Hyperwrt-Thibor.
    ../router/shared/upgrade.c

    There is a problem with DDNS, the ip-update proces isn't running as it should. Sometimes the dyndns times out (if the WAN-ip doesn't change) and the host has not been updated for 30 days.
    To solve this, DDNS-dyndns will get an ip update every 28 days.
    ../router/rc/ddns.c
     
  23. jchuit

    jchuit Network Guru Member

  24. jchuit

    jchuit Network Guru Member

    Tarifa b019 source

    Tarifa b019:

    Added speedbooster support

    Before compiling, don't forget to do a MAKE in the LINUX/scripts/squashfs !

    This must be copied over the original linksys firmware 4.70.8.

    Before copying rename (or remove) in the original Linksys source the busybox and udhcpd directory, go to release/src/router/ and rename the busybox and udhcpd directory to resp. busybox_old and udhcpd_old.
     
  25. jchuit

    jchuit Network Guru Member

    Dyndns

    Which files has been changed, in the DDNS module:

    4.20.9 => 4.30.0 (build 905 => build 928)
    no changes.

    4.30.0 => 4.30.1 (build 928 => build 1006)
    no changes.

    4.30.1 => 4.30.2 + 4.70.8 (build 1006 => 1114)
    ../ipupdate/ez-ipupdate.c
    ../ipupdate/Makefile (!!!!!!!)
    ../rc/ddns.c
    ../shared/broadcom.c (1 line)
    ../shared/broadcom.h (1 line)
    ../shared/ddns.c
    ../shared/defaults.c
    ../DDNS.asp
    dyndns.asp and tzo.asp added

    4.30.2 => 4.30.4 (build 1114 => 1226)
    ../ipupdate/ez-ipupdate.c
    ../DDNS.asp (very minor)
     
  26. jchuit

    jchuit Network Guru Member

    Tarifa b020/b021 source

    Tarifa b020/b021:

    Solved: dyndns update problem. After the L2TP and PPTP support was added in Tarifa b017, an ipupdate problem in the DHCP section was created.

    Before compiling, don't forget to do a MAKE in the LINUX/scripts/squashfs !

    This must be copied over the original linksys firmware 4.70.8.

    Before copying rename (or remove) in the original Linksys source the busybox and udhcpd directory, go to release/src/router/ and rename the busybox and udhcpd directory to resp. busybox_old and udhcpd_old.
     
  27. jchuit

    jchuit Network Guru Member

    ez-ipupdate 3.0.11b7

    Some info about the DDNS module:
    DDNS supports dyndns and tzo in the Tarifa b021 firmware.

    ez-ipupdate 3.0.11b7 is the most recent version; http://www.ez-ipupdate.com/
    A manual can be found here: http://wiki.openwrt.org/DDNSHowTo
    There is a long list of supported services.
    The test-report here: http://www.dyndns.com/support/clients/hardware/wrt54g.html

    This version (3.0.11b7) is installed in the 4.xx.x firmware from Linksys.

    The default dyndns configuration file should look like this:
    (see the example ddns.conf in the ez-ipupdate package).

    service-type=dyndns
    #service-type=dyndns-static
    user=myuserid:mypassword
    host=mydomain.whatever.com
    interface=eth1
    max-interval=2073600

    max-interval has a default value of 25 days (preset). This preset value works ONLY in deamon mode, in program mode the line max-interval=2073600 MUST be used.

    The content actually is:
    (see the /temp/ddns.conf file),

    service-type=dyndns
    user=myuserid:mypassword
    host=mydomain.whatever.com
    adress=wan_ip_adress
    max-interval=2419200

    An other file is the /tmp/ddns_msg here the dyndns status is given.

    --------------------------------------------------------------------------------
    This is a list of assigned ports, as used on most WRT54G(s)(l)

    eth0= LAN and the WAN
    eth1= WLAN

    In the default configuration there are 2 vlans:
    vlan0 consists of ports 1,2,3,4 and 5
    vlan1 consists of ports 0 and 5
    Port 5 connects to eth0, port 0 to the WAN connector and ports 1,2,3 and 4 to the LAN connectors
    ---------------------------------------------------------------------------------
    In ../rc/ddns.c implement the following deamon startup:

    char *argv[] = {"ez-ipupdate",
    "-i", nvram_safe_get("wan_ifname"),
    "-d",
    "-D",
    "-P", "3600",
    "-e", "ddns_success",
    "-c", "/tmp/ddns.conf",
    "-b", "/tmp/ddns.cache",
    NULL };

    ret = _eval(argv, ">/dev/console", 0, &pid);

    The above is the ../rc/ddns.c file as Mstombs has proposed, It should set the ez-ipudate program to run in Deamon mode, this will make it possible to auto-update the dyndns-ip after a timeout.

    The Alchemy firmware uses this setup:

    char *argv[] = {"ez-ipupdate",
    //"-i", get_wan_face(),
    "-D",
    //"-P", "3600",
    "-e", "ddns_success",
    "-c", "/tmp/ddns.conf",
    "-b", "/tmp/ddns.cache",
    NULL };

    +++++++++++++++++++++++++++++++++++++++++++++++
    The conclusion:

    ez-ipupdate must run as a deamon, otherwise it cannot auto-update the ddns ipadress.
    The parameter -d will activate the deamon mode for the ez-ipupdate program/deamon.

    After doing some tests with the ez-ipupdate deamon:
    The ez-ipupdate deamon does not pass the status to 'rc ddns_success.' The /tmp/ddns_msg file is not written in deamon mode, the UI en RC-DDNS will not have a status.
    ++++++++++++++++++++++++++++++++++++++++++++++
     
  28. jchuit

    jchuit Network Guru Member

    Tarifa b022

    -----------------------------------------------------------------------------------
    RC1
    Busybox will be updated to version 1.1.2

    DDNS ez-ipupdate:
    Changed the dyndns status messages in the Webpage, to updated, not updated and unchanged. Now you can see what happens. (this is the ddns.js file)
    -----------------------------------------------------------------------------------
    RC2
    How does ez-ipupdate (dyndns or tzo) work in the original firmware:

    Setting DDNS in the webpage:
    The UI (=webpage) gets the status info out of /tmp/ddns_msg file, the NVRAM values are written with the /rc ddns_success command.
    "RC ddns_success" runs ddns_success_main, where init_ddns writes the NVRAM values.
    After Saving the action_service is set to "ddns", this will start single_service("dyndns").

    Starting the router [INIT] (rc init->wan(BOOT)):
    Start_wan (rc/network) executes start_wan_done->start_wan_service, this means ez-ipupdate is executed only ones at startup (or restart after wan-ip change). ez-ipupdate reads tmp/ddns.conf tmp/ddns.cache and writes the /tmp/ddns_msg file. Start_wan_service is only used here.
    -----------------------------------------------------------------------------------
    Ez-ipupdate does only run at start (or restart if wan-ip changes) or after a change in the UI, the nvram "ddns_cache" is saved after a change in the DDNS webpage..
    -----------------------------------------------------------------------------------
    usage: ez-ipupdate [options] Options are:
    -a, --address <ip address> string to send as your ip address
    -b, --cache-file <file> file to use for caching the ipaddress
    -c, --config-file <file> configuration file, almost all arguments can be given with: <name>[=<value>]
    to see a list of possible config commands try "echo help | ez-ipupdate -c -"
    -d, --daemon run as a daemon periodicly updating if necessary
    -e, --execute <command> shell command to execute after a successful update
    -F, --pidfile <file> use <file> as a pid file
    -i, --interface <iface> which interface to use
    -P, --period <# of sec> period to check IP in daemon mode (default: 1800 seconds)
    -M, --max-interval <# of sec> max time in between updates

    -b lets you specify a cache file where ez-ipupdate will keep a record of when your IP address last changed and what it changed to. It uses this to make sure your service is only updated when your IP address changes or after the maximum interval between updates has expired.

    This ddns_cache file works in 'deamon' mode and in program mode. If you delete the /tmp/ddns_cache, it will be auto- rewritten, after a status check at dyndns.org. After a wan-ip change it should be rewritten.
    --------------------------------------------------------------------------------
    What is the best solution, for the ip-update problem after a change in the wan-ip?

    For the UI we need to have the ddns_msg file. Otherwise we don't know if the values given in the UI are correct and working. This means we must run ez-ipupdate as a program.

    For auto updating we need to have it running in deamon mode. This means that after a successful run of the ez-ipupdate as a pogram, the deamon should be started.

    The ddns deamon:
    ez-ipupdate -i vlan1 -d -c /tmp/ddns.conf -b /tmp/ddns.cache -F /tmp/var/run/ddnsd.pid

    The -F option will prevent loading multiple deamons.

    Problem: After an successful update by the deamon, the ddns_msg file is not updated.
    **************************************************
    Why isn't the DDNS updated after a restart, or by a change in wan-ip?

    The webpage: dyndns values are set in the DDNS page, after hitting the Save Settining button, ez-ipupdate is executed. After an successful ip update, iz-ipupdate runs the ddns_success command.
    The ddns_success_main backups the data to nvram, it stores the present time in ddns_cache. This should be the time/ipnr out /tmp/ddns_cache.

    Running ipupdate (second time or later): The ddns_cache file is overwritten after an ipupdate in DDNS, but isn't backup'd to the nvram "ddns_cache". The ddns_success_main stores the present time in ddns_cache.

    **************************************************

    After a restart the wrong data in ddns_cache nvram is restored.
    In the second and folowing ipupdates: the DDNS is not updated, wrong time is still in nvram "ddns_cache", and again ddns_success_main stores the present time in ddns_cache.

    **************************************************

    If have made a file with the above changes, this files stores the correct time in the ddns_cache (see ddns_success_main):
    http://members.chello.nl/j.huitema2/WRT54G/ddns.c
     
  29. jchuit

    jchuit Network Guru Member

    differences in the Linksys 4.70.1 source code.

    New source code is released by Linksys for the WRT54G*

    The difference between the 4.70.0 and the 4.70.1 source:

    http://members.chello.nl/j.huitema2/WRT54G/diff_4.70.0_4.70.1.txt

    I found 3 major changes:

    1. ddns has now a timer, for updating ip
    2. fixed upnp forward bug
    3. changed parental control

    edit (1):
    The compile variable LINKSYS_MODEL is changed from WRT54GS to WRT54G, this variable is now used to set the WRT54G(s) 16 Mbyte-sdram version to 216 Mhz clockspeed (only BCM5325EKQM ethernet switch).
    This setting is done at boot by RC [INIT]

    The user interface, displays the content of LINKSYS_MODEL in the upper corner. In version 4.71.1 this is changed to the NVRAM variable "router_name".

    edit (2):
    For DYNDNS users.
    A change in DDNS makes that every time the router is started a dyndns update is done (nochg), this kind of updates are abusive and will make your dyndns account to become blocked. Tarifa b023 will have a solution for this problem.
     
  30. mstombs

    mstombs Network Guru Member

    Re: differences in the Linksys 4.70.1 source code.

    Small point, you compare 4.71.0 (DE) and 4.71.1 (US) in the attachment.

    Re DDNS changes, my look at the code is that ddns now has a timer but i don't think it is used to solve the problem of dyndns not updating if the IP doesn't change - but perhaps provides a location to do such a check - in the function ddns_check_main.

    Is the Linksys coding of ddns handling typical of other functions in the router? It is very confusing to follow, there are two ddns.c files in different directories, other functions in utils.c, ddns_checkip.c, process_monitor.c etc, and a big overlap with the old bit of code used to actually do the update in ez-ipupdate.c! And of course it still doesn't work properly!
     
  31. jchuit

    jchuit Network Guru Member

    The ddns problem isn't solved, I think. There are still isues, that I don't understand.

    The Linksys coding isn't this way in other functions. All functions are controlled by the RC command.

    Maybe, is the best way, to rewrite the hole ddns section.

    Software design specs: http://www.dyndns.com/developers/nicupdate-api.pdf
     
  32. jchuit

    jchuit Network Guru Member

    Tarifa b023 source

    Change 1: The next build will be based on the 4.71.1 source:

    Change 2 : The wl_lazywds (lazywds on or off depending on hardware model) will not have a preset value after boot .
    This means that the lazywds can now be set/unset by the user interface.

    Change 3 : Some improvement on the dyndns module for updating the ip.

    Dyndns does an update on every start of the router in the 4.71.1 firmware. This is abusive and will block your account. (Solved in Tarifa b023)
     
  33. jchuit

    jchuit Network Guru Member

    The dyndns cache file and DDNS successfully, no change

    Tarifa b024.

    After a dyndns successful update, 3 things can happen:
    DDNS successfully, no update .......nothing happens
    DDNS successfully, no change ......abusive
    DDNS successfully, updated ......ok

    The flowchart: https://www.dyndns.com/developers/dyndns_testing_flowchart.pdf


    It looks like a bug in ez-ipupdate, or a dyndns problem:
    if an update is done at dyndns within the 25--30 days, and the ip isn't changed, the dyndns cache file gets the new time stamp. But if you look at the website, the old time is still there.


    This means, that after a successful update, only ddns.cache may be saved if ddns_msg has the status 'dyn_good', after the automatic timeout due to host has not been updated for 28 days.
    If the status is 'nochg' iz-ipupdate keeps updating at dyndns until the time is changed.

    Edit:
    Dyndns, keeps the 'Last Updated' field to reflect a change after your update of Dyndns.
    If I go to my account webpage and hit the Modify Host button, the 'Last Updated' field isn't changed, this only changes after ?? days.
     
  34. jchuit

    jchuit Network Guru Member

    Tarifa b025

    Most people use the WRT54G(L) for connecting their computers to the World Wide Web.
    The router uses ip_conntrack for the NAT translation, a static HASH-table is loaded into the kernel memory at Linux boot.

    The Linux kernel is (in Tarifa) MIPS 2.4.20, which means that the HASHSIZE should be a prime-number, for efficient populating the hashtable.
    The ratio IP_CONNTRACK versus HASHSIZE is default 8, but for performance for conntrack entry acccess it is better to change this ratio to 1.

    Further:

    Since the release Linksys has released the 4.71.1 source, two new sources were released by linksys. The 4.30.6 and the 4.30.7 source.

    Difference in source:
    http://members.chello.nl/j.huitema2/WRT54G/diff4305_4306.txt
    http://members.chello.nl/j.huitema2/WRT54G/diff4306_4307.txt

    The 4.30.6 source is exactly the same as the 4.30.5 source, only the 4.30.7 source has some new code.

    The new 4.30.7 firmware has a change in the RIP- protocol (ZEBRA). router/zebra/ripd/ripd.c and router/zebra/ripd/ripd.h...
     
  35. jchuit

    jchuit Network Guru Member

    Linux/net/ipv4/netfilter/ip_conntrack_core.c

    Tarifa 025 has a hashsize settings based on prime numbers. This for efficient populating the hashtable.

    I did a test: one with the old NAT-firewall settings and with my new settings.

    And used a WRT54GL v1.1 for this, the WAN-http speed was increased by 10% to 32Mbps, the WAN-FTP speed increased (10%) to 46 Mbps.

    On a router with 16 Mbyte RAM the hashsize will go from 128 to 1543
    On a router with 32 Mbyte RAM the hashsize will go from 256 to 3079
    On a router with 64 Mbyte RAM the hashsize will go from 512 to 6151

    See the details:
    http://members.chello.nl/j.huitema2/WRT54G/ip_conntrack_core.c

    Dos attacks:
    RFC specifies the timeout at max 100s for tcp_timeout, in ip_conntrack_core this is set to 5 DAYS, this makes the linux router very vournable to (D)DoS attacks

    unsigned int nf_ct_tcp_timeout_established = 5 DAYS
    In Tarifa b026 this will be changed to 300 SECS.

    The above settings will give the Tarifa b026 firmware the correct settings for both WRT54GL with 16Mbyte and the wrt54gs with 32Mbyte RAM.
     
  36. jchuit

    jchuit Network Guru Member

    Tarifa b028

    Dos attacks and performance:

    The Linux 2.4.20 kernel has a problem in the netfillter SPI firewall,
    the "unconfirmed" traffic, this is traffic in one direction only has a wrong behaviour. This can lead to bad firewall performance.

    The following pathes are applied in Tarifa b027: connection Tracking Remote DoS, CVE: CAN-2003-0187, NAT Remote DoS, CVE: CAN-2003-0467.

    For bittorent/P2P users the tcp/udp timinigs are set to a maximum of 4 mins.

    Iptables is upgraded from 1.2.7a to 1.3.5, this to solve Log problems.
     

Share This Page