What's new

Skynet SkyNet 7.4.0

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
From Github commit history:

- fix /32 subnet issue.
- increase speed on hanging regex.
- improve delays on manual whitelist code.
- decrease the amount of piped processes on some regex commands.
- enhance hard-coding on hash tables for IPSET, while keeping memory requirements minimal.
- Fix that printf in deport whitelist
- Fix that Deport Whitelist--%s doesn't exist in regular old print, we need printf.
- Fix asn link, Add Real IP address and ranges regex.
 
Installed and running for two days with no issues.
 
Big difference in my statistics after running a malware blocklist update... it increased my # of IPs by 100K 50K and decreased my ranges by 50K. Good work on making this more efficient and fixing the subnet issue, @SomeWhereOverTheRainBow and @Adamm!

Also... is "deport" the British term for "export"? ;)
 
Last edited:
Big difference in my statistics after running a malware blocklist update... it increased my # of IPs by 100K, and decreased my ranges by 50K. Good work on making this more efficient and fixing the subnet issue, @SomeWhereOverTheRainBow and @Adamm!

Also... is "deport" the British term for "export"? ;)
Yep if we are expecting our ranges list to be "smaller" than our single IP list, then we definitely want to be sure our single IP's are not over filling our ranges list. Single IP addresses include any address with a /32 at the end. However, skynet was capturing anything with a "/" in it, and throwing that into ranges. This is inefficient since we have a seperate IPset dedicated to single IP entries. We want to ensure that our ranges only covers anything greater than /32 (e.g. /24 /16 /8).
 
Yep if we are expecting our ranges list to be "smaller" than our single IP list, then we definitely want to be sure our single IP's are not over filling our ranges list. Single IP addresses include any address with a /32 at the end. However, skynet was capturing anything with a "/" in it, and throwing that into ranges. This is inefficient since we have a seperate IPset dedicated to single IP entries. We want to ensure that our ranges only covers anything greater than /32 (e.g. /24 /16 /8).
Actually, I think I overstated the IP increase... it was more like a 50K increase... Thanks for your efforts to make the experience better! :)
 
Apologize in advance for noob questions, but are cloudflare IPs whitelisted by default or do I have to add them? I am exposing some self-hosted services and utilizing cloudflare as proxy.

 
I have also installed this version two days ago and have no issues so far.
 
Apologize in advance for noob questions, but are cloudflare IPs whitelisted by default or do I have to add them? I am exposing some self-hosted services and utilizing cloudflare as proxy.

That is up to you. I personally don't have a setup that specialized, but if you think skynet might cause a problem, I suggest whitelisting ip addresses if you are having trouble accessing them.

BTW, skynet already includes this list if you have the CDN whitelisting option enabled under skynet settings.

 
Last edited:
No, it is Briish (the "t" is silent or non-existing); However, in my country just uttering the word deport tickles the ears of near by ICE agents, so we must be careful!
Exactly why I was asking... Shhhhhh!
 
I can't seem to update to the newest version. How did you all did it? I get these errors after upgrade entware packages:
Code:
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[i] New Version Detected - Updating To  (d41d8cd98f00b204e9800998ecf8427e)
[i] Saving Changes
[i] Unloading Skynet Components
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating chart.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating chartjs-plugin-zoom.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating hammerjs.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating skynet.asp Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating firewall.sh Failed
[i] Restarting Firewall Service
 
  • Like
Reactions: GWB
I can't seem to update to the newest version. How did you all did it? I get these errors after upgrade entware packages:
Code:
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[i] New Version Detected - Updating To  (d41d8cd98f00b204e9800998ecf8427e)
[i] Saving Changes
[i] Unloading Skynet Components
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating chart.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating chartjs-plugin-zoom.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating hammerjs.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating skynet.asp Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating firewall.sh Failed
[i] Restarting Firewall Service
Hummm look like a corrupted installation and suggest that you remove Skynet ( sh /jffs/scripts/firewall uninstall ) then re-install Skynet.
 
Hummm look like a corrupted installation and suggest that you remove Skynet ( sh /jffs/scripts/firewall uninstall ) then re-install Skynet.
Or CURL isn't up-to-date, and not able to handle that "--retry-all-errors" switch? Perhaps take a look at any possible needed entware updates as well, @mrgnex ? Oops, I just read you just updated your entware... in that case, you might just need a reboot incase some updates need to settle/reload...

The other thing you could try is force updating CURL itself...

Code:
opkg update
opkg install --force-reinstall curl
 
Last edited:
Or CURL isn't up-to-date, and not able to handle that "--retry-all-errors" switch? Perhaps take a look at any possible needed entware updates as well, @mrgnex ? Oops, I just read you just updated your entware... in that case, you might just need a reboot incase some updates need to settle/reload...

The other thing you could try is force updating CURL itself...

Code:
opkg update
opkg install --force-reinstall curl
Skynet hardcodes to use the routers binaries first. So skynet should always be choosing the routers built in curl instead of entwares. If the OP hasn't updated their firmware in a long time, it is highly recommended they do that first.
Screenshot_20230607_194736_Samsung Internet.jpg
 
Skynet hardcodes to use the routers binaries first. So skynet should always be choosing the routers built in curl instead of entwares. If the OP hasn't updated their firmware in a long time, it is highly recommended they do that first.
View attachment 50774
The --retry-all-errors option has been present in curl for atleast 2 years to 3 years now. Unless there is something specific about this users router curl, I suspect the most up-to-date firmware should support it. I have not known @RMerlin to not keep curl up-to-date.
 
Last edited:
I'm running into some performance issues when Skynet is updating its Malware lists. Every day, it starts "Skynet_banmalware" script al 12:25, and the router stays unresponsive until this process finishes (2 o 3 minutes).
Is there a way to config skynet to update at some specific hours?
I'm explaining myself:

If I update crontab with "cron -e", on the next reboot, all is messed up again losing that specific configuration I edited.

The proccess original configuration once I install Skynet is this:

1686220977068.png


If I change that config with this one, for example (using crontab -e):

1686221336847.png


On the next reboot it comes up with a random schedule again, so there is no way to reschedule this specific process. On this ocassion it changed it to execute it at "15:25" everyday.

1686221354897.png



My guess is that there must be any way to workaround this. Any thoughts?

Thanks in advance.
 
I'm running into some performance issues when Skynet is updating its Malware lists. Every day, it starts "Skynet_banmalware" script al 12:25, and the router stays unresponsive until this process finishes (2 o 3 minutes).
Is there a way to config skynet to update at some specific hours?
I'm explaining myself:

If I update crontab with "cron -e", on the next reboot, all is messed up again losing that specific configuration I edited.

The proccess original configuration once I install Skynet is this:

View attachment 50791

If I change that config with this one, for example (using crontab -e):

View attachment 50792

On the next reboot it comes up with a random schedule again, so there is no way to reschedule this specific process. On this ocassion it changed it to execute it at "15:25" everyday.

View attachment 50793


My guess is that there must be any way to workaround this. Any thoughts?

Thanks in advance.
You can adjust the update schedule.

firewall settings banmalware daily|weekly|disable

Using the below in the ssh terminal
firewall settings banmalware weekly

Will change it from the default daily setting to weekly within the skynet settings. Whereas manually doing the crontab adjustments yourself isn't permanent. You must use the above command for it to stick at weekly.
 
You can adjust the update schedule.

firewall settings banmalware daily|weekly|disable

Using the below in the ssh terminal
firewall settings banmalware weekly

Will change it from the default daily setting to weekly within the skynet settings. Whereas manually doing the crontab adjustments yourself isn't permanent. You must use the above command for it to stick at weekly.
Thanks!

I guess there is no chance to indicate exactly any hour. In my case, it would be nice to just tell skynet to update at early hours in the morning in order to not to hit network performance...
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top