1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato RAF Releases

Discussion in 'Tomato Firmware' started by Victek, Dec 28, 2012.

  1. supe

    supe Networkin' Nut Member

    Vic, like the work you and the rest of developers are doing.
    I tried your 9013 r1.0 on a E4200 with no-ip ddns and even though the router status says updated, no-ip cancelled my free account saying that the account was inactive. has anyone else seen this?

    thanks.
     
  2. Victek

    Victek Network Guru Member

    First time I heard it, dyndns gave me a warning (time ago) because I was not renewing the IP (I had static IP with my ISP) so make no sense to use the service. Then I payed Dyndns pro (10USD per year) and recovered the domain and the account ...

    Thanks
     
  3. philess

    philess Networkin' Nut Member

    I´ve been using R1.0 on a E4200 for a while now and had no problems with any DDNS services.
    Maybe it was a problem related to no-ip.com which caused it not to update anymore.
    I can recommend afraid.org as an alternative (also does ipv6), or dlinkddns.com (free signup for the now paid dyn.com/dyndns.com).
    You can also group multiple services together by using dnsomatic.com and then just enter that one in Tomato to update all.
     
    supe likes this.
  4. supe

    supe Networkin' Nut Member

    Yeah, I am new to no-ip ddns service. I 'll give other services a try.

    Thanks.
     
  5. koitsu

    koitsu Network Guru Member

    no-ip, much like DynDNS, probably requires you to periodically log in to your account via their web interface. This is not the same interface/protocol used as updating your IP via DDNS. There is no technical reason these providers couldn't consider DDNS authentication the same as logging in via the web GUI, which means they do this simply to be annoying/jerks.

    I strongly recommend afraid.org's FreeDNS service, as they don't have this idiotic requirement.

    afraid.org works with TomatoUSB as well -- under DDNS, for Service choose Custom URL and provide the "Direct URL" that afraid.org provides via their website. The URL should look something like this: http://freedns.afraid.org/dynamic/update.php?xxxxxxxxxxxxxx== -- do not give out the URL, as it contains your username/password key/hash!

    The only "confusing/annoying" part about afraid.org is that you for your hostname/FQDN, you have to choose from one of their hosted domain names. Those domains names are all retarded/stupid/adolescent/borderline vanity (examples include chickenkiller.com, crabdance.com, ignorelist.com, jumpingcrab.com, strangled.net, mooo.com (note 3 o's -- bound to be typos galore here), and twilightparadox.com) -- I don't particularly like any of them, so I went with one that sounded the least stupid/immature. You can pick from other domains which people using afraid.org use, however if the domain expires/etc. you're at the mercy of the domain owner, while the ones I listed off are owned by Josh Anderson (owner of afraid.org) himself.
     
    supe likes this.
  6. Victek

    Victek Network Guru Member

    gffmac, eviltone and philess like this.
  7. Elfew

    Elfew Addicted to LI Member

    Thank you, but your link for info doesnt work for me... I will try later
     
  8. philess

    philess Networkin' Nut Member

    Downloads work for me, probably going to install on E4200 tomorrow... Thank you Vic!!!

    Edit: @Vic after beta phase, do you plan on/could you also release the kernel extra modules like for example shibby does? Or should his extras work with your mod too? On the RT-N16 i had trouble mixing the two mods... Not very important, but for getting USB audio to work it would be interesting to me :)
     
  9. Elfew

    Elfew Addicted to LI Member

    OK, now the links are working for me... Thank you, it looks interesting, I am looking forward to your next final build

    Nodog looks awesome, many features and I really miss this in tomato
     
  10. Victek

    Victek Network Guru Member

    Sure, ALL the code will be released, but till now I changed few modules, the only has been /ext3/balloc.c to fix OOM with big HDD capacity. This module is stable, was tested for more than 1 month by one user having problems with 2TB HDD.

    Take in mind that Shibby's builds are different than mine, logically we are working in different branches and features. Sometimes we share common ports from other distributions, wl500g, RMerlin, Openwrt and lately own source code ....
     
    Elfew and philess like this.
  11. trueman

    trueman Addicted to LI Member

    Victek,

    Has the wireless driver been updated in 9013 1.1? Currently, I am on 1.28.9011 with E4200, and the wireless driver version says that it is 5.100 RC138.9.

    Thanks
     
  12. eahm

    eahm LI Guru Member

    trueman, can you please post the wl ver response here? Thanks.
     
  13. trueman

    trueman Addicted to LI Member

    Here it is

    5.100 RC138.9
    wl0: Aug 9 2011 09:29:42 version 5.100.138.9
     
  14. Victek

    Victek Network Guru Member

    This is the wireless driver used:
    root@unknown:/tmp/home/root# wl ver
    5.100 RC138.20
    wl0: May 29 2012 08:48:50 version 5.100.138.20
     
    Elfew likes this.
  15. M0g13r

    M0g13r LI Guru Member

    hi victek
    only a cosmetic thing with your mod and custom themes .... the Tomato RAF changes to Tomato in the header switching the menu entries .... Status/Bandwidth and others
     
  16. trueman

    trueman Addicted to LI Member

    Great! Thank you
     
  17. FattysGoneWild

    FattysGoneWild LI Guru Member

    Victek,

    I have a Linksys E4200 v1 router. Latest official firmware works and supports 5GHz correct? I was on the web page checking out the mirror of Tomato and options. Did not see anything for 5GHz? Also do you plan on having 9013 in beta for a while? I would like to wait and flash to that version personally when it becomes official.
     
  18. philess

    philess Networkin' Nut Member

    I have been using 5 GHz (simultaniously with 2.4) for months now on a E4200v1 under Victeks mod. R1.0 worked great. But you might want to stay away from the new beta version if you are looking for something reliable.
     
  19. Victek

    Victek Network Guru Member

    Thanks, I will remove Tomato RAF leaving only the new RAF logo from now on, (btw .. you like it?).

    @FattysGoneWild .. yes, 5GHz band is available since 9011 release ... test with confidence, the simulator is updated.. I can't change or apply all mods while running Tomato RAF.

    As a general rules, all Tomato mods you're testing and using are closer to Betas, we are constantly improving | changing | adding functions. If you feel more comfortable I can remove 'beta' word but it does'nt change the status of Tomato ;) (or.. would you like to remain with one version without changes or bug solving?) ....
     
    mito likes this.
  20. gffmac

    gffmac Serious Server Member

    Hey Victek, have you got a screenie of the logo? Interested to see.... Gonna hold off until its out of beta the kids love their xboxlive/facebooking too much to be disturbed lol
     
  21. M0g13r

    M0g13r LI Guru Member

    honestly ? ;) sorry... No I don't like the logo :\

    you can do a logo contest ;)
     
  22. myersw

    myersw Network Guru Member

    Loaded latest beta on E4200. Been running rock solid for 1 and 1/2 days. I don't do anything fancy like bandwidth limiting or QOS as not needed in my case. Just want a good solid router. Don't understand the need for torrent support, etc as some others have. I want to torrent I use a PC.
    keep up the good work.
    --bill
     
  23. myersw

    myersw Network Guru Member

    There will always be folks who like something and some that don't. I like the RAF logo by the way. --bill
     
  24. adlerfra

    adlerfra LI Guru Member

    I have been running R1.1d since Victek released it and it has been very stable. I like the RAF Logo!
     
  25. supe

    supe Networkin' Nut Member

    Have been running R1.1.d for a day and a half now...

    Throughput wan-lan has been great, use to have 25down 4.5up, now I get 30down 7up (Mbs). Could be a coincidence, have to revert to previous version to verify.
    VPN (pptp) working fine, only used it a couple times when on the road though, haven't tried OpenVPN.
    Wireless is a mixed bag; 5GHz improved with better streaming of HD homerun prime, but 2.4GHz still not there yet. I say this because my Westel combo with only 2.4GHz G streams fine, so not environment.

    I feel neutral towards the logo :)
     
  26. Victek

    Victek Network Guru Member

    Thanks for the feedback... and the logo is the less important thing of the Beta release ... ;)
     
  27. FattysGoneWild

    FattysGoneWild LI Guru Member

    Using Tomato in the past. It has always been about stability for me. I hope by continuing to add all these new features. That does not take priority over stability and bug fixing. I also don't mind new releases. That is great. At the same time. I hope they are not constant with fixing bugs in previous releases and effecting reliability. As for beta. I don't mind it stating that and while it might not make a difference. Having an official release makes me feel better. Which I certainly do no mind waiting at all for one. Since I do know this much. Usually with betas. If a major bug/bugs are found. It will cause a delay in an official release and will be fixed. No rush on the beta and I don't care how long it takes to reach the quality Tomato has always been. I was just curious on a possible eta on it.

    I am also paranoid some what with the initial flash with the Linksys E4200 v1. I bought it new 2 years ago and been using the stock firmware since. It has been extremely rock solid. Since they are not being made any more and are that much more rare now. Always that slight possibility of it bricking.
     
  28. Victek

    Victek Network Guru Member

    Then it's better for you to wait the final release ;) ... or better continue with stock firmware if you don't need any of Tomato features.
     
    Elfew likes this.
  29. FattysGoneWild

    FattysGoneWild LI Guru Member

    Oh there are some features I miss and like. That is why I want to come back. One big thing is the bandwidth usage. Stock firmware don't have that and since we have caps now. I would like to keep track of my use. My isp provides no meter either.
     
  30. Victek

    Victek Network Guru Member

    Beta R1.1e available .. additions and modifications already in the text file, to resume (tested by Elfew, Thank you for report !!! ):
    a) Access restrictions (cherry picked from EasyTomato sources) finally solved, now you can:
    - HTTPS redirect
    - HTTPS sites blocking - working (successfully facebook is blocked ;) )
    - Case sensitive bug in access restriction - fixed
    b) Added microcom and tty ID utility to send AT commands to your 3G modem from cli.

    ... I have to stop or the final version will never be available .... :D
     
    godraab, philess, eahm and 2 others like this.
  31. valerima

    valerima LI Guru Member

    Dear Vic,
    Maybe I am blind , but could you please clarify differences among 2 builds for RT n 66U - I see letters "d" and "e".
    Microcom utility is present just in one build only?
     
  32. Elfew

    Elfew Addicted to LI Member

    ** Included ssl block capacity via iptables using Restrictions GUI. Beta 1.1e.

    Microcom is inside ;)
     
  33. ilkevinli

    ilkevinli Network Guru Member

    Vic is there a R1.1e for the E4200 ? Thanks.



     
  34. Elfew

    Elfew Addicted to LI Member

    There are only some versions, not for all supported routers... contact Victek or wait for final build ;)
     
  35. ilkevinli

    ilkevinli Network Guru Member

    I know. LOL That's why I asked. :D

     
  36. Victek

    Victek Network Guru Member

    If you let me few hours I will jump to beta 1.1f and will include a complete package (Elfew saw some captures already.. ;)), then all routers in the test will be available ...
     
    CBR900, ilkevinli and Elfew like this.
  37. ilkevinli

    ilkevinli Network Guru Member

    Your Awesome !!! As always :)

     
  38. Victek

    Victek Network Guru Member

    Beta 1.1f uploading. Read txt file for Changelog and update/upgrade procedures. ;)
     
    philess, ilkevinli and Elfew like this.
  39. philess

    philess Networkin' Nut Member

    Great news Vic! I am gonna install 1.1f later today on my E4200.

    But on a sidenote, would you consider setting WLAN to disabled as default in your fw?
    I just had another router reset itself (my fault) and then it was running with a open WLAN
    until someone noticed it.
     
  40. ilkevinli

    ilkevinli Network Guru Member

    Vic (or anyone else) think its worth it to upgrade from the E4200 to the RT-N66U ?
     
    Victek likes this.
  41. internetgnm

    internetgnm Serious Server Member

    Hello Vic
    For the router wrt610N v2 is the firmware RT-N16U thank you

    Guillermo
     
  42. Victek

    Victek Network Guru Member

    @ ilkevinli .... IMHO, have booth units and I love E4200 (I'll switch to RT-N66U by it's wireless performance only but I use Wifi occasionally ).
    @ philess ... I think it's not correct to disable wireless by default cause some people is updating the unit remotely with no cable access... (dangerous practice btw).
    @ internetgnm .. Yes, it's compatible also, but we are in the limit of Flash Ram....thanks ;)
     
  43. ilkevinli

    ilkevinli Network Guru Member

    Thanks for the response Vic.

    Any chance you will develop for the RT-AC66U router ? I'd be glad to donate one to you if your willing.
     
  44. internetgnm

    internetgnm Serious Server Member

    Hello Vic
    E tried to update and tells me so it looks there is no file is too big you think make a version for the wrt610N v2 before be could put the rt-n16U

    File is too big to fit in MTD

    Guillermo Thanks
     
  45. Victek

    Victek Network Guru Member

    @ ilkevinli ... Sources are available, RMerlin github is open and very clear how to for Tomato, but as always I need one router to do it, time enough .. and space in our apartment to hold all routers I bought to port Tomato ;).

    Seriously now, I'm using my holidays to update Tomato RAF but my sentence is "There is more life out of Tomato".

    Thanks.
     
    Elfew and philess like this.
  46. Victek

    Victek Network Guru Member

    Yep, I advised in my comment .. we are in the limit of Flash RAM ... your router have 8MB Flash... I hope you will be able to upload the final version when all stuff inside the beta will be cleared.
     
    Elfew and internetgnm like this.
  47. ilkevinli

    ilkevinli Network Guru Member

    Not sure what you mean. If your willing to develop for it, I'm willing to donate the router. Just let me know.


     
  48. internetgnm

    internetgnm Serious Server Member

    Hello Vic

    Thanks for the reply will wait at the end of the version if it fits in memory and I can update it at the moment it works with older version

    Thanks a lot

    And it lies something that is going to smoke out head jajajaja ;)
    Guillermo
     
  49. gffmac

    gffmac Serious Server Member

    Looks like Ill have to wait too, using e3000 getting 'File is too big to fit in MTD' when trying to flash tomato-E3000-K26USB-1.28.9013MIPSR2R1.1f-RAF-VLAN-VPN-NOCAT-LIGHTY.bin
     
  50. Victek

    Victek Network Guru Member

    ;) Don't burn the ship yet ... version for WRT610N v2 and E3000 ready, read the txt file.

    Thanks and Enjoy!
     
    internetgnm and gffmac like this.
  51. Victek

    Victek Network Guru Member

    @ ilkevinli I initiated a conversation with you and the other member of Tomato RAF team (roadkill) in order to proceed with it.

    Thanks!
     
    Elfew likes this.
  52. M0g13r

    M0g13r LI Guru Member

    are there any nvram variables for the portstate thing ?

    if i restore my settings portstate disappears from satus/overview page :\
     
  53. internetgnm

    internetgnm Serious Server Member

    Thanks Vic

    It installed and work me in wrt610N v2, not annoying you more

    Thanks a lot
    Guillermo
     
  54. Victek

    Victek Network Guru Member

    Yes, more contents into nvram (3 new lines as you can see in 'configure' options).. do not restore previous if you was using Tomato RAF, just update the firmware.
     
    Elfew likes this.
  55. M0g13r

    M0g13r LI Guru Member

    i found why it happens ....

    ethernet port state disappears from status/overviev if u enable vlan tagging
    RT-N66U with trunk vlan support override enabled
     
    Elfew likes this.
  56. Victek

    Victek Network Guru Member

    M0g13r , perfect, I can reproduce the problem, writing code again for non standard configurations.

    Thanks!
     
    Elfew likes this.
  57. ilkevinli

    ilkevinli Network Guru Member

    Just finished installing 1.1F Awesome job !!

    Cosmetic suggestion:
    I LOVE the network interface icons. How about making the gigabit ports blink green and the 100 ports blink orange ?
     
    internetgnm likes this.
  58. philess

    philess Networkin' Nut Member

    If that takes up even a tiny bit of flash or nvram space... please no! Just display 10/100/1000 as pure text, that is basically all anyone really needs. Icons are nice, sure, but if it saves spaces (=performance).... no, thank you. Even if its just a tiny bit, it all adds up...
     
  59. ilkevinli

    ilkevinli Network Guru Member

    It's already in there. Just a matter of changing the color :D But I understand what your saying.

    [​IMG]


     
  60. Elfew

    Elfew Addicted to LI Member

    No more animation please, it takes some space. (maybe only green for 1gbit connection and yellow for 10/100mbit)

    Please Victek can you make some cosmetics changes for ethernet ports - add 100Mbit or 100M instead of 100, etc. It makes sense.

    Another thing - group up LAN 1-4 closer to each other, just leave WAN further. Srry, I dont know which better word to use for description.

    (I will post you an image from shibby build )

    Edit: ethernet ports from shibbys build
    [​IMG]
    Sorry, I dont have better ;)
     
  61. ilkevinli

    ilkevinli Network Guru Member

    Elfew yours doesn't animate ? Mine does.



     
  62. gffmac

    gffmac Serious Server Member

    Anyone have issues with access restrictions via keywords? I took a screenshot of my setting before I tried this beta but cant get the same setup to work. Whenever it is enabled browsing is very slow and pages just stay loading saying waiting for .. etc https://dl.dropbox.com/u/12260218/sample.jpg
     
  63. Victek

    Victek Network Guru Member

    @ Elfew,

    The load of Ethernet ports into CPU process is nothing (close to zero), the size of the icon file is 929 bytes ;). Nevertheless I was thinking now to use svg and connect the link blinking to the real link activity, have to see hardware gpio access ... I don't know if link activity signal can be sense, with the actual robocfg we have more info, (Jumbo on|off, chipset model...) but now is enough, you had nothing before, not? next step.

    I have to think also about WOL activity... critic.. no clue how to yet....

    The IEE802 standards works with other 'wording' for network speed 10HD, 10FD, 100HD, 100FD, 1000HD, 1000FD. I 'relaxed' the terms to be less cryptic but I will not apply M or Mbit.. it's not the standard. Sorry for that.

    The position for the five Ethernet sockets has been observed to be symmetrical and leave the need space to write the status in understandable form. Also not leaving an unused space at the right side, I know, it's my personal ergonomics appreciation but I don't like to leave blank spaces. Sorry for that too.

    @philes, icons are in RAM, and less than 1KB, no problem.

    @ ilkevnli
    I did that, while checking @M0g13r issue during coffee after diner, Amber for 100, Green for 1000, no problem, just 929 bytes more in RAM.

    @gffmac
    Add comma after each word, and.. don't restore previous configuration files please.


    But please.. What about the other features? Access restriction SSL filtering , Ext3 OOM fixed, Bandwidth, CPU load.....

    Thanks, it has been a funny talk about graphics in Tomato. Toastman .. I think we can implement your dream very soon :D
     
    gffmac and philess like this.
  64. Toastman

    Toastman Super Moderator Staff Member Member

    haha. Yes!!!! The photoshop plugin!

    I see so much excitement and activity recently over what are basically completely useless mods that don't do anything, and seem to be done just because people are bored and need something to play with. Routing? Are people really interested in that or has the router become the replacement for the playstation?

    Anyway, look on the bright side - next year, many people won't need to buy a christmas tree. :p
     
    koitsu, philess and eahm like this.
  65. Elfew

    Elfew Addicted to LI Member

    The IEE802 standards works with other 'wording' for network speed 10HD, 10FD, 100HD, 100FD, 1000HD, 1000FD. I 'relaxed' the terms to be less cryptic but I will not apply M or Mbit.. it's not the standard. Sorry for that.

    It's OK. It was just my idea.

    The position for the five Ethernet sockets has been observed to be symmetrical and leave the need space to write the status in understandable form. Also not leaving an unused space at the right side, I know, it's my personal ergonomics appreciation but I don't like to leave blank spaces. Sorry for that too.

    Ok, and what about bigger gap between WAN and LAN 1. There would be no blank space.

    @philes, icons are in RAM, and less than 1KB, no problem.

    Ok, I didnt know that

    @ ilkevnli
    I did that, while checking @M0g13r issue during coffee after diner, Amber for 100, Green for 1000, no problem, just 929 bytes more in RAM.

    It looks nice. Amber for 100, green for 1000 and what color for 10? :) :) :)

    @gffmac
    Add comma after each word, and.. don't restore previous configuration files please

    I tested this many times and it is working properly. Trust me

    [/quote]
     
  66. Gitsum

    Gitsum LI Guru Member

    How about implementing the Broadcom "fast-nat" or "packet forwarding" ??
    Home users internet speeds are constantly increasing and we need hardware and software to keep up, right?
     
    Elfew likes this.
  67. kthaddock

    kthaddock Network Guru Member

    Victek

    Can you implement my USB smoke alarm so that call firebrigade when I'm not at home, I think that would be a very nice features.

    kthaddock :) :) :)
     
  68. Victek

    Victek Network Guru Member

    @ Gitsum, It's a good technical request, it's broken and incompatible with some modifications done in Tomato. We have to recover, as you said it's a big concern with the actual bandwidth connections. You can see in my signature the attached speed with actual firmware.

    @ kthaddock ... do you have any other usb devices ? baby-sister watch, alcohol-meter, heater? .. :):):)


    Thanks!
     
    bake73 and Elfew like this.
  69. gffmac

    gffmac Serious Server Member

    Just a thought could the ethernet status section show which ip/mac/device name is connected to which lan port?
     
  70. Victek

    Victek Network Guru Member

    You have this information in device list. Would be more convenient to add port and speed in this section instead of ethernet status in overview? opinions?
     
  71. M0g13r

    M0g13r LI Guru Member

    found another curious thing .....
    if i hit save button on basic/network the gui switches from custom.css to default tomato
    it only switches back after reboot or rebinding the device with mount -o bind /mnt/stuff/absolon_skin /www/ext

    ps.: all binds get loosed :\
     
  72. ilkevinli

    ilkevinli Network Guru Member

    It's funny how you draw that conclusion based on the fact of people commenting and making suggestions on something that happens to be new in the firmware. :rolleyes:

     
  73. Elfew

    Elfew Addicted to LI Member

    Maybe it could be better. Is possible to have this in both pages? Or add an extra settings for turning on/off ethernet port state in device list...
     
  74. gffmac

    gffmac Serious Server Member

    I dont seem to be hitting my max download speed on e3000 should be getting 100Mbps there abouts but getting 75. I will test more tomorrow and compare it to the previous 1.28.9013MIPSR2-R1.0 version fw.

    Also when downloading at the now slower max the router interface is slow to repond and pages load noticably slower.

    Edit: disabled my access restriction which sorted it.
     
  75. RMerlin

    RMerlin Network Guru Member

    I've always been a fan of "Simpler is better" when it comes to technology. :)

    [​IMG]
     
    Mercjoe, koitsu, eahm and 2 others like this.
  76. Victek

    Victek Network Guru Member

    Thanks all for the feedback, it's a pleasure for me to read all the comments. I'll try to make happy all of you by the same price .. will add the ports information into device list (I think it's the right place) and will leave same view in status overview but as you know it can be enabled/disabled.

    Again, thanks to all for your opinion :)

    @ M0g13r , thanks for reporting it, I solved the ticket you mentioned yesterday, it can serve for other things too. I can't reproduce the issue you describe now in my router.
    @ gffmac, thanks also for your comment, thinking about it.. I consider it's logic when all packets must be inspected.. we have domestic router .. but for your information I'm able to reach top speed in the RT-N16 and RT-N66U with some peaks in the speedmeter (surely related with packet inspection enabled in access restriction gui).
    @RMerlin, good screenshot, question, it's also done calling an script file? It's curious that Asus uses a lot of scripts, surely the development time is shorter but then we need more powerfull routers to run it consuming a lot of CPU ... I'm right? My intention now is to change the etherstate script into a C file once I understood how it works and to dismiss CPU load. Thanks!
     
  77. M0g13r

    M0g13r LI Guru Member

    victek i have a wish/request
    can u plz add lcp-echo-interval from pppd (wanoptions) to the pppoe gui ? check intervall is in most builds (toastman) the holdoff time what is for redail waiting and not connection check
     
    Elfew likes this.
  78. Elfew

    Elfew Addicted to LI Member

    Anyway Toastman released new build today... Maybe some commits could be usefull for new build ;)
     
  79. Victek

    Victek Network Guru Member

    @M0g13r, It's fixed internally in nvram values, no problem, I'll add.
    @Elfew, I prefer to leave time enough for other people to test Toastman builds, I read many issues with builds in the forum lately ... in resume, I'll wait and see, to be the last is not bad, to be unreliable is worst..... :)

    Thanks
     
    philess likes this.
  80. RMerlin

    RMerlin Network Guru Member

    That feature was implemented by me. There's no scripting involved, I have httd running robocfg (a C tool), parse its output in a Javascript-friendly format, then push it to the web client.

    I also added the new robocfg switch which allows to retrieve these info from robocfg without having to wait for it to also resolve all VLANs (which can take 2-3 seconds). So, beside the Javascript parsing and layout, everything is done in C.

    These commits contain most of the actual code involved:

    https://github.com/RMerl/asuswrt-me...02a3df9a4e#release/src/router/httpd/sysinfo.c
    https://github.com/RMerl/asuswrt-me...9689a57389#release/src/router/httpd/sysinfo.c

    And the robocfg change that adds the (faster) showports command:

    https://github.com/RMerl/asuswrt-me...ef48596d5e#release/src/router/utils/robocfg.c


    There is almost no scripting in Asuswrt BTW. Almost everything is handled by the rc multi-applets binary, which works kinda like Busybox (one binary for multiple applets). In fact, there is less scripting in Asuswrt (which is originally based on TomatoUSB) than in Linksys's firmware. Unless you also count the Javascript bits, which are run by the client's CPU anyway.
     
  81. Victek

    Victek Network Guru Member

    Did'nt know it was your code, I'll see it.

    thanks ;)
     
  82. koitsu

    koitsu Network Guru Member

    shibby20 likes this.
  83. kyrios

    kyrios Serious Server Member

    Victek,
    Your build, already have TC-ATM overhead calculation for DSL by tvlz? And also L7 filter for Youtube by Porter?
    Would like to try your build, anyway.
     
  84. Victek

    Victek Network Guru Member

    @ koitsu, all the changes will be committed when the beta version will be released, I applied the fix from EasyTomato git, there are four files implied. You have a conversation started with more info.
    @ kyrios, yes.
     
    Elfew likes this.
  85. kyrios

    kyrios Serious Server Member

    Vic,
    I'm afraid you forgot to add Youtube 2012 L7 filter (for QOS) by Porter.
    Would you please add it into 1.1g?
     
  86. Victek

    Victek Network Guru Member

    Will check but then may be is not working, thanks for the information. I'll not release more betas, until the final release.
     
    Elfew likes this.
  87. Elfew

    Elfew Addicted to LI Member

    No more betas? Bad news :(
     
  88. FattysGoneWild

    FattysGoneWild LI Guru Member

    I think what he means. If he keeps on releasing betas. He will never get to a final release. Once the final is out. Then new betas will follow. That is my guess.
     
  89. Victek

    Victek Network Guru Member

    @ FattysGoneWild, exactly, thanks.
    @ Elfew, No more betas don't mean that I can distribute betas to some people.

    In resume, the feedback I got from the distributed betas was excellent, few bugs (I don't believe, for sure there are bugs but the beta testers don't checked all functions). Then I prefer to be concentrated finishing the pending applications (Lighttpd, php, php-cgi, siproxd, Nodog... and others) and then I'll distribute the Beta with only the function I need to test.
    I'm not interested if another build have one function and why I don't include this function in Tomato RAF, this is not the target of one Beta, it's not a benchmark, I'm interested you test the functions I do. If I include features from the git with bugs then I have to solve bugs made by others and I can't continue the progress in Tomato RAF builds, it's not the target. I hope you understand ;)

    Thanks!
     
    ilkevinli and Elfew like this.
  90. Elfew

    Elfew Addicted to LI Member

    Yeah Victek, I understand. Good luck! Keep good work
     
  91. vlads

    vlads Serious Server Member

    @Victek - any chance you could update OpenVPN to the latest release - 2.3.1 before releasing the final build? It fixes a couple of cross platform bugs.

    Thanks!
     
  92. Victek

    Victek Network Guru Member

    @ vlads - It works OK in your router? please show me the commit in the git and for sure I'll apply in the definite build.
    @ Elfew - 10/100 and 1000 ethernet ports with different led color done together with Device-List two column add (Port and Speed). ;)

    Thanks!
     
    CBR900 and Elfew like this.
  93. Elfew

    Elfew Addicted to LI Member

    Ohh, thank you. I am really happy that I can help you. It is nice to see that many of mine ideas and feature request for "better" Tomato have been accepted and will be in the next build ;)
     
  94. Victek

    Victek Network Guru Member

    Access Restriction: Finally is working as it should.. Thank you for your suggestions koitsu ;) , now no excuses for the best contents watcher for routers.
     
  95. koitsu

    koitsu Network Guru Member

    The part that folks don't seem to understand is that xt_string actually looks for any string across the entire contents of the packet, while the older ipt_web stuff (using --hore) looks at only the HTTP Host: header and the GET/HEAD request string. Instead I just see end-users flying around going "HURRRRR I NEED TO BLOCK HTTPS" and finding a solution and then suddenly people implementing the ""solution"" without truly being aware of the implications.

    Problems with using xt_string:

    - Access Restriction now blocks any packet containing the string matched (ex. if the string "hello.com" is blocked using xt_string, a web page talking about (in its content) hello.com will be blocked)
    - Does not provide a clean/decent way for end users to know if their packet is being blocked (ipt_web returns a sort of "Access denied" web page to the user, with black text on a red background, if I remember right -- although I believe it returns HTTP 200, not HTTP 403 like it should), and HTTP stacks/browsers tend to respect/honour this much better/cleaner than if the packet is just rejected (for whatever reason ICMP port unreachable doesn't seem to work, and while TCP RST does work, many HTTP stacks/browsers retry when receiving RST)
    - Lacks anchoring support (ipt_web supports ^ (start-of-string) and $ (end-of-string) anchoring)

    Problems with ipt_web:

    - Doesn't match any part of the packet, which means you cannot block HTTPS pages with browsers that support SNI (and even with xt_string, matching the SNI portion of the packet can be tricky, because you have to actually look for other hexadecimal values preceding and succeeding the SNI string itself, otherwise you end up blocking things other than just SSL requests)
    - Doesn't properly work with IPv6 (AFAIK)

    All this is why I said before implementing xt_string, ***A LOT*** of work needs to be done. You cannot just switch from ipt_web to xt_string and magically expect everything to behave the same -- it doesn't. The introduction of xt_string into EasyTomato and/or other firmwares needs to be done very very carefully because of the implications of what all it does. It is not the same as ipt_web.

    The relevant ipt_web source code bits that people need to look at and truly understand:

    release/src-rt/linux/linux-2.6/net/netfilter/xt_web.c (don't let the filename confuse you!)
    release/src/router/iptables/extensions/libipt_web.c

    These two are what do the work.

    If you want to implement HTTPS blocking, my advice would be to add a new GUI field for HTTPS domains. Use ipt_web for the existing (HTTP) stuff, because it does the Right Thing, and for HTTPS blocking, use xt_string but with --hex-string (and not just --string) so that you can get more accurate matching (i.e. block only HTTPS/SSL packets and not any packet for any protocol that contains a string).

    You'll need to turn the ASCII string provided in the GUI into it's hexadecimal equivalent (e.g. "hello.com" becomes 0x68656c6c6f2e636f6d), and then put some other values around that to help match only against TLS/SSL-like packets. Do some packet captures and you'll begin to see how tricky blocking just HTTPS traffic becomes (particularly because different SSL/TLS stacks may create TLS options differently than one another. You'll need to do lots of captures using different browsers (Firefox, Chrome, IE9, IE10, possibly Opera, and Safari)).

    I should also note I've tried using --dport 443 to help narrow things down, but that doesn't work (possibly because my testing used it in the FORWARD chain), and using that also isn't going to work for people doing something like https://somesite:1234/ (I can assure you eventually someone will show up on this forum stating "the HTTPS block doesn't work for ports other than 443").

    Alternately, you could improve/fix ipt_web to support matching against raw portions of the packet that look like SNI (similar to the xt_string --hex-string method I mentioned above); this would probably have to be implemented as a new flag to ipt_web, such as --httpssni or something like that, then provide the user a way in the GUI to distinguish if they want a string matched against the SNI header (for HTTPS) or not.

    But just a blind string match is going to block things that aren't what the user intends; such as visiting plaintext websites that contain the string they entered, block portions of outbound Email, or even IM conversations. It needs to be done right, and carefully.


    Lots of things to think about, so like I said, be very careful when implementing this. For now, simply building the firmware with xt_string support (e.g. CONFIG_NETFILTER_XT_MATCH_STRING=m) and let the end-user do the iptables rules manually is probably the best choice until a proper/correct solution can be written.
     
    shibby20, Toastman, Victek and 2 others like this.
  96. ilkevinli

    ilkevinli Network Guru Member

    Thanks for the post. Interesting reading and a great explanation..



     
  97. Elfew

    Elfew Addicted to LI Member

    Interesting reading! Thank you
     
  98. Mercjoe

    Mercjoe Network Guru Member

    In layman's terms; It is more like a shotgun than a scalpel.
     
    roadkill and JugsteR like this.
  99. Victek

    Victek Network Guru Member

    Yes .. I like koitsu explanations (all words) ;) .. well, I was not thinking to pop-up the red label to the user when trying to access prohibited pages and for me the legend now:


    This webpage is not available

    The connection to www.youtube.com was interrupted.
    Here are some suggestions:

    • Reload this webpage later.
    • Check your Internet connection. Restart any router, modem, or other network devices you may be using.
    • Add Google Chrome as a permitted program in your firewall's or antivirus software's settings. If it is already a permitted program, try deleting it from the list of permitted programs and adding it again.
    • If you use a proxy server, check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don't believe you should be using a proxy server, adjust your proxy settings: Go to the Chrome menu >Settings > Show advanced settings... > Change proxy settings... and make sure your configuration is set to "no proxy" or "direct."

    Error 101 (net::ERR_CONNECTION_RESET): The connection was reset.
    It's self explanatory .... ;)
     
    Elfew likes this.
  100. RMerlin

    RMerlin Network Guru Member

    Just a thought: if you only analyzed the outbound traffic, then you would only filter out the requests you sent to port 80. Any inbound traffic (such as the actual webpage content) content should be untouched.
     

Share This Page