Posted: Sat Dec 30, 2023 15:16 Post subject: New Build - 12/30/2023 - r54652
Welcome to Marvell r54652 beta release thread for reporting, feedback to developers and community benefit.
Please do not flash builds until installation is understood, risks involved and device specificrecovery methods.
Avoid discussions, create threads for questions, general problems or use search; this thread is not for support.
List router model & version or revision, operating & wireless modes & exact filename/firmware image flashed.
CLI Flash: 'cd /tmp' then 'wget {file URL}' (httponly) or 'curl -O {file URL}' (http, https, ftp) 'write {file} linux' then 'reboot'.
Issues, observations, and/or workarounds reported:
• WebUI: Clear history or use a portable. Temporary cache bypass: Ctrl+F5, Cmd+Shift+R or new private window/incognito.
• Please report findings with steps needed to reproduce, configuration, clients, output, logs and important information below!
Important:
• Detail issues & relevant configs, logs: syslog klog 'dmesg' 'cat /tmp/var/log/messages' nvram set console_debug=1, serial.
• Firewall NAT: 'iptables -vnL' 'iptables -t nat -vnL' 'iptables -t mangle -vnL' & 'cat /tmp/.ipt'. Debug Analyze: stracetcpdump.
• Gremlins: reboot. cold boot. Reset & reconfigure not restore backup. Search Trac & discuss in forum before opening tickets.
• Include operating & wireless modes (e.g. Gateway, Router, AP, SB, WDS, Mesh) and applicable configurations to reproduce.
Linksys WRT1900ACS v1
Firmware Version:DD-WRT v3.0-r54652 std (12/30/23)
Kernel Version:Linux 6.1.69 #203 SMP Sat Dec 30 07:50:12 +07 2023 arm
Upgrade under CLI from r74637 without reset.
Works stable with unbound(DoT)
WiFi 2 channel stable.
Except FBSD14 NIC wired no carrier.
terrapin attack result UPDATED!
Code:
Remote Banner: SSH-2.0-dropbear_2022.83
ChaCha20-Poly1305 support: true
CBC-EtM support: false
Strict key exchange support: true
The scanned peer supports Terrapin mitigations and can establish
connections that are NOT VULNERABLE to Terrapin. Glad to see this.
For strict key exchange to take effect, both peers must support it.
Note: This tool is provided as is, with no warranty whatsoever. It determines
the vulnerability of a peer by checking the supported algorithms and
support for strict key exchange. It may falsely claim a peer to be
vulnerable if the vendor supports countermeasures other than strict key
exchange.
For more details visit our website available at https://terrapin-attack.com
I also found a little mistakes not a bug.
my content addional dnsmasq options after this upgrade return to history values, I think that may be saving on different place.
Router Model: Linksys WRT3200ACM
Firmware Version: DD-WRT v3.0-r54652 std (12/30/23)
Kernel Version: Linux 6.1.69 #203 SMP Sat Dec 30 07:50:12 +07 2023 arm
Not resetting the settings.
So far it's been stable for around a day. I think it's the first build since kernel 6.x switch that been as stable on WRT3200ACM. Previous ones just ended up in breaking the connection needing a rollback. That's an improvement!