What's new

Diversion Diversion 5.1.3 - the Router Ad-Blocker, May 09, 2024

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I had an issue some weeks back, where new clients (existing clients worked fine) couldn't connect on LAN or WiFi as DHCP not available. I had created my own dilemma by activating custom AdBlocking URL sites, that weren't supported by Diversion. Are you using the stock site selection or custom?
Hi @nzwayne ,

Thanks for the hint. Disabling fs (fast switch) feature fixed my issue. Strangely the issue only appeared after updating to the latest fw release.

My previous setup was: 1st List = Predefined (Large) and 2nd List = Custom with approx. 21 remote sources
Now, after disabling the FS, I changed the 1st list from predefined to custom with the same URLs as before and everything is working.

@thelonelycoder , any idea on how to fix the FastSwitch issue?

Thanks guys for the hint/help
 
Hi @nzwayne ,

Thanks for the hint. Disabling fs (fast switch) feature fixed my issue. Strangely the issue only appeared after updating to the latest fw release.

My previous setup was: 1st List = Predefined (Large) and 2nd List = Custom with approx. 21 remote sources
Now, after disabling the FS, I changed the 1st list from predefined to custom with the same URLs as before and everything is working.

@thelonelycoder , any idea on how to fix the FastSwitch issue?

Thanks guys for the hint/help
I‘ll look into it as soon as time allows.
 
Thanks for the hint. Disabling fs (fast switch) feature fixed my issue. Strangely the issue only appeared after updating to the latest fw release.
I can confirm that when blocking list fs is enabled in b AND b, 5 "Alternate blocking list for specified clients" is enabled then Dnsmasq will not start in FW 3004.388.6_2 with Dnsmasq v2.90.
This will take some time to investigate.

It appears that the second instance (in my case) with listen-address=192.168.50.3 does not like dhcp-option=lan,3,192.168.50.1 directive. It appears this is either blocked by Dnsmasq or some system watchdog.
The System Log output, set to debug and all laments:
Code:
Feb 28 20:31:53 rc_service: service 7951:notify_rc restart_dnsmasq
Feb 28 20:31:53 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Feb 28 20:31:53 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Feb 28 20:31:54 avahi-daemon[2656]: Registering new address record for 192.168.50.3 on br0.IPv4.
Feb 28 20:31:54 Diversion: started second Dnsmasq instance for alternate blocking list on IP 192.168.50.3
Feb 28 20:31:54 Diversion: restarted Dnsmasq to apply settings
Feb 28 20:31:55 dnsmasq[8323]: failed to create listening socket for 192.168.50.1: Address already in use
Feb 28 20:31:55 dnsmasq[8323]: FAILED to start up

The full alternate-bf.conf content for my router is as follows:
Code:
### DO NOT EDIT THIS FILE ###

pid-file=/var/run/alternate_bf_dnsmasq.pid
user=nobody
bind-dynamic
interface=br0
no-dhcp-interface=pptp*
listen-address=192.168.50.3
localise-queries
no-resolv
dhcp-option=lan,3,192.168.50.1
dhcp-authoritative
servers-file=/tmp/resolv.dnsmasq

# start of Diversion directives #
conf-file=/opt/share/diversion/list/allowlist.fs_conf
conf-file=/opt/share/diversion/list/blockinglist.fs_conf
conf-file=/opt/share/diversion/list/denylist.fs_conf
log-async
log-queries
log-facility=/opt/var/log/dnsmasq.log3
# end of Diversion directives #
 
I can confirm that when blocking list fs is enabled in b AND b, 5 "Alternate blocking list for specified clients" is enabled then Dnsmasq will not start in FW 3004.388.6_2 with Dnsmasq v2.90.
This will take some time to investigate.
I do have alternate blocking list enabled but do not have fast switch enabled and 388.6.2 was not working on my AX88u. Other than alternate blocking I have all my diversion settings as default. I’ll try 388.6.2 again with diversion disabled and see what happens.

Edit: 388.6.2 works fine with Diversion disabled. When I re-enable it log says Dnsmasq can’t start. Blocking list is standard fs disabled. Alternate blocking is enabled on 192.168.50.3. Everything else is default settings.
 
Last edited:
I do have alternate blocking list enabled but do not have fast switch enabled and 388.6.2 was not working on my AX88u. Other than alternate blocking I have all my diversion settings as default. I’ll try 388.6.2 again with diversion disabled and see what happens.

Edit: 388.6.2 works fine with Diversion disabled. When I re-enable it log says Dnsmasq can’t start. Blocking list is standard fs disabled. Alternate blocking is enabled on 192.168.50.3. Everything else is default settings.
Hi @zackattack784 ,

i don' think it's possible to have the alternate blocking without fs enabled.
You should see something like that:
5. Alternate blocking list, enabled on 192.168.9.3
(off, fs is disabled)

and if you try to do something under b -> 5, you'll have this message:

Error Enable blocking list fast switch fs
first in b , 1.
 
I also have "Exclude devices from ad blocking" enabled, fast switch off, and seems like dnsmasq crashes with this Diversion setup on the latest Asus-Merlin release (3004.388.6_2). Rolled back to 3004.388.6 and all is good.
 
Chiming in - I have the same setup as user underdose ^^^. I started experiencing DNS issues on the new firmware 388.6_2. This is on an AX58U. Disabling Diversion solved the issue.
 
I also have "Exclude devices from ad blocking" enabled, fast switch off, and seems like dnsmasq crashes with this Diversion setup on the latest Asus-Merlin release (3004.388.6_2). Rolled back to 3004.388.6 and all is good.
I also have the crash on the GT-AX11000 / Had to roll back firmware as well.
 
What if you specify the br0:alternate_bf interface instead?

Probably related to this dnsmasq change:

https://thekelleys.org.uk/gitweb/?p...ff;h=744231d99505cdead314d13506b5ff8c44a13088
Unfortunately, it does not work either.

I'm trying to wrap my head around what the error means dnsmasq[25042]: failed to create listening socket for 192.168.50.1: Address already in use .
Did I do it wrong all along and now they decided to throw an error?

Unfortunately this change in Dnsmasq 2.90 affects these three options in b, as reported by users:
5. Alternate blocking list for specified clients
6. Exclude devices from ad-blocking
7. Restricted access for devices (Kids mode)

They're not core functions of Diversion but are obviously used by some users - so I want to fix it. Ideally the fix is backwards compatible.
 
On my home GT-AX6000 the same thing happen with (3004.388.6_2 nand), some wireless clients (android phones on the guest network) couldn't obtain IP address, some other clients were connected (PC laptops on the main network) but with no internet access.

I have double flash , reboot, disabling and re enabling Wi-Fi and guest network and didn't solve the issue.
Then I saw the posts that are saying that diversion is causing dnsmask to crash, so I disable diversion but the problem remains.

I had no other choice so I rolled back to (3004.388.6_0 nand) and everything is working normal again.

The fanny thing is that on my office RT-AX88U that has the same settings and add-ons none of the above is happening, everything seams to work fine for two days now.

Any way I will wait for a fix / solution for the problem 3004.388.6_0 is working fine, my only concerns are the CVE 2023-50868 and CVE 2023-50387 that the update resolves.
 
I'm trying to wrap my head around what the error means dnsmasq[25042]: failed to create listening socket for 192.168.50.1: Address already in use .
Did I do it wrong all along and now they decided to throw an error?
So is it the primary dnsmasq instance that has failed to start? Is the alternate instance being started first in postconf? I’ve never used the alternate blocking feature, so not sure of the flow. Is the alternate instance claiming 192.168.50.1 before the primary instance can?

 
Then I saw the posts that are saying that diversion is causing dnsmask to crash, so I disable diversion but the problem remains.
This might be another problem unrelated to Diversion.
A vanilla Diversion installation does not have a problem with Dnsmasq v2.9x.
Only if you use options b, 5|6|7. They start a separate Dnsmasq instance and that throws the error.
 
So is it the primary dnsmasq instance that has failed to start? Is the alternate instance being started first in postconf? I’ve never used the alternate blocking feature, so not sure of the flow. Is the alternate instance claiming 192.168.50.1 before the primary instance can?

Let me check that because I see the log file growing with regular entries for the second instance.
I start these separate instances in post-conf.div, so the second instance gets - technically - started first while the primary instance finishes reading the file.
 
So is it the primary dnsmasq instance that has failed to start?
You are correct, the primary fails to start and it is that instance that throws the error.

Interestingly, I do it exactly as Simon writes here: https://thekelleys.org.uk/gitweb/?p...ff;h=744231d99505cdead314d13506b5ff8c44a13088
In bind-dynamic mode, its OK to fail to bind a socket to an address
given by --listen-address if no interface with that address exists
for the time being. Dnsmasq will attempt to create the socket again
when the host's network configuration changes.
 
I had to revert to stock FW last night due to a HW concern, so I can’t test these bright ideas myself.
Shiny bright - as in award winning smart. Works right out of the box.
Now I need to test it with all three instances and if they still work as advertised. And also with old and new Dnsmasq.

Can I offer you a second test router? I will gladly have one shipped to you. I'll be working one week and then vacationing three weeks in the US starting the week after next.
 
If you ever come exploring in Detroit, do let me know. ;)
I used to come to Detroit a lot when I was working for another Company. There used to be plenty of car plants that used the systems we built.
With my now employer the closest system to you is over in Grand Rapids. I have never seen so many rusted out and see-through cars as in that area.

I'll be vacationing in the southwestern deserts if you look for me. As I always do.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top