Mar 05

本脚本适用于 DD-WRT 和 Tomato,来源于: https://git.losert.xyz/krypton/Scripts/tree/master

适用于 LEDE/OpenWRT 的脚本在: https://gist.github.com/lg/e91d1c5c9640d963e13dbb1901bb4396

#!/bin/sh

##############################################
# This script disconnects connected clients, #
# where the signal is below the configured   #
# signal.                                    #
##############################################
# v1.0                                       #
# maintained by Rene Losert  #
##############################################
DEV=$(nvram show 2>&1 |grep ifname|grep 'wl[01]'|cut -d"=" -f2)
SIGNAL="-80"
EXCLUDE="38:D5:47:62:F8:7A"
key="$1"

if [[ "$key" == "-d" ]]; then
	echo "Signal Threshold: $SIGNAL"
	echo "Connected Clients:"
fi

while true; do

date=$(date +"%a %b %e %H:%M:%S %Z %Y")

for current in $DEV; do
CLIENTS=$(/usr/sbin/wl -a $current assoclist)
	for MAC in $CLIENTS; do    # for loop for each client (MAC)
		if [ $MAC != "assoclist" ]; then
			SIG=$(/usr/sbin/wl -a $current rssi $MAC)
			if [[ "$key" == "-d" ]]; then echo "MAC: $MAC, Signal: $SIG"; fi
			if [[ ! "$MAC" = "$EXCLUDE" ]]; then
				if [ $SIG -lt $SIGNAL ]; then
					if [[ "$key" == "-d" ]]; then echo "$date: BELOW! Sending deauth to $MAC"; fi
					echo "$date: BELOW! Sending deauth to $MAC" >> /tmp/cleanup.log
					/usr/sbin/wl -a $current deauthenticate $MAC
				fi
			fi

		fi
	done
done

if [[ "$key" == "-d" ]]; then echo "-----------------------------------"; fi
#echo $date >> /tmp/cleanup.log
sleep 5
done

:!: :!: :!:


Mar 21

Linksys EA6900 刷 FreshTomato,opkg 装 openssh-server (其实是想装 openssh-sftp-server)重启后 SSH 连接不能。telnet 上去发现 dropbear 未启动,手动启动出错:

dropbear -F -E
Early exit: Bad buf_getptr

搞了几个小时,定位问题在 dropbear 的密匙文件,把其它路由器上正常的文件覆盖此路由器 /etc/dropbear/ 下三个文件,则 dropbear 能正常启动。最终解决办法:

nvram unset sshd_hostkey
nvram unset sshd_ecdsakey
nvram unset sshd_dsskey
nvram commit
reboot

原理:这三个密匙都是生成后保存在 nvram 中的,启动时如果没有这三个文件,系统会重新生成。

参考:

https://www.linksysinfo.org/index.php?threads/how-can-i-save-etc-dropbear-during-a-reboot.30485/
http://tomatousb.org/forum/t-311630/how-do-you-change-the-dropbear-host-key-files
https://www.linksysinfo.org/index.php?threads/struggling-to-set-up-ssh-on-shibby.73096/

:twisted: :twisted: :twisted:


Jan 06

Tomato 下面运行需要 SSL/TLS 连接的 Golang 程序(多为静态编译),可能会出现类似:

x509: certificate signed by unknown authority

这样的证书相关问题,目前遇到过的有 overture 以及 dnscrypt-proxy这里有讨论。

主要就是 x509 默认只在以下目录搜索证书:

"/etc/ssl/certs", // SLES10/SLES11, https://golang.org/issue/12139
"/system/etc/security/cacerts", // Android
"/usr/local/share/certs", // FreeBSD
"/etc/pki/tls/certs", // Fedora/RHEL
"/etc/openssl/certs", // NetBSD

或者这几个文件:(https://mirrors.segmentfault.com/golang/root_linux.go)


// Possible certificate files; stop after finding one.
var certFiles = []string{
"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL 6
"/etc/ssl/ca-bundle.pem", // OpenSUSE
"/etc/pki/tls/cacert.pem", // OpenELEC
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
}

而 Entware 默认是安装在 /opt/etc/ssl 目录下;

查看 Golang 源码提示可以设置环境变量:

https://golang.org/src/crypto/x509/root_unix.go

const (
// certFileEnv is the environment variable which identifies where to locate
// the SSL certificate file. If set this overrides the system default.
certFileEnv = "SSL_CERT_FILE"
// certDirEnv is the environment variable which identifies which directory
// to check for SSL certificate files. If set this overrides the system default.
certDirEnv = "SSL_CERT_DIR"
)

解决办法:

1. 通过 Entware 安装 ca 证书:

opkg update
opkg upgrade
opkg install ca-bundle
opkg install ca-certificates

2. 在 /opt/etc/.profile 中设置环境变量:

# SSL for Golang
export SSL_CERT_FILE=/opt/etc/ssl/certs/ca-certificates.crt
export SSL_CERT_DIR=/opt/etc/ssl/certs

这样就没问题了。


Nov 05

使用 Tomato 固件,先下载 tomatoware:

CMake:
./bootstrap --prefix=/mmc && make && make install

libsodium:
./configure --prefix=/mmc && make && make install

然后静态编译 DNSProxy" title="Pcap_DNSProxy GITHUB" rel="external">Pcap_DNSProxy ,需要修改下源码的 /Pcap_DNSProxy/Source/Pcap_DNSProxy/CMakeLists.txt 文件:

Executable file name
#static
SET(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
SET(BUILD_SHARED_LIBRARIES OFF)
SET(CMAKE_EXE_LINKER_FLAGS "-static -pthread -Wl,--whole-archive 
-lpthread -Wl,--no-whole-archive")
#static
add_executable(Pcap_DNSProxy ${MAIN_SRC_FILES})
IF(PLATFORM_OPENWRT)
INSTALL(TARGETS Pcap_DNSProxy RUNTIME DESTINATION sbin)
ENDIF(PLATFORM_OPENWRT)

注意:单独使用 -static 编译出来的文件执行会出错,要结合后面那堆参数:

terminate called after throwing an instance of 'std::system_error'
what(): Enable multithreading to use std::thread: Operation not permitted

Pcap_DNSProxy

当然还是希望作者加一个静态编译的开关选项。

已提交,作者已添加:

* 使用 ./Linux_Build.sh 执行编译程序
* 添加参数 --enable-static 即 ./Linux_Build.sh --enable-static 可启用静态编译


Jul 17

Charter 是国外一个 ISP,它们提供给客户一个 OEM 版本的 R6300 V2,硬件构成和 Netgear R6300 V2 完全相同。外观上,Charter 版本为磨砂面,"NETGEAR" 字样的 Logo 不发光(实际上内部印刷版上有 LED,但是由于外壳不透光所以...),而 Negear 零售版本是镜面 + 发光 Logo。

进入管理界面,Charter 的固件版本显示为 V1.0.3.6_1.0.63CH,注意后面的 CH 字样,不能升级 Netgear 官方固件,也不能直接刷针对 R6300 V2 的 DD-WRT 或者 Tomato 固件,会提示类似信息:

This firmware file is incorrect! Please get the firmware file again and make sure it is the correct firmware for this product.

1. 刷 Kong 的 DD-WRT K3 固件预刷版本,下载地址:dd-wrt.K3_R6300V2CH.chk

2. 登陆 DD-WRT,开启 SSH 服务,用 SSH 客户端登陆路由器,键入以下命令:

burnboardid U12H240T00_NETGEAR

重启路由器,重启完成后,你的路由器已经变成标准版的 Netgear R6300V2

3. 如果只是想刷 DD-WRT,到这一步就可以刷标准 Netgear R6300V2 的 DD-WRT 固件了,包括 BS 版本;

4. 在 DD-WRT 界面刷入 Netgear 官方的 R6300V2 固件,去官方下载即可;

5. 刷入 Shibby Tomato 固件的预刷版本:tomato-R6300v2-initial.chk

6. 刷 Tomato ARM 其他版本。


[1/4]  1 2 3 4 >