Notices by Clarissa Walker (amisapphire@cwcyrix.nsupdate.info), page 8
-
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Wednesday, 28-Dec-2022 01:58:30 EST 
Clarissa Walker
Testing a fork of this setup from someone who runs an instance in Japan. Has some subtle changes and fixes there; so... http://cwcyrix.nsupdate.info/gnu-social/public/url/19 -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Thursday, 22-Dec-2022 01:35:40 EST
Clarissa Walker
Okay a bit on CTF, or Cut-Through Forwarding, also known as Cut-Through Switching:
This feature was originally intended for advanced managed switches, not SOHO routers that rely on LAN to WAN traffic, and vice-versa. This is why packets meant for certain traffic break (e.g. VOIP/video streams, port forwarding, QOS, VPN).
This is fine for LAN to LAN traffic and SOHO routers that are just APs (Access Points). My testing yielded better results with it enabled, but since CTF really utilizes the kernel, it eats more CPU power and cycles than with it disabled. This also affects WLAN performance a bit, made worse if the general WLAN area is congested.
DD-WRT is not as stable in general at present, but it is worse with CTF enabled. As with FreshTomato, it is generally more stable, even with CTF enabled. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Thursday, 22-Dec-2022 00:13:15 EST
Clarissa Walker
Confiscated the R7000 again and flashed FreshTomato 2022.7, but starting anew this time. With this router, it should use the specific WLAN antenna settings with this version.
As for the LAN-LAN performance testing , SFE won out. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Wednesday, 21-Dec-2022 15:58:02 EST
Clarissa Walker
...That was extremely hacky. This worked too well, but for some reason the wireless radio throughput is weaker on DD-WRT than on FreshTomato. Going to reflash the R7000 to latest FreshTomato 2022.7 later. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Wednesday, 21-Dec-2022 13:17:23 EST
Clarissa Walker
ctf_fa_mode is set to 0, so CTF+FA is technically not running. I'll try again next day, and set that to 2. 😈 -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Wednesday, 21-Dec-2022 05:48:32 EST
Clarissa Walker
R7000 is now primary, with DD-WRT as a real-world test. Remember these (frankly stupid) hacks:
CTF - enabled
CTF+FA - enabled (through override; may do jack)
CPU overclock to 1200MHz
During this test, I ran a bufferbloat test, then two speed tests immediately after. Router crashes. Well, I have to recreate this, and sure enough, it crashes again.
I then relocated to the stable router, upgraded the firmware to version r51043, built on 2022-12-19. Recreated the test issue again, and this time, it didn't crash. Very odd. This needs more testing, and it wasn't caught during the initial runs. This lived through four connected wireless devices and a Twitch stream; and was caught when ~10 wireless devices were connected. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Monday, 19-Dec-2022 20:51:15 EST
Clarissa Walker
Found out it's not FreshTomato's fault, but apparently CTF actually has some performance improvements in LAN transfers. Temporary R6300v2 had CTF on then I turned it off... eventually it had about the same speeds as the R7000 before confiscation.
R7000 has a near-latest DD-WRT firmware version: r51032, built on 2022-12-15. SFE and CTF were tested: SFE used up more CPU (sirq), but had transfers on ~33MB/sec on 5GHz Wi-Fi.
Will flash FreshTomato on it again and restore the NVRAM/config and do more testing with CTF... along with WDS this time. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Monday, 19-Dec-2022 05:04:48 EST
Clarissa Walker
Confiscated the Netgear R7000; temporarily switched it with the backup R6300v2 after finding wireless performance issues with the R7000 and FreshTomato 2022.6. Oddly enough, that same variant firmware is fine with the R6300v2.
Newer DD-WRT versions have an even newer kernel as well since I last touched it with the R7000; may experiment with that this time. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Wednesday, 14-Dec-2022 06:14:33 EST
Clarissa Walker
This is a success. As a bonus, most of the libraries are up-to-date for both PHP7 and Apache HTTPd.
Stuff really had to be fine-tuned for PHP7 compile. PHP8 compile will be less painful from now on. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Wednesday, 14-Dec-2022 05:34:40 EST
Clarissa Walker
New thread. Ran into some interesting technical issues re: compiling some packages for the server. Had to compile OpenSSL and cURL just for PHP 7 since the migration from 18.x to 22.10.
This also means I will have to recompile HTTPd as well. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Tuesday, 13-Dec-2022 17:00:32 EST
Clarissa Walker
...Partially fixed. I have phpsysinfo on the main server and using open_basedir breaks that (and possibly a few things). shell_exec() is disabled for now, however. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Tuesday, 13-Dec-2022 16:19:33 EST
Clarissa Walker
So, I can read the entire /etc/passwd file on my server through PHP. Obviously this will be fixed. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Tuesday, 13-Dec-2022 14:45:38 EST
Clarissa Walker
Nope, ratelimit contemplates with bw, so both are enabled, and mod_bw limits are upped. Now each client downloads at the speed of what the old mod_bw settings are, and mod_bw limits are double that.
256KB each client -> 512KB bw limit
384KB each client -> 768KB bw limit
512KB each client -> 1024KB (1MB) bw limit -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Tuesday, 13-Dec-2022 14:29:20 EST
Clarissa Walker
Changed bandwidth limit setup from a modified mod_bw module to the official mod_ratelimit module. Seems fine, but I need more tests to make sure. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Tuesday, 13-Dec-2022 02:45:44 EST
Clarissa Walker
Went back to PHP in CGI mode as a test for the CGI socket. Going to go back to PHP in FastCGI mode. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Monday, 12-Dec-2022 23:54:53 EST
Clarissa Walker
More cleaning up the global httpd.conf file. Didn't know that Apache Foundation officially added the HTTPoxy mitigation to that file some time ago.
Also cleaned up the custom httpd-php config and split those between the CGI part and FastCGI part. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Monday, 12-Dec-2022 02:06:24 EST
Clarissa Walker
Oof, some stuff broke all because I didn't use a + in ExecCGI. Now stuff works as intended.
I also didn't use + in a few other places since 2008, so I got bit by that eventually. FastCGI seems to abide by that properly and not CGI with this setup (so config can be a bit loose), so... interesting. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Monday, 12-Dec-2022 00:55:58 EST
Clarissa Walker
PHP7 is now running in FastCGI mode. Still have to recompile PHP so it can use the libraries to match the server.
Also, looks like the deployment notes needs a very important update re: FastCGI implentation and Apache HTTPd. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Sunday, 11-Dec-2022 20:09:17 EST
Clarissa Walker
Apache HTTPd is updated. Next is wrangling the setup to compile PHP, as it is yet another newer install of the compile box. -
Clarissa Walker (amisapphire@cwcyrix.nsupdate.info)'s status on Sunday, 11-Dec-2022 18:07:40 EST
Clarissa Walker
Was trying to move PHP from CGI to FastCGI, and... realized that PHP was not built for FastCGI. So I will have to recompile it once again.
All Ami Sapphire's Notices content and data are available under the