What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

If this is the case why is firewall start (the only way on my system to start it) being called to startup more than once? Like I said I have made no other changes.

Its just how the event was designed as multiple components "reset" the rules, miniupnp etc. This is the reason I designed the lock file in the first place to prevent race conditions and ignore the extra attempts.

Just to be clear, was Skynet successfully booted after the logs you posted? If not, please force update, I added some extra output to the Check_Lock function to show the current PID to help me debug if there's an issue here. After doing so post the full logs again with the new version.


To explain what happens better;

Code:
Mar 20 20:11:34 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/Elements/skynet )   <--- PID 1507 Starts Up
Mar 20 20:11:34 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1507) - Exiting (cpid=1303)   <--- CPID 1303 Notices PID 1507 Is Already Running So Exits
Mar 20 20:11:34 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1507) - Exiting (cpid=1732)   <--- CPID 1732 Notices PID 1507 Is Already Running So Exits
Mar 20 20:11:55 Skynet: [Complete] 108555 IPs / 1519 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [21s]    <--- PID 1507 Finishes Starting Up
 
Its just how the event was designed as multiple components "reset" the rules, miniupnp etc. This is the reason I designed the lock file in the first place to prevent race conditions and ignore the extra attempts.

Just to be clear, was Skynet successfully booted after the logs you posted? If not, please force update, I added some extra output to the Check_Lock function to show the current PID to help me debug if there's an issue here. After doing so post the full logs again with the new version.


To explain what happens better;

Code:
Mar 20 20:11:34 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/Elements/skynet )   <--- PID 1507 Starts Up
Mar 20 20:11:34 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1507) - Exiting (cpid=1303)   <--- CPID 1303 Notices PID 1507 Is Already Running So Exits
Mar 20 20:11:34 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1507) - Exiting (cpid=1732)   <--- CPID 1732 Notices PID 1507 Is Already Running So Exits
Mar 20 20:11:55 Skynet: [Complete] 108555 IPs / 1519 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [21s]    <--- PID 1507 Finishes Starting Up
I forced the update and allowed it to start and then rebooted after it did. Here are my logs.
Code:
https://pastebin.com/0zDT89Wn
 
@Adamm there may have been a bug

Code:
Mar 20 03:41:52 custom_script: Running /jffs/scripts/firewall-start (args: vlan3000)        ****** 1rst firewall start *******
Mar 20 03:43:51 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 1 Of 10 )
Mar 20 03:44:01 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 2 Of 10 )
Mar 20 03:44:11 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 3 Of 10 )


Mar 20 03:44:13 custom_script: Running /jffs/scripts/firewall-start (args: vlan3000)        ****** 2nd firewall start *******
Mar 20 03:44:14 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/EXT2/skynet) (pid=762) - Exiting  ****** 2nd instance exiting *******


Mar 20 03:44:21 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 4 Of 10 )
Mar 20 03:44:32 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/EXT2/skynet) (pid=762) - Exiting  ******  ?? 1rst instance exiting  ?? *******

instead of a 5th usb recheck, it seems like the 1rst instance may have closed itself.

This is because I only saw two firewall-starts and two firwall-ends while @skeal's pastebin was up.

It'll be easy to verify if 1rst instance autoclosed with your cpid logging that lists the PID of the instance issuing the exit command.

I will delete this post afterwards to prevent clutter. The current pastebin with cpid is private
 
Last edited:
Sorry guys, it finally clicked whats going on. Check_Lock is being called twice if a USB is slow to mount, but because we no longer delete lock files throughout the script, once the USB mounts and the start function is run, Check_Lock detects its own PID and exits. I'll have a fix out shortly. Thanks for debugging!
 
Sorry guys, it finally clicked whats going on. Check_Lock is being called twice if a USB is slow to mount, but because we no longer delete lock files throughout the script, once the USB mounts and the start function is run, Check_Lock detects its own PID and exits. I'll have a fix out shortly. Thanks for debugging!
Great work you guys! Thank you for looking into this @Adamm !
 
@Adamm I apologise for being confusing. Sometimes I'm pretty dense!
 
@Adamm I apologise for being confusing. Sometimes I'm pretty dense!

Completely my fault, I was so used to the function working a certain way for the last year I completely forgot about the changes I made for v6 which affected it, so I was overlooking the obvious issue. :p
 
Completely my fault, I was so used to the function working a certain way for the last year I completely forgot about the changes I made for v6 which affected it, so I was overlooking the obvious issue. :p
I still think you are awesome bud....:D
 
Sorry guys, it finally clicked whats going on. Check_Lock is being called twice if a USB is slow to mount, but because we no longer delete lock files throughout the script, once the USB mounts and the start function is run, Check_Lock detects its own PID and exits. I'll have a fix out shortly. Thanks for debugging!
This is exactly what I like about this community -- non-confrontational dialogue back and forth between users and developers that quickly identifies and resolves issues. Great effort on all parts!
 
Just a hint: After updating skynet to version 6.0.2 from 6.0.1 the menu tells me that I have 6.0.1 installed, "r" didn't fix that. I had to leave the menu and enter it again to "correct" this ;)

Steps:
1. /jffs/scripts/firewall
2. 10-->1
3. /jffs/scripts/firewall --> Skynet Version; v6.0.1 (20/03/2018) --> Lock File Detected
4. "r" after some time --> Skynet Version; v6.0.1 (20/03/2018) --> Everything else ok
5. e
6. /jffs/scripts/firewall -->Skynet Version; v6.0.2 (20/03/2018)

The banner at the top was always correct if that helps :)




EDIT: A different question @all: Who many blocks do you get if youre using banmalware? I have about 2000-3000 an hour from outside..
107369 IPs / 1512 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 2329 Inbound / 316 Outbound Connections Blocked!
 
Last edited:
Just a hint: After updating skynet to version 6.0.2 from 6.0.1 the menu tells me that I have 6.0.1 installed, "r" didn't fix that. I had to leave the menu and enter it again to "correct" this ;)

Thanks, I'm still polishing the Write_Config function so it doesn't overwrite any settings from simultaneous processes. $localver gets set during the startup process and written to the config file once its done, so if you happen to run something like the menu while the startup process is ongoing the changes won't have been written to the config file yet so it will display the old value.

Hopefully in the next few hours I'll have this area improved.
 
Just a hint: After updating skynet to version 6.0.2 from 6.0.1 the menu tells me that I have 6.0.1 installed, "r" didn't fix that. I had to leave the menu and enter it again to "correct" this ;)

Steps:
1. /jffs/scripts/firewall
2. 10-->1
3. /jffs/scripts/firewall --> Skynet Version; v6.0.1 (20/03/2018) --> Lock File Detected
4. "r" after some time --> Skynet Version; v6.0.1 (20/03/2018) --> Everything else ok
5. e
6. /jffs/scripts/firewall -->Skynet Version; v6.0.2 (20/03/2018)

The banner at the top was always correct if that helps :)


v6.0.3 has been pushed to address this plus a few other minor issues.

Load fresh config during and after Load_Menu()
Fix menu tests
Improve Save_IPSets() safeguard
Fix stats command potentially overwriting config
 
Untitled.jpg


Hi Adamm,

Right after fresh installing Skynet, latest version I am no longer getting hourly logs about the stats of how many inbound and outbound were blocked. After a reboot I get one correct stats line (pictured in blue in my screenshot) but then I get regular dropped notices from the firewall. (in red on my screenshot)

I am using the latest AB-Solution, Entware, Skynet and Merlins latest stable firmware. Like I said earlier, everything is a fresh install, except merlin which I figured didn't cause this. However I did format the jffs before fresh installing Skynet, entware and ab-solution.

I am pretty new to linux and what not but would like to solve this problem. Do you have any advice?

Screenshot attached to this post:

Thanks,
David
 
Updated both routers to 6.0.3...all is well. Thanks @Adamm !
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top