Skynet SkyNet 7.4.0

[toforrao]

I'm coming back with a solution I'm testing myself:

Edit /jffs/scripts/firewall-start adding this:

crontab -l |grep -v banmalware |crontab -
(crontab -l ; echo "30 05 * * * sh /jffs/scripts/firewall banmalware #Skynet_banmalware#") |crontab -

This should work in order to delete the file on the crontab which includes "banmalware" string and add another one with the time of your liking, in my case 05:30 am

 

[SomeWhereOverTheRainBow]

Thanks!

I guess there is no chance to indicate exactly any hour. In my case, it would be nice to just tell skynet to update at early hours in the morning in order to not to hit network performance...

You could disable the default cronjob in the terminal, and then place your own inside the services start script.

 

[rjsh]

I can't seem to update to the newest version. How did you all did it? I get these errors after upgrade entware packages:

curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
...
[i] Restarting Firewall Service

@mrgnex

I ran into the same situation on my RT-AC68U (armv7l) FW-384.15. I've intentionally stayed in that older FW [ WAN interface stability - regardless of ISP provider (Verizon FIOS, Comcast Xfinity, Starry) at multiple locations. This version was the one that has maintained stability. Use to be an issue at time on prior versions and some older ones non issue. Either way I tried something after .15 and it was unstable so I backed to .15 and haven't really looked at it in last few years]

Summary: Was able to resolve by modifying the PATH inside the firewall script. Moved /usr/sbin to the end of the path instead of it sitting in front of the /opt/bin directory which is where the entware version of curl is at.

Additional details:
Anyway earlier today I decided to update an few items running on it via amtm to bring scripts, entware packages and also skynet up to date as possible while staying on the older FW.

I ran into a problem with curl after it got updated via me running inside the ssh session without any issues:
opkg update
opkg upgrade

Then I rebooted the router and logged back in again and ran:

curl -V
resulted in: (curl 8.1.1 (arm-openwrt-linux-gnu) libcurl/8.1.1 OpenSSL/3.0.8 zlib/1.2.13)

When I went to run firewall --> Option 3 (Malware Blacklist) --> Option 1 (update) I got the similar:
curl: option --retry-all-errors: is unknown, etc..

So I checked my path:
echo $PATH
resulted in: /opt/bin:/opt/sbin:/bin:/usr/bin:/sbin:/usr/sbin:/home/rjsh:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin

I checked which curl is running:
which curl
resulted in: /opt/bin/curl

I check the version
curl -V
resulted in: curl 8.1.1 (arm-openwrt-linux-gnu) libcurl/8.1.1 OpenSSL/3.0.8 zlib/1.2.13
Release-Date: 2023-05-23

Looked at the help to make sure the option exists (it does) via:
curl --help curl
resulted in:
...
--retry <num> Retry request if transient problems occur
--retry-all-errors Retry all errors (use with --retry)
...

Then I checked the firewall script:
which firewall
resulted in: /opt/bin/firewall

cat /opt/bin/firewall | grep -i "path"
resulted in: export PATH="/sbin:/bin:/usr/sbin:/usr/bin:$PATH"

I checked each of those directories to see if another version of curl was in it prior to the $PATH
the /usr/sbin directory for me had another variant of curl in there.

cd /usr/sbin
./curl -V
resulted in:
curl 7.67.0 (arm-unknown-linux-gnu) libcurl/7.67.0 OpenSSL/1.0.2u
Release-Date: 2019-11-06

I checked the help for parameters usable with this version of curl via:
./curl --help
resulted in:
...
--resolve <hostort:address[,address]...> Resolve the host+port to this address
--retry <num> Retry request if transient problems occur
--retry-connrefused Retry on connection refused (use with --retry)
--retry-delay <seconds> Wait time between retries
--retry-max-time <seconds> Retry only within this period
--sasl-authzid <identity> Use this identity to act as during SASL PLAIN authentication
...

There was no --retry-all-errors parameter in v7.67.0.

So I decided to modify the firewall script itself:
which firewall
resulted in: /opt/bin/firewall

# change directory
cd /opt/bin

# make a backup copy
cp firewall firewall.orig.bak

# open an editor to modify the firewall script.
nano firewall

Approx 17th line down has the following:
export PATH="/sbin:/bin:/usr/sbin:/usr/bin:$PATH"

I replaced that single line with the following two lines (the 1st line is the same as original except with a # in front to comment it out. The 2nd line shifts the /usr/sbin from the 3rd entry in the future PATH over to post-pend to be the last directory in the future PATH.

#export PATH="/sbin:/bin:/usr/sbin:/usr/bin:$PATH"
export PATH="/sbin:/bin:/usr/bin:$PATH:/usr/sbin"

I saved out via Control O and Control X

Ran the firewall again and this time I was able to utilized the current curl version when I did malware update, etc.

This should also hold true for enabling the latest version of curl being used for the daily / weekly / monthly update option you've selected in the settings, as I believe they all call via crontab jobs the firewall script to perform the update.

 

[SomeWhereOverTheRainBow]

@mrgnex

I ran into the same situation on my RT-AC68U (armv7l) FW-384.15. I've intentionally stayed in that older FW [ WAN interface stability - regardless of ISP provider (Verizon FIOS, Comcast Xfinity, Starry) at multiple locations. This version was the one that has maintained stability. Use to be an issue at time on prior versions and some older ones non issue. Either way I tried something after .15 and it was unstable so I backed to .15 and haven't really looked at it in last few years]

Summary: Was able to resolve by modifying the PATH inside the firewall script. Moved /usr/sbin to the end of the path instead of it sitting in front of the /opt/bin directory which is where the entware version of curl is at.

Additional details:
Anyway earlier today I decided to update an few items running on it via amtm to bring scripts, entware packages and also skynet up to date as possible while staying on the older FW.

I ran into a problem with curl after it got updated via me running inside the ssh session without any issues:
opkg update
opkg upgrade

Then I rebooted the router and logged back in again and ran:

curl -V
resulted in: (curl 8.1.1 (arm-openwrt-linux-gnu) libcurl/8.1.1 OpenSSL/3.0.8 zlib/1.2.13)

When I went to run firewall --> Option 3 (Malware Blacklist) --> Option 1 (update) I got the similar:
curl: option --retry-all-errors: is unknown, etc..

So I checked my path:
echo $PATH
resulted in: /opt/bin:/opt/sbin:/bin:/usr/bin:/sbin:/usr/sbin:/home/rjsh:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin

I checked which curl is running:
which curl
resulted in: /opt/bin/curl

I check the version
curl -V
resulted in: curl 8.1.1 (arm-openwrt-linux-gnu) libcurl/8.1.1 OpenSSL/3.0.8 zlib/1.2.13
Release-Date: 2023-05-23

Looked at the help to make sure the option exists (it does) via:
curl --help curl
resulted in:
...
--retry <num> Retry request if transient problems occur
--retry-all-errors Retry all errors (use with --retry)
...

Then I checked the firewall script:
which firewall
resulted in: /opt/bin/firewall

cat /opt/bin/firewall | grep -i "path"
resulted in: export PATH="/sbin:/bin:/usr/sbin:/usr/bin:$PATH"

I checked each of those directories to see if another version of curl was in it prior to the $PATH
the /usr/sbin directory for me had another variant of curl in there.

cd /usr/sbin
./curl -V
resulted in:
curl 7.67.0 (arm-unknown-linux-gnu) libcurl/7.67.0 OpenSSL/1.0.2u
Release-Date: 2019-11-06

I checked the help for parameters usable with this version of curl via:
./curl --help
resulted in:
...
--resolve <hostort:address[,address]...> Resolve the host+port to this address
--retry <num> Retry request if transient problems occur
--retry-connrefused Retry on connection refused (use with --retry)
--retry-delay <seconds> Wait time between retries
--retry-max-time <seconds> Retry only within this period
--sasl-authzid <identity> Use this identity to act as during SASL PLAIN authentication
...

There was no --retry-all-errors parameter in v7.67.0.

So I decided to modify the firewall script itself:
which firewall
resulted in: /opt/bin/firewall

# change directory
cd /opt/bin

# make a backup copy
cp firewall firewall.orig.bak

# open an editor to modify the firewall script.
nano firewall

Approx 17th line down has the following:
export PATH="/sbin:/bin:/usr/sbin:/usr/bin:$PATH"

I replaced that single line with the following two lines (the 1st line is the same as original except with a # in front to comment it out. The 2nd line shifts the /usr/sbin from the 3rd entry in the future PATH over to post-pend to be the last directory in the future PATH.

#export PATH="/sbin:/bin:/usr/sbin:/usr/bin:$PATH"
export PATH="/sbin:/bin:/usr/bin:$PATH:/usr/sbin"

I saved out via Control O and Control X

Ran the firewall again and this time I was able to utilized the current curl version when I did malware update, etc.

This should also hold true for enabling the latest version of curl being used for the daily / weekly / monthly update option you've selected in the settings, as I believe they all call via crontab jobs the firewall script to perform the update.

This is a prime example of why at some point, updating will be a requirement to stay current. You definitely deserve props for figuring out away for youself. While a little hack would have "fixed" things, this is just a bandaid solution. And for the non-technical savvy or novice user would have proved to be more headache than it is worth. The easiest solution for the average user is to just update the firmware. An alternative is to run your own fork.

Also, I am not sure which wan issue you are referring to, but it sounds like an isolated incident since I do not see many users still surfing the forums on firmware that old.

 

[JTnola]

v7.4.5

 

[Jumpstarter]

v7.4.5

 

[ColDen]

Have updated to version 7.4.5 yesterday morning.

 

[JTnola]

Have updated to version 7.4.5 yesterday morning.

All smooth sailing, we assume?

 

[Clark Griswald]

No issues updating to 7.4.5, since released.

 

[ColDen]

All smooth sailing, we assume?

Off course otherwise I would have mentioned it in my prior post.

 

[unsynaps]

Having issues with genstats.

At the top of the page it says XXX blocked outgoing connections but the graph sections for Last 10 Unique Connections Blocked (Outbound) and Top 10 Blocks (Outbound) say no data.

Top 10 HTTP(s) Blocks (Outbound) is populated as well as Last 10 Unique HTTP(s) Blocks (Outbound)

 

[SomeWhereOverTheRainBow]

Having issues with genstats.

At the top of the page it says XXX blocked outgoing connections but the graph sections for Last 10 Unique Connections Blocked (Outbound) and Top 10 Blocks (Outbound) say no data.

Top 10 HTTP(s) Blocks (Outbound) is populated as well as Last 10 Unique HTTP(s) Blocks (Outbound)

I noticed this issue happens when there is nothing populated yet for those blocks between skynet restarts. Some of the populated data for skynet gets cleared on restarts, while the other data isnt.

 

[djtech2k]

EDIT

After making the PATH line edit and rebooting, it seems to be working now.

 

[djtech2k]

Ok as I go thru Skynet more and more I find some things work and some don't. For example, when trying to enter bans, I get the curl errors. But if I go something basic like updating Skynet, that now works. So I am not sure why some things work and others get curl errors still.

 

[djtech2k]

It looks like my firewall script is being overwritten because the updated PATH statement is gone so I am getting curl errors. How can this be fixed permanently?

 

[SomeWhereOverTheRainBow]

It looks like my firewall script is being overwritten because the updated PATH statement is gone so I am getting curl errors. How can this be fixed permanently?

Update your router firmware to a more current version(if you haven't already). The curl errors are most likely because your router is using an outdated firmware. RMerlin updates the curl version in almost every firmware update. The only way curl is giving you an error is if you are on a firmware version that is over a year (or more) old; if your firmware is that old, and you can't update the firmware to the latest RMerlin firmware, then it is recommended to update your router.

I've already commented on this error several posts ago:

The --retry-all-errors option has been present in curl for atleast 2 years to 3 years now. Unless there is something specific about this users router curl, I suspect the most up-to-date firmware should support it. I have not known @RMerlin to not keep curl up-to-date.

This issue is only going to compound as entware becomes unsupported on older model router. This "technically" has already happened. And will become reality as soon as the current legacy maintainers can no longer maintain the legacy support.

You or anyone can read about the gradual discontinuation of entware support on legacy AC Routers here:

https://www.snbforums.com/threads/entware-armv7sf-k2-6-eos.89032/

 

[djtech2k]

Yeah I am running an old version 384.19. I do not enjoy doing the whole wipe and reload and it has worked well for me for a long time so I haven't updated. If there is an easy upgrade path that doesn't require a full manual rebuild then I could do that pretty easily. Otherwise, its going to have to be planned with a lot of time allocated to it. I am running on RT-AC68U so its an old device as well. Its been such a great device and OS though so it is hard to justify buying and/or spending a lot of time on updating when it works.

 

[L&LD]

That is the problem when you get attached to an almost 4-year-old firmware. The solution is to not let it happen again.

With the RT-AC68U being EOL today, the fact that you're running obsolete firmware, and the few minutes of preparation you can do to make any upgrade as easy as possible, all that is preventing you from being on current firmware is fear of the unknown.

Use the link below to get a backup of where your router is now.

Is it a good idea to keep up with Firmware updates?

I have had issues in the past when updating firmware and Internet speed, But it may have just been a fluke, Should I keep up with the updates? If so On all routers or the nodes as well? What about ones acting as access points? Thanks

www.snbforums.com

With this, you'll be able to go back to where you are today in mere minutes.


Download the latest firmware available for your router and AFTER flashing it, be prepared to do a full reset to factory defaults and an M&M install.

Download | Asuswrt-Merlin

asuswrt-merlin.net

Do not blindly use settings/options that you used in the past (i.e. your current firmware), do not use any backup config files, and do not insert any USB drives that were previously used for amtm/scripts.

Merlin on ASUS ax86U Question

I have an ASUS AX86U and contemplating the installation of Merlin firmware. The DDNS settings on the AX86U are limited to select dns providers. If I install Merlin, will I have more flexability (choices) with the DDNS Settings? Thanks in advance!

www.snbforums.com

Am I all set to start fresh with the latest stable release? And a request for L&LD...

After creating the checklists two weeks ago to save the pages with settings, I've made all the screenshots (I think at least) of all the relevant guides written by @L&LD and the very useful tip by @netware5. The only thing is, those guides are great, except when you'll be offline at least for a...

www.snbforums.com

L&LD

www.snbforums.com

If the router isn't stable on the latest firmware for you, use the Nuclear Reset guide in the link above to properly have the firmware use its expected defaults. If the issues continue, that will indicate a hardware fault of the router itself (and/or possibly the power supply).


As to the allocating 'a lot of time' to rebuild a router/network notion:

It takes a lot more to write out and read the steps involved than to do it.

Your network will be usable within 15 or 20 minutes. And you can continue customizing it further (if needed) from there.

And your network and all devices within will be infinitely more secure and dependable too.

 

[SomeWhereOverTheRainBow]

Yeah I am running an old version 384.19. I do not enjoy doing the whole wipe and reload and it has worked well for me for a long time so I haven't updated. If there is an easy upgrade path that doesn't require a full manual rebuild then I could do that pretty easily. Otherwise, its going to have to be planned with a lot of time allocated to it. I am running on RT-AC68U so its an old device as well. Its been such a great device and OS though so it is hard to justify buying and/or spending a lot of time on updating when it works.

I felt the same way back when all I had was an RTAC56U. All it took was asus to EOL it. I replaced it just as quickly as asus stopped supporting it because I did not want to run into problems like the one you are experiencing.
These scripts are actively maintain, as such they will adopt any new method that allows the script to perform better. It just so happens that the curl option you are now experiencing issues with wasn't available on your almost 4 year old firmware; however, this option has been available with firmware versions as early as 2 and a half years old.

You are now reaching a cross roads where entware has ended servicing this kernel. There is a limited support branch available now. Support for the router you have is only going to get worse down the line. You will come here for support for the problems only to find that this will become the new theme with your model router.

I agree with you, when the router works the way it is expected to, then why replace it/update it? This question can be highly subjective. YMMV.

 

[djtech2k]

Thanks.

Years ago my firmware got very old and it was recommended that I flash it back to factory default and build up from there. It was suggested to put in all of my configuration back in manually and not use any kind of restore, which was honestly one of the bigger pains of the process. The flashing takes me some time, mostly because I don't do it often so its inconvenient.

Now I am kinda in the same place again, but this time my router is *very* old. I have really liked the flexibility and the customization that it has given me. Mine is in the basement of a house with 2 levels above ground, so it covers 3 floors and about 4500 sq ft. The Wifi signal is not great everywhere so I put in some wired DD-WRT devices on the other levels, which are even older, smaller Asus routers. That way I am able to use my ethernet cabling and extend wireless. Its far from perfect but it *works* (cabling speed is not great everywhere).

Mine is up and running for now, so I at least have a moment to figure out the long term plan. I have entware installed but not really sure why I have been using it. I just followed the docs here to get my USB back online, mostly for the use of Skynet.

In a perfect world, I know it would be best to separate wifi and the router into separate devices. I just don't know if I want to put in that much work, effort, and cost. Its not ruled out, but I am hesitant. So that leaves the option of buying another all-in-one device. Mine is so old that I don't know what to expect with Wifi, performance, or security. I feel like my router bottlenecks me at times but I haven't gone to prove it, mostly because I know my wifi isn't the best and the ethernet cabling in my house isn't all great. Anyway, so do you guys have any suggestions for updating to new device(s)? Wifi, overall performance, and security are the main things I need, but I also want something that doesn't require a lot of maintenance. I am obviously not the person that wants to spend a lot of time working on my home network. I do IT for a living so my home network is not one I want to spend a ton of time on lol.

At this point with my current device, I feel like I might as well just keep my current firmware and just spend any extra time on a new device(s) when I get something.