1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Toastman's Releases

Discussion in 'Tomato Firmware' started by Toastman, Dec 18, 2011.

  1. Sean B.

    Sean B. Addicted to LI Member

    Brilliant concept. Even with just the few patches I've been a part of, keeping it all organized once applied has proven to be dicey at best. Seems like a big "woops" waiting to happen.
     
  2. rickmav3

    rickmav3 Serious Server Member

    For ARM looked to reverse to a previous 9008 version before cstats changes to see if the IP Traffic spikes are there, but they were removed.
     
  3. M_ars

    M_ars Network Guru Member

    sorry to hear that. It is still unknown to me what event can cause this while the router is up and running (for hours without interruptions).
    I made a new patch (see attached files) for Toastman which does re-include an if-condition to catch unkown/unwanted traffic peaks. I think Teaman (creator of cstats) did have the same problem and thats why it was there in the first place.

    I increased the value to 3750 Mbyte in case of an rollover - I think it is a good value with 250 Mbit/s . RMerlin does use the same value (3750) for asuswrt with an shorter interval time of 30 sec (--> 1000 Mbit/s)
    https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/rstats/rstats.c

    This should remove the peaks finally for your network setup. I made a custom build including this patch to verify the basic functionality, and everything works and looks ok to me.

    [​IMG]
     

    Attached Files:

    Elfew and rickmav3 like this.
  4. Sean B.

    Sean B. Addicted to LI Member

    @Toastman , The miniupnpd update patch I had put up is functional.. however it appears even tho I put it in a code box there's some soft of formatting or spacing issue occurring when copied/pasted from it. Running the patch works fine from my original, but when I copy/paste from the code box I posted it fails.. yet they are identical. I replaced the code box in my post with a link to download the patch file directly and double checked the downloaded file applies as it should. I'll add the link to this post for convenience as well, let me know if it gives you any trouble.

    Miniupnp update patch file: https://drive.google.com/open?id=0B2-lohCGqdV0Q0RGS2pMcXRRNk0
     
  5. RMerlin

    RMerlin Network Guru Member

    I don't like this concept. It's fine if you have just a few basic patches applied that you never need to go back to in the future, but it makes it hard to debug if you need to dive back into the resulting code. I prefer a flat filesystem that can directly be worked with.
     
    William Clark likes this.
  6. Toastman

    Toastman Super Moderator Staff Member Member

    0511.1 deleted as 2 people have bricked their routers.
     
    visceralpsyche likes this.
  7. Sean B.

    Sean B. Addicted to LI Member

    Ahh I do see your point. I suppose one only figures out what organizational system works well for them when.. one actually implements an organizational system to begin with haha. I'm just noticing that the more changes/updates etc I'm involved in the harder it is to keep it all straight and/or back track once it's melded in to the full source. I'll have to try different ways of doing things and see what is most intuitive for me I suppose.
     
  8. Sean B.

    Sean B. Addicted to LI Member

    Yikes.. no good. I don't think I caught what was involved in 0511.1.. I'm still catching up.
     
  9. RMerlin

    RMerlin Network Guru Member

    Git is awesome there to help you track past changes. If you didn't know yet, you can enter a directory, and ask for a git log of that specific directory. For example:

    Code:
    cd router/openvpn/
    git log .
    
    This lets you see all changes that you made to the OpenVPN code.

    Having a build-time patching system might work decently well when your patches mostly deal with making the code build with your firmware environment. But if you start doing any customizations (like Asus did to OpenVPN or dnsmasq), it's better to have the patches pre-applied IMHO.
     
  10. Sean B.

    Sean B. Addicted to LI Member

    Great point. I do think I need to dive into Git further. I've only dealt with it for a local clone, nothing from the commiting/merging etc side of things. It seems very feature rich and quite powerful, which leads me to believe it will be an adventure in itself.
     
  11. Toastman

    Toastman Super Moderator Staff Member Member

    git is an amazing piece of software. Probably unlike most other people, I make extensive use of the graphic facilities such as gitk and git gui. I also keep the full git of tomato from the very beginning. It is enlightening to see sometimes that a particular problem was actually fixed long ago and then reverted by accident in some much later convoluted merges.
     
  12. Toastman

    Toastman Super Moderator Staff Member Member

    OK - 0511.1 was yanked because of 2 people reporting bricked routers. I was able to reproduce that here. I've removed the JFFS for WNR3500LV2 commit which was the cause, and also reverted the recent cstats and rstats file changes to those of 0510.6 for now. Builds 7511.2 and 0511.2 will follow tomorrow.
     
  13. Dent

    Dent Network Guru Member

    Is there an easy way to unbrick my E4200?
     
  14. Justio

    Justio Networkin' Nut Member

    After reading your post, took the risk and compiled (+flashed) an image under Toastman-NRT for my old WRT54GL.
    The compilation went fine :eek:
    @$(MAKE) bin JFFSv1=y NO_CIFS=y NO_HTTPS=y NO_SAMBA=y B=I BUILD_DESC="Blah" USB=""
    (in src-rt directory)
    even though in the commit it's clearly stated that is targetet for: smaller builds for Linksys E-Series with 4MB Flash which are R2 CPU type and not R1 (source)
    The router works just fine for my needs (overclocked at 250Mhz)...actually i'm writing this post connected through it

    This is the commit i've used (git log):
    commit de27692eede4ae3aa9f2525e16b6c6446b0f9f19
    Author: Jeremy Chadwick <jdc@koitsu.org>
    Date: Sun Jan 1 10:42:40 2017 -0800

    root's authorized_keys should be perm 0600 (u=rw)

    .....

    Thanks! to you and to all devs/maintainers for the effort and for doing an exceptional job keeping the Tomato project alive
     
    Last edited: Jan 7, 2017
  15. Toink

    Toink Network Guru Member

    I believe only a jtag/serial process can unbrick our E4200's since it can still be ping-ed.

    Can someone kindly confirm if any of these two USB To RS232 TTL PL2303HX will work:

    http://www.ebay.com/itm/USB-To-RS23...914047?hash=item43f1a4bc7f:g:bDoAAOSwcL5XNXQW

    or

    http://www.ebay.com/itm/USB-To-RS23...573206?hash=item2eecb1d5d6:g:VjwAAOSwARZXiEgv

    On a brighter side, I completly forgot I still have a brand-new, sealed-box E4200v1 in my stash. :D But I'll wait for these 2 cables and will try to revive my trusty, bricked, E4200v1. Currently using my E3000.

    @Toastman

    Thanks!
     
  16. Sean B.

    Sean B. Addicted to LI Member

    @Dent and @Toink : I'm jumping in a bit behind on this situation so I apologize if I'm stating anything that's already been gone over. Have either of you attempted a TFTP upload of a known good firmware file during the boot-wait period right after router power-on? Sense the router is still responding to pings I'd say there's a high probability this method could recover the routers. If already tried and doesn't work, I'm more than happy to lend any assistance I can for recovering your routers via serial.
     
  17. Sean B.

    Sean B. Addicted to LI Member

    Ahh ok, roger that. Thanks for the update!
     
  18. Dent

    Dent Network Guru Member

    Sean B., could you describe the method with this "boot-wait" period?
     
  19. Sean B.

    Sean B. Addicted to LI Member

    As far as functionality for that chip, according to its datasheet it will work for what you're needing. However there are two things I'd point out: 1 is quite a lot of issues related to the driver for these chips, especially on versions of Windows above 7.. and 2 this chip was EOL ( end of life ) in September of 2012. There are converter breakout's with chips that are up-to-date and in current support that are just as cost-effective, IMHO would be a better purchase.
     
  20. Sean B.

    Sean B. Addicted to LI Member

    I'll find a detailed guide on it for you shortly and post a link. But the basic overview is that Tomato firmware has a boot-wait option, which by default I believe is 5 seconds. What this does is when you first power on the router, for 5 seconds before the firmware begins the boot process it will wait for a TFTP packet initiating a file transfer.. if it receives this it will forgo the boot process and receive/flash the uploaded firmware file.
     
  21. Sean B.

    Sean B. Addicted to LI Member

    Here's a guide from DD-WRT on TFTP recovery flashing. Use a known good firmware file ( preferably the one you were using before this latest flash that bricked the router ) . Give it a read through.. if I can be of help or answer specifics I'm happy to do so.

    https://www.dd-wrt.com/wiki/index.php/TFTP_flash
     
  22. Dent

    Dent Network Guru Member

    In the end, I couldn't recover from its bricked state. I was able to TFTP the Tomato firmware and it said it flashed successfully but it still does not boot up.
     
  23. Sean B.

    Sean B. Addicted to LI Member

    What exactly is the routers current behavior? When turned on, do the LEDs exhibit abnormal on/off/blink states? When a computer is connected via ethernet cable to the router, does the router respond to pings at 192.168.1.1 consistently? What error is being returned when you attempt to access the GUI webpage.. timeout, connection refused etc.
     
  24. Sean B.

    Sean B. Addicted to LI Member

    And I trust you have used the reset button on the back of the router? While powered on, pressing and holding the reset button for 10 seconds and then releasing. And then with the router powered off, press and hold the reset button.. while still holding the reset button turn the router on. Continue holding the reset button for 15 seconds and then release.
     
  25. Beast

    Beast Network Guru Member

    after the flash try, remove power hold in reset for 30 seconds and while continuing to hold in reset, connect power and hold for 30 more seconds than let go of the reset. See if that will work. There are some other reset boot ups but i don't remember them all.


    lol....Sean B.
     
    Sean B. likes this.
  26. Sean B.

    Sean B. Addicted to LI Member

  27. Toink

    Toink Network Guru Member

    Thanks Sean for trying to help out.

    Prior to you positing the guide on how to tftp, I've already done those via the tftp.exe utility as well as via the command line. Anyways in my case the E4200 is in a continuous boot loop. Hence, when I tried to flash the stock Linksys firmware, the process stops in the middle - as in the utility will show the status bar and after midway, it fails. I tried flashing the smallest tomato firmware version, the utility shows it successfully flashed. But even after waiting 5 minutes and then pressing the reset button 30/30/30, the router is still inaccessible - LAN1 has activity and ping-able but I still cant access the web gui and the boot loop continues

    Thus I believe only a jtag can save it...

    P.S. Stupid question, can I do an NVRAM erase via command line without jtagging - I assume not, no?
     
  28. Dent

    Dent Network Guru Member

    I basically experienced the same results as Toink just as described in his post above.
     
  29. Sean B.

    Sean B. Addicted to LI Member

    Does sound like you've covered all the bases. As far as NVRAM reset, I *believe* the reset button on the E4200 should do that. However, this following procedure may be worth a shot as I'm not sure if it's a per device or per firmware ( tomato ) implementation but does specifically erase the NVRAM on my RT-AC68P: With the router off, press and hold the WPS button ( the blue button the back ) and turn the router on while continuing to hold. On my 68P after about 15 - 20 seconds the power LED will begin to flash rapidly indicating NVRAM has been cleared. If you get the same response, that would be a great sign and upon releasing the button it should reboot. If not, hold for a total of 30 seconds just in case and then release. Observe for indications the router is rebooting.. if it is, let it reboot and cross your fingers. If not, shut it off.. offer it a cookie or perhaps a shot of top shelf whiskey.. then turn it back on and see what it does ;) .

    **EDIT**: Sorry, I didn't really answer your question about the NVRAM. If you were able to get into the router via a telnet/ssh shell then yes, you could clear the NVRAM via command line. However there is no "external" program or access avenue ( command line or otherwise ) that can specifically induce an NVRAM clear. If telnet/ssh connection, http GUI access, TFTP recovery, and hardware ( button ) avenues are all non-responsive then the only options left would be a UART serial or JTAG connection. UART being the much easier and preferable method of the two if available on the board.
     
    Last edited: Jan 8, 2017
  30. Sean B.

    Sean B. Addicted to LI Member

    It appears the E4200 has both UART serial and JTAG ports, both are un-populated through-hole connections. The serial port is labeled JB2.. I've attached a surprisingly high quality picture I was able to find. However, I would highly recommend soldering in a standard pin header rather than the extremely bad and rather scary bare wire to pad attempt shown. And please note, I am unable to confirm the accuracy of the pinout shown as I do not have access to this model of router. All info or help on the subject of UART/JTAG connections I provide in this and any future posts is to be used at your own risk.

    [​IMG]
    [​IMG]
     
    Last edited: Jan 8, 2017
  31. Dent

    Dent Network Guru Member

    Sean B, if I wanted to try to revive this router using the serial port on the E4200, and do this as cheaply as possible, I was perhaps thinking of purchasing any needed parts from Ebay through the cheapest China or other Asian seller that I can find. It would take over a month for stuff to ship to me from there but I am in no hurry. What parts would I need such as a USB to Serial cable, standard pin header, etc.? I'm not sure of the terminology to search for on Ebay. Also, does there have to be any soldering involved or can a pin header (if I can find it on Ebay) just be placed into place there temporarily? Thanks for any help that you may be able to offer.
     
  32. koitsu

    koitsu Network Guru Member

    @Dent You need:

    1. A USB TTL cable (such as this) that can do 3.3V serial (yes, it matters - 5V serial and 3.3V serial are very different),
    2. To know what the serial port speed/stop/parity bits/flow control should be set to,
    3. To solder pins to the actual E4200 mainboard so that you could use the above cable. Soldering the wires of the USB TTL adapter directly to the mainboard is ridiculous, IMO.

    When hooking up the cable, ONLY HOOK UP TxD AND RxD AND GND. DO NOT HOOK UP VCC!

    Be aware that many of the depictions of pinouts I've found online depict the TxD (transmit) and RxD (receive) pins backwards (one such example -- different router, but my point stands). The authors of these pictures sometimes depict "what wire on your adapter to place here" and not what the actual pin functionality is, which is utterly stupid (i.e. backwards). Point is: TxD pin connects to RxD wire, RxD pin connects to TxD wire. If you get these mixed up (e.g. TxD<-->TxD), some devices will misbehave very badly (for example the RT-AC56U upon power-on will light up all its LEDs, then just sit there with the LEDs lit, as if you've permanently damaged the device).

    I have to assume there's a CFE. If there isn't, then JTAG might be your only option. If there is a CFE, then you'll need to see if it the CFE it provides has a TFTP server so that you can transfer a firmware to the router from a client. Some CFEs have a TFTP client (i.e. the CFE fetches a firmware from a TFTP server), but have a 256KByte limitation on their transfer limit (i.e. you can't transfer a firmware this way).

    Otherwise, if it's purely an NVRAM thing and the CFE offers NVRAM manipulation (most do!), then you can just manipulate NVRAM directly from the CFE.

    P.S. -- Are you doing this purely for a fun project, or are you really trying to save the device out of dedication? If the latter: the E4200 is almost 4 years old, I'd suggest possibly just buying a different/newer router. It would be the easier choice.
     
  33. Dent

    Dent Network Guru Member

    This was purely for a fun project. I already purchased a used Asus RT-N66U for a replacement. If it was very cheap and easy to fix, then I would try it. If not, then I would just throw it away. I don't own a soldering iron and would not buy one just for this. I've read they make solderless/push in/press in pin headers but ebay doesn't really have much or extremely cheap. This may be too involved for me.
     
  34. Toastman

    Toastman Super Moderator Staff Member Member

    Depending on the particular router's pcb, sometimes the pin headers are quite a tight fit in the board, or you may be able to get away without soldering it if you stress the header against the pcb. Or you can buy a throwaway Chinese made soldering iron, which cost peanuts.

    BTW: The RT-N16 was able to be flashed in the same way that SeanB suggested in in post 4029, using the WPS button. That reset it to 192.168.1.1. After that it could be placed in recovery mode as normal.

    EDIT - My gut feeling, having had years of experience with fixing broken routers, is that yours is not bricked and I'm almost 99% certain that it can be flashed by tftp. You just have to keep trying, I sometimes tried for hours before things suddenly worked.
     
  35. Dent

    Dent Network Guru Member

    Yes, I have tried as per post 4029 but nothing worked. Do you know now what exactly happened that caused this brick situation in this particular model of router and why the TFTP flashing of the firmware does not work?
     
  36. koitsu

    koitsu Network Guru Member

    @Dent If you're in the United States and you feel like spending a little bit of money, you can mail me the E4200 and I can attempt to recover it for you (I'm happy to pay return shipping), including possibly leaving a permanent pin connection for serial + including a free USB TTL adapter if asked. The TFTP method is "tricky" a lot of the time, and I've found several TFTP clients that don't behave correctly (both on Windows as well as Linux).

    I would not trust push-in solderless pins. They aren't going to make a good connection.

    There's no real way to determine "what" "bricked" the unit (I use quotes around brick because I simply can't tell if it truly is or isn't). It's not like there's magical permanent-storage logs that hold such information. :) I'd rather not speculate as to the cause.
     
  37. Dent

    Dent Network Guru Member

    I actually live in Canada so I don't believe shipping is really cost effective. Thanks for the offer, anyways.
     
  38. Sean B.

    Sean B. Addicted to LI Member

    If this attempt is based out of fun/curiosity ( implying the end result and possible damage caused by the attempt is not a big deal ) and soldering is a concern then feel free to improvise. Use bare wire ends and fashion a way to get them to maintain contact with the copper rings of each through-hole. Possibly sticking a section of stripped wire through the hole, folding each side down to a moderately taunt state and then use a common arts-an-crafts hot glue gun and put a small dab top an bottom.. then cut any excess wire left sticking around on the bottom so they don't manage to short to anything else. Or perhaps get some mini-hook test clips ( pictured below ) at a local electronics store or on ebay.. can get a 5-pack for a couple bucks. Flatten the hook end so it's L shaped and cut the foot of the L to a width that just barely fits through the hole. Worst case ( barring missed stray wire strands causing a short ) would be there isn't enough contact and you won't get a terminal connection, or just barely enough contact resulting in randomly lost connections and/or jibberish appearing in your terminal programs console.

    [​IMG]
     
    Last edited: Jan 9, 2017
  39. BillyBlaze

    BillyBlaze New Member Member

    Hi Toastman,

    Although I find myself in an unfortunate situation with no live Internet connection at home to test this on properly (such hard times!), I can confirm that your 511.2 mini build for the e1200 v1 flashed successfully!

    Current version = 1.28.0511 MIPSR2Toastman-RT-N K26 Mini

    Many thanks again!
     
    Toastman likes this.
  40. bake73

    bake73 Network Guru Member

    Small bug in the latest on a R7000, in bandwidth limiter i am unable to change Priority as it stays on low in Default Class for unlisted MAC / IPs in LAN (br0).
    It could be that it is changing but the gui is reporting it at Low.

    Apart from that eveything is running great.

    Thanks.
     
    Last edited: Jan 14, 2017
  41. Joe A

    Joe A Reformed Router Member

    Tomato.jpg

    I'm not sure where to post this, and I don't have a fix. Howver, I thought other folks would want to know.

    The setting "limit connection attempts" under "Admin Restrictions" is not being honored. I've set mine to limit connection attempts to 3 in 300 seconds. Please see the below excerpt from my log.


    Jan 15 21:44:02 tomlin authpriv.warn dropbear[9920]: Bad password attempt for 'root' from 125.212.242.15:35652
    Jan 15 21:44:03 tomlin authpriv.warn dropbear[9920]: Bad password attempt for 'root' from 125.212.242.15:35652
    Jan 15 21:44:04 tomlin authpriv.warn dropbear[9920]: Bad password attempt for 'root' from 125.212.242.15:35652
    Jan 15 21:44:04 tomlin authpriv.warn dropbear[9920]: Bad password attempt for 'root' from 125.212.242.15:35652
    Jan 15 21:44:05 tomlin authpriv.warn dropbear[9920]: Bad password attempt for 'root' from 125.212.242.15:35652
    Jan 15 21:44:05 tomlin authpriv.warn dropbear[9921]: Login attempt for nonexistent user from 125.212.242.15:35784
    Jan 15 21:44:05 tomlin authpriv.warn dropbear[9920]: Bad password attempt for 'root' from 125.212.242.15:35652
    Jan 15 21:44:06 tomlin authpriv.warn dropbear[9920]: Bad password attempt for 'root' from 125.212.242.15:35652
    Jan 15 21:44:06 tomlin authpriv.warn dropbear[9921]: Login attempt for nonexistent user from 125.212.242.15:35784
    Jan 15 21:44:06 tomlin authpriv.warn dropbear[9920]: Bad password attempt for 'root' from 125.212.242.15:35652
    Jan 15 21:44:07 tomlin authpriv.warn dropbear[9921]: Login attempt for nonexistent user from 125.212.242.15:35784
    Jan 15 21:44:07 tomlin authpriv.warn dropbear[9920]: Bad password attempt for 'root' from 125.212.242.15:35652
    Jan 15 21:44:08 tomlin authpriv.warn dropbear[9921]: Login attempt for nonexistent user from 125.212.242.15:35784
    Jan 15 21:44:08 tomlin authpriv.warn dropbear[9920]: Bad password attempt for 'root' from 125.212.242.15:35652
    Jan 15 21:44:09 tomlin authpriv.info dropbear[9920]: Exit before auth (user 'root', 10 fails): Max auth tries reached - user 'root' from 125.212.242.15:35652
    Jan 15 21:44:09 tomlin authpriv.warn dropbear[9921]: Login attempt for nonexistent user from 125.212.242.15:35784
    Jan 15 21:44:09 tomlin authpriv.warn dropbear[9921]: Login attempt for nonexistent user from 125.212.242.15:35784
    Jan 15 21:44:10 tomlin authpriv.warn dropbear[9921]: Login attempt for nonexistent user from 125.212.242.15:35784
    Jan 15 21:44:11 tomlin authpriv.warn dropbear[9921]: Login attempt for nonexistent user from 125.212.242.15:35784
    Jan 15 21:44:12 tomlin authpriv.warn dropbear[9921]: Login attempt for nonexistent user from 125.212.242.15:35784
    Jan 15 21:44:14 tomlin authpriv.warn dropbear[9921]: Login attempt for nonexistent user from 125.212.242.15:35784
    Jan 15 21:44:14 tomlin authpriv.info dropbear[9921]: Exit before auth: Max auth tries reached - user 'is invalid' from 125.212.242.15:35784
     
  42. koitsu

    koitsu Network Guru Member

    That definitely looks to be the case. I can investigate this. I need the following information -- and some of this you may want to send me in a PM/directly as it may contain sensitive information (particularly the iptables bits, but it depends):

    1. Filename of firmware you're using,
    2. Make and model of router you're using,
    3. Your WAN connection type -- or better yet, just a screenshot of Basic -> Network (you can black out things like L/Ps, Wifi info, MACs, etc. -- please do not black out IPs!),
    4. If you're using any kind of VPN software (on the router), or have a complicated network setup (VLANs, etc.), and *especially* if you have anything custom in Administration -> Scripts (and if so, I need all of that put into code blocks and provided as well),
    5. Output from the following commands, as well as the commands themselves, in a code block:

    Code:
    iptables -L -n -v --line-numbers
    iptables -t nat -L -n -v --line-numbers
    iptables -t mangle -L -n -v --line-numbers
    
    After I get that, I can try to reproduce it locally. But the above info I need to see regardless.
     
    Joe A likes this.
  43. Joe A

    Joe A Reformed Router Member

    Thanks, Koitsu. I should be able to get you the requested info tomorrow evening. I believe I've seen this behavior before this update; I should have mentioned that initially.
     
  44. koitsu

    koitsu Network Guru Member

    No problem, and yes, that's quite understandable -- nothing in any of the recent releases has touched that code (even remotely/distantly). :)
     
  45. Grimson

    Grimson Networkin' Nut Member

    @Joe A
    Are you sure you're not confusing connection attempts with login attempts? Remember you can do multiple login attempts within a single SSH connection.

    The part of the log you posted shows 125.212.242.15 doing consecutive login attempts using two connections both get closed after 10 failed login attempts see:
    Code:
    Jan 15 21:44:09 tomlin authpriv.info dropbear[9920]: Exit before auth (user 'root', 10 fails): Max auth tries reached - user 'root' from 125.212.242.15:35652
    Jan 15 21:44:14 tomlin authpriv.info dropbear[9921]: Exit before auth: Max auth tries reached - user 'is invalid' from 125.212.242.15:35784
    You need to provide a bigger chunk of the log to actually check wether connections are limited.
     
    Joe A likes this.
  46. M_ars

    M_ars Network Guru Member

    thx for helping/testing @rickmav3 and @brfransen :)
    I did provide the rstats/cstats patch to Toastman
    (also attached to this post)
     

    Attached Files:

    rickmav3 likes this.
  47. Almilade

    Almilade Network Newbie Member

    I see some weird things with samba after a reboot of my router.

    I get the following in my log after a reboot:
    Code:
    Jan  1 01:00:29 tomato daemon.err smbd[1143]: ERROR: smbd is already running. File /var/run/samba/smbd.pid exists and process id 1124 is running.
    I have a USB flash drive attached an shared over samba (just for sharing logfiles and stats). Master Browser and WINS Server are checked on the file sharing page.
    My Network Neighbourhood (is it still called this way in win 7?) in win 7 is slow, the tomato-router ist not shown as a computer. Accessing over \\tomato still works.
    If I stop and restart file sharing in tomato, the log is showing the following lines:
    Code:
    Jan 16 23:27:24 tomato daemon.err nmbd[1767]: Samba server TOMATO is now a domain master browser for workgroup WORKGROUP on subnet UNICAST_SUBNET
    Jan 16 23:27:32 tomato daemon.err nmbd[1767]: Samba server TOMATO is now a domain master browser for workgroup WORKGROUP on subnet 192.168.1.1
    Jan 16 23:27:48 tomato daemon.err nmbd[1767]: Samba name server TOMATO is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.1
    Everything is running perfect again. So there seems to be something wrong with samba at first start. I remember having these lines also after a reboot of the router...
    I'm not running any fancy configuration, some VLAN, PPPoE and some other minor config. No QOS.
    I did not have this with shibby 132, in toastman ARM 9008.5 and 9008.6 the problem occurs. Not sure about older versions (can try if needed).

    I'm running tomato-RT-N18U-9008.5Toastman-ARM-VPN-64K-NOSMP on ASUS RT-N-18U.

    Any ideas? Thanks.
     
  48. koitsu

    koitsu Network Guru Member

    Is IPv6 enabled?

    Did you do a thorough NVRAM reset when moving from Shibby to Toastman? If not, do that, and do not use the Configuration Backup/Restore feature (you will need to enter everything manually).

    If so, roll back to 1.28.9008.1 and see if the problem goes away. Please do several reboots (3-4 is sufficient) to verify.

    If it does go away, upgrade to 1.28.9008.2 and see if the problem is introduced. Again, same as before, do several reboots (3-4) to verify.

    Review READ THIS CHANGELOG FIRST.txt for what changed between those firmwares.
     
  49. Almilade

    Almilade Network Newbie Member

    Yeah, native from ISP.

    Yes, did erase NVRAM and configured everything from scratch.

    Will try to rollback and give you an answer tomorrow. Thanks
     
  50. Joe A

    Joe A Reformed Router Member

    Thanks, but from viewing the logs, I must admit that the attempts appear to be login attempts to me.
     
  51. Joe A

    Joe A Reformed Router Member

    I sent the requested iptable info via private conversation to you.
    NetworkBasic1.png NetworkBasic2.png
     
    Last edited: Jan 17, 2017
  52. Joe A

    Joe A Reformed Router Member

    Grimson, the mistake was definitely mine. Sorry, I just didn't get it.
     
  53. koitsu

    koitsu Network Guru Member

    For users wanting to know about the problem described in the referenced post: analysis was done, and discussion with the reporter was performed privately. There was no actual problem/bug -- it was as Grimson explained in his post. To clarify:

    The Limit Connection Attempts feature only limits the number of new/simultaneous TCP connections from a single IP address that can happen within N seconds (default 60). In this case, there were only 2 unique TCP sessions: 125.212.242.15 source port 35652, and 125.212.242.15 source port 35784. This threshold (2) was beneath the threshold (3) set by the user. Both connections were issuing multiple login attempts across each respective/individual TCP session.

    Dropbear (the SSH server/daemon that Tomato uses) limits the number of username or password attempts on a single TCP connection to 10 before it closes the socket. Official Dropbear code reference:

    https://github.com/mkj/dropbear/blob/master/svr-auth.c#L365
    https://github.com/mkj/dropbear/blob/master/default_options.h#L376

    Correlating Toastman-RT-AC branch code reference:

    http://repo.or.cz/tomato.git/blob/r...:/release/src/router/dropbear/svr-auth.c#l365
    http://repo.or.cz/tomato.git/blob/r...C:/release/src/router/dropbear/options.h#l282

    These values are hard-coded at compile-time and cannot be tuned at run-time. If Dropbear ever was to make them adjustable at run-time (i.e. through command-line flags), Tomato and its GUI could be extended to allow for adjustment of them.

    In general, it is recommended that people not leave remote SSH access to their router open to the world. Using an alternate TCP port does not solve the problem (the OP was using an alternate TCP port, for example, not port 22!). Instead, please limit access to an individual IP address or CIDR (network range) through the Allowed Remote IP Address field, or through custom firewall rules.
     
    Joe A likes this.
  54. Joe A

    Joe A Reformed Router Member

    padavan.png
    It is a weak defense I know. However, I was thinking Tomato's SSH settings provide the same protection Padavan wireless router firmware provides as shown in image above
     
  55. koitsu

    koitsu Network Guru Member

    Sadly, the screenshot tells me absolutely nothing about actual behaviour of their SSH server or their firewall. Is that limiting TCP connection rates for SSH like in Tomato? Is it using OpenSSH Server? Hint: OpenSSH Server doesn't offer the ability to limit N connections per minute/second (see MaxAuthTries), only "total number of attempts to log in per TCP session". For rate-limiting of connections, essentially relies on the firewall -- which is exactly what Tomato's Limit Connection Attempts is doing (I described this privately, and if you need proof of it, just ask and I will demonstrate it). Tomato's SSH server is Dropbear, and does not run OpenSSH (it's too big/fat alongside all the libraries needed to run it). If Padavan is running their own SSH server, then that's their own business.

    I feel like I'm somehow not being clear in my descriptions of things, or my terminology. How can I make this clearer?
     
    Joe A likes this.
  56. Joe A

    Joe A Reformed Router Member

    You are being very clear Koitsu. You were also very generous with your time when you thoroughly explained the situation, and I genuinely appreciate it. I'll post logs from Padavan when or if I have some that I think show what I described.

    I'm sort of a career computer technician. I don't think I'll make it too much farther up the ladder. I got into this field relatively late in life, so sometimes I get a bit a confused. Please bear with me.

    Hopefully, the posts referenced in the below link touch on what I described.

    https://bitbucket.org/padavan/rt-n56u/issues/251/ssh-firewall-rule
    padavan.png
     
    Last edited: Jan 17, 2017
  57. koitsu

    koitsu Network Guru Member

    I'm a UNIX systems and network administrator of over 20 years (I'll be 40 this month), I program (though not as a career; more as part hobby, part open-source effort), and I write documentation. There's no ego when I say this, honest, but I do a lot of things. :)

    That Padavan problem report is literally the exact same as what you reported here -- with the exact same result. :) In other words: the "SSH Brute Force Protection" setting in Padavan is literally controlling iptables rules that limit the TCP connection rate for SSH -- just like in Tomato. The person named asavah explains this in their first reply. It appears Padavan also uses Dropbear as their SSH server, as Andy Padavan and the user called "c" in their replies reference Dropbear source code and compile-time configuration settings (talking about the exact same thing I did). Padavan has MAX_AUTH_TRIES set to 4, while Tomato uses the Dropbear default of 10.

    In other words: all of this is working exactly as designed. If you need an analogy to help understand the disparity between TCP connections vs. repeated authentication failures, I can try to come up with one; just ask.
     
    Joe A likes this.
  58. Joe A

    Joe A Reformed Router Member

    Ok. So my setting in Padavan was just a coincidence. The MAX_AUTH_TRIES just happened to be set to 4, so I thought my setting was accomplishing that. Good deal.
     
  59. Joe A

    Joe A Reformed Router Member

    I am getting old. I'll be 47 towards the end of the year. :)
     
  60. kille72

    kille72 Addicted to LI Member

    Last edited: Jan 17, 2017
  61. Toastman

    Toastman Super Moderator Staff Member Member

    January 17 2017 - all builds


    - Fix for "Dead loop on virtual device" message
    - calculation update for rstats and cstats
    - correct rollover calculation for bwm-realtime.asp
    and ipt-realtime.asp
    - align cstats function calc() with Toastman MIPS


    WARNING - DHCP IS DISABLED BY DEFAULT. DON'T FORGET
    TO TURN IT ON IF YOU NEED IT.
     
  62. Toastman

    Toastman Super Moderator Staff Member Member

    @kille72 - I tested the channel scan function in all of my routers, seems to work for me. I can't reproduce any problem. The commit only added the onscreen message "deprecated'.
     
    William Clark likes this.
  63. koitsu

    koitsu Network Guru Member

    User Rangaistus has found the cause for Bandwidth Monitoring statistics not showing up in some cases for users using PPPoE. Root cause isn't directly related to use of PPPoE, but rather how many network interfaces the system has active at the time; rstats would only look at the first 10 interfaces in /proc/net/dev.

    Reference: http://www.linksysinfo.org/index.php?threads/tomato-shibbys-releases.33858/page-75#post-284120

    Commits to fix this are below (increasing the limit to 32):

    Toastman-ARM: https://github.com/koitsu/tomato/tree/koitsu-rstats-pppoe-fix-arm
    Toastman-ARM7: https://github.com/koitsu/tomato/tree/koitsu-rstats-pppoe-fix-arm7
    Toastman-RT-AC: https://github.com/koitsu/tomato/tree/koitsu-rstats-pppoe-fix
     
  64. Toastman

    Toastman Super Moderator Staff Member Member

    Serious moves are afoot to remove superfluous crap from Tomato and to fix outstanding issues wherever possible.

    Thanks especially to Koitsu for his patience and dedication, and to all other contributors. Keep it coming, guys!
     
  65. RMerlin

    RMerlin Network Guru Member

    Sorry for the delay, been busy with other things.

    I spent a lot of time back in the day debugging cstats/rstats, so I decided to take a look at the recent changes. Regarding this commit:

    https://github.com/koitsu/tomato/commit/5ec2212e420b3885194132d4fb7a11a767fe2193

    Wouldn't it be cleaner (and less prone to issues if in the future the type changes again - I believe I might have been the one bumping these to 64-bit a few years ago) to do something like this instead?

    Code:
    diff = (~sc + 1) + c;
    
    That long list of FFFs make me go cross-eyed :)

    The parenthesis are optional here, they are more about understanding the logic behind the calculations, and could also be dropped.

    One difference from Asus/mine is the +1 added to diff. What is the logic behind TOmato adding 1 to the diff, but comparing to interval -1 below?

    My version of cstats doesn't add 1 there, while I do in rstats. I'll have to see if I can track down the reason why these two aren't aligned (one of them might have been a fix).

    ---

    I'll try to take a look at the rest of recent changes to cstats/rstats.

    Regarding the max number of interfaces, Asus has it set to 25, so they probably encountered the same issue in the past. Dunno why they chose "25" specifically, shouldn't matter if it's set to 25 or 32 I suppose.
     
    Last edited: Jan 20, 2017
  66. Toastman

    Toastman Super Moderator Staff Member Member

    Interesting comment on rstats / cstats. Wait to see what you come up with! A solution that includes both Tomato and AsusWRT would be nice.
     
  67. cobrax2

    cobrax2 Reformed Router Member

    I would like to also thank you guys for your commitment and the time consumed to keep tomato up to date and for making it what it is today, i've been using it for years and i love it!
     
    thevdr01 likes this.
  68. Toastman

    Toastman Super Moderator Staff Member Member

    January 20/21 2017 - ALL BUILDS


    - Fix lack of BWM stats for WAN when using PPPoE
    - Complete removal of TCP Vegas support



    WARNING - DHCP IS DISABLED BY DEFAULT. DON'T FORGET
    TO TURN IT ON IF YOU NEED IT.


    One of my graphics cards just died :eek:
     
  69. RMerlin

    RMerlin Network Guru Member

    I compared commits from both Shibby and my branches for cstats. Since I pulled cstats off Tomato, it means there's no Asus code in it.

    KDB already picked my cstats bugfixes at the time. One missing fix that I did when I implemented ARM support at the time was this commit from my repo:

    Code:
    commit c855eb43f923c9e03750c70adcd171d983ffc565
    Author: Eric Sauvageau <rmerl@lostrealm.ca>
    Date:   Wed Jul 3 22:44:28 2013 -0400
    
        The ARM toolchain didn't like having a char getting set to -1 - fixes IPTraffic under ARM (RT-AC56U)
    
    I don't remember if it generated a warning or an error, but it's probably a good idea to pick it up.

    This one is worth investigating:

    Code:
    commit 5863cbb7e9dfc69c8403670685351b4a8018f514
    Author: Eric Sauvageau <rmerl@lostrealm.ca>
    Date:   Sat Nov 14 02:01:12 2015 -0500
    
        rstats/cstats: Use a more recent datestamp (11-11-2015) than 1-1-2000 to determine if clock has been set, since newer firmwares no longer boot with a pre-Y2K date
    
    

    I don't know if Tomato still has the clock default to a pre-Y2K date at boot time, but Asus no longer does. This means the Y2K variable should be moved to a newer date, otherwise IPTraffic will report some traffic for the date of, for instance, December 2010 if that's what the clock is set to at boot time.

    I think I might myself have to bump this Y2K value once more, following some of the newer Asus models :/ I might possibly rely on an nvram flag that Asuswrt sets when ntpclient has done its job, rather than an arbitrary date. We'll see...



    On Tomato's side, there's one commit that I don't have. From Shibby's branch:

    Code:
    commit ae2a1a0ec520446c14954a8ce508d822e0dbc1a1
    Author: cc <cc@ubuntu64>
    Date:   Thu Feb 18 14:42:02 2016 +0100
    
        Fix phantom traffic data in IPTraffic
       
            http://repo.or.cz/tomato-rt-n10.git/commit/a68b5984115f7e31029c8464a4f132de78827b40
    
    I'm not entirely sure I understand the reasoning behind this commit. Any idea?
     
  70. RMerlin

    RMerlin Network Guru Member

    I've now browsed through changes in rstats. rstats was changed a lot by Asus, so it cannot be directly compared with Tomato's anymore unfortunately. It would be a lot of work IMHO to merge all of Asus's changes into Tomato, and remove the Asus-specific bits (like the support for RT-AC87U, or GMAC3 mode).

    A few things that came during that browse:

    1) The "sc +1" bit was actually done by Asus. I assume it would probably be a good idea to apply it to both rstats and cstats then, that's the kind of change which seem to have been done for a very specific reason.

    2) In GPL 380_2345, Asus moved the counter variables from 32-bit (long) to 64-bit (long long). I think it would be a good idea for Tomato to follow that (tho I would recommend using uint64_t as recommended previously by koitsu - since the rest of the rstats code already uses uint32_t anyway). As Internet speeds keep increasing, I assume that overflowing a 32-bit integer will increasingly become a potential issue.

    3) Also, that GPL 380_2345 merge saw Asus revisit the values used for MAX_ROLLOVER. They not only changed its value, but also made it take into account dual WAN mode. Not sure tho why that dual WAN mode support was specifically targetting the Asus BRT-AC828 (with its two physical WAN ports), and not those using a LAN port or an USB modem for a secondary WAN. I saw that Tomato changed its behaviour to rely on wan uptime instead. Not sure which of the two methods are the best, personally I'll leave Asus's method in there, since they seem to be actively maintaining it.

    For reference, the GPL 380_2345 merge on my repo occurred here, if you want to see the extent of Asus' recent changes to rstats:

    Code:
    commit c19e98a5072455965867004b3f07fb78d7b3bffe
    Author: Eric Sauvageau <rmerl@lostrealm.ca>
    Date:   Sat Mar 5 15:06:11 2016 -0500
    
        Merge with GPL 380_2345 (AC88)
    
    ADDED:
    4) I'm not 100% sure that changing the diff calculation in rstats to be 100% 64-bit is a good idea. Would require taking a closer look at the code, since I *think* the source values might be only 32-bit. In that case, using a 32-bit "max value" (FFFFFFFF) might perhaps be the proper thing to do? This will require further analysis...


    On Tomato's side of things, the rstats code from Shibby's branch doesn't seem to have been touched in years.


    On a somewhat related topic, these code talks feel like background noise to me for all end-users. Might be a good idea to consider moving this to a Developer sub-forums. Just get the related devs access to that forum as needed.
     
    Last edited: Jan 20, 2017
  71. M_ars

    M_ars Network Guru Member

    @Toastman : i found a little security patch/update for samba 3.0.37 - its already a few years old and not included in any branch. I dont think its urgent :)
    --> i made a patch for branch RT-AC and ARM
    see https://www.samba.org/samba/security/CVE-2013-4124.html

    Code:
    @@ -1127,7 +1127,19 @@ static struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata,
             if (next_offset == 0) {
                 break;
             }
    +
    +        /* Integer wrap protection for the increment. */
    +        if (offset + next_offset < offset) {
    +            break;
    +        }
    +
             offset += next_offset;
    +
    +        /* Integer wrap protection for while loop. */
    +        if (offset + 4 < offset) {
    +            break;
    +        }
    +
         }
     

    Attached Files:

  72. Rangaistus

    Rangaistus Network Newbie Member

    i think posts only become noise at higher volume. otherwise skipping them is manageable.
    if there were 100s of posts in a day, maybe..
    at lower volumes, having everything in one place is actually preferable; from my perspective anyway.
     
  73. Rangaistus

    Rangaistus Network Newbie Member

    EDIT> question withdrawn. :p
     
    Last edited: Jan 21, 2017
  74. RMerlin

    RMerlin Network Guru Member

    Looking at the code, I've reached the conclusion that rstats's calculation must remain unsigned longs. The data is retrieved from /proc/net/dev, which uses data stored in a net_device_stats structure. That struct is filled with unsigned longs.

    Asus's code doesn't make much sense to me. They increased those buffers to long long, they parse proc/net/dev to store a long value, formatting it as a long long, then they cast them as long when calling netdev_calc() later on, where everything is handled as if they were long values... So, the rollover check must also stick to it's current 0xFFFFFFFF watermark, unless the data starts getting retrieved from a different source.
     
  75. M_ars

    M_ars Network Guru Member

    @RMerlin : I also think, rstats is ok with 32 bit values. I dont see any advantages right now using 64 bit values :)

    "+ 1" because of the rollover, for example if sc is 0xFFFFFFFE and c is 1, then the diff would be 2 instead of 3.
    Both, rstats and cstats should do that. Asus applied that to rstats only the last time i checked, no idea why... i think someone just missed it.

    yes, another way to do the rollover calculation and less prone in case of an type change 32/64 bit. The way "(0xF - sc + 1) + c" is easier to read/follow in my opinion :)
    Speed-wise, i dont think i will make much difference

    Tomato did use a MAX_Rollover Value with only 225 MByte --> not so much for todays internet connections and it also will lead to wrong down-load values. Asus does use 3750 MByte for single wan and an Interval-time of 30 sec --> 1000 Mbit/s with rollover, that should be enough :D

    Code:
    ...
    #define MAX_BW    1000
    ...
    #define MAX_ROLLOVER    (MAX_BW * INTERVAL / 8ULL * M)
    best regards
    M_ars
     
    Last edited: Jan 21, 2017
  76. Toastman

    Toastman Super Moderator Staff Member Member

    any concensus?
     
  77. RMerlin

    RMerlin Network Guru Member

    That's because cstats isn't part of the stock firmware, I added it to my fork. Asus's change was lost in the multi-thousand lines of a GPL merge, so I never saw it.
     
  78. Edrikk

    Edrikk Network Guru Member

    Rmerlin is right. If it's calling a procedure that is expecting a long by casting the long long int down, it's pointless in most cases, and if the boundary is crossed it would be wrong.

    I assume long on the ARM platform is 32bits and long long is 64bits (C doesn't say what it will be, but rather the minimum size); If that's the case, I think it's best to use the same variable type as what the signature of the proc you're calling expects.
     
  79. koitsu

    koitsu Network Guru Member

    Just to clear this up definitively. Values shown are in bytes (4 = 32-bit, 8 = 64-bit). MIPS:
    Code:
    root@gw:/tmp/home/root# grep 'cpu model' /proc/cpuinfo
    cpu model               : MIPS 74K V4.9
    
    root@gw:/tmp/home/root# gdb --batch --quiet --eval-command 'print sizeof(int)'
    $1 = 4
    root@gw:/tmp/home/root# gdb --batch --quiet --eval-command 'print sizeof(long)'
    $1 = 4
    root@gw:/tmp/home/root# gdb --batch --quiet --eval-command 'print sizeof(long long)'
    $1 = 8
    
    ARM:
    Code:
    root@unknown:/tmp/home/root# grep 'Processor' /proc/cpuinfo
    Processor       : ARMv7 Processor rev 0 (v7l)
    
    root@unknown:/tmp/home/root# gdb --batch --quiet --eval-command 'print sizeof(int)'
    $1 = 4
    root@unknown:/tmp/home/root# gdb --batch --quiet --eval-command 'print sizeof(long)'
    $1 = 4
    root@unknown:/tmp/home/root# gdb --batch --quiet --eval-command 'print sizeof(long long)'
    $1 = 8
    
     
    Last edited: Jan 21, 2017
  80. M_ars

    M_ars Network Guru Member

    @Toastman : I just downloaded
    "tomato-K26USB-1.28.0511.5MIPSR2Toastman-RT-N-VPN.trx" and
    "tomato-K26USB-1.28.0511.4MIPSR2Toastman-RT-N-VPN.trx"
    for my old RT-N16 and both images show 64 KByte NVRAM --> something is wrong maybe? Can you or someone else check that?
    I did erase nvram multiple times but still 64 KByte :eek:

    [​IMG]

    I flashed an older custom build (511) and the right value 32 Kbyte showed up again.
     
  81. Toastman

    Toastman Super Moderator Staff Member Member

    Yes, same here. But the smaller build that I use is ok. Strange.
     
  82. koitsu

    koitsu Network Guru Member

    I don't think those filenames are relevant to RT-N, those look relevant to RT-AC (i.e. it looks like someone may have tried building RT-N firmwares/filenames but from the RT-AC branch). How I know this for sure (or with 90% accuracy?) is at the end of this post.

    Look closely at the following two branches' commits and you'll see an extremely large disparity:

    http://repo.or.cz/tomato.git/shortlog/refs/heads/Toastman-RT-N
    http://repo.or.cz/tomato.git/shortlog/refs/heads/Toastman-RT-AC

    One of the UI changes I did recently (for RT-AC and ARM -- not RT-N!) was this:

    http://repo.or.cz/tomato.git/blobdi...043713efa62:/release/src/router/www/about.asp

    You can see under the About page, I moved the "Built on" output near the top of the page. In the image/screenshot you provided, that text is present, which means the RT-N firmwares are almost certainly RT-AC firmwares, which is bad.
     
  83. Toastman

    Toastman Super Moderator Staff Member Member

    What happened was that some time ago shibby made his RT-N branch EOL and from that point on the RT-N builds were actually made from the RT-AC branch. 0508.2 was the last RT-N build that came from the RT-N branch.

    In my case, I still maintain a branch which I call Toastman-NRT to build the RT build. e.g. 7511.5

    I follow shibby's convention and use the RT-AC branch for RT-N builds. e.g. 0511.5

    That also does have the latest changes in it.

    I'm looking at this issue now. The VPN build tomato-K26USB-1.28.0511.5MIPSR2Toastman-RT-N-VPN.trx thinks it is 64K but the tomato-K26USB-1.28.0511.5MIPSR2Toastman-RT-N-Lite.trx still indicates 32K. This also makes saved configs incompatible. Looking to see when this weirdness began.
     
  84. M_ars

    M_ars Network Guru Member

    From the log-file:

    Code:
    Jan  1 01:00:09 unknown user.info kernel: 802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
    Jan  1 01:00:09 unknown user.info kernel: All bugs added by David S. Miller <davem@redhat.com>
    Jan  1 01:00:09 unknown user.warn kernel: VFS: Mounted root (squashfs filesystem) readonly.
    Jan  1 01:00:09 unknown user.info kernel: Freeing unused kernel memory: 128k freed
    Jan  1 01:00:09 unknown user.warn kernel: Warning: unable to open an initial console.
    Jan  1 01:00:09 unknown user.warn kernel: emf: module license 'Proprietary' taints kernel.
    Jan  1 01:00:09 unknown user.debug kernel: PCI: Setting latency timer of device 0000:00:02.0 to 64
    Jan  1 01:00:09 unknown user.warn kernel: eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.110.27.20012
    Jan  1 01:00:09 unknown user.warn kernel: wl_module_init: passivemode set to 0x0
    Jan  1 01:00:09 unknown user.debug kernel: PCI: Setting latency timer of device 0000:00:01.0 to 64
    Jan  1 01:00:09 unknown user.warn kernel: eth1: Broadcom BCM4329 802.11 Wireless Controller 5.110.27.20012
    ...
    ...
    Jan  1 01:01:09 unknown daemon.info dnsmasq[519]: read /etc/hosts - 2 addresses
    Jan  1 01:01:09 unknown daemon.info dnsmasq[519]: read /etc/dnsmasq/hosts/hosts - 3 addresses
    Jan  1 01:01:10 unknown user.debug init[1]: starting rstats.
    Jan  1 01:01:10 unknown user.debug init[1]: starting cstats.
    Jan  1 01:01:10 unknown user.info init[1]: Asus RT-N16: Tomato 1.28.0511 MIPSR2Toastman-RT-N K26 USB VPN
    
    

    5.110.27.20012 should be ok for the RT-N16/MIPSR2 but 64 KByte NVRAM looks not so good
     
  85. Toastman

    Toastman Super Moderator Staff Member Member

    Looks like the "real"VPN file for that router is being overwritten by a later model. It's very late here, I'll go to sleep soon.

    EDIT - This has existed for a long time. 8509 was the last one that showed 32K.
     
    William Clark likes this.
  86. Toastman

    Toastman Super Moderator Staff Member Member

    OK, I uploaded correct build image. That was the only file affected.
     
    linuxball, William Clark and M_ars like this.
  87. linuxball

    linuxball New Member Member

    Hi,

    I am using the tomato-E2000-NVRAM60K-1.28.7511MIPSR2Toastman-RT-Std.bin firmware on an E2000 (converted from a WRT320N) and I am really impressed by what can be achieved from such a simple device using this excellent firmware! Great work, I am really thankful to Toastman and all the others, who have worked and are still working on it.

    I think I found a bug regarding a very special WMM setting (which might not be used by most of the users). If "WMM" is enabled and the "No ACK" feature (to avoid retransmission of time-critical data) is enabled - too - then the E2000 disassociates the client roughly every minute (the intervall can become longer when there is a lot of traffic between client and AP, e.g. sevaral minutes). This is how the log of the client (Ubuntu 16.04) looks like:

    Code:
    ...
    Jan 23 10:58:04 xenial-lub kernel: wlan0: deauthenticated from 00:23:69:xx:xx:xx (Reason: 7=CLASS3_FRAME_FROM_NONASSOC_STA)
    Jan 23 10:58:04 xenial-lub systemd-networkd[330]: wlan0: Lost carrier
    Jan 23 10:58:04 xenial-lub systemd-networkd[330]: wlan0: DHCP lease lost
    Jan 23 10:58:04 xenial-lub dbus[475]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service'
    Jan 23 10:58:04 xenial-lub systemd[1]: Starting Hostname Service...
    Jan 23 10:58:04 xenial-lub dbus[475]: [system] Successfully activated service 'org.freedesktop.hostname1'
    Jan 23 10:58:04 xenial-lub systemd[1]: Started Hostname Service.
    Jan 23 10:58:04 xenial-lub kernel: wlan0: authenticate with 00:23:69:xx:xx:xx
    Jan 23 10:58:04 xenial-lub kernel: wlan0: send auth to 00:23:69:xx:xx:xx (try 1/3)
    Jan 23 10:58:04 xenial-lub kernel: wlan0: authenticated
    Jan 23 10:58:04 xenial-lub kernel: wlan0: associate with 00:23:69:xx:xx:xx (try 1/3)
    Jan 23 10:58:04 xenial-lub kernel: wlan0: RX AssocResp from 00:23:69:xx:xx:xx (capab=0x11 status=0 aid=1)
    Jan 23 10:58:04 xenial-lub kernel: wlan0: associated
    Jan 23 10:58:04 xenial-lub systemd-networkd[330]: wlan0: Gained carrier
    Jan 23 10:58:06 xenial-lub ntpd[824]: Deleting interface #20 wlan0, 192.168.3.205#123, interface stats: received=10, sent=13, dropped=1, active_time=63 secs
    Jan 23 10:58:06 xenial-lub ntpd[824]: 78.46.93.106 local addr 192.168.3.205 -> <null>
    Jan 23 10:58:06 xenial-lub ntpd[824]: 109.75.223.1 local addr 192.168.3.205 -> <null>
    Jan 23 10:58:06 xenial-lub ntpd[824]: 62.116.162.126 local addr 192.168.3.205 -> <null>
    Jan 23 10:58:06 xenial-lub ntpd[824]: 178.162.214.194 local addr 192.168.3.205 -> <null>
    Jan 23 10:58:06 xenial-lub ntpd[824]: 212.227.54.68 local addr 192.168.3.205 -> <null>
    Jan 23 10:58:06 xenial-lub ntpd[824]: 37.120.191.245 local addr 192.168.3.205 -> <null>
    Jan 23 10:58:06 xenial-lub ntpd[824]: 193.175.73.151 local addr 192.168.3.205 -> <null>
    Jan 23 10:58:06 xenial-lub ntpd[824]: 46.249.42.120 local addr 192.168.3.205 -> <null>
    Jan 23 10:58:06 xenial-lub ntpd[824]: 78.46.188.101 local addr 192.168.3.205 -> <null>
    Jan 23 10:58:06 xenial-lub ntpd[824]: 91.134.227.50 local addr 192.168.3.205 -> <null>
    Jan 23 10:58:06 xenial-lub ntpd[824]: 176.9.1.211 local addr 192.168.3.205 -> <null>
    Jan 23 10:58:06 xenial-lub systemd-networkd[330]: wlan0: DHCPv4 address 192.168.3.205/24 via 192.168.3.253
    Jan 23 10:58:06 xenial-lub systemd-networkd[330]: wlan0: Configured
    Jan 23 10:58:06 xenial-lub systemd-networkd[330]: wlan0: Could not set hostname: Interactive authentication required.
    Jan 23 10:58:08 xenial-lub ntpd[824]: Listen normally on 21 wlan0 192.168.3.205:123
    Jan 23 10:58:08 xenial-lub ntpd[824]: new interface(s) found: waking up resolver
    Jan 23 10:58:55 xenial-lub kernel: wlan0: deauthenticated from 00:23:69:xx:xx:xx (Reason: 7=CLASS3_FRAME_FROM_NONASSOC_STA)
    Jan 23 10:58:55 xenial-lub systemd-networkd[330]: wlan0: Lost carrier
    Jan 23 10:58:55 xenial-lub systemd-networkd[330]: wlan0: DHCP lease lost
    ...
    The WLAN connection remains absolutely stable if "No ACK" is set to disabled (default). Can anybody confirm this problem?

    May be this is not the right thread for my problem, so my apologies in advance and please let me know where I can address my problem.

    Best regards

    linuxball
     
    Last edited: Jan 24, 2017
  88. ambiance

    ambiance Serious Server Member

    Is there any particular reason you use 4shared? I can't download anything from there other than malware.
     
  89. M_ars

    M_ars Network Guru Member

    What is not working for you? Error Message?
     
  90. ambiance

    ambiance Serious Server Member

    @M_ars Even after disabling all my ad blocking the countdown never starts. It seems I have to create an account, which is something I would prefer not to do.
     
  91. koitsu

    koitsu Network Guru Member

    One of the non-intuitive aspects of it is that you have to click "Free Download" before the counter starts, but I also remember the UI being different for guests than for people with accounts. The 4shared site is designed in such a way to be intentionally confusing, given that (IIRC) it's heavily ad-driven. It's awful, I agree. But that said: I created an account with bogus info, used a throwaway Email at guerillamail or mailinator (I forget which), and just save the L/P and Email address in KeePass. There's still a lot of "dumb" in the 4shared UI/UX with an L/P, but it then becomes possible to use.

    Toastman has explained in the past why he uses 4shared. The short of it is that it works well for him and relieves a lot of annoyance/pain he would have to go through otherwise. It's his choice. I respect that, even if it's not something I myself like or would use. I have plans to try and "sort of" solve this ordeal through a... well... I'd rather not talk about it, honestly. I don't want to get people spun up and excited about something if the technology/thing I'm considering can't do cross-compilation. But if it can, hoo boy, I think it would make everyone (incl. Toastman) quite happy and make his life easier WRT firmware maintenance. But I'm talking too much.
     
    AllenJ, Toastman, WaLLy3K and 3 others like this.
  92. RMerlin

    RMerlin Network Guru Member

    A big portion of the problem is the performance between Toastman's location and most of these distribution/hosting providers. Most of them are giving him awful performance, which would make it truly painful for him to upload multiple megabytes of firmware with every releases.

    The best option IMHO would be for someone to be willing to take care of mirroring elsewhere for him (kinda like what Softpedia have been doing for me in the past, tho I now handle my own mirror on SF.net). Use SHA256 hashes to ensure that they aren't modified in any way.

    Another option I've been pondering myself in the past (for my own project) was how a CDN like Cloudflare would deal with mirroring a bunch of 30-40 MB zipfiles. If it worked properly, then one could rent a cheap VPS somewhere, and manage his own distribution server, with the CDN easing the traffic load on it. Might still be painful on a release rush (as the CDN still needs to populate all of its nodes) tho. I ended up sticking to Mediafire + SF.net in the end. The nice thing with SF.net is I can upload using Filezilla (over SCP). Their file management UI sucks however.
     
  93. ambiance

    ambiance Serious Server Member

    Well, I managed to get the latest firmware for the R7000 and flashed it. Wireless wasn't working properly, so I tried clearing nvram (again) and now it appears to be bricked. Wonderful...

    Edit: All is well and it was due to DHCP being disabled. I misread and thought it was disabled on WAN by default, not LAN. I was close to ordering a USB to TTL. Phew!
     
    Last edited: Jan 27, 2017
    sszpila likes this.
  94. ambiance

    ambiance Serious Server Member

    One thing I've noticed is that the port order is incorrect on the R7000. If I invert it, it's fine, but it reads 1-2-3-4 right to left when it should be left to right.
     
  95. Edrikk

    Edrikk Network Guru Member

    dc361, AndreDVJ and M_ars like this.
  96. RMerlin

    RMerlin Network Guru Member

    Nice. Ain't the first bug in Broadcom's kernel code, makes me worry about what's in their closed source code...
     
  97. koitsu

    koitsu Network Guru Member

    Regarding post #4094 and #4095 -- I'll provide fixes for Toastman-RT-AC, Toastman-ARM, and Toastman-ARM7. Expect an edit with details.

    Toastman-RT-AC -- branch koitsu-nvram-commit-broadcom-fix:
    https://github.com/koitsu/tomato/commit/4112f175791341568c01c8c12049253462e6735f

    Toastman-ARM -- branch koitsu-nvram-commit-broadcom-fix-arm:
    https://github.com/koitsu/tomato/commit/5339f63e09cce0dcfe63ff7fc0e8cfb20bd7b8d1

    Toastman-ARM7 -- branch koitsu-nvram-commit-broadcom-fix-arm7:
    https://github.com/koitsu/tomato/commit/e5cb3cc8ecd5d8ba05a6ed0e42006471ecf6335c

    I would strongly appreciate someone trying these out. I can test ARM, but not ARM7 or MIPS. I won't be able to test ARM for several days (health issues/appointments).

    Edit #2: commits for ARM and ARM7 updated (git push -f) to include additional files found to suffer from this problem.

    @Edrikk Are you aware of similar commits for MIPS on DD-WRT? The commit you reference is only for ARM. Tomato's code shows signs of this existing for MIPS in several places.

    Edit #3: looks like I found it: http://svn.dd-wrt.com/changeset/31162/ Tomato's repository code for all the SDKs/etc. is substantially different than DD-WRT, so I sure hope I got them all; the below came in handy:

    Code:
    grep -nr 'magic_offset = ((void \*)&header->magic - (void \*)header);' .
    
     
    Last edited: Jan 28, 2017
    dc361, Riddlah, Edrikk and 2 others like this.
  98. gs44

    gs44 Networkin' Nut Member

    Toastman and Koitsu,

    Always happy to help test, I have E2000,E3000 and R7000 available
    If very high "brick" possibilities make build for E2000 or E3000. My R7000 is my main "in use" router and I'd rather not Brick it...lol

    Currently running latest Toastman's build on R7000 and my E2000 and E3000 are a few builds back of Toastman's
     
  99. nmalinoski

    nmalinoski Serious Server Member

    I can test on Asus RT-AC66U, RT-N10P, and RT-N12/D1 devices.
     
  100. ambiance

    ambiance Serious Server Member

  101. koitsu

    koitsu Network Guru Member

    Toastman-RT-AC (MIPS) uses Busybox 1.25.0 with my patch applied (reference).

    Toastman-ARM (ARM) uses Busybox 1.23.2 and does not have my patch applied, because backporting patches to older Busybox is difficult -- Tomato does not use stock Busybox, it tweaks Busybox code in several ways and nobody is fully sure of the whys at this point (reference, see very bottom of post).

    Toastman-ARM7 (ARM7) is in the same condition as ARM.

    Busybox 1.26.0 and newer natively has said patch, though Denys (Busybox maintainer) modified it to his liking (for Q/SoC reasons (quality/style-of-code), but functionally it's the same. (mine vs. his)

    If you're on ARM or ARM7: for a workaround, IIRC, you can install Entware-ng and install wget from there, then modify the adblock script to use /opt/bin/wget instead of just wget. I'm not sure if the modification is necessary though, as it depends on $PATH order (this may be different within the script than from the shell, esp. on reboot, so be aware!), so if the script sets PATH to include /opt/bin first, then you should just be able to install Entware-ng and have it just work.

    Normally this post would be terse/simple, but all the branches and different versions make it difficult.

    I will try to find the time in upcoming weeks to see if I can backport my patch to Busybox 1.23.2 or not. I can test ARM with ease, and so if successful, would apply to both ARM and ARM7.

    Polite footnote reminders for all users: when asking questions, please remember to always state your router model and firmware version (firmware filename is strongly preferred). The above shows why stating this is important: MIPS, ARM, and ARM7 are not all the same, and several (many) features behave differently across certain models (this is not the case with wget, but with wireless, VLANs, Ethernet port order, etc. it certainly is).

    Random developer footnote/FYI: Busybox master (what will become 1.27.0 eventually) is trying to implement native TLS/SSL (vs. relying on openssl s_client as a helper), through a new tweak called ENABLE_FEATURE_WGET_HTTPS. As of this writing, if one enables that tweak, doing https://x.x.x.x/ (where x.x.x.x is an IP address) will fail/break due to failure to comply with RFC 6066 (see line 762 for lulz): https://git.busybox.net/busybox/tree/networking/wget.c#n729
     
    Last edited: Jan 28, 2017

Share This Page