SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Wireless Networking > ASUS Wireless > Asuswrt-Merlin

Reply
 
Thread Tools Search this Thread Display Modes
  #11  
Old 06-01-2014, 03:50 PM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 9,721
Thanks: 48
Thanked 5,185 Times in 2,191 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
Hi again,

I was confused/didn't remember correctly. I see from your post earlier in this thread that the UI now supports 128 but there may have been some issue above 64 and possibly when above 35.

Here are some more details.

We have 61 MAC addresses on 2.4Ghz radio and the same 61 MAC addresses on the 5.0Ghz one. So in my mind this is below the limit.

I've used a google docs script to set the following NVRAM params, and then I go into the UI and turn off then on the MAC filtering to push through whatever changes are needed under the hood. The reason I use the script to set the NVRAM params is so that I can manage the list of users in a google docs spreadsheet. I arrived at these params by adding and removing different MAC addresses and seeing what NVRAM params were getting set. I might be missing something, and I don't know what the purpose of them all are

nvram set wl_maclist="00:00:00:00:00:01 00:00:00:00:00:02"
nvram set wl0_maclist="00:00:00:00:00:01 00:00:00:00:00:02"
nvram set wl1_maclist="00:00:00:00:00:01 00:00:00:00:00:02"
nvram set wl_maclist_x="<00:00:00:00:00:01>usr-1<00:00:00:00:00:02>usr-2"
nvram set wl0_maclist_x="<00:00:00:00:00:01>usr-1<00:00:00:00:00:02>usr-2"
nvram set wl1_maclist_x="<00:00:00:00:00:01>usr-1<00:00:00:00:00:02>usr-2"
nvram commit

I suppose the alternative is to try and get FreeRadius running on the router. Are you aware of anyone who has achieved this?

Thanks,

Opie
wl_maclist (and wl_maclist_x) are unused by the router. It's just a temporary storage used by the webui when the user applies the settings it just entered. Then, the web server will determine if you were editing the 2.4 GHz or 5 GHz interface, and copy these to the appropriate wl0_* or wl1_* vars.

Can you tell me the length of the content of wl0_maclist/wl1_maclist and wl0_maclist_x/wl1_maclist_x?

I suspect that the issue lies in the fact that I've taken into account the length of all the MACs and the separators, but didn't factor the name length. I see at least one place in the code where that'd be the case.

Radius would indeed be far more manageable for such a big list of clients, however I don't know anyone who actually played with that.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.

Last edited by RMerlin; 06-01-2014 at 03:56 PM.
Reply With Quote
  #12  
Old 06-01-2014, 09:23 PM
opie opie is offline
New Member
 
Join Date: Oct 2013
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
opie is just starting out
Default

Hi,

I assemble in a series of environment variables the MAC addresses and then contact the environment variables together as follows:

nvram set wl0_maclist=$list0$list1$list2$list3$list4$list5
and
nvram set wl0_maclist_x=$list0_x$list1_x$list2_x$list3_x$lis t4_x$list5_x

Each $list... variable is kept <1024 characters, in fact I don't let it assemble more than 40 MAC addresses.

So in my example, with 61 MAC addresses and using a very minimal label which is just the row # from my spreadsheet (i.e. 1-70) as a label my calls to

nvram set wl0_maclist - 1081 characters
nvram set wl0_maclist_x - 1257 characters

The WebGui properly displays ALL the MACs that I load with my script complete with labels.

My sense is that the breakdown is happening when the APPLY/SAVE function from the WebGUI is being called and the background processes are being configured (iptables?)

Is there some output from iptables that I could attach as a debug step?

Thanks again!

Opie
Reply With Quote
  #13  
Old 06-02-2014, 09:57 AM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 9,721
Thanks: 48
Thanked 5,185 Times in 2,191 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
nvram set wl0_maclist - 1081 characters
nvram set wl0_maclist_x - 1257 characters
The firmware only had a 1200 bytes buffer, therefore it was being overrun.

I increased it to 3500, which should accommodate 64 MACs with names of 30 chars each. This is the maximum length supported by the httpd service when processing nvram values.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
  #14  
Old 06-02-2014, 11:04 PM
opie opie is offline
New Member
 
Join Date: Oct 2013
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
opie is just starting out
Default

Fantastic. I will give it a try with the next release.

If I kept the label names really short, would it support more than 64 MACs or is there something else in the chain that would breakdown?
Reply With Quote
  #15  
Old 06-03-2014, 12:03 AM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 9,721
Thanks: 48
Thanked 5,185 Times in 2,191 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
Fantastic. I will give it a try with the next release.

If I kept the label names really short, would it support more than 64 MACs or is there something else in the chain that would breakdown?
Shorter names would be a usable workaround for now. Just make sure the total length of the nvram setting isn't longer than 1200 characters (including all the separators).
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
  #16  
Old 06-07-2014, 02:04 PM
opie opie is offline
New Member
 
Join Date: Oct 2013
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
opie is just starting out
Default

Hi Merlin,

I tried the 374.43 build last night and found that a larger # of MACs to filter by still appear limited to the ~1000 character limit.

Can you tell me the format iptables command that the web-server is running to establish the MAC based filtering.

I ran 'iptables --list' but couldn't find an associated chain when I had the MAC filtering enabled for either of the radios.

My idea is to build a script that parses a text file of MAC addresses and then call the appropriate iptables command. And then have this run automatically on boot-up.

Perhaps there is another way?

Thanks,

Owen
Reply With Quote
  #17  
Old 06-07-2014, 11:53 PM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 9,721
Thanks: 48
Thanked 5,185 Times in 2,191 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
Hi Merlin,

I tried the 374.43 build last night and found that a larger # of MACs to filter by still appear limited to the ~1000 character limit.

Can you tell me the format iptables command that the web-server is running to establish the MAC based filtering.

I ran 'iptables --list' but couldn't find an associated chain when I had the MAC filtering enabled for either of the radios.

My idea is to build a script that parses a text file of MAC addresses and then call the appropriate iptables command. And then have this run automatically on boot-up.

Perhaps there is another way?

Thanks,

Owen
It's not done by the router firewall code, so I suspect it's done internally by the closed-source driver, in which case this means this is a limit I have no way to increase beyond the actual limit. That means I will have to bring it back down to 32 MACs max then. The code I fixed involved the location where the user-entered list was read, processed, and stored in a different nvram setting. I see no reference in the firmware to that other setting.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 07:40 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  457
stevech  194
sm00thpapa  181
azazel1024  180
KGB7  159
philmiami  96
jim769  83
microchip  82
htismaqe  77
AcostaJA  74
RMerlin  5184
stevech  315
ryzhov_al  259
TeHashX  212
RogerSC  187
L&LD  186
joegreat  123
jlake  122
sinshiva  118
sfx2000  112
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  32141
Old Switched...  9135
Old NEW RT-AC68R...  8469
Old ASUS...  7809
Old ASUS...  7480
Old 3.0.0.4.376.1...  7138
Old ASUS RT-AC87...  5059
Old ASUS RTAC68U...  4081
Old ASUS...  3971
Old Netgear...  3861
Old Asuswrt-Merli...  285
Old ASUS...  91
Old Overclock...  75
Old [Q] How to...  73
Old Switched...  66
Old NEW RT-AC68R...  57
Old N66U daily...  47
Old ASUS...  45
Old How many of...  45
Old ASUS...  44


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.