Gargoyle 1.15.x BETA - 2025-03-31 - Based on OpenWrt 23.05

[fifonik]

User error detected %-)

Looks like I've forgotten to press "Save" when edited restrictions, so one rule was with no IP and so blocked everything (as it should).
Noticed that when compared filewall configs.

So everything looks good for now. I've checked so far:
- PPPoE, DHCP, WiFi 2.4 & 5: works
- Restrictions: works
- Quotas: works
- QoS: works
- Port Forwarding: works
- Web Usage: works

BTW, in logs I see:
Fri Jun 28 18:35:20 2024 daemon.err uhttpd[13254]: sh: write error: Broken pipe
Fri Jun 28 18:36:32 2024 daemon.err uhttpd[13254]: /bin/sh: curl: not found
Fri Jun 28 18:39:26 2024 daemon.err uhttpd[13254]: tar: removing leading '/' from member names

[Lantis]

Nothing can be done about the broken pipes.
Any idea what you were doing when curl and tar messages appeared?

Glad everything else is good!

[fifonik]

> Any idea what you were doing when curl and tar messages appeared?

I will try to re-produce it tomorrow as I'm not allowed to disturb internet users today any longer %-)

Looks like accessing Connection | DNS over HTTPS (plugin) page causing it.
No any changes needed. Just visited the page https://192.168.1.1/doh.sh, reloaded it 2 times and got 3 such errors in log.

[Lantis]

I'm a bit confused by the tar error. We don't reference tar anywhere in DoH. If you have any more clues or investigation please let me know.

curl error is identified and fixed. It doesn't cause any harm but I have fixed it.

[fifonik]

While trying to find what causing the 'tar error', I've discovered a new one:

Code: Select all

Fri Jun 28 22:41:05 2024 daemon.err uhttpd[13254]: /bin/sh: 
: not found

With newline after 'sh:'.
This message appearing in log when I visiting 'System | Update Firmware' page: https://192.168.1.1/update.sh

As for the 'tar error', the message appearing in log when I backing up configuration on 'System | Backup/Restore' page:
https://192.168.1.1/backup.sh

[fifonik]

If I understand correctly, one solution for dealing with the tar message would be to remove leading slashes from the list of files and provide '-C /' option, so this bit of code in /usr/lib/gargoyle/create_backup.sh will become something like this:

Code: Select all

backup_locations='etc/passwd etc/shadow etc/config etc/rc.d etc/TZ etc/firewall.user etc/ethers etc/hosts etc/webmon_ips etc/crontabs etc/dropbear etc/samba/smbpasswd tmp/data usr/data etc/openvpn '
existing_locations=""
for bl in $backup_locations ; do
	if [ -e "/$bl" ] ; then
		existing_locations="$existing_locations $bl"
	fi
done

if [ -e /tmp/backup ] ; then
	rm -rf /tmp/backup
fi
mkdir -p /tmp/backup
cd /tmp/backup
tar cvzf backup.tar.gz -C / $existing_locations

I've patched my gargoyle with the above change and no more tar notification about the leading slash added into log when I'm backing up configuration.

[fifonik]

BTW, I've found that new version has the same issue with webmon as the old version.

Sometimes there is a rubbish in data returned by its run_command.sh: some lines have EOLs so consecutive lines do not have all fields and updateMonitorTable function has an exception here:

Code: Select all

var ip = splitLine[2];
ip = isIPv6(ip) ? ip6_canonical(ip) : ip; // if ip undefined the isIPv6 has an exception

As a result, tables not displayed.

Could you please slightly modify the function to make it more reliable, for example:

Code: Select all

var splitLine = webmonLines[wmIndex].split(/[\t]+/);
+if(!splitLine || splitLine.length < 4) continue; // add this line

I patched it locally and it works fine (the problematic lines skipped).

P.S. proper fix would remove EOLs from data while creating data somewhere in xt_webmon.c.
P.P.S. Let me know if you'd like to have a look at the 'rubbish' I'm talking about. Can send the webmon_domains.txt to email/skype/telegram, but not going to post it in forum, sorry.

[Lantis]

I'd rather chase down the reason the data is coming out corrupted. Can you send the file to the email listed here please: https://lantisproject.com/contact

I've noticed it isn't really reliably tracking visited sites on my test here anyway so I'll need to pull it apart and look at what is going wrong.

[fifonik]

> I'd rather chase down the reason the data is coming out corrupted

Agree.
But from my point of view the logic of sniffing data from https does not look reliable.
So I think it is better to fix in on client side as well, having in mind that the fix is so trivial.

P.S. I sent corrupted file.

[Lantis]

Thanks. I fixed a weird bug that wouldn’t manifest on all systems all the time.
The good thing is this makes webmon get more hits.
The other good thing is I’m 93% sure this will fix the issue you reported as well.

Unfortunately as it is a kernel module level fix, it’s a new image required to test it. I’m compiling all targets now should be done in ~24 hours.

I’ve also pulled the other build which had the VLAN saving issue.