Divested-WRT: No-nonsense hardened builds for Linksys WRT series

Community Builds, Projects & Packages
1169

Thanks for creating this build! I installed it last weekend after trying to update to the latest mainline release and encountering the MV88E6176 switch problems and it's working great.

I have encountered 1 problem though. I have created a VLAN bridge to segregate my network. This bridge is on the same interface as my wifi. 3 of my switch ports are on this bridge, 2 are untagged, 1 is tagged.

My laptop is on the wifi, and I can ping all devices connected to the tagged port, but when I try and ping the device on one of the untagged ports only a single ping response is occasionally received when the command is first run, then the responses stop. When I plug the laptop into the other untagged port and disconnect from the wifi the ping works fine.

If I monitor tcpdump on the wireless interface for ICMP I see the ping requests but only the occasional single response from devices on the untagged port. If I ping devices on the tagged port, or if the laptop is on the other untagged port and I monitor the bridge I see both the request and response.

My config is below

/etc/config/network
config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan.20'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config bridge-vlan
	option device 'br-lan'
	option vlan '20'
	list ports 'lan2:u*'
	list ports 'lan3:u*'
	list ports 'lan4:t'

/etc/config/wireless
config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option macaddr 'xx:xx:xx:xx:xx:xx'
	option ssid 'wifi'
	option key 'xxxx'
	option encryption 'psk2+ccmp'

tcpdump -i phy0-ap0 -f -v icmp
tcpdump: listening on phy0-ap0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
15:00:23.203513 IP (tos 0x0, ttl 64, id 34563, offset 0, flags [DF], proto ICMP (1), length 84)
    archLaptop.local > backup.local: ICMP echo request, id 17, seq 1, length 64
15:00:23.204144 IP (tos 0x0, ttl 64, id 11789, offset 0, flags [none], proto ICMP (1), length 84)
    backup.local > archLaptop.local: ICMP echo reply, id 17, seq 1, length 64
15:00:24.208709 IP (tos 0x0, ttl 64, id 34665, offset 0, flags [DF], proto ICMP (1), length 84)
    archLaptop.local > backup.local: ICMP echo request, id 17, seq 2, length 64
15:00:25.224206 IP (tos 0x0, ttl 64, id 34968, offset 0, flags [DF], proto ICMP (1), length 84)
    archLaptop.local > backup.local: ICMP echo request, id 17, seq 3, length 64

Is there any reason why there's only a single response here? Any ideas on how to fix this?

1170

This sounds like the issue caused by the target/linux/generic/hack-5.15/600-bridge_offload.patch

1171

Could it be that some or at least one of the dnsrm whitelists for divblock is currently ignored?
I checked https://divested.dev/hosts-dnsmasq and the URL I reported here some time ago r.appspot.com/# is in there again and gets blocked.
It got moved from the Google.txt file to Google-appspot.com file (maybe because it's not .txt?).

1172

@Znrl

eek, good catch
give me a few minutes.

edit:
renamed to .txt and uploaded new lists
thanks again!

1173

Hi, I'm trying to compile the lastest version but I'm having problems, I'm using an Ubuntu VM with all compiling requirements and dependencies like wiki says, my problem is about perl:

make[5]: Leaving directory '/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.28.1'
echo @`sh  cflags "optimize='-O2'" opmini.o` -fPIC -DPERL_IS_MINIPERL -DPERL_EXTERNAL_GLOB opmini.c
@arm-openwrt-linux-muslgnueabi-gcc -c -DPERL_CORE -D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -Os -pipe -fno-caller-saves -fno-plt -fhonour-copts -mfloat-abi=hard -I/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/staging_dir/toolchain-arm_cortex-a9+vfpv3-d16_gcc-12.3.0_musl_eabi/usr/include -I/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/staging_dir/toolchain-arm_cortex-a9+vfpv3-d16_gcc-12.3.0_musl_eabi/include/fortify -I/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/staging_dir/toolchain-arm_cortex-a9+vfpv3-d16_gcc-12.3.0_musl_eabi/include -O2 -Wall -fPIC -DPERL_IS_MINIPERL -DPERL_EXTERNAL_GLOB opmini.c
In file included from op.c:163:
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: error: unknown type name 'off64_t'; did you mean 'off_t'?
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
perl.h:2494:22: note: in definition of macro 'Off_t'
 2494 | #       define Off_t off64_t
      |                      ^~~~~~~
make[4]: *** [Makefile:304: opmini.o] Error 1
make[4]: Leaving directory '/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.28.1'
make[3]: *** [Makefile:150: /home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.28.1/.built] Error 2
make[3]: Leaving directory '/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/feeds/packages/lang/perl'
time: package/feeds/packages/perl/compile#11.70#3.02#14.08
    ERROR: package/feeds/packages/perl failed to build.
make[2]: *** [package/Makefile:120: package/feeds/packages/perl/compile] Error 1
make[2]: Leaving directory '/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt'
make[1]: *** [package/Makefile:114: /home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/staging_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt'
make: *** [/home/alberto/Compiling/Linksys-WRT3200ACM/openwrt/include/toplevel.mk:231: world] Error 2

I don't know what's happening, I've started from the beginning, deleting the buildroot, and compile like if this it was the first time, but each time that I tried, the same happens; I tried to update my VM too, but without succesfull results, can you point me in right direction please?

P.S.: If you need more info or something else, don't hesitate to tell me

1174

@Raskaipika

caused by https://github.com/openwrt/openwrt/commit/fff878c5bcda6dea337c97a95721bf8cf73e4560

there is some churn happening, you can see other pakcages being fixed for that issue "fix compilation with musl 1.24": https://github.com/openwrt/openwrt/commits/master

maybe report it there, in case it hasn't already been noticed

1175

Thanks for the answer, you're right about this, yesterday (before to delete the buildroot and start from the beginning), there were problems relate with musl.

But, I don't know how to report this problem at github, I didn't have to do this before, it's not that I don't want to do it, but I prefer to wait the problem will be fixed.

1176

thanks for the heads up, will follow this on the github issue here and the mailing list where this patch is mentioned here

1177

Thanks for the info.
Should it work as well on 1900acs?
I'm in Italy and trying this, but 160 isn't showing up in the luci options even if FR and Force 40Mhz is configured

image

1178

@komodikkio
80MHz should work, but only on some channels.

Force 40MHz only applies to 2.4GHz as the 1-11 channel can only have one non-overlapping 40MHz access point at any given time.

1179

Ooh right, thanks for the clarification Skewed, so i can remove the "force 40 mhz" flag from the 5g configuration, right?
I was trying to understand if the 160mhz procedure was doable on the 1900acs, cause i can't see the option at all

1180

160MHz doesn't work on 1200/1900ac series iirc, only wrt32x/3200
but dfs is broken on these, which makes it immediately drop back

1181

got it, thanks :slight_smile: :slight_smile:
so should i install back the packages kmod-mwifiex-sdio kmod-btmrvl mwifiex-sdio-firmware?

1182

@komodikkio
I don't think those packages do anything on wrt1200/1900 series, I just didn't split them out of the config

1 Like
1183

It appears MAC spoofing for WAN no longer works.

1184

Ughh I discovered that Divested distro comes with an auto-updating script that block a bunch of random domains at the dnsmasq level. One of which for some reason happened to be my externally visible duckdns.org URL pointing to my HomeAssistant instance.

It was kinda fun chasing this down all the way into dnsmasq source to understand what those cryptic "config" dnsmasq log entries meant and then as I almost have up and was typing up pleas for help in OpenWrt forum I completely randomly stumbled into the config file under /tmp/dnsmasq.d/divblock.conf

Bruhh :smile:

I appreciate the effort for sure but can the maintainer please please please call out this functionality somewhere up on the landing page? -> https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/

I bet this will save a lot of pulled out hair for other folks.

Still big thanks for keeping the lights on for my trusty router.

1 Like
1185

@Giorgik
I've amended the original post and the website: https://divested.dev/unofficial-openwrt-builds/mvebu-linksys/#divblock

duckdns.org isn't even blocked?

1 Like
1186

Thanks, that was fast.

duckdns.org isn't even blocked?

root@OpenWrt:/etc/init.d# cat /tmp/dnsmasq.d/divblock.conf | grep \.duckdns\.org | wc -l

145291
1187

yes, many entries of duckdns.org are blocked, but it isn't wildcarded out.

I really should just wildcard it out, as you show it makes up nearly 1/5 of the list.

edit: did

1188

Wait why though? Duckdns is a free DNS provider, anyone is free to make a subdomain with them. What's the logic behind blocking the whole thing? Who compiled this list to begin with, how did my private-use Home Assistant hostname end up in the blocklist?
So many question...