Possible bug on Asus RT-AC87U with ebtables

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3  Next
Author Message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 5175
Location: Netherlands

PostPosted: Sat Nov 11, 2017 10:15    Post subject: Reply with quote
Interesting, I have uploaded the ebtables from Kong, I do not use ebtables, but @JohnS@ could you also test this one, it is supposed to work


ebtables_KONG.gz
 Description:

Download
 Filename:  ebtables_KONG.gz
 Filesize:  30.29 KB
 Downloaded:  286 Time(s)


_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Sponsor
JohnS@
DD-WRT User


Joined: 10 Jun 2006
Posts: 311

PostPosted: Sat Nov 11, 2017 10:41    Post subject: Reply with quote
egc wrote:
Interesting, I have uploaded the ebtables from Kong, I do not use ebtables, but @JohnS@ could you also test this one, it is supposed to work


Yes, egc, the kong binary also works (ebtables is not looping).

(btw: I also do not use ebtables 'actively' it is just initiated by the OpenVPN scripts, this is what gave me somthing to think about when I first encountered the problem Smile).
jaskerx
DD-WRT Novice


Joined: 24 Aug 2016
Posts: 31

PostPosted: Mon Nov 13, 2017 14:09    Post subject: Reply with quote
I have been dealing with this bug for over a year on my r7000 waiting for someone to fix it. THANK YOU. This needs to be mainlined IMMEDIATELY! Although finding out that Kong has had this bug fixed for quite some time pisses me off. Why wouldn't BS have added it already?
JohnS@
DD-WRT User


Joined: 10 Jun 2006
Posts: 311

PostPosted: Thu Nov 16, 2017 21:12    Post subject: Reply with quote
I've been monitoring Trac timeline and ticket 5807 for changes regarding the issue and solution discussed in this thread. So far I have not seen the issue being picked up.

Guys, do you have any suggestions what (besides documenting in Trac) we can do to to have this likely simple fix included in upcoming BrainSlayer builds?
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4354
Location: Germany

PostPosted: Fri Nov 17, 2017 18:55    Post subject: Reply with quote
jaskerx wrote:
I have been dealing with this bug for over a year on my r7000 waiting for someone to fix it. THANK YOU. This needs to be mainlined IMMEDIATELY! Although finding out that Kong has had this bug fixed for quite some time pisses me off. Why wouldn't BS have added it already?


Are you able to read? If yes, then scroll up, go to the first page of this thread and read quarkysg's comment, there is no fix no bug in the code nothing, he compiled the source and it works, who knows what's broken on BrainSlayers compile.

Since I'm not sure if you are able to jump to the previous page. Quoting quarkysg's comment:

Quote:

I've also encountered the situation where ebtables will hang when it is executed on my DLink DIR-880L running r30342, so this issue has been there for quite a while. To investigate the issue, I downloaded the DD-WRT firmware and compiled a copy of the ebtables executables and to my surprise, my compiled copy of ebtables runs without any problem. So I suspect it could be the developers build bot may have messed up the compilation when compiling for multiple targets.


P.S.: Could you do me a favor, instead of being pissed off, just piss off.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
JohnS@
DD-WRT User


Joined: 10 Jun 2006
Posts: 311

PostPosted: Fri Nov 17, 2017 21:39    Post subject: Reply with quote
Result of regression test with newest BS build 33772 on RT-AC56U: Situation unchanged. Workaround (replacing ebtables binary) is still needed.

Trac 5807 has been updated accordingly.
ibrewster
DD-WRT Novice


Joined: 04 Oct 2010
Posts: 25
Location: Fairbanks, AK

PostPosted: Sun Nov 19, 2017 1:38    Post subject: Reply with quote
What's the newest build that doesn't have this bug? I *think* I may be running into it on my Asus RT68U. I noticed after updating (from a mid-2016 build) that the OpenVPN client (which apparently makes use of eatables?) was no longer starting, looking at top I see the ebtables process as number 1 consuming 50% CPU, load averages over 1, and running ebtables -L manually just hangs.

I tried uploading the binary from this thread, but just got "permission denied" when trying to execute it - and YES, I did the chmod a+x first Smile

I'm thinking at this point, the easiest option is to just go back to an earlier, functioning, build until such a time as this is resolved.
JohnS@
DD-WRT User


Joined: 10 Jun 2006
Posts: 311

PostPosted: Sun Nov 19, 2017 10:47    Post subject: Reply with quote
ibrewster wrote:
What's the newest build that doesn't have this bug? [...] I'm thinking at this point, the easiest option is to just go back to an earlier, functioning, build until such a time as this is resolved.

Apparently it came up with r30016 ​. I have not speficially gone back to a version directly before that, but previous builds in the 29xxx range had worked for me.
For me going back is not an option, but that probably depends on your needs and your usage scenarios (e.g. KRACK vulnerability, etc.). Alternatively you could try Kong's builds where the ebtables binary seems fine.

ibrewster wrote:
I tried uploading the binary from this thread, but just got "permission denied" when trying to execute it - and YES, I did the chmod a+x first

Likely some step was missed, please go through quarkysg's post again and - if you want to have the replacement binary survive reboot - move it to jffs and look at my script a couple of post down from quarkysg's post.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 5175
Location: Netherlands

PostPosted: Sun Nov 19, 2017 11:37    Post subject: Reply with quote
I can confirm that @Quarkysg's isntructions do work.
Mind you he assumes you have made a directory under tmp named root.
I just copied the file with winSCP to /tmp

So then just use /tmp/ebtables etc.

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
ibrewster
DD-WRT Novice


Joined: 04 Oct 2010
Posts: 25
Location: Fairbanks, AK

PostPosted: Sun Nov 19, 2017 17:01    Post subject: Reply with quote
JohnS@ wrote:
For me going back is not an option, but that probably depends on your needs and your usage scenarios (e.g. KRACK vulnerability, etc.).


Yeah, the KRACK vulnerability is the reason I updated in the first place. I don't like the idea of going back, but I do need OpenVPN working, so...

JohnS@ wrote:
Alternatively you could try Kong's builds where the ebtables binary seems fine.


I've heard of those, but never tried them. What's the difference?

JohnS@ wrote:
Likely some step was missed, please go through quarkysg's post again


Yeah, not so likely Smile. The steps aren't exactly complicated, nor are they materially different than anything I do a dozen times a week in my day job (not that you'd know that Smile ) That said, see below.

egc wrote:
I can confirm that @Quarkysg's isntructions do work.

Well, you can confirm that they do work *for you*. And, I rather suspect they do work for the majority of people here. I, however, can confirm that they do *not* work *for me*. I get a "Permission Denied" error when trying to test the binary as instructed.

egc wrote:
Mind you he assumes you have made a directory under tmp named root.

Actually, not much of an assumption - that's root's home folder. It's automatically created by the system.

egc wrote:
I just copied the file with winSCP to /tmp

So then just use /tmp/ebtables etc.


And I just copied the file with the built-in scp client on my mac to /tmp/root. See here:

Code:

IsraelsiMac:Downloads israel$ scp ebtables.gz root@10.27.81.1:/tmp/root
DD-WRT v3.0-r33772 std (c) 2017 NewMedia-NET GmbH
Release: 11/16/17
root@10.27.81.1's password:
ebtables.gz                                                                100%   31KB   4.4MB/s   00:00   
IsraelsiMac:Downloads israel$ ssh root@10.27.81.1
DD-WRT v3.0-r33772 std (c) 2017 NewMedia-NET GmbH
Release: 11/16/17
root@10.27.81.1's password:
==========================================================
 
     ___  ___     _      _____  ______       ____  ___
    / _ \/ _ \___| | /| / / _ \/_  __/ _  __|_  / / _ \
   / // / // /___/ |/ |/ / , _/ / /   | |/ //_ <_/ // /
  /____/____/    |__/|__/_/|_| /_/    |___/____(_)___/
                                                     
                       DD-WRT v3.0
                   http://www.dd-wrt.com
 
==========================================================


BusyBox v1.27.2 (2017-11-16 09:19:51 CET) built-in shell (ash)

root@israel:~# ls -l
-rw-r--r--    1 root     root         31677 Nov 19 07:52 ebtables.gz
root@israel:~# gunzip /tmp/root/ebtables.gz
root@israel:~# ls -l
-rw-r--r--    1 root     root         31634 Nov 19 07:53 ebtables
root@israel:~# chmod a+x ebtables
root@israel:~# ls -l
-rwxr-xr-x    1 root     root         31634 Nov 19 07:53 ebtables
root@israel:~# /tmp/root/ebtables -L
-sh: /tmp/root/ebtables: Permission denied
root@israel:~#


So as you can see, I followed the steps exactly, but when I got to step 3, I just get "Permission denied"

For what it's worth, here is the Kernel version line from my Asus RT-AC68U:

Code:
Linux 4.4.98 #2249 SMP Thu Nov 16 09:16:32 CET 2017 armv7l
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 5175
Location: Netherlands

PostPosted: Sun Nov 19, 2017 17:33    Post subject: Reply with quote
try chmod a+x /tmp/root/ebtables

/tmp/root is difficult to work with because you can not cd /tmp/root

Therefore my advice to just use /tmp Smile

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
ibrewster
DD-WRT Novice


Joined: 04 Oct 2010
Posts: 25
Location: Fairbanks, AK

PostPosted: Sun Nov 19, 2017 18:43    Post subject: Reply with quote
egc wrote:
try chmod a+x /tmp/root/ebtables

/tmp/root is difficult to work with because you can not cd /tmp/root

Ummm....yes, yes you can. In fact, not only can you cd to /tmp/root, when you first ssh in as root you are already *in* /tmp/root, because that is root's home directory. See here:

Code:
root@israel:~# pwd
/tmp/root
root@israel:~#


You'll notice that the prompt indicates we are in root's home directory, while pwd indicates the current directory is /tmp/root. That's because /tmp/root is the home directory for the root user - there is nothing difficult or special about it. You will also note that I showed the binary with execute permissions:

Code:
root@israel:~# chmod a+x /tmp/root/ebtables
root@israel:~# ls -l
-rwxr-xr-x    1 root     root         31634 Nov 19 07:53 ebtables
root@israel:~# /tmp/root/ebtables
-sh: /tmp/root/ebtables: Permission denied
root@israel:~#

As you can see, the permissions on the ebtables binary are -rwxr-xr-x, indicating that all users have eXecute permissions.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 5175
Location: Netherlands

PostPosted: Sun Nov 19, 2017 19:00    Post subject: Reply with quote
Hmm very strange it is not working for you, your router must be enchanted Smile

It works for me

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
ibrewster
DD-WRT Novice


Joined: 04 Oct 2010
Posts: 25
Location: Fairbanks, AK

PostPosted: Sun Nov 19, 2017 19:38    Post subject: Reply with quote
egc wrote:
Hmm very strange it is not working for you, your router must be enchanted Smile


That must be it! Smile My router is cursed! Very Happy Razz

...or maybe I have a different router than you (your signature indicates Netgears and Linksys, I have an Asus), or perhaps a different configuration (jffs enabled vs disabled? Maybe it's trying to write a log file or something and that's what's giving me the permission denied?), or a different build of dd-wrt (mine came from the Asus RT-AC68U folder, your's was almost certainly not from there, unless you also have a 68U), or any number of obscure differences that would be hard to spot.

If I've learned one thing from my years of experience as a sys admin and software developer, it's that just because something works for me doesn't mean that it will work for anyone else Smile
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 5175
Location: Netherlands

PostPosted: Sun Nov 19, 2017 19:56    Post subject: Reply with quote
Your Asus router has almost the same broadcom internals,so I do not think that is to blame.
One thing comes to my mind, do you have jffs2 support enabled on administration/management? There have been reports of this kind of behaviour with jffs2

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Goto page Previous  1, 2, 3  Next Display posts from previous:    Page 2 of 3
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum