1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Testing compiled firmware

Discussion in 'Tomato Firmware' started by xtxt, Sep 9, 2007.

  1. xtxt

    xtxt LI Guru Member

    Im playing around with using some of the extentions available for iptables such as quota and using them with tomato, anyways i have the compiled the firmware but was wondering if there was a safe option for testing them out before uploading to my router incase something is majorly wrong, i have searched the forums and seen vmware mentioned but am unsure of how you use .bin images with vmware or to configure to replicate the hardware of the WRT54GL, also mentioned was Bochs so i looked at that but all the examples i found seemed to use .img images and required you to set up harddrive paramters suchs as number of cylinders so was unsure how to apply this to my complied images . Thanks for any help. :)
     
  2. GeeTek

    GeeTek Guest

    Post them here, I'll flash and test anything you would like me to.
     
  3. roadkill

    roadkill Super Moderator Staff Member Member

    as me too...
    :grin:
     
  4. xtxt

    xtxt LI Guru Member

    Thank you much appreciated. :) I have uploaded the compiled firmware to rapidshare if for some reason you cant use rapidshare just say and i can upload somewhere else. I only need to test out firmware for the WRT54GL.

    http://rapidshare.com/files/54637586/WRT54G.bin.html

    md5:a1378e2f59333d9846a086f47116d5f3

    Basicaly i would like to know if the quota module for iptables has been compiled correctly so the first thing would be the following command on an ssh session with the router.

    iptables -m quota

    If the module appears to be load i guess the next thing would be just to double check that all is working fine with the following iptables rule.

    iptables -A INPUT -p tcp -m quota --quota 1048576 -j ACCEPT
    iptables -A INPUT -j DROP

    basicaly if the amount of traffic generated is over 1mb drop all trafiic. Im not really concerned if you actualy test out that if over 1mb of traffic is generated that traffic is dropped just that iptables accepts the rule to show that the quota module is working. I havnt changed anything else so everything else should be working. Again thank you very much.
     
  5. GeeTek

    GeeTek Guest

    I do not have a rapid share account, and could not see any way to download the file unless I signed up. Do you have another option or am I missing something on rapid share ?
     
  6. Low-WRT

    Low-WRT LI Guru Member

    Click the free button, on the next page enter the access code, and the file should download
     
  7. xtxt

    xtxt LI Guru Member

    like low-wrt said there are two options on the download page next to "Select your download:" one is for premium accounts and the other free. click the free button then you will be presented with another page where you have to enter the verification code then the download should start. if for some reason cant get that to work heres another link

    http://files-upload.com/files/492976/WRT54G.bin

    speed is capped to 50kb/s down though.
     
  8. roadkill

    roadkill Super Moderator Staff Member Member

    no it's not I'm downloading from Rapidshare at 100-150KB/s
    it depends on the the download server you choose and resources free on the server naturally paying customers get better speeds...
    btw xtxt do you plan on releasing sources? because I'd like to merge it into my mod...
     
  9. xtxt

    xtxt LI Guru Member

    sorry i was to refering the new link i posted on the non rapidshare server
    http://files-upload.com/files/492976/WRT54G.bin

    yeah if it all works ill happily release the sources, i was going to write a post on implementing it actualy as i have seen other people who seem to be after the same thing, been able to limit the bandwidth to a certain level due to ISP caps. My current situation is a 300GB montly limit with four users on the network, so split the bandwidth equaly among the users so 75GB a month each using quotas on static IP addresses and then reset the quotas each month with a cron job.

    if that firmware works i posted then the method is pretty simple
     
  10. GeeTek

    GeeTek Guest

    Thanks ! Excuse my ignorance. I have the file. Will post back shortly.
     
  11. GeeTek

    GeeTek Guest

    I flashed it into a whr-g54s and did a full nvram erase from the menu. Then I set the WAN and LAN IP for service and the internet works. I telnetted in and got this response. Is telnet OK or do I need to use SSH ? Sorry about the screen shot quality. I had to compress the shinola out of it before it would upload. :thumbdown:
     

    Attached Files:

  12. xtxt

    xtxt LI Guru Member

    no telnet should be fine but apparently for some reason it didnt work which is strange as everything was in the right place and thats the same message i get on the standard tomato firmware thank anyways, ill tinker some more i guess. i dont have my router at hand so not sure if the firmware supports the modprobe command but if does could you possible try the command.

    modprobe ipt_quota

    just to actualy see if the module has been loaded into the kernel.
     
  13. GeeTek

    GeeTek Guest

    It says ;

    modprobe: module ipt_quota not found.
    modprobe: failed to load module ipt_quota

    :hmm:
     
  14. roadkill

    roadkill Super Moderator Staff Member Member

    GeeTek I think you should try
    Code:
    lsmod | grep quota
    and if you don't get anything back
    Code:
    insmod ipt_quota
     
  15. GeeTek

    GeeTek Guest

    Thanks RoadKill. It did not seem to produce any better result. I've gotta run a service call. Be back in a few hours....
     

    Attached Files:

  16. roadkill

    roadkill Super Moderator Staff Member Member

    xtxt by the look of the result from GeeTek's experience I gather that the compiled module is not included in the firmware could you please check under your tomato compilation subdirectory
    /release/src/router/mipsel-uclibc/target
    and check if the module exists.
     
  17. roadkill

    roadkill Super Moderator Staff Member Member

    no there is no quota iptables module in kernel tree
    Code:
    #cd /lib
    # ls -R | grep ip
    ipv4
    ./modules/2.4.20/kernel/net/ipv4:
    ./modules/2.4.20/kernel/net/ipv4/netfilter:
    ip_conntrack_h323.o
    ip_conntrack_pptp.o
    ip_conntrack_proto_gre.o
    ip_conntrack_rtsp.o
    ip_nat_h323.o
    ip_nat_pptp.o
    ip_nat_proto_gre.o
    ip_nat_rtsp.o
    ipt_CLASSIFY.o
    ipt_DSCP.o
    ipt_IMQ.o
    ipt_REDIRECT.o
    ipt_TOS.o
    ipt_TTL.o
    ipt_condition.o
    ipt_geoip.o
    ipt_ipp2p.o
    ipt_layer7.o
    ipt_length.o
    ipt_multiport.o
    ipt_time.o
    ipt_tos.o
    ipt_u32.o
    ipt_web.o
    #
    
     
  18. xtxt

    xtxt LI Guru Member

    thanks for all your help GeeTek and roadkill. im going to play around a little bit more and try and work this out. will post when i have some more news. but looks like the firmware is missing ipt_quota.o hense the error "Couldn't load match 'quota': File not found" which also means why insmod ipt_quota isnt working as the module doesnt actualy exist in the compiled firmware.
     
  19. roadkill

    roadkill Super Moderator Staff Member Member

    have you added an install routine to the module in release/src/router/Makefile?
     
  20. xtxt

    xtxt LI Guru Member

    nope. i dont think it needs one in that makefile. i have however found out that ipt_quota.o does not exist in
    Code:
     /tomato/tomato/release/src/linux/linux/net/ipv4/netfilter
    while every other module has been made into an object file. Why quota hasnt i do not know, but im guessing this could be something to do with it, as the Makefile for iptables trys to use ipt_quota.o but it doesnt exist, i guess maybe trying to make the object file for quota is the next step.
     
  21. roadkill

    roadkill Super Moderator Staff Member Member

    do a ls -R | grep ip on /tomato/release/src/router/mipsel-uclibc/install/
    if the module doesn't exists there you'll need to add an additional line to /tomato/release/src/router/Makefile
    that will install the module in the target firmware image creation directory
    /tomato/release/src/router/mipsel-uclibc/target/

    hope I was helpful
     
  22. roadkill

    roadkill Super Moderator Staff Member Member

  23. GeeTek

    GeeTek Guest

    Let the Big Dog eat !
     

    Attached Files:

  24. xtxt

    xtxt LI Guru Member

    ah wonderful :) , any change of saying what you did as i just want the quota module without openvpn etc available in your binaries. thanks
     
  25. roadkill

    roadkill Super Moderator Staff Member Member

    added kernel module for iptables quota and enabled iptables quota extension.
    a source code will be available next week for the whole package.
     
  26. xtxt

    xtxt LI Guru Member

    heh, thats what i thought i had done but obviously something wasnt right :frown:
     
  27. roadkill

    roadkill Super Moderator Staff Member Member

    iptables recognized not quota support in kernel and didn't compiled the quota extension...
     
  28. xtxt

    xtxt LI Guru Member

    roadkill i was just wondering when you release the sources could you possible do without running make on them and building the binaries? I was looking at your OpenVPN sources and they appear to have been compiled.
     
  29. roadkill

    roadkill Super Moderator Staff Member Member

    sometime I forget running make clean before compressing the source tree since I'm keeping the sources also for my personal use...
    I'll try to clean the sources first...
     
  30. xtxt

    xtxt LI Guru Member

    Sorry guess i was just been a lazy bum :thumbdown:
     
  31. roadkill

    roadkill Super Moderator Staff Member Member

  32. xtxt

    xtxt LI Guru Member

    thanks for all your help roadkill and posting the sources to your update v1.07.1042. I used the sources to find out exactly what i was missing by running diff basicaly i was missing "quota" from a line in
    Code:
     /tomato/release/src/router/iptables/extensions/Makefile 
    the line in question was
    Code:
     PF_EXT_SLIB+=length limit mac mark mport multiport standard state tcp quota 
    thanks again :)
     
  33. roadkill

    roadkill Super Moderator Staff Member Member

    your welcome ...
     
  34. GeeTek

    GeeTek Guest

    Still using the 1041 build that had the quota thingy working, I entered these commands;

    # modprobe ipt_quota
    # iptables -A INPUT -p tcp -m quota --quota 1048576 -j ACCEPT
    # iptables -A INPUT -j DROP

    I got no arguments, but there was no 1 meg cap on the downloads.
     

Share This Page