ebtables ebt_pkttype not loadable with insmod

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4  Next
Author Message
dare978devil
DD-WRT Novice


Joined: 23 Jan 2014
Posts: 38

PostPosted: Sat Feb 08, 2014 21:50    Post subject: Reply with quote
Hi again,

So this command works (but doesn't do what I want to do) :

insmod ebtables.o
insmod ebtable_filter.o
insmod /tmp/ebt_pkttype
insmod ebt_ip.o
ebtables -A FORWARD -o eth1 -p ipv4 --ip-source ! 192.168.2.0/255.255.255.0 -j DROP

When I run ebtables -L, I get :
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 1, policy: ACCEPT
-p IPv4 -o eth1 --ip-src ! 192.168.2.0/24 -j DROP
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

I am beginning to think that the reason all of the Broadcom BIN files do not include ebt_pkttype.o is that they were unable to get it working reliably. I have downloaded a number of Broadcom BIN files, and none of them have this module. I think they must have found that it was flaky, and omitted it from future builds.
Sponsor
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Sat Feb 08, 2014 21:58    Post subject: Reply with quote
on my GL it worked, and other users in that thread, too
_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
dare978devil
DD-WRT Novice


Joined: 23 Jan 2014
Posts: 38

PostPosted: Sat Feb 08, 2014 22:07    Post subject: Reply with quote
Do you know if there is a reason that the ebt_pkttype.o no longer appears in any BIN file? Maybe they have included the functionality in another module? I did have it working very briefly, but I cannot seem to duplicate that effort.
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Sat Feb 08, 2014 22:24    Post subject: Reply with quote
maybe size reasons. i have no idea.

for me, its included.
/sys/module/ebt_pkttype

_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
dare978devil
DD-WRT Novice


Joined: 23 Jan 2014
Posts: 38

PostPosted: Sun Feb 09, 2014 3:56    Post subject: Reply with quote
OK, that's interesting. I have nothing in my /sys folder. But in other news, I FINALLY figured it out!

It's the HTML front end which is causing all the issues! I spent many frustrating hours pumping various different commands into the Administration - Commands window, and getting very inconsistent results. Some things I would try, and would seem to work, but then not work the very next time I ran the same command via copy-paste from notepad. Even when I ran "ebtables -F" to flush out what I had tried in between, it would sometimes work, sometimes not. It made no sense.

So instead, I telneted into the router and ran everything via command line by typing them in. When I typed in this line :

ebtables -A FORWARD -o eth1 -p ipv4 --pkttype-type multicast --ip-source ! 192.168.2.0/255.255.255.0 -j DROP

It correctly came up with the error message "The kernel doesn't support a certain ebtables extension". If I then type in "insmod /tmp/ebt_pkttype.o" and then push up arrow to scroll up to the previous command, that same command runs without error! So it accepts my module in the tmp directory!

Also, when I run ebtables -L, I see the complete rule in the bridge chain! FINALLY!! (damn GUI..)

Now it shows this :
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 1, policy: ACCEPT
-p IPv4 -o eth1 --pkttype-type multicast --ip-src ! 192.168.2.0/24 -j DROP
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

I am currently sitting in front of my TV, watching IPTV, and surfing via wifi.

Thanks for all your help and patience BasCom. I have 2 more questions if I could trouble you further :

1). How do I make the commands I typed in via telnet permanent? I assume when I reboot the router, I will lose all the telneted commands.
2). How do I avoid having ebt_pkttype.o deleted from /tmp every time I reboot the router?

Thanks again.
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Sun Feb 09, 2014 16:44    Post subject: Reply with quote
i already told you on 7th:

Quote:

Try the commands via console.

i thought, you did.
roffel.

use jffs filesystem, if you have enough space, or juse the cifs filesystem. or use wget and get it from an http / ftp webserver. then, save all commands in startup.

_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
dare978devil
DD-WRT Novice


Joined: 23 Jan 2014
Posts: 38

PostPosted: Thu Feb 13, 2014 13:24    Post subject: Reply with quote
Hi again,

Yes, you did write that. Unfortunately for me, it has been years since I have taken advantage of my telnet skills, so when I read that, I thought you were referring to the Commands window.

I have plenty of space, I am using the 1.0 version of the WRT54GS which comes with 32 MB of RAM. The absolutely largest packages I have ever found of the mega builds of dd-wrt are less than 8MBs, so I have 75% of my available space free.

I'll look into jffs and cifs, and see how I can use them to add a file to a directory. wget is an interesting suggestion, I assume you mean wget it each time the router boots and place it in the tmp folder? Because when the router reboots, it erases everything in /tmp, so this would have to be part of a startup script and seems a bit risky to me. If the site wasn't available, or if I had any type of network issue, wget would fail on that startup. I have been trying to find a folder which allows me to add a file, but no luck so far other than ones which are cleared on startup as they are stored in volatile RAM. I have also been trying to chmod the folders to allow for write access, but they don't seem to like that.
LOM
DD-WRT Guru


Joined: 28 Dec 2008
Posts: 7625

PostPosted: Thu Feb 13, 2014 13:33    Post subject: Reply with quote
dare978devil wrote:


I have plenty of space, I am using the 1.0 version of the WRT54GS which comes with 32 MB of RAM. The absolutely largest packages I have ever found of the mega builds of dd-wrt are less than 8MBs, so I have 75% of my available space free.



RAM is where the program runs, FLASH is where they are stored (similar to the hard disk in your computer).

GSv1 has 8MB of FLASH.
dare978devil
DD-WRT Novice


Joined: 23 Jan 2014
Posts: 38

PostPosted: Thu Feb 13, 2014 14:04    Post subject: Reply with quote
Thanks, I just figured that out. Smile Actually came back here to post about it, but you beat me to it. So now I have a new problem. I have enabled JFFS support by following the instructions here : http://www.dd-wrt.com/wiki/index.php/Journalling_Flash_File_System

That all worked just fine. Router has been rebooted, JFFS is on, but the admin page is showing :

JFFS2 Enabled
Clean JFFS2 Disabled

Total / Free Size
256.00 KB / 0

With 0 bytes free, I can't add anything to that newly created file system. I tried even a mkdir command, and telnet accepts it, but nothing is made. The package I installed was the dd-wrt.v24_mega_generic.bin which comes in at 7,444 KB. So even though that would use most of my 8MB of FLASH, I should still have a half MB left to format as a JFFS. Any idea why it didn't provide me with more room ? All I need is 1524 Bytes, which is the size of the missing ebt_pkttype.o module.
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Thu Feb 13, 2014 20:09    Post subject: Reply with quote
jffs needs "much" space building the filesystem itself. so picka smaller build or wget the module into /tmp every bootup
_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
dare978devil
DD-WRT Novice


Joined: 23 Jan 2014
Posts: 38

PostPosted: Fri Feb 14, 2014 16:25    Post subject: Reply with quote
Argh.....

How did I know you were going to tell me that? Smile

OK, I'll install one of the standard builds which are under 4 MBs. That will give me over 4MB for jffs, which I hope is enough. Again, I only need 1.5 KB for the missing module.

Thanks,
DD.
dare978devil
DD-WRT Novice


Joined: 23 Jan 2014
Posts: 38

PostPosted: Fri Feb 14, 2014 16:40    Post subject: Reply with quote
Never an easy solution, is there?

I downloaded this file : dd-wrt.v24_std_generic.bin

From here :
ftp://ftp.dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2014/02-04-2014-r23503/broadcom/

It's 3800 KB, meaning I would have plenty of room for JFFS in order to install the one missing module. Unfortunately, once successfully flashed onto my router, I discovered that that version of the firmware does not come with JFFS. Sad

I have the feeling that a cosmic force is working against me in this endeavour to have my IPTV not destroy my wifi's signal. How can I tell which package actually has which module? What would be great would be to find a generic Broadcom package with both ebt_pkttype.o and the JFFS modules. Any idea how I can track one of those down?
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Fri Feb 14, 2014 16:55    Post subject: Reply with quote
just search, there is a build supporing jffs. but wget is really easy? just have webspace somewhere, put module there and wget it.
_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
dare978devil
DD-WRT Novice


Joined: 23 Jan 2014
Posts: 38

PostPosted: Fri Feb 14, 2014 18:43    Post subject: Reply with quote
How to get a LinkSys (Broadcom) router working as an Access Point and not having wifi trampled on by IPTV.

It's all working now. Here are the instructions in case anyone has a Broadcom router and wants to have IPTV on without killing wifi from their Broadcom Access Point (and also so I can find them again if I need them). I had an old Linksys WRT54GS version 1.0 wireless G router I wasn't using any longer. I am fortunate in that it comes with 32 MBs of volatile RAM, and 8 MB of non-volatile flash (many routers come with 4MB or less of flash). I installed dd-wrt and configured it as an Access Point. It worked fine in all instances except when the TV was on. IPTV floods your network with multicast UDP packets to every network device. That means the Access Point was picking up the multicast and diligently blasting it out to every wireless device. It was effectively trampling the wireless G signal. I needed to configure my router to filter that traffic.

Software you'll need :
- WinSCP to transfer a single file to the router.
- Telnet (just a few commands)
- The appropriate dd-wrt firmware for your router.

1). Determine how much flash memory you have on your router. Find your router on this list, check out how much Flash it has : http://dd-wrt.ca/wiki/index.php/Supported_Devices

2). Check out this table to determine which build of dd-wrt has what features :
https://www.dd-wrt.ca/wiki/index.php/What_is_DD-WRT%3F#File_Versions
- In my case, I needed the JFFS2 feature in order to create a space on the router on which to install a missing module. That meant I could not install a "std" version of dd-wrt.

3). Download the appropriate firmware. Don't download a package which is too big for your flash memory. Latest versions are available here :
ftp://ftp.dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2014/02-04-2014-r23503/broadcom/
- I chose dd-wrt.v24_nokaid_generic.bin

4). Flash your router following these instructions :
http://www.dd-wrt.ca/wiki/index.php/Installation
- It isn't difficult, but follow the instructions. For me it was as easy as going to the Administration - Firmware upgrade tab and adding the bin file.

5). Once you have flashed your router with the appropriate firmware, you need to add a missing module in order to be able to filter out multicast packets. I don't know why this module is missing, but filtering multicast won't work without it. The first step is to create a JFFS2 file system which will provide a place to store files. The installed firmware only allows you to store files in the /tmp folder which is in volatile RAM (lost with every reboot). Follow these instructions : http://dd-wrt.ca/wiki/index.php/JFFS
- You must have at least 4MB of flash on your router to install JFFS, and you must have at least 384 KB available. Choose a smaller build if you need to, refer to the table above.
- You can check if you already have the missing module (which would be great) by telneting into your router (see step 6 for telnet help), and issuing the following command : find / -name ebt_pkttype.o
- If that command comes back with nothing, you are missing the module.

6). Telnet into your router using root as your login name regardless of what you actually use to log into your router. The password is your router password. You may need to install telnet if you don't have it on your windows machine. It's very simple, just follow these instructions :
http://social.technet.microsoft.com/wiki/contents/articles/910.enabling-telnet-client-in-windows-7.aspx
- You also need to enable telnet in Services - Services via a browser on dd-wrt's admin page. Change the setting to Enable, and then click Apply Settings.
- Once you have telnet working, telnet into your router and run "df -h". That will show you if your JFFS file system was successfully built. You need to see anything other than 0 bytes available or else you won't be able to copy a file to it. The file in question is only 1525 Bytes (1.5 KB).

7). Download the missing module from this same forum topic (post 5 - thanks BasCom). It's a file called ebt_pkttype.zip. Unzip it to a local temp directory.
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=172611&postdays=0&postorder=asc&start=0

8 ). Install WinSCP. You can get it here :
http://winscp.net/eng/download.php
- You need to turn on SSHd in your dd-wrt settings. Go to Services - Services, and set it to Enable. Then click Apply Settings.
- Run it the same way as telnet, with root as the login name, and your router password. You will see a listing of local directories as well as router directories. Drag and drop your unzipped ebt_pkttype.o module from your local temp directory into your newly created /jffs directory.

9). Open your admin page in dd-wrt in a browser, go to Administration - Commands. Type this in :

insmod ebtables.o
insmod ebtable_filter.o
insmod ebt_ip.o
insmod /jffs/ebt_pkttype.o
ebtables -A FORWARD -o eth1 -p ipv4 --pkttype-type multicast --ip-source ! 192.168.2.0/255.255.255.0 -j DROP

This needs to be exact. I needed the .o following every module or else I got unexpected results. Also, my home router (not the Linksys, the main router provided by my ISP in the basement which is a Sagecom 2864) defaults to a local address of 192.168.2.1. If your main router defaults to a different subnet (such as 192.168.1.1), then change the 3rd octet as required (in this example, you would change it to 192.168.1.0). This command will tell the Linksys access point to drop multicast packets instead of forwarding them to wireless devices.

10). Click "Save Startup", and then Adminstrion - Management - Reboot Router.

That's it, it should work now. You can test it to make sure by either using the Administration - Command window in your router's page via a browser or via telnet. Type in : ebtables -L

You should see your bridge tables come up with a nice long command appended to the FORWARD command, just like this :

Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 1, policy: ACCEPT
-p IPv4 -o eth1 --pkttype-type multicast --ip-src ! 192.168.2.0/24 -j DROP
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

Now you can use wifi while watching IPTV.

Caveats :
- The modules are finicky, and must be loaded in the order you see above. Any deviation and it may not work. I had to include the .o extension or else it would not work consistently.
- The GUI for dd-wrt is great, it makes it very easy to turn on and off options. However, DO NOT use it to test ebtables commands. You will occasionally get very odd results, sometimes issuing the same command twice in a row will produce different results each time. Issue all commands via telnet, the response is instantaneous and accurate. Once you have the commands you are happy with, copy them into the Administration - Command window and click Save Startup. Be sure there are no trailing carriage returns or spaces when you copy.
- If you don't have enough space to install JFFS2, use CIFS or wget. Both require external locations to store the module, which is why I preferred JFFS2. CIFS requires a constantly-on storage location where it can pull a file from, wget is a command you can use to pull the file from an internet site upon demand.
- Make sure the DHCP server is off on your Access Point. Not necessary to get this working, but dd-wrt comes with it enabled. In my case, I had DHCP working from my basement Sagecom router and didn't want or need a second one running.
- The "mega" builds are 7.7 MB and even with 8 MB of Flash, are slightly too big to enable JFFS2.
BasCom
DD-WRT Guru


Joined: 29 Jul 2009
Posts: 1378
Location: Germany

PostPosted: Sat Feb 15, 2014 3:23    Post subject: Reply with quote
very well Smile
_________________
RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
Goto page Previous  1, 2, 3, 4  Next Display posts from previous:    Page 3 of 4
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum