Skynet Skynet - Router Firewall & Security Enhancements
Mutzli
Very Senior Member
Yes, I basically started from scratch once I renamed the USB drive.
Adamm
Part of the Furniture
Okay so I'm not going crazy, there are two swap files loaded (or the same one loaded twice?), so Skynet has been grabbing the wrong info. I'm not even sure how its mounting twice successfully but it explains all the issues unique to your system.
So this in theory should fix it (and really make sure its gone
).
Then reboot to make sure any lingering swap file is unloaded.
Verify on boot that there is no swap file listed;
Install a fresh swap file
So this in theory should fix it (and really make sure its gone
).
Code:
sh /jffs/scripts/firewall debug swap uninstall
sed -i '\~swapon ~d' /jffs/scripts/post-mount
swapoff /tmp/mnt/USBDrive/myswap.swp
rm -rf /tmp/mnt/USBDrive/myswap.swp
swapoff /myswap.swp
rm -rf /myswap.swpThen reboot to make sure any lingering swap file is unloaded.
Verify on boot that there is no swap file listed;
Code:
cat /proc/swapsInstall a fresh swap file
Code:
sh /jffs/scripts/firewall debug swap installHave you tried disabling the disk check script if you are running it with amtm?
Mutzli
Very Senior Member
Okay so I'm not going crazy, there are two swap files loaded (or the same one loaded twice?), so Skynet has been grabbing the wrong info. I'm not even sure how its mounting twice successfully but it explains all the issues unique to your system.
So this in theory should fix it (and really make sure its gone
Code:sh /jffs/scripts/firewall debug swap uninstall sed -i '\~swapon ~d' /jffs/scripts/post-mount swapoff /tmp/mnt/USBDrive/myswap.swp rm -rf /tmp/mnt/USBDrive/myswap.swp swapoff /myswap.swp rm -rf /myswap.swp
Then reboot to make sure any lingering swap file is unloaded.
Verify on boot that there is no swap file listed;
Code:cat /proc/swaps
Install a fresh swap file
Code:sh /jffs/scripts/firewall debug swap install
I can't remove the swap file, despite every script telling me that there is no swap file:
AMTM
and Diversion
and removed again with:
returns this:
crazy, I'll format the USB drive again.
skeal
Part of the Furniture
Adamm
Part of the Furniture
It happens. Sometimes the perfect storm happens on a users setup and the right sequence of bugs makes everyone’s life a nightmare with no real explanation
Vincent Meyer
New Around Here
Hi Adamm,
I have only been using Skynet for a couple of weeks, and I'm grateful that it has been keeping a ton of traffic looking for open ports on our server off of our network. Last night I flashed my Asus RT-AC88U with Merlin's 384.8 Beta 2, and reinstalled Skynet. Of course, the install complained that there was no ext formatted usb partition. It took me a goodly while (longer than I care to admit) to figure out that this version of Skynet really is looking for an ext* formatted partition on the USB port. While I found in the changelog where the other filesystems were disallowed, I could not find any reason why they were disallowed.
The main page of this thread describes Skynet as "All that's required is a USB drive that's at-least 500MB, After downloading it just works." Problem though is that no off the shelf USB drives come partitioned and formatted with an ext* filesystem.. If there is no reason why the new version of Skynet CAN'T work with an off-the-shelf, Windows formatted memory stick, other than maybe a performance hit, would it be possible to re-enable the other file system types and maybe just post a warning during installation that not having an ext* filesystem might result in a performance hit? (or whatever the detrimental effect would be) so that it could go back to being "After downloading it just works"?
I really appreciate the work you've put in. In the first couple of days it was running it blocked multiple thousands of connection attempts that would have gunked up our office network and our server. I can honestly say that now that I DON'T have this running, I'm a little uneasy about our network. Thanks, in advance, for your consideration.
Vinny
I have only been using Skynet for a couple of weeks, and I'm grateful that it has been keeping a ton of traffic looking for open ports on our server off of our network. Last night I flashed my Asus RT-AC88U with Merlin's 384.8 Beta 2, and reinstalled Skynet. Of course, the install complained that there was no ext formatted usb partition. It took me a goodly while (longer than I care to admit) to figure out that this version of Skynet really is looking for an ext* formatted partition on the USB port. While I found in the changelog where the other filesystems were disallowed, I could not find any reason why they were disallowed.
The main page of this thread describes Skynet as "All that's required is a USB drive that's at-least 500MB, After downloading it just works." Problem though is that no off the shelf USB drives come partitioned and formatted with an ext* filesystem.. If there is no reason why the new version of Skynet CAN'T work with an off-the-shelf, Windows formatted memory stick, other than maybe a performance hit, would it be possible to re-enable the other file system types and maybe just post a warning during installation that not having an ext* filesystem might result in a performance hit? (or whatever the detrimental effect would be) so that it could go back to being "After downloading it just works"?
I really appreciate the work you've put in. In the first couple of days it was running it blocked multiple thousands of connection attempts that would have gunked up our office network and our server. I can honestly say that now that I DON'T have this running, I'm a little uneasy about our network. Thanks, in advance, for your consideration.
Vinny
Adamm
Part of the Furniture
You're right, my approach to the situation was wrong. I've re-added support in a hotfix for fat (but will add warnings in a future update).
With that being said, I highly suggest formatting ext for both compatibility and performance reasons, but each to their own.
Vincent Meyer
New Around Here
Adamm, you ROCK.. THANK YOU! I prefer ext, although I kinda got bit in the behind because I didn't think I'd have to do more than flash the update and go. The thing is though, having to partition and format the stupid thing is far from just download and go. I'm hoping that sometime this weekend I'll have time to partition and format a USB stick, and compare CPU load and performance between ext and fat.
Even though it's well after midnight, I'm going to load the hotfix.. I'll sleep better knowing it's there.
V.
While it is kind of @Adamm to re-instate support of the FAT filesystem, ultimately anyone running Skynet will lilely want a USB drive formatted to one of the ext variants if they ever want to run the excellent companion programs like Diversion and amtm.
I'm not sure if this helps or just postpones the eventual need to move to one of the native linux/unix formats...
dave14305
Part of the Furniture
I’d like to suggest an Outbound-only debug mode for SkyNet. In general, I am less concerned about debugging inbound traffic, but would still like to always see outbound traffic blocking in syslog. I prefer to minimize unnecessary syslog activity since it is copied to jffs so frequently.
Would others find this useful? Today I spent some time unsure why the Apple App store wasn’t working on any devices in our house and was only looking in Diversion for blocked hostnames. Then it occurred to me that it could be Skynet and had to enable debug mode and try the App Store again so I could generate syslog entries to look for Outbound blocks.
Would others find this useful? Today I spent some time unsure why the Apple App store wasn’t working on any devices in our house and was only looking in Diversion for blocked hostnames. Then it occurred to me that it could be Skynet and had to enable debug mode and try the App Store again so I could generate syslog entries to look for Outbound blocks.
Adamm
Part of the Furniture
The syslog is stored in the ram and it is only ever written periodically to jffs as a backup. The syslog also has a maximum size before it is automatically purged by the system so disabling select output won't increase or decrease the amount of data being written due to the hardcoded limit. There is also the unrealistic task of actually wearing out the flash, in which case I wish you luck
So taking this into account, while I can see your point of view, I feel like there are a verity of methods to track down false positives that avoid adding unnecessarily complex code. Including the "debug watch" and "stats" commands which will even print out associated domain data to help.
thelonelycoder
Part of the Furniture
I was going to point this out too. In that respect @Adamm does a disservice to the users as the majority use Skynet along with Diversion. I wish I had a foolproof script to format FAT or any other formatted device reliably and automated to ext* directly in the router and still have it compatible with amtm's disk checker.
I'm not smart enough to figure that out and still make it a simple menu driven shell script.
Adamm
Part of the Furniture
As long as you use the same USB, switching devices is easy. Just run the install command and Skynet will automatically import your old data.
Similar threads
Similar threads
Similar threads
-
Skynet Installing Skynet causes router to crash and reboot
- Started by ovancantfort
- Replies: 26
-
Diversion Diversion & Skynet Missing on GUI after Router Reboot.- Started by cofetym
- Replies: 7
-
Any usefulness for Skynet + pfsense/opnsense in transparent bridge mode?
- Started by pjd50
- Replies: 11
-
Solved Skynet running slow with install/update issues from AMTM?- Started by John Fitzgerald
- Replies: 10
-
Skynet Source LAN IP for outbound IP blocked by SkyNet
- Started by buzzy
- Replies: 8
-
-
-
Send stats Division and Skynet to webhook or mqtt
- Started by poudenes
- Replies: 0
-
-