New Build - 05/18/2023 - r52596

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3
View previous topic :: View next topic  
Author Message
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6437
Location: UK, London, just across the river..
PostPosted: Thu May 25, 2023 7:49    Post subject: Reply with quote
Mile-Lile wrote:
@Alozaros
don't know what to say to you about these l7 filters... I wouldn't advice you to use them... they are like 20 years old... nDPI is way to go since ssl replaced plain http... but nDPI don't fit on low budget routers so BS kept them (l7 filters) for those low memory targets...


Thanks...Mile-Lile !
My idea was to test ndpi vs Ipset rules there on R9000, as it is in business office and it would be good to filter Facebook, Youtube and ect.(ndpi and risk rules) not interested on L7, but tested those too..like hotmail and yahoo...I already have ipset via txt file and dnsmasq working on R9000...ok..

For the new ndpi/risk rules I use R7000 as a testing ground...and have another R7800 as an edge router with lots of IPset rules too..so yes, Im not interested on low grade routers..only testing on R7000...
Will do more tests later today...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913

Last edited by Alozaros on Thu May 25, 2023 19:58; edited 1 time in total
Back to top View user's profile Send private message
Sponsor
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade
PostPosted: Thu May 25, 2023 11:10    Post subject: Reply with quote
@Alozaros

In short - nDPI maintainer Luca Deri dropped "netfilter" nDPI support... He focused on NTOP... and you can install NTOP nDPI on Linux distro... you can install it on server... but I installed it on my PC because I don't have server (long time ago) and it worked... difference is that ddwrt cannot use ntop... ddwrt uses "forked" nDPI version that works with netfilter (xt_nDPI)... and not all filters (dissectors as Luca calls them) are the same... i contacted a couple of times Luca and Michael Campus (worked for Luca)... some filters didn't worked on ddwrt... so he asked me to send him pcaps with wireshark and on ntop they worked... then BS updated them... but intrenet traffic is allways changing... Youtube now uses QUICK for streaming for example...
So you need to:
1) Test filter/dissectors that you want to use
2) You need pcaps (use wireshark) of non working/ not recognized traffic
3) You need to send them to Luca Deri to check them
4) After updating filters on Github you have to acknowledge BS to update filters on ddwrt

Beside of all of that I founded in my notes that you need something like this:

Code:
iptables -t mangle -I PREROUTING -m ndpi --dpi_check
iptables -t mangle -I POSTROUTING -m ndpi --dpi_check


and comment from notes:


Quote:
The dpi_check type doesn't exist internally in nDPI API. When you use this rule, all packets will be analyzed internally and dpi flows will be created too (in any direction).
Back to top View user's profile Send private message
tsenov
DD-WRT Novice


Joined: 03 Jul 2014
Posts: 24
Location: Sofia, Bulgaria
PostPosted: Thu May 25, 2023 19:49    Post subject: Reply with quote
Netgear R7000 dropping Android clients after an hour. Devices ended up with incorrect password. Password Renewal interval 0.
_________________
A samurai has no goal, only path
--
Back to top View user's profile Send private message
Goto page Previous  1, 2, 3 Display posts from previous:    Page 3 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum