Skynet SkyNet 7.4.0

[JTnola]

….Anyone installed the latest version?
Issues?
Changelog?

Thank you!

 

[underdose]

From Github commit history:

- fix /32 subnet issue.
- increase speed on hanging regex.
- improve delays on manual whitelist code.
- decrease the amount of piped processes on some regex commands.
- enhance hard-coding on hash tables for IPSET, while keeping memory requirements minimal.
- Fix that printf in deport whitelist
- Fix that Deport Whitelist--%s doesn't exist in regular old print, we need printf.
- Fix asn link, Add Real IP address and ranges regex.

 

[EmeraldDeer]

Installed and running for two days with no issues.

 

[Viktor Jaep]

Big difference in my statistics after running a malware blocklist update... it increased my # of IPs by 100K 50K and decreased my ranges by 50K. Good work on making this more efficient and fixing the subnet issue, @SomeWhereOverTheRainBow and @Adamm!

Also... is "deport" the British term for "export"?

 

[SomeWhereOverTheRainBow]

Big difference in my statistics after running a malware blocklist update... it increased my # of IPs by 100K, and decreased my ranges by 50K. Good work on making this more efficient and fixing the subnet issue, @SomeWhereOverTheRainBow and @Adamm!

Also... is "deport" the British term for "export"?

Yep if we are expecting our ranges list to be "smaller" than our single IP list, then we definitely want to be sure our single IP's are not over filling our ranges list. Single IP addresses include any address with a /32 at the end. However, skynet was capturing anything with a "/" in it, and throwing that into ranges. This is inefficient since we have a seperate IPset dedicated to single IP entries. We want to ensure that our ranges only covers anything greater than /32 (e.g. /24 /16 /8).

 

[Viktor Jaep]

Yep if we are expecting our ranges list to be "smaller" than our single IP list, then we definitely want to be sure our single IP's are not over filling our ranges list. Single IP addresses include any address with a /32 at the end. However, skynet was capturing anything with a "/" in it, and throwing that into ranges. This is inefficient since we have a seperate IPset dedicated to single IP entries. We want to ensure that our ranges only covers anything greater than /32 (e.g. /24 /16 /8).

Actually, I think I overstated the IP increase... it was more like a 50K increase... Thanks for your efforts to make the experience better!

 

[badtoast]

Apologize in advance for noob questions, but are cloudflare IPs whitelisted by default or do I have to add them? I am exposing some self-hosted services and utilizing cloudflare as proxy.

https://www.cloudflare.com/ips-v4

 

[ColDen]

I have also installed this version two days ago and have no issues so far.

 

[SomeWhereOverTheRainBow]

Apologize in advance for noob questions, but are cloudflare IPs whitelisted by default or do I have to add them? I am exposing some self-hosted services and utilizing cloudflare as proxy.

https://www.cloudflare.com/ips-v4

That is up to you. I personally don't have a setup that specialized, but if you think skynet might cause a problem, I suggest whitelisting ip addresses if you are having trouble accessing them.

BTW, skynet already includes this list if you have the CDN whitelisting option enabled under skynet settings.

https://github.com/Adamm00/IPSet_ASUS/blob/master/firewall.sh#L877

 

[SomeWhereOverTheRainBow]

Also... is "deport" the British term for "export"?

No, it is Briish (the "t" is silent or non-existing); However, in my country just uttering the word deport tickles the ears of near by ICE agents, so we must be careful!

 

[badtoast]

That is up to you. I personally don't have a setup that specialized, but if you think skynet might cause a problem, I suggest whitelisting ip addresses if you are having trouble accessing them.

BTW, skynet already includes this list if you have the CDN whitelisting option enabled under skynet settings.

https://github.com/Adamm00/IPSet_ASUS/blob/master/firewall.sh#L877

Ah!! Thank you! Exactly what I was looking for. Of course, the source!

 

[Viktor Jaep]

No, it is Briish (the "t" is silent or non-existing); However, in my country just uttering the word deport tickles the ears of near by ICE agents, so we must be careful!

Exactly why I was asking... Shhhhhh!

 

[mrgnex]

I can't seem to update to the newest version. How did you all did it? I get these errors after upgrade entware packages:

curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[i] New Version Detected - Updating To  (d41d8cd98f00b204e9800998ecf8427e)
[i] Saving Changes
[i] Unloading Skynet Components
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating chart.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating chartjs-plugin-zoom.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating hammerjs.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating skynet.asp Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating firewall.sh Failed
[i] Restarting Firewall Service

 

[ColDen]

I can't seem to update to the newest version. How did you all did it? I get these errors after upgrade entware packages:

curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[i] New Version Detected - Updating To  (d41d8cd98f00b204e9800998ecf8427e)
[i] Saving Changes
[i] Unloading Skynet Components
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating chart.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating chartjs-plugin-zoom.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating hammerjs.js Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating skynet.asp Failed
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
curl: option --retry-all-errors: is unknown
curl: try 'curl --help' for more information
[*] Updating firewall.sh Failed
[i] Restarting Firewall Service

Hummm look like a corrupted installation and suggest that you remove Skynet ( sh /jffs/scripts/firewall uninstall ) then re-install Skynet.

 

[Viktor Jaep]

Hummm look like a corrupted installation and suggest that you remove Skynet ( sh /jffs/scripts/firewall uninstall ) then re-install Skynet.

Or CURL isn't up-to-date, and not able to handle that "--retry-all-errors" switch? Perhaps take a look at any possible needed entware updates as well, @mrgnex ? Oops, I just read you just updated your entware... in that case, you might just need a reboot incase some updates need to settle/reload...

The other thing you could try is force updating CURL itself...

opkg update
opkg install --force-reinstall curl

 

[SomeWhereOverTheRainBow]

Or CURL isn't up-to-date, and not able to handle that "--retry-all-errors" switch? Perhaps take a look at any possible needed entware updates as well, @mrgnex ? Oops, I just read you just updated your entware... in that case, you might just need a reboot incase some updates need to settle/reload...

The other thing you could try is force updating CURL itself...

opkg update
opkg install --force-reinstall curl

Skynet hardcodes to use the routers binaries first. So skynet should always be choosing the routers built in curl instead of entwares. If the OP hasn't updated their firmware in a long time, it is highly recommended they do that first.

 

[SomeWhereOverTheRainBow]

Skynet hardcodes to use the routers binaries first. So skynet should always be choosing the routers built in curl instead of entwares. If the OP hasn't updated their firmware in a long time, it is highly recommended they do that first.
View attachment 50774

The --retry-all-errors option has been present in curl for atleast 2 years to 3 years now. Unless there is something specific about this users router curl, I suspect the most up-to-date firmware should support it. I have not known @RMerlin to not keep curl up-to-date.

 

[toforrao]

I'm running into some performance issues when Skynet is updating its Malware lists. Every day, it starts "Skynet_banmalware" script al 12:25, and the router stays unresponsive until this process finishes (2 o 3 minutes).
Is there a way to config skynet to update at some specific hours?
I'm explaining myself:

If I update crontab with "cron -e", on the next reboot, all is messed up again losing that specific configuration I edited.

The proccess original configuration once I install Skynet is this:

If I change that config with this one, for example (using crontab -e):

On the next reboot it comes up with a random schedule again, so there is no way to reschedule this specific process. On this ocassion it changed it to execute it at "15:25" everyday.

My guess is that there must be any way to workaround this. Any thoughts?

Thanks in advance.

 

[SomeWhereOverTheRainBow]

I'm running into some performance issues when Skynet is updating its Malware lists. Every day, it starts "Skynet_banmalware" script al 12:25, and the router stays unresponsive until this process finishes (2 o 3 minutes).
Is there a way to config skynet to update at some specific hours?
I'm explaining myself:

If I update crontab with "cron -e", on the next reboot, all is messed up again losing that specific configuration I edited.

The proccess original configuration once I install Skynet is this:

View attachment 50791

If I change that config with this one, for example (using crontab -e):

View attachment 50792

On the next reboot it comes up with a random schedule again, so there is no way to reschedule this specific process. On this ocassion it changed it to execute it at "15:25" everyday.

View attachment 50793


My guess is that there must be any way to workaround this. Any thoughts?

Thanks in advance.

You can adjust the update schedule.

firewall settings banmalware daily|weekly|disable

Using the below in the ssh terminal
firewall settings banmalware weekly

Will change it from the default daily setting to weekly within the skynet settings. Whereas manually doing the crontab adjustments yourself isn't permanent. You must use the above command for it to stick at weekly.

 

[toforrao]

You can adjust the update schedule.

firewall settings banmalware daily|weekly|disable

Using the below in the ssh terminal
firewall settings banmalware weekly

Will change it from the default daily setting to weekly within the skynet settings. Whereas manually doing the crontab adjustments yourself isn't permanent. You must use the above command for it to stick at weekly.

Thanks!

I guess there is no chance to indicate exactly any hour. In my case, it would be nice to just tell skynet to update at early hours in the morning in order to not to hit network performance...