[Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

[dave14305]

Does /etc/cert.pem exist?

Yes, cert and key.pem exist, and I can login fine the first time. I’ve copied my cer files to /jffs/https and they persist just fine when restarting httpd. If I logout and try to connect again, it hangs and watchdog kicks in. Never seen this before. I’m suspicious of iOS, but not much I can do about it. I’ll try Firefox on iOS in a bit. I do reassign the https port to 443 after changing AiCloud to 7443.

I’ll keep at it trying to narrow down.

 

[dave14305]

So this is a split screen of logging in and a watch of netstat -npt. I note the Recv-Q, which persisted over the 2 second interval.

 

[ColinTaylor]

No idea. The message seems to come from here after issuing this sort of command:

/usr/sbin/curl --silent --connect-timeout 10 --head --user-agent asusrouter-asuswrt-curl --referer https://192.168.1.1:8443 --insecure https://192.168.1.1:8443

 

[airman98]

John - just had to pop in to say THANK YOU! Great to see you back.

Your work is truly appreciated by so many of us.

Hope you are doing well, wishing you the best. Cheers!

 

[dave14305]

No idea. The message seems to come from here after issuing this sort of command:

/usr/sbin/curl --silent --connect-timeout 10 --head --user-agent asusrouter-asuswrt-curl --referer https://192.168.1.1:8443 --insecure https://192.168.1.1:8443

Firefox on iPad will not reproduce the issue. So I’ll keep looking at Safari. Now what has Apple done?

 

[dave14305]

Firefox on iPad will not reproduce the issue. So I’ll keep looking at Safari. Now what has Apple done?

It only happens if I keep Safari’s “Prevent Cross-Site Tracking” enabled. That feature was enhanced in 13.4 to block all third party cookies. Not sure how that is affecting the router. Will think about it in the morning...

 

[john9527]

@dave14305
The watchdog code tries to talk to the httpd server code to make sure the server is still alive and if it can't, tries to restart the server. The (28) at the end of the line is the curl error code....in this case the command timed out after 10sec.
First thought is I'm not sure how the browser would be able to interfere.

Did you somehow remove the other Safari change you debugged?
https://www.snbforums.com/threads/f...lts-releases-v42e7.18914/page-450#post-464359
Maybe somehow if Safari automatically gets logged off, it's hanging the server trying to post the logoff msg???

 

[dave14305]

@dave14305
The watchdog code tries to talk to the httpd server code to make sure the server is still alive and if it can't, tries to restart the server. The (28) at the end of the line is the curl error code....in this case the command timed out after 10sec.
First thought is I'm not sure how the browser would be able to interfere.

Did you somehow remove the other Safari change you debugged?
https://www.snbforums.com/threads/f...lts-releases-v42e7.18914/page-450#post-464359
Maybe somehow if Safari automatically gets logged off, it's hanging the server trying to post the logoff msg???

I do still have my disc timeout set. But there is no idling necessary to create the issue. But I’m embarrassed to admit that I think it is now somehow solved by nuking all saved data in Safari after switching back from Merlin. I didn’t want to nuke all sites, but there was nothing else for my home.lan domain. I will test more in the morning to see if I can get it to hang again. So far I’m good since nuking Safari.

 

[Markmaster]

Probably what you are looking for are the various options in below screenshot:

View attachment 22229

Many thanks to you, man!
@john9527 @RMerlin can you please tell me, how this is realized in Asus firmware? Is that exactly what I'm asking about?

 

[thelonelycoder]

Glad you're back @john9527 . We missed you.

 

[ColinTaylor]

Is that exactly what I'm asking about?

This has nothing to do with your problem.

 

[De Molen]

John, so good to see you back !

Thanks for all you work

 

[Marin]

A new formal release has been posted for those still using this fork after all this time Please see the first post and review the Changelog for the updates.
Special thanks to @ColinTaylor for his testing and feedback/suggestions.

LATEST RELEASE: Update-42E7
26-March-2020
Merlin fork 374.43_42E7j9527
Download http://bit.ly/1YdgUcP
============================

SHA256

(Default Build - All supported routers)
3137f3b555d203610dceba6b6d545252c8e83c0536daad63c7437b65b32ee0d0  RT-N16_374.43_42E7j9527.trx
e9fc048afa5f3fc6393217d0cde17ba437697823823b94b7cd3eb60bc36c263a  RT-AC66U_374.43_42E7j9527.trx
720e88e6fde47d34faba8955f93047b69aad5b8b5c98199d53c34c5d79bc98f4  RT-N66U_374.43_42E7j9527.trx
41e25937614fe2404b96fadc1b62a1579714f1f47fdda93d489163b87b5ba1c4  RT-AC68U_374.43_42E7j9527.trx
e4feb4b04fc7895ef8b095b58d779a00175a8ea3c0cc30152fb6d04708d98766  RT-AC56U_374.43_42E7j9527.trx

As for my absence from the forum....
Some of you may remember that my father passed away last year. Without going into a lot of detail, let's just say that having to deal with his estate has been a challenge, both from a logistics/work-to-do and personal point of view. As a result, I needed to limit some of my activities. While things are still far from complete (and now complicated by the pandemic), I'm going to start easing back into my 'fun' pass times....participating in this forum being one of them.

Thanks to everyone that stepped up and provided support as well as for your understanding.

Very happy you are back @john9527!


Sent from my iPhone using Tapatalk

 

[Utrecht56]

It is good to have you back John9527 you are still keeping a lot of Routers alive and stable!!

 

[dave14305]

@dave14305
The watchdog code tries to talk to the httpd server code to make sure the server is still alive and if it can't, tries to restart the server. The (28) at the end of the line is the curl error code....in this case the command timed out after 10sec.
First thought is I'm not sure how the browser would be able to interfere.

Did you somehow remove the other Safari change you debugged?
https://www.snbforums.com/threads/f...lts-releases-v42e7.18914/page-450#post-464359
Maybe somehow if Safari automatically gets logged off, it's hanging the server trying to post the logoff msg???

I can still repeat this behavior this morning, but not in Firefox on iOS and not in Safari Private Browsing mode. I was going to try to tcpdump and decrypt in Wireshark using the Pixelserv private key, but since it’s now a TLS1.3 connection, I don’t think it’s possible. I have workarounds, but I can’t wrap my head around what’s going on, or what the browser is storing and sending to the server to make it hang.

I tried enabling debug_httpd in nvram and running httpd in the foreground, but didn’t see anything (not sure where dprintf sends output).

Sorry to be a pain in the a$$ on your first public release back. Hopefully it’s just me.

 

[john9527]

@dave14305

A couple of things....

You mentioned that this seemed to coincide with an iOS change. Did it used to work with the new iOS on the older releases, or did the new router code and new iOS just happen to get together at the same time?
If it is a router code change, narrowing down the release would help.

For the debug...it's normally meant to go to a serial console. But I added some code to redirect it to a file.

nvram set debug_httpd=2 (there are two levels of debug I built in, 2 is the most complete)
nvram set debug_cprintf_file=1

now you can
tail -f /tmp/cprintf
to watch the debug messages (most won't mean much, they are pretty cryptic)
And don't leave it in this state....you'll fill up your /tmp space and eventually crash the router.

 

[dave14305]

You mentioned that this seemed to coincide with an iOS change. Did it used to work with the new iOS on the older releases, or did the new router code and new iOS just happen to get together at the same time?
If it is a router code change, narrowing down the release would help.

Due to my flip-flopping between fork and Merlin, I only can ascertain that it worked on iPadOS 13.3.1 and 41EA. I was running Merlin 384.15 when I upgraded iPadOS last week. I may have had an issue with Merlin yesterday before flashing the fork, I can’t recall exactly, but Merlin watchdog wouldn’t catch the hang anyway.

I will keep poking. I imagine I’m an outlier using a Pixelserv cert for the router GUI on the fork and redefining https to port 443 from 8443.

I will try the extra debug when I can sit down at a proper computer to do the tailing. Thanks!

 

[john9527]

I will try the extra debug when I can sit down at a proper computer to do the tailing. Thanks!

Also, I needed a memory jolt..... set
nvram set debug_httpd=3 (enable both level 1 and level 2 debug)

 

[dave14305]

I will try the extra debug when I can sit down at a proper computer to do the tailing. Thanks!

Well it didn’t capture much except the login and the watchdog restart.

cat cprintf | grep -v ^wanduck
httpd login auth forced for 1442949312
httpd_login(1442949312:443)
Don't detect static clients!
Don't detect static clients!
watchdog 1070:notify_rc: stop_httpd
watchdog 1070:notify_rc: start_httpd
[1 preinit:init_main +69112] main loop signal/state=10
cmd[0]=stop_httpd
1070: wait for previous script(24/25): stop_httpd 1070 watchdog.
[1 preinit:handle_notifications +69112] running: 1 httpd
killall_tk: waiting name=httpd wait=0 sec
handle_notifications() end
[1 preinit:init_main +69112] main loop signal/state=14
[1 preinit:init_main +69112] main loop signal/state=14
[1 preinit:init_main +69112] main loop signal/state=14
[1 preinit:init_main +69113] main loop signal/state=10
cmd[0]=start_httpd
[1 preinit:handle_notifications +69113] running: 2 httpd
handle_notifications() end
[1 preinit:init_main +69113] main loop signal/state=14
[1 preinit:init_main +69113] main loop signal/state=14
httpd login auth forced for 1442949312
httpd_login(1442949312:443)
httpd login auth forced for 16885952
service 2646:notify_rc: restart_httpd
[1 preinit:init_main +69274] main loop signal/state=10
cmd[0]=restart_httpd
[1 preinit:handle_notifications +69274] running: 3 httpd
killall_tk: waiting name=httpd wait=0 sec
handle_notifications() end
[1 preinit:init_main +69274] main loop signal/state=14
[1 preinit:init_main +69274] main loop signal/state=14
httpd login auth forced for 1442949312
httpd login auth forced for 16885952
httpd_login(1442949312:443)
watchdog 1070:notify_rc: stop_httpd
watchdog 1070:notify_rc: start_httpd
[1 preinit:init_main +69365] main loop signal/state=10
cmd[0]=stop_httpd
[1 preinit:handle_notifications +69365] running: 1 httpd
1070: wait for previous script(24/25): stop_httpd 1070 watchdog.
killall_tk: waiting name=httpd wait=0 sec
handle_notifications() end
[1 preinit:init_main +69365] main loop signal/state=14
[1 preinit:init_main +69365] main loop signal/state=14
[1 preinit:init_main +69365] main loop signal/state=14
[1 preinit:init_main +69366] main loop signal/state=10
cmd[0]=start_httpd
[1 preinit:handle_notifications +69366] running: 2 httpd
handle_notifications() end
[1 preinit:init_main +69366] main loop signal/state=14
[1 preinit:init_main +69366] main loop signal/state=14

 

[dave14305]

Here it did it toward the end.