Srelay recompile for tomato

Discussion in 'Tomato Firmware' started by edylie, Aug 10, 2008.

  1. edylie

    edylie Addicted to LI Member


    is there any one could help me to recompile srelay for tomato with TCP_NODELAY on the setsockopt option in socks.c please?

    thank you
  2. rhester72

    rhester72 Network Guru Member

    It is already enabled in the source:

    682: setsockopt(r, IPPROTO_TCP, TCP_NODELAY, (char *)&on, sizeof on);

    Why all the interest in disabling the Nagle algorithm, anyway?

  3. rhester72

    rhester72 Network Guru Member

    (Bah. The SDK supports pthreads when compiled as static. I also forgot to use the PIC version of clib during the first compile, which thus crashed spectacularly on first use. That's what I get for blind compiling. New binary attached.)

    For anyone who might be interested, I've attached the native Tomato compile. Per the previous reply, Nagling is disabled (as it was in the original, unmodified source for 0.4.6).


    Attached Files:

    ispire.2 likes this.
  4. edylie

    edylie Addicted to LI Member

    Awesome Rodney! i will test the new binary in abit.

    Nagle is used for improving bandwidth efficiency by waiting for full packet size before sending the packet over ...

    This is good in a way because of sending multiple small packets now each packet only sent when it has filled the windows size.

    The downturn of it it will increase the latency especially for application which uses small packet like online games (tcp proto) or web request (small get request)
  5. occamsrazor

    occamsrazor Network Guru Member

  6. ngordon779

    ngordon779 Guest

    Whenever I use this proxy as Socks v5 my browser says "application/octet-stream"
  7. rhester72

    rhester72 Network Guru Member

    What port are you listening on/connecting to? I use it daily without issue. Anything of interest in /var/log/messages from srelay (from startup onward)?

  8. Aquafire

    Aquafire LI Guru Member

    Is it only me or there is something with the attached file.

    I am trying to setup a router based proxy on my Linksys WRTSL54GS router running Tomato Firmware v1.27.8742 ND USB Ext.

    I am trying to download the attached ZIP file from this thread to start my experiment. But whenever I download this ZIP file (~53KB) and try to UnZip/UnRAR it on my PC (to be able to transfer the unzipped files/folders to the JFFS folder on the router), I always get an error message that the RAR file is not vaild (Unexpected end of ZIP/RAR file).

    Can someone please check and post the correct working and compiled version of this file for tomato.

    I also tried download the source TAR files from the SourceForge homepage, but since I am a total zero in Linux , I dont know how to compile these files for tomato.

    I would appreciate if someone can help.

  9. erdos

    erdos Reformed Router Member

    hi, just joined this forum

    i'm trying to download the attached file above, but whenever i clicked on the file, i got 'no permission' access,
    can someone send me the attached file?


    " - Error
    You do not have permission to view this page or perform this action. "
  10. Toxic

    Toxic Administrator Staff Member

    you should now, its just your new to the site.
  11. erdos

    erdos Reformed Router Member

    thanks a lot, Toxic. it is working now.

    much appreciated.
  12. Ernesto Elias

    Ernesto Elias Serious Server Member

    Wait so how do you do this like is it for everyone who is on the router because I've always wanted to know how to disable nagle on the router but its a socket option and so I'm new to linux so I'm a newbie to this. Because with nagle disable packets will be able to travel quicker because they don't have to wait for the "queue" to get filled. and well me and my family game a lot so latency is a top priority for us.
  13. erdos

    erdos Reformed Router Member


    can someone show me how to copy a file (in this case being Srelay) to the tomato router?
  14. darkknight93

    darkknight93 Networkin' Nut Member

    you can use WinSCP. It handles files like a FTP Client...

    Enable ssh Access to your router in Administration->Admin Access page (SSH Daemon)
    Then open WinSCP, enter the Routers IP and username: root, Passwort is the Password you use when accessing the Routers Website.

    Afterwards click connect, voila!

    You should store this file in jffs or opt. Do you have any usb drives connected? Cause after reboot all files will be lost except those on JFFS or mounted devices e.g. usb drives/CIFS1/2
  15. Ernesto Elias

    Ernesto Elias Serious Server Member

    I got a question so if I put it in my mounted USB do I just need to execute a command to activate it or?
  16. occamsrazor

    occamsrazor Network Guru Member

    I have mine on USB, and use this in my "Firewall" script:

    ## Start sRelay proxy and open firewall (choose JFFS or USB lines)
    ## /jffs/srelay -i :2223 -a n -t
    /tmp/mnt/DATA/srelay -i :2223 -a n -t
    iptables -I INPUT -s -p tcp --dport 2223 -j ACCEPT
    Where /tmp/mnt/DATA/srelay is the location of the srelay binary, and "DATA" is the name of my USB partition. If you want to use from JFFS just comment-out (##) that line, and un-comment-out the /jffs/srelay line

    USB is better than JFFS if you can do it this way - no issues when reflashing with new firmware
  17. Ernesto Elias

    Ernesto Elias Serious Server Member

    Oh OK thank you so much but I got a question so how does this all work like for all ip addresses that's connected to the router ? Or like its inside the router and does TCP_NODELAY to all packets coming through ?
  18. Monk E. Boy

    Monk E. Boy Network Guru Member

    srelay is running on port 2223.

    The iptables rule basically says if the packet is from 192.168.0.x, uses the tcp protocol, and is directed at port 2223 on the router (INPUT table), then accept the packet. If your LAN/WLAN subnet is different, you need to change the subnet to match (e.g. 192.168.1.x, 10.10.100.x, 172.16.0.x) in the rule. Without that rule the INPUT table would drop the packet.

    srelay is just a SOCKS proxy, you would need to configure your client software to use the SOCKS proxy for it to have any effect.
  19. erdos

    erdos Reformed Router Member



    i use Debian, so i use 'scp' command from linux box to copy the file to tomato router's /jffs directory
    'scp SourceFile user@host:/directory/TargetFile'

    i also added the following lines in tomato router's Administration->Scripts-> Firewall by following another thread

    ' /jffs/srelay -i :21 -a n -t
    iptables -I INPUT -i ppp0 -p tcp --dport 21 -j ACCEPT'

    Now, how do i test it?

    a bit background info: i was hacked a week ago and someone gained control of my windows XP PC through opened port, i figured he must have acquired my IP address from uTorrent program i installed on my windows pc, so i would like to secure my network by setting up a proxy server so no one would acquire my real IP address without permission, does Srelay meet this need?
  20. rhester72

    rhester72 Network Guru Member

    Absolutely not. srelay is designed to allow _other systems_ to use _yours_ as a proxy...precisely the opposite of what you want, and risky as hell in any event (it's typically deployed for VPN road warriors who have to run SOCKSified apps). What you're looking for is more along the lines of tor.

  21. Monk E. Boy

    Monk E. Boy Network Guru Member

    Um. If you are running uTorrent, no matter whether you use the proxy or not, you are going to be exposing your real world IP address to the internet and broadcasting its existence. You can run something like VPN, etc. to mask behind another IP but even if someone got your IP address that by itself would do them no good. You have to get past the firewall first. Otherwise they'll just sit there banging off Tomato all day and get nowhere.

    What likely happened is that either uTorrent or another program you have/had running that opens holes in the firewall (typically through NAT-PMP or uPNP) had a vulnerability they could exploit, they then took over that program and used it to install their software on your system. Hiding behind a VPN tunnel or even Tor won't help you in this case, since your applications are the problem, not your public IP address. Change your IP, obfuscate your IP, but don't update your apps and they'll still get in and do it all over again. I kept trying to explain this concept to an ex-roomate who insisted on using an old outdated P2P program - he'd get infected every 2-3 weeks like clockwork - and it was like talking to a brick wall. All he cared about was pirating music "fast" so he "wouldn't get caught."
  22. Toastman

    Toastman Super Moderator Staff Member Member

    I doubt there was anything sinister going on. In 5 years the only time I have seen exploits behind a firewall it has been due to the client having downloaded infected torrents and then spent the afternoon merrily clicking on them, or used some download site that required them to install a "download manager" (=virus). Occasionally I see someone also has a fake Virus Checker installed, because "it was free and some (popular) website recommended it".

    Install Avira Free Version, it has a small footprint and rarely misses an infected file.
  23. mensa

    mensa Network Guru Member

    Does anyone have a current binary which runs on RT-N Shibby builds? (Linksys E900 router).
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice