Skynet Skynet - Router Firewall & Security Enhancements

[Adamm]

If this is the case why is firewall start (the only way on my system to start it) being called to startup more than once? Like I said I have made no other changes.

Its just how the event was designed as multiple components "reset" the rules, miniupnp etc. This is the reason I designed the lock file in the first place to prevent race conditions and ignore the extra attempts.

Just to be clear, was Skynet successfully booted after the logs you posted? If not, please force update, I added some extra output to the Check_Lock function to show the current PID to help me debug if there's an issue here. After doing so post the full logs again with the new version.


To explain what happens better;

Mar 20 20:11:34 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/Elements/skynet )   <--- PID 1507 Starts Up
Mar 20 20:11:34 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1507) - Exiting (cpid=1303)   <--- CPID 1303 Notices PID 1507 Is Already Running So Exits
Mar 20 20:11:34 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1507) - Exiting (cpid=1732)   <--- CPID 1732 Notices PID 1507 Is Already Running So Exits
Mar 20 20:11:55 Skynet: [Complete] 108555 IPs / 1519 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [21s]    <--- PID 1507 Finishes Starting Up

 

[skeal]

Its just how the event was designed as multiple components "reset" the rules, miniupnp etc. This is the reason I designed the lock file in the first place to prevent race conditions and ignore the extra attempts.

Just to be clear, was Skynet successfully booted after the logs you posted? If not, please force update, I added some extra output to the Check_Lock function to show the current PID to help me debug if there's an issue here. After doing so post the full logs again with the new version.


To explain what happens better;

Mar 20 20:11:34 Skynet: [INFO] Startup Initiated... ( skynetloc=/tmp/mnt/Elements/skynet )   <--- PID 1507 Starts Up
Mar 20 20:11:34 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1507) - Exiting (cpid=1303)   <--- CPID 1303 Notices PID 1507 Is Already Running So Exits
Mar 20 20:11:34 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/Elements/skynet) (pid=1507) - Exiting (cpid=1732)   <--- CPID 1732 Notices PID 1507 Is Already Running So Exits
Mar 20 20:11:55 Skynet: [Complete] 108555 IPs / 1519 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [21s]    <--- PID 1507 Finishes Starting Up

I forced the update and allowed it to start and then rebooted after it did. Here are my logs.

https://pastebin.com/0zDT89Wn

 

[FreshJR]

@Adamm there may have been a bug

Mar 20 03:41:52 custom_script: Running /jffs/scripts/firewall-start (args: vlan3000)        ****** 1rst firewall start *******
Mar 20 03:43:51 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 1 Of 10 )
Mar 20 03:44:01 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 2 Of 10 )
Mar 20 03:44:11 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 3 Of 10 )


Mar 20 03:44:13 custom_script: Running /jffs/scripts/firewall-start (args: vlan3000)        ****** 2nd firewall start *******
Mar 20 03:44:14 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/EXT2/skynet) (pid=762) - Exiting  ****** 2nd instance exiting *******


Mar 20 03:44:21 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 4 Of 10 )
Mar 20 03:44:32 Skynet: [INFO] Lock File Detected (start skynetloc=/tmp/mnt/EXT2/skynet) (pid=762) - Exiting  ******  ?? 1rst instance exiting  ?? *******

instead of a 5th usb recheck, it seems like the 1rst instance may have closed itself.

This is because I only saw two firewall-starts and two firwall-ends while @skeal's pastebin was up.

It'll be easy to verify if 1rst instance autoclosed with your cpid logging that lists the PID of the instance issuing the exit command.

I will delete this post afterwards to prevent clutter. The current pastebin with cpid is private

 

[rromeroa]

Same issue here... seems that lock file is not deleted while sleeping for usb detection.

 

[Adamm]

Sorry guys, it finally clicked whats going on. Check_Lock is being called twice if a USB is slow to mount, but because we no longer delete lock files throughout the script, once the USB mounts and the start function is run, Check_Lock detects its own PID and exits. I'll have a fix out shortly. Thanks for debugging!

 

[skeal]

Sorry guys, it finally clicked whats going on. Check_Lock is being called twice if a USB is slow to mount, but because we no longer delete lock files throughout the script, once the USB mounts and the start function is run, Check_Lock detects its own PID and exits. I'll have a fix out shortly. Thanks for debugging!

Great work you guys! Thank you for looking into this @Adamm !

 

[Adamm]

v6.0.2 is live.

@skeal @rromeroa let me know if this corrects the issue.

 

[skeal]

v6.0.2 is live.

@skeal @rromeroa let me know if this corrects the issue.

You are awesome man!! It is fixed!!

 

[skeal]

@Adamm I apologise for being confusing. Sometimes I'm pretty dense!

 

[Adamm]

@Adamm I apologise for being confusing. Sometimes I'm pretty dense!

Completely my fault, I was so used to the function working a certain way for the last year I completely forgot about the changes I made for v6 which affected it, so I was overlooking the obvious issue.

 

[rromeroa]

You are awesome man!! It is fixed!!

Fixed here too. @Adamm Thank you for your great work!

 

[skeal]

Completely my fault, I was so used to the function working a certain way for the last year I completely forgot about the changes I made for v6 which affected it, so I was overlooking the obvious issue.

I still think you are awesome bud....

 

[visortgw]

Sorry guys, it finally clicked whats going on. Check_Lock is being called twice if a USB is slow to mount, but because we no longer delete lock files throughout the script, once the USB mounts and the start function is run, Check_Lock detects its own PID and exits. I'll have a fix out shortly. Thanks for debugging!

This is exactly what I like about this community -- non-confrontational dialogue back and forth between users and developers that quickly identifies and resolves issues. Great effort on all parts!

 

[TheUntouchable]

Just a hint: After updating skynet to version 6.0.2 from 6.0.1 the menu tells me that I have 6.0.1 installed, "r" didn't fix that. I had to leave the menu and enter it again to "correct" this

Steps:
1. /jffs/scripts/firewall
2. 10-->1
3. /jffs/scripts/firewall --> Skynet Version; v6.0.1 (20/03/2018) --> Lock File Detected
4. "r" after some time --> Skynet Version; v6.0.1 (20/03/2018) --> Everything else ok
5. e
6. /jffs/scripts/firewall -->Skynet Version; v6.0.2 (20/03/2018)

The banner at the top was always correct if that helps




EDIT: A different question @all: Who many blocks do you get if youre using banmalware? I have about 2000-3000 an hour from outside..
107369 IPs / 1512 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 2329 Inbound / 316 Outbound Connections Blocked!

 

[Adamm]

Just a hint: After updating skynet to version 6.0.2 from 6.0.1 the menu tells me that I have 6.0.1 installed, "r" didn't fix that. I had to leave the menu and enter it again to "correct" this

Thanks, I'm still polishing the Write_Config function so it doesn't overwrite any settings from simultaneous processes. $localver gets set during the startup process and written to the config file once its done, so if you happen to run something like the menu while the startup process is ongoing the changes won't have been written to the config file yet so it will display the old value.

Hopefully in the next few hours I'll have this area improved.

 

[Adamm]

Just a hint: After updating skynet to version 6.0.2 from 6.0.1 the menu tells me that I have 6.0.1 installed, "r" didn't fix that. I had to leave the menu and enter it again to "correct" this

Steps:
1. /jffs/scripts/firewall
2. 10-->1
3. /jffs/scripts/firewall --> Skynet Version; v6.0.1 (20/03/2018) --> Lock File Detected
4. "r" after some time --> Skynet Version; v6.0.1 (20/03/2018) --> Everything else ok
5. e
6. /jffs/scripts/firewall -->Skynet Version; v6.0.2 (20/03/2018)

The banner at the top was always correct if that helps

v6.0.3 has been pushed to address this plus a few other minor issues.

Load fresh config during and after Load_Menu()
Fix menu tests
Improve Save_IPSets() safeguard
Fix stats command potentially overwriting config

 

[Davidncali001]

Hi Adamm,

Right after fresh installing Skynet, latest version I am no longer getting hourly logs about the stats of how many inbound and outbound were blocked. After a reboot I get one correct stats line (pictured in blue in my screenshot) but then I get regular dropped notices from the firewall. (in red on my screenshot)

I am using the latest AB-Solution, Entware, Skynet and Merlins latest stable firmware. Like I said earlier, everything is a fresh install, except merlin which I figured didn't cause this. However I did format the jffs before fresh installing Skynet, entware and ab-solution.

I am pretty new to linux and what not but would like to solve this problem. Do you have any advice?

Screenshot attached to this post:

Thanks,
David

 

[Adamm]

I am pretty new to linux and what not but would like to solve this problem. Do you have any advice?

Whats the output of "cru l"

 

[skeal]

Updated both routers to 6.0.3...all is well. Thanks @Adamm !

 

[Davidncali001]

I dont know what that is or how to get that output.

Whats the output of "cru l"