SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Wireless Networking > ASUS Wireless > Asuswrt-Merlin

Reply
 
Thread Tools Search this Thread Display Modes
  #11  
Old 06-01-2014, 04:50 PM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 11,172
Thanks: 58
Thanked 6,268 Times in 2,554 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
Hi again,

I was confused/didn't remember correctly. I see from your post earlier in this thread that the UI now supports 128 but there may have been some issue above 64 and possibly when above 35.

Here are some more details.

We have 61 MAC addresses on 2.4Ghz radio and the same 61 MAC addresses on the 5.0Ghz one. So in my mind this is below the limit.

I've used a google docs script to set the following NVRAM params, and then I go into the UI and turn off then on the MAC filtering to push through whatever changes are needed under the hood. The reason I use the script to set the NVRAM params is so that I can manage the list of users in a google docs spreadsheet. I arrived at these params by adding and removing different MAC addresses and seeing what NVRAM params were getting set. I might be missing something, and I don't know what the purpose of them all are

nvram set wl_maclist="00:00:00:00:00:01 00:00:00:00:00:02"
nvram set wl0_maclist="00:00:00:00:00:01 00:00:00:00:00:02"
nvram set wl1_maclist="00:00:00:00:00:01 00:00:00:00:00:02"
nvram set wl_maclist_x="<00:00:00:00:00:01>usr-1<00:00:00:00:00:02>usr-2"
nvram set wl0_maclist_x="<00:00:00:00:00:01>usr-1<00:00:00:00:00:02>usr-2"
nvram set wl1_maclist_x="<00:00:00:00:00:01>usr-1<00:00:00:00:00:02>usr-2"
nvram commit

I suppose the alternative is to try and get FreeRadius running on the router. Are you aware of anyone who has achieved this?

Thanks,

Opie
wl_maclist (and wl_maclist_x) are unused by the router. It's just a temporary storage used by the webui when the user applies the settings it just entered. Then, the web server will determine if you were editing the 2.4 GHz or 5 GHz interface, and copy these to the appropriate wl0_* or wl1_* vars.

Can you tell me the length of the content of wl0_maclist/wl1_maclist and wl0_maclist_x/wl1_maclist_x?

I suspect that the issue lies in the fact that I've taken into account the length of all the MACs and the separators, but didn't factor the name length. I see at least one place in the code where that'd be the case.

Radius would indeed be far more manageable for such a big list of clients, however I don't know anyone who actually played with that.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.

Last edited by RMerlin; 06-01-2014 at 04:56 PM.
Reply With Quote
  #12  
Old 06-01-2014, 10:23 PM
opie opie is offline
New Member
 
Join Date: Oct 2013
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
opie is just starting out
Default

Hi,

I assemble in a series of environment variables the MAC addresses and then contact the environment variables together as follows:

nvram set wl0_maclist=$list0$list1$list2$list3$list4$list5
and
nvram set wl0_maclist_x=$list0_x$list1_x$list2_x$list3_x$lis t4_x$list5_x

Each $list... variable is kept <1024 characters, in fact I don't let it assemble more than 40 MAC addresses.

So in my example, with 61 MAC addresses and using a very minimal label which is just the row # from my spreadsheet (i.e. 1-70) as a label my calls to

nvram set wl0_maclist - 1081 characters
nvram set wl0_maclist_x - 1257 characters

The WebGui properly displays ALL the MACs that I load with my script complete with labels.

My sense is that the breakdown is happening when the APPLY/SAVE function from the WebGUI is being called and the background processes are being configured (iptables?)

Is there some output from iptables that I could attach as a debug step?

Thanks again!

Opie
Reply With Quote
  #13  
Old 06-02-2014, 10:57 AM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 11,172
Thanks: 58
Thanked 6,268 Times in 2,554 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
nvram set wl0_maclist - 1081 characters
nvram set wl0_maclist_x - 1257 characters
The firmware only had a 1200 bytes buffer, therefore it was being overrun.

I increased it to 3500, which should accommodate 64 MACs with names of 30 chars each. This is the maximum length supported by the httpd service when processing nvram values.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
  #14  
Old 06-03-2014, 12:04 AM
opie opie is offline
New Member
 
Join Date: Oct 2013
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
opie is just starting out
Default

Fantastic. I will give it a try with the next release.

If I kept the label names really short, would it support more than 64 MACs or is there something else in the chain that would breakdown?
Reply With Quote
  #15  
Old 06-03-2014, 01:03 AM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 11,172
Thanks: 58
Thanked 6,268 Times in 2,554 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
Fantastic. I will give it a try with the next release.

If I kept the label names really short, would it support more than 64 MACs or is there something else in the chain that would breakdown?
Shorter names would be a usable workaround for now. Just make sure the total length of the nvram setting isn't longer than 1200 characters (including all the separators).
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
  #16  
Old 06-07-2014, 03:04 PM
opie opie is offline
New Member
 
Join Date: Oct 2013
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
opie is just starting out
Default

Hi Merlin,

I tried the 374.43 build last night and found that a larger # of MACs to filter by still appear limited to the ~1000 character limit.

Can you tell me the format iptables command that the web-server is running to establish the MAC based filtering.

I ran 'iptables --list' but couldn't find an associated chain when I had the MAC filtering enabled for either of the radios.

My idea is to build a script that parses a text file of MAC addresses and then call the appropriate iptables command. And then have this run automatically on boot-up.

Perhaps there is another way?

Thanks,

Owen
Reply With Quote
  #17  
Old 06-08-2014, 12:53 AM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 11,172
Thanks: 58
Thanked 6,268 Times in 2,554 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by opie View Post
Hi Merlin,

I tried the 374.43 build last night and found that a larger # of MACs to filter by still appear limited to the ~1000 character limit.

Can you tell me the format iptables command that the web-server is running to establish the MAC based filtering.

I ran 'iptables --list' but couldn't find an associated chain when I had the MAC filtering enabled for either of the radios.

My idea is to build a script that parses a text file of MAC addresses and then call the appropriate iptables command. And then have this run automatically on boot-up.

Perhaps there is another way?

Thanks,

Owen
It's not done by the router firewall code, so I suspect it's done internally by the closed-source driver, in which case this means this is a limit I have no way to increase beyond the actual limit. That means I will have to bring it back down to 32 MACs max then. The code I fixed involved the location where the user-entered list was read, processed, and stored in a different nvram setting. I see no reference in the firmware to that other setting.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 09:21 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  445
azazel1024  128
john9527  90
L&LD  88
htismaqe  86
stevech  72
ColinTaylor  68
hggomes  64
sfx2000  60
Anzaia  50
RMerlin  6267
john9527  444
stevech  352
ryzhov_al  289
TeHashX  252
L&LD  241
RogerSC  202
sinshiva  146
sfx2000  136
joegreat  127
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  44083
Old RT-AC68 -...  21453
Old RT-AC68P...  6837
Old Moderate Nat...  4479
Old ASUS RT-N66U...  3986
Old iOS 8.1...  3803
Old WiFi...  2371
Old RT-AC87U -...  2322
Old Firewall...  1924
Old RT-AC68P QOS...  1889
Old Asuswrt-Merli...  208
Old RT-AC68 -...  137
Old Review: 24...  35
Old iOS 8.1...  33
Old RT-AC68P...  33
Old Moderate Nat...  29
Old Firewall...  29
Old WiFi...  27
Old RT-AC87U -...  26
Old How to flash...  24


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.