1. pedro Avatar pedro
  2. FreshTomato
  3. freshtomato-arm
  4. Issues

Incompatibilities between CTF and MultiWAN

Issue #295 new
rs232 created an issue

It has been reported a couple of times that both watchdog and MultiWAN Routing don’t behave as expected when CTF is enabled.

It might be the case to tag certain packets (e.g. the multiwan watchdog ones) as per MultiWAN compatibility (skipping CTF essentially) e.g.

[ $(nvram get ctf_disable) -eq 0 ] && {
iptables -t mangle -nvL PREROUTING | grep -q '.*MARK.*icmp.*0x1/0x7' || iptables -t mangle -nvL PREROUTING | grep '.*MARK.*icmp.*0x1/0x7'
}

This should tag all the icmp traffic and (not tested yet) hopefully allow for traceroute and ping at least to work correctly.

BTW while I look into curl… this line from the watchdog:

curl $IP --interface $IFACE --connect-timeout $((i+3)) -ksfI -o /dev/null && RESULT=$((RESULT+1))

Apprears incorrect as curl (unless I’m misreading this):

root@sparrow:/mnt/USB/wireguard# curl
curl: try 'curl --help' for more information
root@sparrow:/mnt/USB/wireguard# curl --help
Usage: curl [options...] <url>
-d, --data <data> HTTP POST data
-f, --fail Fail fast with no output on HTTP errors
-h, --help <category> Get help for commands
-i, --include Include protocol response headers in the output
-o, --output <file> Write to file instead of stdout
-O, --remote-name Write output to a file named as the remote file
-s, --silent Silent mode
-T, --upload-file <file> Transfer local FILE to destination
-u, --user user:password Server user and password
-A, --user-agent <name> Send User-Agent <name> to server
-v, --verbose Make the operation more talkative
-V, --version Show version number and quit

This is not the full help, this menu is stripped into categories.
Use "--help category" to get an overview of all categories.
For all options use the manual or "--help all".

doesn’t support -k nor -I so the correct syntax i would expect to be:

curl $IP --interface $IFACE --connect-timeout $((i+3)) -sf -o /dev/null && RESULT=$((RESULT+1))

Comments (5)

  2. pedro repo owner

    curl --help all
    Usage: curl [options...] <url>

    -D, --dump-header <filename> Write the received headers to <filename>
    --egd-file <file> EGD socket path for random data
    --engine <name> Crypto engine to use
    --etag-compare <file> Pass an ETag from a file as a custom header
    --etag-save <file> Parse ETag from a request and save it to a file
    --expect100-timeout <seconds> How long to wait for 100-continue
    -f, --fail Fail fast with no output on HTTP errors
    --fail-early Fail on first transfer error, do not continue
    --fail-with-body Fail on HTTP errors but save the body
    --false-start Enable TLS False Start

    -G, --get Put the post data in the URL and use GET
    -g, --globoff Disable URL sequences and ranges using {} and []
    --happy-eyeballs-timeout-ms <milliseconds> Time for IPv6 before trying IPv4
    --haproxy-protocol Send HAProxy PROXY protocol v1 header
    --haproxy-clientip Sets the HAProxy PROXY protocol v1 client IP
    -I, --head Show document info only
    -H, --header header/@file Pass custom header(s) to server

    --ignore-content-length Ignore the size of the remote resource
    -i, --include Include protocol response headers in the output
    -k, --insecure Allow insecure server connections
    --interface <name> Use network INTERFACE (or address)
    -4, --ipv4 Resolve names to IPv4 addresses
    -6, --ipv6 Resolve names to IPv6 addresses
    --json <data> HTTP POST JSON

    -S, --show-error Show error even when -s is used
    -s, --silent Silent mode

  3. rs232 reporter

    Indeed I missed the “all”, never mind the curl might be ok then but the CTF is the core issue.

  6. Log in to comment
Assignee
Type
bug
Priority
minor
Status
new
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!