Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Weaver]

This is what I ended up with. I took out the mention of a specific interface after ifconfig as the br0 thing was arbitrary, and my raspberry oí for example needed eth0. But Burakkucat’s solution works with all interfaces listed, not just one, because he check for the specific ipv4 address we need to see. So anyway, listing all interfaces makes it much more robust.

Was there a bug in Burakkucat’s awk? Did the . in the IPv4 address in the match expression need to be backslash-escaped?

Code: [Select]

# Solution for extracting the modem number - Burakkucat (#2):
# Final good thing (#3) with my change:

ModemNumber=$(ifconfig  | awk -F. '/^[ \t][ \t]+inet addr:? *192\.168/ { print $3; exit}' )
#
# Firebrick's IPv4
#
FBIPv4=192.168.$ModemNumber.254

echo '#!/bin/sh'>/data/boot-cmds.sh

echo 'echo nameserver 127.0.0.1>/etc/resolv.conf'>>/data/boot-cmds.sh
echo 'echo nameserver ::1>>/etc/resolv.conf'>>/data/boot-cmds.sh
echo "echo nameserver $FBIPv4>>/etc/resolv.conf">>/data/boot-cmds.sh

chmod +x /data/boot-cmds.sh ; /data/boot-cmds.sh

#############
echo The at-boot-time commands file now reads:
cat /data/boot-cmds.sh

echo
echo "We are modem #$ModemNumber. We are at 192.168.$ModemNumber.1, the Firebrick is at $FBIPv4."
echo 'The file /etc/resolv.conf now reads:'
cat /etc/resolv.conf

#
# test it
#
echo
echo 'Testing resolvers, with nslookup of google.com:'
nslookup -h www.google.com

The resolve.conf doesn’t look right. If there’s an internal resolver then we will query that before querying the Firebrick, yes? Meaning that the system has to not find the local server using IPv4 or IPv6  before it goes on to querying the Firebrick, rather than successfully getting a response from either 127.0.0.1 or ::1 but the response is ‘not found’ ? (NXDOMAIN is it?) So would that be two timeouts and then it selects the Firebrick permanently? And uses entry #3, the Firebrick ever after?

It does work, I’m just wondering about whether or not set things up for permanent delays. If it rotates round to the good server then that’s fine, and that’s what I hope it would do. (It’s what I would do if I were writing the code.)

[burakkucat]

Using your preferred ifconfig command and simplifying the pattern matching then the following line should sufficient --
 

Code: [Select]

ModemNumber=$(ifconfig | awk -F. '/inet addr:192\.168/ { print $3; exit }')

You can check its correctness by --

Code: [Select]

ifconfig | awk -F. '/inet addr:192\.168/ { print $0; exit }'


[Weaver]

Understood. Your regex is much cleaner and more readable. The long-winded news of mine is aimed at future proofing should the code be reused elsewhere where the ifconfig output text layout is slightly different. I tested the long regex with the regex101 website and then on my modem.

[johnson]

The resolve.conf doesn’t look right. If there’s an internal resolver then we will query that before querying the Firebrick, yes? Meaning that the system has to not find the local server using IPv4 or IPv6  before it goes on to querying the Firebrick, rather than successfully getting a response from either 127.0.0.1 or ::1 but the response is ‘not found’ ? (NXDOMAIN is it?) So would that be two timeouts and then it selects the Firebrick permanently? And uses entry #3, the Firebrick ever after?

Running your script on my modem (with the minor change of 192.168.n.1 as the 'firebrick' - my router) results in a successful nslookup:

Code: [Select]

~ # ./weaver
The at-boot-time commands file now reads:
#!/bin/sh
echo nameserver 127.0.0.1>/etc/resolv.conf
echo nameserver ::1>>/etc/resolv.conf
echo nameserver 192.168.1.1>>/etc/resolv.conf

We are modem #1. We are at 192.168.1.1, the Firebrick is at 192.168.1.1.
The file /etc/resolv.conf now reads:
nameserver 127.0.0.1
nameserver ::1
nameserver 192.168.1.1

Testing resolvers, with nslookup of google.com:
Server:    localhost
Address 1: 127.0.0.1 localhost

rm: can't remove '/var/DnsInfo': No such file or directory
Name:      www.google.com
Address 1: 2a00:1450:4009:822::2004
Address 2: 142.250.200.4 lhr48s29-in-f4.1e100.net
Nslookup_end
~ #

However pings to the name only reach the local ip of the modem:

Code: [Select]

~ # ping -4 www.google.com
PING www.google.com (192.168.1.5): 56 data bytes
64 bytes from 192.168.1.5: seq=0 ttl=64 time=0.518 ms
64 bytes from 192.168.1.5: seq=1 ttl=64 time=0.347 ms
64 bytes from 192.168.1.5: seq=2 ttl=64 time=0.347 ms
64 bytes from 192.168.1.5: seq=3 ttl=64 time=0.350 ms

--- www.google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.347/0.390/0.518 ms
~ #

192.168.1.5 is the modems ip. Pings to the IPv6 address resolved fail due to my ISP, but pings to lan devices using their hostname resolved to IPv6 address work (once I set a default v6 route).

Even undiscovered names reach it:

Code: [Select]

~ # ping sfioh3tniosdf
PING sfioh3tniosdf (192.168.1.5): 56 data bytes
64 bytes from 192.168.1.5: seq=0 ttl=64 time=0.460 ms
64 bytes from 192.168.1.5: seq=1 ttl=64 time=0.345 ms
64 bytes from 192.168.1.5: seq=2 ttl=64 time=0.340 ms
64 bytes from 192.168.1.5: seq=3 ttl=64 time=0.355 ms

I believe this is because dnsmasq is running and uses this default configuration:

Code: [Select]

~ # cat /etc/dnsmasq.conf
user=supervisor
resolv-file=/etc/resolv.dnsmasq.conf
addn-hosts=/var/dnsmasq/hosts
address=/#/192.168.1.5
~ #

The last line seem to match all IPv4 addresses to the modems own IP. Changes to this config require restarting dnsmasq to take effect, so it seems easier to me to just forego dnsmasq caching and have the router/firebrick as the only nameserver by removing localhost from resolve.conf:

Code: [Select]

~ # echo "nameserver 192.168.1.1" > /etc/resolv.conf
~ # cat /etc/resolv.conf
nameserver 192.168.1.1
~ #
~ # ping -4 google.com
PING google.com (142.250.187.238): 56 data bytes
64 bytes from 142.250.187.238: seq=0 ttl=117 time=12.729 ms
64 bytes from 142.250.187.238: seq=1 ttl=117 time=11.638 ms
64 bytes from 142.250.187.238: seq=2 ttl=117 time=11.623 ms
64 bytes from 142.250.187.238: seq=3 ttl=117 time=12.124 ms

I guess this isnt that important given you have IPv6 support but figured I'd share.

Also in troubleshooting it I found out about setting the IPv6 'default' route to get connectivity with other v6 hosts on my network, I'm showing my v6 ignorance, but I had to add my routers /64 as an address:

Code: [Select]

ip -6 addr add xxxx:xxxx:xxx::/64 dev br0

[Weaver]

Agreed. We’re both seeing the same thing. As I mentioned before, I would have a lot of work to do in updating the Firebrick router’s config and changing AA’s IPv6 setup a bit in order to get IPv6 to work properly and it’s not just a matter of me adding a global IPv6 address to the  modem’s br0 i/f. It has no route, there’s no return route and the Firebrick isn’t doing ra because no one told it to. I’m not going to bother with IPv6 unless I find a specific need.

I did experiments with nslookup -h bottomless.aa.net.uk -s 127.0.0.1  (can’t remember whether it’s -s or -S BTW) and tried other server values -s 192.168.n.254 and -s ::1, and every one did work, and I was quite surprised that 127.0.0.1 did work, so the dnsmasq (is it here?) is working and presumably delivering local caching?

[johnson]

I did experiments with nslookup -h bottomless.aa.net.uk -s 127.0.0.1  (can’t remember whether it’s -s or -S BTW) and tried other server values -s 192.168.n.254 and -s ::1, and every one did work, and I was quite surprised that 127.0.0.1 did work, so the dnsmasq (is it here?) is working and presumably delivering local caching?

Same, nslookup works even with the faulty dnsmasq config, but pings do not.

Code: [Select]

~ # cat /etc/dnsmasq.conf
user=supervisor
resolv-file=/etc/resolv.dnsmasq.conf
addn-hosts=/var/dnsmasq/hosts
address=/#/192.168.1.5
~ # ping -4 google.com
PING google.com (192.168.1.5): 56 data bytes
64 bytes from 192.168.1.5: seq=0 ttl=64 time=0.370 ms
64 bytes from 192.168.1.5: seq=1 ttl=64 time=0.346 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.346/0.358/0.370 ms
~ # killall dnsmasq
~ # ping -4 google.com
PING google.com (142.250.187.238): 56 data bytes
64 bytes from 142.250.187.238: seq=0 ttl=117 time=12.210 ms
64 bytes from 142.250.187.238: seq=1 ttl=117 time=11.525 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 11.525/11.867/12.210 ms

Anyway, getting ssh working should be more useful. Have been playing with the best way of starting it, not sure whether having it try to bind on the default port of 22 and give up until the port used by the zyxel one is changed in the web interface is worth the effort given its easy to choose another port in client programs.

[Weaver]

I’ve found another iPad SSH app which works ok with the modem. The app is rather nasty to use so I’ll stick with the good Prompt app and telnet. If I can get the iPadOS Shortcuts library function that uses SSH to do remote-exec to work then that would be the big win as I could write a script that writes out files on the remote side.

I see that there is already FTP, couldn’t get that to work though. What’s really interesting is Samba. I had a look at the config file, couldn’t edit it as it’s enormous, I don’t speak vi (40 years since I used the like) and there’s no nano. I could sed / awk it though if only I could see it all properly and get a picture to work from. I wonder if it has been crippled to only allow it to use the USB stick, which is what they’re intending it for. The ordinary web ui wouldn’t let me turn Samba on apparently, presumably because there was no USB stick present, and I’m thinking that any paths you mention in that ui might be relative to the root of the stick. Maybe they’ve (sort of) chroot’ed the thing, or edited the C of Samba even.

I mentioned SNMP before. Does the thing have SNMP support in the normal ui? I don’t speak SNMP but it’s something I’d like to explore and I have a useful-looking iPad SNMP app. Perhaps Alex could educate me a tiny bit? It’s not going to work properly just now because when a modem sends traps, it can send them to the Firebrick, but no further than that.

[Weaver]

I’m wondering what I did wrong.

I ran a reboot command in sh, and the modem rebooted, but when it came back up it was clear that it had not executed any of the commands in my "data/boot-cmds.sh" because it had not overwritten the resolv.conf nor had it set the default IPv4 gateway. Do I have the name of the magic at-boot-time shell script wrong?

[burakkucat]

Did you check that the file actually existed in the /data/ directory?
Did you ensure that the file's mode was 755?

My quick test --

~ # cd data
/data # ls -l
-rw-r--r--    1 supervis root            64 Oct  2 16:30 AES.key
drwxr-xr-x    2 supervis root             0 Jan  1  2016 CA
-rw-r--r--    1 supervis root            32 Jan  1  2020 currentTime
drwxr-xr-x    2 supervis root             0 Oct 13 22:44 log
-rw-r--r--    1 supervis root           887 Jan  1  2020 private.pem
-rw-------    1 supervis root         24750 Sep 11 14:39 psi
-rw-r--r--    1 supervis root           272 Jan  1  2020 public.pem
-rw-------    1 supervis root           427 Jan  1  2016 rsa_host_key
-rw-------    1 supervis root        131072 Apr  1  2021 scratchpad
-rw-------    1 supervis root             0 Apr 29  2019 wtmp
/data # > foo
/data # ls -l
-rw-r--r--    1 supervis root            64 Oct  2 16:30 AES.key
drwxr-xr-x    2 supervis root             0 Jan  1  2016 CA
-rw-r--r--    1 supervis root            32 Jan  1  2020 currentTime
-rw-r--r--    1 supervis root             0 Oct 14 01:49 foo
drwxr-xr-x    2 supervis root             0 Oct 13 22:44 log
-rw-r--r--    1 supervis root           887 Jan  1  2020 private.pem
-rw-------    1 supervis root         24750 Sep 11 14:39 psi
-rw-r--r--    1 supervis root           272 Jan  1  2020 public.pem
-rw-------    1 supervis root           427 Jan  1  2016 rsa_host_key
-rw-------    1 supervis root        131072 Apr  1  2021 scratchpad
-rw-------    1 supervis root             0 Apr 29  2019 wtmp
/data # chmod 755 foo
/data # ls -l
-rw-r--r--    1 supervis root            64 Oct  2 16:30 AES.key
drwxr-xr-x    2 supervis root             0 Jan  1  2016 CA
-rw-r--r--    1 supervis root            32 Jan  1  2020 currentTime
-rwxr-xr-x    1 supervis root             0 Oct 14 01:49 foo
drwxr-xr-x    2 supervis root             0 Oct 13 22:44 log
-rw-r--r--    1 supervis root           887 Jan  1  2020 private.pem
-rw-------    1 supervis root         24750 Sep 11 14:39 psi
-rw-r--r--    1 supervis root           272 Jan  1  2020 public.pem
-rw-------    1 supervis root           427 Jan  1  2016 rsa_host_key
-rw-------    1 supervis root        131072 Apr  1  2021 scratchpad
-rw-------    1 supervis root             0 Apr 29  2019 wtmp
/data #

[Weaver]

Good point. (i) I did check that the file exists. (ii) As for the chmod, it’s done automatically by the code that creates the /data/boot-cmds.sh, and also I ran the boot-cmds.h too and got no error but I think an attempt to execute it would have failed without the x flag bit being set. Definitely needed checking.

Mr Johnson’s listing of the code that writes a boot-cmds.sh had a long sleep in it. I don’t know what I’m talking about here but I wonder if that difference between his code and my boot-cmds.sh might be significant somehow, as mine just runs straight through with no delays. Wild speculation: if something else running in parallel were somehow changing the state of the system quite late, but my actions took place too early, before certain precursor conditions are met, then that would be an explanation. I know that’s woolly and half-baked.

Here’s the entirety of my generator code. I simply copy-paste this into a telnet window with the busybox shell running on the remote system and then it all immediately runs, generating the shell script and config files, then running the script, then doing some tests.

Code: [Select]

############## GOOD SCRIPT v3.2 ##### (Burakkucat (#2) with my changes: ) ####

ModemNumber=$(ifconfig  | awk -F. '/^[ \t][ \t]+inet addr:?[ \t]*192\.168/ { print $3; exit}' )

# Firebrick's IPv4
FBIPv4=192.168.$ModemNumber.254

echo '#!/bin/sh'                                               >/data/boot-cmds.sh
echo ''                                                       >>/data/boot-cmds.sh
echo 'echo domain torr-gorm.cecilward.com  >/etc/resolv.conf' >>/data/boot-cmds.sh
echo 'echo nameserver 127.0.0.1           >>/etc/resolv.conf' >>/data/boot-cmds.sh
echo 'echo nameserver ::1                 >>/etc/resolv.conf' >>/data/boot-cmds.sh
echo "echo nameserver $FBIPv4             >>/etc/resolv.conf" >>/data/boot-cmds.sh

echo ''                                                       >>/data/boot-cmds.sh
echo "route add default gw $FBIPv4 br0"                       >>/data/boot-cmds.sh

chmod +x /data/boot-cmds.sh ;  /data/boot-cmds.sh

#########################
# Testing
echo
echo The custom boot command script /data/boot-cmds.sh now reads:
cat /data/boot-cmds.sh


echo
echo "I am modem #$ModemNumber. I am at 192.168.$ModemNumber.1, the Firebrick is at $FBIPv4."
echo 'The file /etc/resolv.conf now reads:'
cat /etc/resolv.conf

ip route

# test DNS
#
echo 'Testing resolvers, with nslookup of google.com:'
nslookup -h www.google.com



[burakkucat]

It might be worthwhile putting a longish sleep in your code to check if the situation, as described in paragraph two above, is the cause of the failure.

[johnson]

Mr Johnson’s listing of the code that writes a boot-cmds.sh had a long sleep in it. I don’t know what I’m talking about here but I wonder if that difference between his code and my boot-cmds.sh might be significant somehow, as mine just runs straight through with no delays. Wild speculation: if something else running in parallel were somehow changing the state of the system quite late, but my actions took place too early, before certain precursor conditions are met, then that would be an explanation. I know that’s woolly and half-baked.

Yes, you are quite correct, some delay will be necessary, the boot-commands.sh script is called from /etc/profile before the main zyxel program that sets everything up.

Code: [Select]

wl0: Broadcom BCM435f 802.11 Wireless Controller 6.30.102.7.cpe4.12L06B.0
dgasp: kerSysRegisterDyingGaspHandler: wl0 registered
p8021ag: p8021ag_init entry
Broadcom 802.1Q VLAN Interface, v0.1
/data/./boot-cmds.sh: line 3: can't create /etc/resolv.conf: nonexistent directory
/data/./boot-cmds.sh: line 4: can't create /etc/resolv.conf: nonexistent directory
/data/./boot-cmds.sh: line 5: can't create /etc/resolv.conf: nonexistent directory
/data/./boot-cmds.sh: line 6: can't create /etc/resolv.conf: nonexistent directory
route: SIOCADDRT: No such device

===== Release Version 4.12L.06B (build timestamp 190611_1842) =====

You could just add the 45 second sleep previously included (I arrived at that as a rough 'good enough' value to have the modem in a state to accept xdslctl commands):

Code: [Select]

...
echo '#!/bin/sh'                                               >/data/boot-cmds.sh
echo ''                                                       >>/data/boot-cmds.sh
echo 'sleep 45'                                               >>/data/boot-cmds.sh
echo ''                                                       >>/data/boot-cmds.sh
echo 'echo domain torr-gorm.cecilward.com  >/etc/resolv.conf' >>/data/boot-cmds.sh
...

Or maybe get a bit more complicated and test for existence of the file that /etc/resolv.conf is symlinked to:

Code: [Select]

...
echo '#!/bin/sh'                                               >/data/boot-cmds.sh
echo ''                                                       >>/data/boot-cmds.sh
echo 'while [ ! -f /var/fyi/sys/dns ];'                       >>/data/boot-cmds.sh
echo 'do'                                                     >>/data/boot-cmds.sh
echo 'sleep 1'                                                >>/data/boot-cmds.sh
echo 'done'                                                   >>/data/boot-cmds.sh
echo ''                                                       >>/data/boot-cmds.sh
echo 'echo domain torr-gorm.cecilward.com  >/etc/resolv.conf' >>/data/boot-cmds.sh
...

And the the interface br0:

Code: [Select]

...
echo ''                                                       >>/data/boot-cmds.sh
echo 'while [ ! -f /sys/devices/virtual/net/br0/address ];'   >>/data/boot-cmds.sh
echo 'do'                                                     >>/data/boot-cmds.sh
echo 'sleep 1'                                                >>/data/boot-cmds.sh
echo 'done'                                                   >>/data/boot-cmds.sh
echo ''                                                       >>/data/boot-cmds.sh
echo "route add default gw $FBIPv4 br0"                       >>/data/boot-cmds.sh
...

But doing things like this is pretty hard to debug without a serial terminal to watch the boot process. I guess I should find a candidate for the best file or program running to signify a complete boot.

The init system as it is is busybox reading /etc/inittab, running /etc/init.d/rcS which mounts /proc, fstab etc, then a login shell on /dev/console which invokes /etc/profile, which is where all the zyxel stuff is loaded the last of which is smd. This zyxel daemon does basically everything, binds to all the ports and launches sshd httpd etc as and when, sets up the switch with vlans and the bridge, populates all the symlinked files in ram like /etc/passwd, it runs and stays attached to the first login shell from /etc/profile.

I put the running of /data/boot-cmds.sh and the starting of the stats-server in /etc/profile before smd as that has to be last. So we need to wait until smd has done its stuff before doing things like setting the default route and updating config files that it creates.

[johnson]

Just for completeness, this runs and creates a boot-cmds.sh that functions as expected on my modem:

Code: [Select]

############## GOOD SCRIPT v3.2 ##### (Burakkucat (#2) with my changes: ) ####

ModemNumber=$(ifconfig  | awk -F. '/^[ \t][ \t]+inet addr:?[ \t]*192\.168/ { print $3; exit}' )

# Firebrick's IPv4
FBIPv4=192.168.$ModemNumber.254

echo '#!/bin/sh'                                               >/data/boot-cmds.sh
echo ''                                                       >>/data/boot-cmds.sh
echo 'while [ ! -f /var/fyi/sys/dns ];'                       >>/data/boot-cmds.sh
echo 'do'                                                     >>/data/boot-cmds.sh
echo 'sleep 1'                                                >>/data/boot-cmds.sh
echo 'done'                                                   >>/data/boot-cmds.sh
echo ''                                                       >>/data/boot-cmds.sh
echo 'echo domain torr-gorm.cecilward.com  >/etc/resolv.conf' >>/data/boot-cmds.sh
echo 'echo nameserver 127.0.0.1           >>/etc/resolv.conf' >>/data/boot-cmds.sh
echo 'echo nameserver ::1                 >>/etc/resolv.conf' >>/data/boot-cmds.sh
echo "echo nameserver $FBIPv4             >>/etc/resolv.conf" >>/data/boot-cmds.sh
echo ''                                                       >>/data/boot-cmds.sh
echo ''                                                       >>/data/boot-cmds.sh
echo 'while [ ! -f /sys/devices/virtual/net/br0/address ];'   >>/data/boot-cmds.sh
echo 'do'                                                     >>/data/boot-cmds.sh
echo 'sleep 1'                                                >>/data/boot-cmds.sh
echo 'done'                                                   >>/data/boot-cmds.sh
echo ''                                                       >>/data/boot-cmds.sh
echo "route add default gw $FBIPv4 br0"                       >>/data/boot-cmds.sh

chmod +x /data/boot-cmds.sh ;  /data/boot-cmds.sh

#########################
# Testing
echo
echo The custom boot command script /data/boot-cmds.sh now reads:
cat /data/boot-cmds.sh
                       
echo                                                                             
echo "I am modem #$ModemNumber. I am at 192.168.$ModemNumber.1, the Firebrick is at $FBIPv4."
echo 'The file /etc/resolv.conf now reads:'                                       
cat /etc/resolv.conf                                                             
                                                                                 
ip route                                                                         
                                                                                 
# test DNS
#                                               
echo 'Testing resolvers, with nslookup of google.com:'
nslookup -h www.google.com


[Weaver]

Wow, thank you so much! I never would have worked that out, and I wasn’t at all convinced in my original hypothesis anyway.

[johnson]

As I might have mentioned before, finding somewhere to hide something in the XML config so that it won’t upset anything, and then somehow have the modem pull that skipped-over XML element out and put it into the filesystem. I wouldn’t know how some code inside the modem might find the uploaded XML config.

Some tinkering this evening and I'm most of the way there. The config is stored on the modem at /data/psi encoded somehow with the header: <compressed alg=lzw len=22410>

In the firmware build package under 'cms_utils' exists lzw_decode.c, so after some eyeballing of cms_lzw.h we can use it like this:

Code: [Select]

#include <stdio.h>
#include "cms_util.h"
#include "cms_lzw.h"

int main(int argc, char **argv)
{

        if(argc < 2){
                printf("Usage: psi-decode input [output]\n");
                return 1;
        }

        FILE *file = fopen(argv[1], "rb");
        long lSize;

        fseek(file, 0, SEEK_END);
        lSize = ftell(file);
        fseek(file, 60, SEEK_SET);

        char *buffer = malloc(lSize);
        fread(buffer, lSize, 1, file);
        fclose(file);

        LZWDecoderState* s;
        CmsRet cr = cmsLzw_initDecoder(&s, buffer, lSize);

        char *outbuff = malloc(lSize*10);
        SINT32 outlen = cmsLzw_decode(s, outbuff, lSize*10);
        //printf("outlen is %i\n",outlen);


        if(argc < 3){
                printf("%s", outbuff);
        }else{
                FILE *outfile = fopen(argv[2], "w");
                fprintf(outfile, "%s", outbuff);
                fclose(outfile);
                printf("outlen %d\n", outlen);
        }

        return 0;
}

This produces XML like we get from downloading config with the web interface.

So I tried downloading a config, adding some new XML elements and reuploading it, some complaints on the serial terminal:

Code: [Select]

file: /var/cfgout
free g_rootTree
Ignoring unrecognized param/obj tag ExtraStuff
Ignoring unrecognized param/obj tag SomeValue inside ExtraStuff
Ignoring unrecognized param/obj tag ExtraStuff
Ignoring unrecognized param/obj tag SomeValue inside ExtraStuff
smd:error:340.350:processWriteConfigFile:3243:
Normal request

But the extra elements survive:

Code: [Select]

# ./psi-decode psi out
outlen 69233
/home # tail -n 10 out
    <X_404A03_AccessServiceCfg>
      <CustomerRemoteInterface></CustomerRemoteInterface>
      <CustomerWebRedirection>url</CustomerWebRedirection>
      <CheckFlag>TRUE</CheckFlag>
    </X_404A03_AccessServiceCfg>
  </InternetGatewayDevice>
  <ExtraStuff>
    <SomeValue>      Sup</SomeValue>
  </ExtraStuff>
</DslCpeConfig>

So, should we wish, a firmware that interrogates the stored configuration and alters some other setting could be produced.