Useful Scripts
From DD-WRT Wiki
Revision as of 11:16, 26 May 2007 (edit) Dr. Ongo (Talk | contribs) m (→WLAN Status (wlan.sh) - Buffalo Routers) ← Previous diff |
Revision as of 11:18, 26 May 2007 (edit) (undo) Dr. Ongo (Talk | contribs) m (→Misc Scripts) Next diff → |
||
Line 196: | Line 196: | ||
</pre> | </pre> | ||
- | = | + | =Miscellaneous Scripts= |
==Auto Random MAC Address== | ==Auto Random MAC Address== |
Revision as of 11:18, 26 May 2007
Certain scripts can enhance the function of your router with DD-WRT, giving it more features or customizing it towards your needs.
Modifying PATH at Startup
This will add whatever paths you want for PATH and LD_LIBRARY_PATH before the default system path. Change the paths to whatever you like. Have a good reason for doing this, it should be considered a hack until the feature is implemented permanently.
rm -f /tmp/newProfile head -n1 /etc/profile | sed s!=!=/mmc/bin:/whatever/bin:! >> /tmp/newProfile tail -n1 /etc/profile | sed s!=!=/mmc/lib:/whatever/lib:! >> /tmp/newProfile mount --bind /tmp/newProfile /etc/profile
If you're adding /mmc/lib before the system library, in some circumstances you'll also need to do this on startup (after ensuring that the ldconfig on /mmc is up to date and happy):
mount --bind /mmc/etc/ld.so.conf /etc/ld.so.conf mount --bind /mmc/etc/ld.so.cache /etc/ld.so.cache
Note: Only do this if you're receiving Segmentation Faults or your applications are failing to run, and even then only if you feel that this hack is imperative. Also note that if you're attempting this with Optware, the files are ld-opt.so.conf and ld-opt.so.cache
Make sure you're familiar with what you're doing before attempting this, if you end up seeing a lot of 'Segmentation fault' when running things like ls, cat, cp, etc, than you'll want to either adjust the above commands, or else put those things into a script and run them manually when you enter your shell.
LED Scripts
The example LED scripts below are written using the GPIO info for the Linksys WRT. Remember to change them for whatever router you have.
GPIO Info for Linksys WRT
Pin Direction Name Use GPIO 0 Output WLAN LED (LED - wireless) GPIO 1 Output POWER LED (LED - power) GPIO 2 Output ADM_EECS (LED - white, Cisco button v. 3.0+) GPIO 3 Output ADM_EESK (LED - amber, Cisco button v. 3.0+) GPIO 4 Input ADM_EEDO (Button - Cisco Button v. 3.0+) GPIO 5 Output ADM_EEDI (Unknown) Seems to cycle all LED colors disabled. GPIO 6 Input RESET (Button - reset button) GPIO 7 Output DMZ LED (LED - DMZ)
GPIO Info for Linksys WRTSL54GS
This is for the WRTSL54GS model only.
Pin Direction Name Use GPIO 5 OUTPUT SES LED (Cisco white LED) GPIO 7 OUTPUT SES LED (Cisco amber LED)
GPIO Info for Buffalo WHR
Pin Direction Use GPIO 0 Input AOSS button GPIO 1 Output Bridge LED GPIO 2 Output WLAN LED GPIO 3 Output Extra LED between bridge and WLAN GPIO 4 Input Reset button GPIO 5 Input Bridge/auto switch GPIO 6 Output AOSS LED GPIO 7 Output DIAG LED GPIO 8 n/a Unkown/none GPIO 9 Output Power LED
GPIO Info for LaFonera
Pin Use 0 TP3 1 pin 5 of SW1 2 WLAN LED 3 pin 1 of SW1 4 pin 2 of SW1 5 Reset (!) 6 Reset button 7 pin 6 of SW1
Display Load via LED (load.sh)
- Uses front button LED to display current load on router.
#!/bin/sh gpio="gpio" amber=3 white=2 delay=3 meltdown=400 overload=100 highload=70 medload=30 while sleep $delay do set -- $(cat /proc/loadavg) load="${1%.*}${1#*.}" if [ $load -gt $meltdown ] then $gpio disable $amber usleep 50000 $gpio disable $white usleep 50000 reboot elif [ $load -gt $overload ] then $gpio disable $amber usleep 50000 elif [ $load -gt $highload ] then $gpio disable $amber usleep 12500 $gpio enable $amber usleep 12500 $gpio disable $amber usleep 12500 $gpio enable $amber usleep 12500 $gpio disable $amber usleep 12500 $gpio enable $amber usleep 12500 elif [ $load -gt $medload ] then $gpio enable $amber $gpio disable $white usleep 25000 $gpio enable $white usleep 25000 $gpio disable $white usleep 25000 $gpio enable $white usleep 25000 else $gpio disable $white usleep 50000 $gpio enable $white usleep 50000 fi done
WLAN Status (wlan.sh)
- Uses front button LED to show WLAN state. Amber LED indicates one or more associated clients, white LED flashes when data is sent over WLAN.
#!/bin/sh I=`nvram get wl0_ifname` while sleep 1; do if [ "`wl assoclist`" != "" ]; then XFER=`ifconfig $I|grep bytes` if [ "$XFER" != "$PXFER" ]; then LED='gpio disable 3 ; gpio disable 2' PXFER=$XFER else LED='gpio disable 3 ; gpio enable 2' fi else LED='gpio enable 3 ; gpio enable 2' fi if [ "$LED" != "$PLED" ]; then eval $LED PLED=$LED fi done
WLAN Status (wlan.sh) - Buffalo Routers
- AOSS LED to show WLAN is associated with clients.
- Bridge LED flashes when data is transmitted over WLAN.
#!/bin/sh I=`nvram get wl0_ifname` while sleep 1; do if [ "`wl assoclist`" != "" ]; then XFER=`ifconfig $I|grep bytes` if [ "$XFER" != "$PXFER" ]; then LED='gpio disable 1 ; gpio enable 1 ; gpio disable 6' PXFER=$XFER else LED='gpio disable 6' fi else LED='gpio enable 6' fi if [ "$LED" != "$PLED" ]; then eval $LED PLED=$LED fi done
Miscellaneous Scripts
Auto Random MAC Address
- This script will change your eth1 MAC address to a random address, then it will apply it to the system and restart the interfaces.
#!/bin/ash MAC=`(date; cat /proc/interrupts) | md5sum | sed -r 's/^(.{10}).*$/\1/; s/([0-9a-f]{2})/\1:/g; s/:$//;'` echo "00:${MAC}" ifconfig eth1 hw ether 00:${MAC} nvram set def_hwaddr="00:${MAC}" nvram set wan_hwaddr="00:${MAC}" stopservice wan startservice wan
- Created by Exiles.
SSH User Display (ssh_users.sh)
- Displays when someone is connected using SSH.
Remove lines starting with '# ' (hash + blank).
#!/bin/sh led=2 interval=5 on=0 /sbin/gpio enable $led while sleep $interval do # Make sure we get local port 22 and not any port starting with 22: users=$(/bin/netstat -n | /usr/bin/awk '$4~/:22$/ {++x}; END {print x+0}') if [ $users -gt 0 ]; then if [ $on -eq 0 ]; then /sbin/gpio disable $led on=1 fi else if [ $on -eq 1 ]; then /sbin/gpio enable $led on=0 fi fi done
Wireless Network Scanner (awk -f scanner)
##################### cat - > scanner # Show scanresults in consistent order with graphical bars. # To be run via telnet to WRT54g running modified firmware. # Do the following. Use your own router address instead of 192.168.1.1 on the following lines # Login via telnet: # telnet 192.168.1.1 # a simple test to make sure you can run this script, type: # wl scan; wl scanresults # and make sure you can run those commands. If not this program will not work. # If you succeeded with the scanresults then # copy and paste this entire text into the terminal window # (the cat - > scanner line will copy the rest of the file into a file named 'scanner') # and then hit return and then ctrl-c to close the file. # then just run script by typing the following line: # awk -f scanner # # I hereby release this into the public domain. Justin Jones, 2005 # # Jan. '07 corrected bug from '06 improvement. BEGIN{ IGNORECASE = 1; command = "wl scan 2> /dev/null ; wl scanresults 2> /dev/null"; red = "\x1b[31m"; green = "\x1b[32m"; greenback="\x1b[42m"; yellow = "\x1b[33m"; cyan = "\x1b[36m"; blue = "\x1b[34m"; blueback = "\x1b[44m"; white = "\x1b[37m"; whiteback = "\x1b[47m"; reset = "\x1b[0m"; underscore = "\x1b[4m"; clear = "\x1b[2J"; home = "\x1b[0;0H"; erase2end = "\x1b[K"; cName = white; cSignal = green; cNoise = red; cCaps = green; cStrengthLow = blue blueback; cChannel = green; cStrengthMed = white whiteback; cStrengthHi = green greenback; cStrengthAged = red; print clear; for(;;) { while (command|getline) { if(/^SSID/) { name = $2; rssi = $6;noise= $9; rssi=""; noise="";channel="";bssid="";caps=""} if(/^Mode/) {rssi = $4;noise= $7; channel = $10 } if(/^BSSID/) {bssid = $2; caps = $4" "$5" "$6" "$7" "$8" "$9" "$10 } if(/^Supported/) { name[bssid] = name rssi[bssid] = rssi noise[bssid]= noise channel[bssid] = channel caps[bssid] = caps } } close(command) printf home; ln = 0; print white " Name BSSID Signal Noise Channel Type"; for (x in name) { { #arbitrary strength calc through trial and error... modify as you wish: sigstrength = ((rssi[x] - noise[x])*1.5) + ((rssi[x] +90)*1.5); if (sigstrength <1) sigstrength=0; cStrength = cStrengthLow; if(sigstrength>4) cStrength = cStrengthMed; if(sigstrength>7) cStrength = cStrengthHi; if(age[x]=0) cStrength = cStrengthAged; fmt = "%s%-15s %s%0"sigstrength"d "reset erase2end "\n %s %s%-4d %s%-4d %s%-4d %s%2s %s%10s " reset erase2end "\n" erase2end "\n"; printf fmt, cName,name[x],cStrength,0,x,cSignal,rssi[x],cNoise,noise[x],cChannel, channel[x],cCaps,caps[x]; rssi[x] = "-1000 xxxx"; ln++; } } if (ln ==0) print red "No Results - Do you have wl scan capability? \nThis program depends on 'wl scan; wl scanresults' to run. Hit ctrl-c to stop." print erase2end; } }
Name based WOL (wake.sh)
- Enables you to power on a LAN computer by name instead of IP address/MAC, based on DHCP lease table (mandatory).
Usage: /path/to/wake.sh <hostname>
(Default hostname is desktop)
STATION=mm WOL=/usr/sbin/wol STATICS=/tmp/udhcpd.statics DEV=br0 if [ -n "$1" ]; then STATION=$1 fi while read LINE do IP=`echo $LINE | awk '{print $1}'` MAC=`echo $LINE | awk '{print $2}'` FOUND=`ip neigh | grep "$IP.*REACHABLE"` if [ -z "$FOUND" ]; then echo Creating ARP entry for $IP $MAC ip neigh add $IP lladdr $MAC dev $DEV nud reachable 2> /dev/null ip neigh change $IP lladdr $MAC dev $DEV nud reachable 2> /dev/null fi done < $STATICS LEASE=`cat $STATICS | grep "\b$STATION\b$"` if [ -n "$LEASE" ]; then IP=`echo $LEASE | awk '{print $1}'` MAC=`echo $LEASE | awk '{print $2}'` $WOL -i $IP $MAC else echo Unable to find \"$STATION\" in DHCP static file $STATICS, please use \"$0 \<hostname\>\" fi
Automatic Connection Repair (always_on.sh)
- Pings your default gateway every time and force a DHCP renew if no packets are received.
Usage: /path/to/always_on.sh &
#!/bin/sh INTERVAL=10 PACKETS=1 UDHCPC="udhcpc -i vlan1 -p /var/run/udhcpc.pid -s /tmp/udhcpc" IFACE=vlan1 ME=`basename $0` RUNNING=`ps | awk '/'"$ME"'/ {++x}; END {print x+0}'` if [ "$RUNNING" -gt 3 ]; then echo "Another instance of \"$ME\" is running" exit fi while sleep $INTERVAL do TARGET=`ip route | awk '/default via/ {print $3}'` RET=`ping -c $PACKETS $TARGET 2> /dev/null | awk '/packets received/ {print $4}'` if [ "$RET" -ne "$PACKETS" ]; then echo Ping failed, releasing IP address: $IFACE #send a RELEASE signal kill -USR2 `cat /var/run/udhcpc.pid` 2> /dev/null #ensure udhcpc is not running killall udhcpc 2> /dev/null echo Renewing IP address: $IFACE $UDHCPC echo Waiting 10 s ... sleep 10 else echo Network is up via $TARGET fi done
Modifying PATH Manually (path.sh)
- Enables adjustment of paths on a per-use basis (i.e. When you're running a terminal and need the new paths, run this script.).
#!/bin/sh export PATH=$PATH:/mmc/bin:/whatever/bin export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/mmc/lib:/whatever/lib
Alternatively, if you want to give priority to you're personally installed applications (i.e. You've installed a more robust version of grep, and want to use it by default), add the new paths before $PATH and $LD_LIBRARY_PATH, as shown below.
#!/bin/sh export PATH=/mmc/bin:/whatever/bin:$PATH export LD_LIBRARY_PATH=/mmc/lib:/whatever/lib:$LD_LIBRARY_PATH
View Logfile in Browser without local syslogd (log.sh)
- View the last 1000 lines from your Router-Logfile in your favorite browser without the need of a locally running syslogd (i.e. Kiwi).
Note: This Script is not from myself, CaScAdE created it. (Initial posts in German Forum: SOLVED: messages (logdatei) formatiert über browser aufrufen)
#!/bin/sh echo '<HTML><HEAD><TITLE>Logfile</TITLE></HEAD>' echo '<BODY>'<br />nvram get router_name echo ' Logfile:<br><pre>' /usr/bin/tail -n 1000 /var/log/messages echo '</pre></BODY></HTML>'
To use this script you first need to enable Syslog on your Router without stating an IP. Then the log will be saved under /var/log/messages. You can do this under Administration->Services and then scroll down to the "System Log" section. Click "Enable" and let "Remote Server" empty. After you saved the script under /tmp/www/ as "log.sh" you must mark it as executable with "chmod +x /tmp/www/log.sh".
To view the log in your Browser point it to "http://<routerip>/user/log.sh"
Speak Your Signal Strength
I use my WRT in client mode to connect to an access point, but I don't have a particularly good signal quality and I often need to re adjust the position of the WRT and its antenna. Unfortunately my computer is not in sight of the WRT and I had to keep going backwards and forwards from my computer to the WRT making adjustments then checking the signal strength on the screen of my computer. This can take ages to to set up properly, so I decided to get my computer to use the "festival" speech synthesis program to tell me what the current signal level is.
#! /bin/bash # Use "festival" to say out loud how much signal strength we have # The ip address of the WRT ip_addr="192.168.1.1" # The username and password for the WRT user="root" pass="admin" # Tempory file used to hold the data from the WRT tmp_file=/tmp/wrt.status echo echo "The signal level is:-" echo echo "The signal level is" | festival --tts while true ; do wget --http-user=$user --http-password=$pass http://$ip_addr/Status_Wireless.live.asp -O $tmp_file -o /dev/null signal=`cat $tmp_file | grep active_wireless |awk -F "'" '{ print $8 }'` echo $signal | awk '{printf"Signal : "$1"\t";for(;j<$1;j++)printf"=";printf"\n"}' if [[ -n $signal ]] ; then echo $signal | festival --tts else echo "Not associated" | festival --tts fi done
This works by using the same process as the 'Status-->Wireless' page ie it gets a chunk of data by wget'ing the Status_Wireless.live.asp "page" from the WRT then running grep and awk to get the relevant chunk of data (the signal strength) and then piping that into the festival speech engine.
Now I just run this script and turn up the volume on my computer when I need to move the antenna.
Small Security Script (Firewall)
#!/bin/sh # # Warning! As I don't use Emule or similiar programs I can't guaranty their function. # If you find a workable solution just add it to this wiki. # # Enjoy your enhanced security, # # St. Karitzl # info@user1.walztech.de # http://daywalker81.de.vu echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo 1 > /proc/sys/net/ipv4/ip_forward echo 1024 > /proc/sys/net/ipv4/ipfrag_high_thresh echo 512 > /proc/sys/net/ipv4/ipfrag_low_thresh echo 10 > /proc/sys/net/ipv4/ipfrag_time echo 5 > /proc/sys/net/ipv4/icmp_ratelimit echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_source_route echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_redirects echo 1 > /proc/sys/net/ipv4/conf/eth1/log_martians echo 10 > /proc/sys/net/ipv4/neigh/eth1/locktime echo 0 > /proc/sys/net/ipv4/conf/eth1/proxy_arp echo 50 > /proc/sys/net/ipv4/neigh/eth1/gc_stale_time # # The following entries secure the last bit and provide a # moderate protection against man-in-the-middle attacks. # echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects echo 0 > /proc/sys/net/ipv4/conf/eth1/secure_redirects echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses echo 5 > /proc/sys/net/ipv4/igmp_max_memberships echo 2 > /proc/sys/net/ipv4/igmp_max_msf echo 1024 > /proc/sys/net/ipv4/tcp_max_orphans echo 2 > /proc/sys/net/ipv4/tcp_syn_retries echo 2 > /proc/sys/net/ipv4/tcp_synack_retries echo 1 > /proc/sys/net/ipv4/tcp_abort_on_overflow echo 10 > /proc/sys/net/ipv4/tcp_fin_timeout echo 0 > /proc/sys/net/ipv4/route/redirect_number echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter echo 1 > /proc/sys/net/ipv4/conf/eth1/rp_filter echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route echo 61 > /proc/sys/net/ipv4/ip_default_ttl # DoS protection by tweaking the timeouts echo "1800" > /proc/sys/net/ipv4/tcp_keepalive_time echo "0" > /proc/sys/net/ipv4/tcp_window_scaling echo "0" > /proc/sys/net/ipv4/tcp_sack # We pretend to be a Checkpoint firewall on Windows XP echo 4096 87380 4194304 >/proc/sys/net/ipv4/tcp_rmem echo 4096 87380 4194304 >/proc/sys/net/ipv4/tcp_wmem # Check network overload (explicit congestion notification) echo 1 > /proc/sys/net/ipv4/tcp_ecn # Change port range for outgoing traffic echo "30000 60000" > /proc/sys/net/ipv4/ip_local_port_range # Change default queue size # Modified for DD-WRT because of missing proc entries echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max # LED signal feedback when script ends sleep 1 gpio enable 3 sleep 1 gpio disable 3 sleep 1 gpio enable 3 sleep 1 gpio disable 2 sleep 1 gpio enable 2 sleep 1 gpio disable 2 # If you'd like to disable the web interface uncomment # the following line #killall httpd
Attention, you might have to change eth1 to the actual WAN (external) interface.
Installation is pretty simple:
1) Log on to your WRT
2) type cd /jffs
3) type vi sec.sh (or any other name) and enter the script
4) Connect to your WRT via web browser, page Administration:Commands
5) Enter the script name (sec.sh) into the command field
6) Click on "Save Startup"
7) Reboot router
As a simple test try to ping your router. You should get no response otherwise you have to find the error.