LATEST RELEASE: Update-07
20-January-2015
Merlin fork 374.43_2-07j9527
Download
http://1drv.ms/1uChm3J
===============================
For those of you not yet ready to update to the latest 376 or 378 releases, I have created an incremental update (fixpack) to 374.43_2. This build primarily backports some of the fixes of the later Merlin builds back to the 374.43_2 build and attempts to address user requests/bugs where possible.
Update-07 of the 374.43 update fork is now available. This release in addition to addressing ongoing security updates also addresses several user requested enhancements/fixes and adds some new features. A detailed Changelog can be found in the download directory.
HighLights:
- Fixes for ASUS infosvr LAN-side security vulnerability finalized (same as release 06E)
- OpenVPN updated to 2.3.6 (addressing a reported vulnerability), also includes an upstream fix for Cipher-None
- OpenSSL updated to 1.0.0p
- Support for the AC68P. Unique 68P code regarding the 5G wireless parameters was discovered in the 376 release which has been backported.
- Upstream fix for minidlna for parsing of AAC track information
- For those of you tired of seeing the 'minidlna' directory on your DLNA clients, it is now hidden. To change to the hidden directory, after installing this code delete the visible minidlna directory in your media shares and reboot. Your media share db will be rebuilt.
- IPv6 fixes for Stateful DHCP-PD, 6in4 tunnel configuration and MTU advertisement for PPP IPv6 connections
- Comcast IPv6 fixes for a buffer overflow condition and a potential performance improvement correcting DSCP values for some Comcast IPv4 connections (both ported from Shibby Tomato). The DSCP performance improvement has been integrated into the gui under 'Firewall/General/Enable DSCP override**' See additional information below.
- A performance improvement for OpenVPN server and client for ARM routers by forcing the VPN session to alternating CPUs. This can be a large improvement for users running VPN Client/Server on the router....I got over 30% throughput improvement with my VPN client.
- Miscellaneous gui fixes correcting the inability to modify some fields and more flexibility when manually setting the transmit power.
- Max connections can now be set on the SAMBA gui (in addition to the FTP gui)
- The latest level link on the firmware upgrade page now will direct you to the fork download location
- A fix for power settings not being properly applied without a reboot
- Some new features....
[*] You can now display the Traffic Monitor graphs in Mb/s instead of KB/s. This can be selected in the gui under 'Tools/Other Settings/Traffic monitor graph units**'.
[*] You can now specify different address : port combinations for SSH access (different ports for WAN vs LAN access). If you were using the previous release of the fork SSH address feature, you should clear that value before loading this code.
The custom features of the fork which are not exposed in the gui can be set by an nvram variable. All the custom features are documented in the
Merlin_Fork_Options file in the download directory.
A factory default reset is NOT required if coming from any level of the fork or Merlin 374.42 or 374.43 code. Coming from any other level does require a factory default reset after the code is loaded.
Please reboot the router after the code load even if it appears to load the code without a reboot being required.
Thanks to everyone for your support (and your interest in this next update) !
SHA256 hashes:
Code:
2db84de3eaed5f45337810ab04f9f4044d934b6d0a0f89e4d759f9a68a358164 *RT-AC56U_3.0.0.4_374.43_2-07j9527.trx
1e446e94288d4e08f0eeec00b565f93820d15754f9a0b6ea988cda42d8195d75 *RT-AC66U_3.0.0.4_374.43_2-07j9527.trx
8900b4605355e1dfbde2e5a9e0344e6fe300d27c6280f31a81938215f3735c58 *RT-AC68U_3.0.0.4_374.43_2-07j9527.trx
11cfcb316c4396c66910b2d4099ce6552fa76de42d96a5ff37b0f18db384863f *RT-N16_3.0.0.4_374.43_2-07j9527.trx
e1c5327f364d10d66f242e4c360c594725b4faa8b0879ebdb69bd66e866218c3 *RT-N66U_3.0.0.4_374.43_2-07j9527.trx
Additional information on the Comcast DSCP fix:
At least some Comcast nodes are sending packets with a DSCP value (Differentiated Services Code Point, basically a packet priority) that was set to the lowest priority possible. So far it has only been observed as a problem on IPv4 packets.
Now to the router side....wireless N routers have a required component called WMM (Wifi Multmedia extensions) which does respect the DSCP value, and interprets it that the packet is unimportant to transmit quickly. As a result you can get transfers slowed down. Note that it's a download, not upload, issue. How much slowdown is dependent on how the router driver implements WMM. On Linksys/Cisco routers, where the issue was found, the slowdown could be pretty dramatic. On the Asus routers it hasn't really been reported, but it was easy to implement and make it available for people to try. The change creates an iptables rule that overrides the DSCP value to '0' (or unclassified priority) for the incoming packets.