In response to the discussion regarding alternative devices, it's not difficult to procure pieces
and parts and create a purpose-built appliance for this. I did it for a dual-credit AP computer
science class in high school my sophomore year (2019-2020), but I didn't use DD-WRT, Open
WRT, pfSense, or OPNSense. SFF motherboard with onboard NIC and half-height PCI-e NIC.
Custom Linux distribution built by me. $150-200 or so all told (I'd have to pull out the folder
with all the notes and deets). Helps to have points of contact at the electronics recycling cen-
ters and other points of procurement that don't cost you a lot of money. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Sat Jul 23, 2022 7:16 Post subject:
eibgrad wrote:
kernel-panic69 wrote:
The problem with CTF/FA/SFE and port forwarding is NAT loopback. Looks like @egc figured it out, he's a pretty smart guy : https://svn.dd-wrt.com/ticket/7472
Just curious. Are such fixes making known problems compatible w/ CTF, or are they simply bypassing CTF?
In the former, the performance benefits would presumably be preserved, while in the latter, it would NOT.
If it's the latter, then while I appreciate the fix (at least things work again), fact is, your performance is being crippled during those specific operations (e.g., port forwarding), correct?
BTW, I noticed FT (FreshTomato) is marking packets in the mangle table that are specifically known to be incompatible w/ CTF, such as NAT loopback. I find this interesting because it suggests anyone who runs into another unexpected problem could presumably do the same, rather than relying on a developer fix.
Code:
root@lab-tomato2:/tmp/home/root# iptables -t mangle -vnL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 MARK all -- * br0 192.168.2.0/24 192.168.2.0/24 MARK xset 0x1/0x7
Just wondering if dd-wrt should/could do the same.
FWIW, FT does NOT enable CTF by default, which seems appropriate. It specifically warns that turning it ON will disable the QoS and bandwidth limiting features.
AFAICT (and I could be wrong), dd-wrt leaves CTF on by default, providers no warnings, and does NOT disable it should you enable QoS or other things known to be incompatible (at least I did see CTF disabled on the Setup page when I subsequently enabled QoS).
I think SFE is default and not CTF, but either can cause problems. So it is debatable if it should be on by default
SFE will switch to off if a VAP is used I never checked whether it also switches off when using QoS and if CTF is also switched off.
CTF is a kernel module which is a blackbox so we do not know how it decides which traffic to "accelerate"
DDWRT seems to have no problems using VPN/WireGuard or Port Forwarding (although there are reports from users claiming to have problems) with CTF +FA on.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Sat Jul 23, 2022 10:32 Post subject:
We know that when CTF is enabled, the bridged interfaces lumped with the WAN port their performance is increased as a side effect. Given CTF/CTF&FA is only WAN/LAN by design.
By default in DD-WRT br0 bridges the wifi interfaces and the switch and obviously the wan port.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Sat Jul 23, 2022 12:01 Post subject:
egc wrote:
When I did some throughput testing it even seems to increase wireless throughput.
Not sure if this is a direct effect or that it frees up the cpu.
Lots we do not know and probably will never know
Like I said, its a side effect it has on the bridged interfaces, CPU is not a factor, because CTF is software acceleration so it uses CPU, and CTF & FA is both CPU and HW chip, because CTF is still a software acceleration, we know -- we know this.
If you unbridge the wireless interfaces, or create a separate bridge for them, we know that side effect will disapear and thus prove the the theory and then its not a theory anymore its a fact. And its a fact. Don't take my word for it, cause the scientific method is available to you, like someone once said, trust but verify.
However... we know that CTF / CTF & FA bypass all sorts of things that maybe useful WiFi side, some filtering or whatever will likely be lost (this I know I dont know because no tests but its a semi educated guess) so after such determination is made the weighing of the pros and cons must naturally occur., and then decide if the gains are worth the losses. I know I dont know that.
Broadcom HND drivers and binary blobs correlate to their corresponding SDKs. HND = home networking division. DHD = defer host disconnect. DD-WRT is using SDK7 on Northstar.
EDIT: Nobody picked up on my blatant goof here. DHD = dongle host driver <lol> _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 08 May 2018 Posts: 14244 Location: Texas, USA
Posted: Thu Jul 28, 2022 4:45 Post subject:
the-joker wrote:
Understand DD-WRT is GPLv2
There are bits and pieces that are licensed under ecOS / RedHat (redboot), which, dependent on version timestamps of code may fall under one of two licenses, the latter being a modified version of GPLv2.
I won't get into the bits and pieces that originated from Linksys' GPL original tarball release(s) a la Broadcom proprietary files. Some of which were originally noted to not be for public release. I don't remember 100% if that was ever reconciled with Broadcom by Linksys or not (nor do I really care at the moment). Anyhow, sharing knowledge helps everyone. Sharing is caring! _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net