My RT-AC56U ran a custom firmware known as 60A1_Kp6 which started its build life in mid 2015 and frozen with last build in May 2016. My hands were off ASUSWRT since then.
The firmware is a combination of a modified Linux kernel and the set of applications from AsusWRT-merlin. Kernel version is 220.127.116.11brcm provided by Broadcom to ASUS. I modified a few important features and included many patches from upstream. So it supports IPsec, multi-threaded cryptography engines and proprietary kernel modules (CTF, DPI and NTFS drivers). All these features however have not been in active use since ER-X took over the functions in October 2016.
The userspace applications are a snapshot of Asuswrt-Merlin v380.60 alpha 1. It also includes a few of my important modifications. Critical applications are however run off Entware-ng or my own compilation placed in /jffs/bin. The whole image is built using my custom toolchain which turns on support for native pthread.
A Note on Asus Firmware's Memory Leakage
Look at this snapshot of memory usage. My RT-AC56U was used as router until Jun 20, 2016. On that day it was converted into an access point. A week later "cut through forwarding" (CTF) was disabled. The RT-AC56U was left running as an access point without any tweaks since then.
There are multiple suggested sources of memory leaks in Asus firmware. One with concrete evidence is kernel memory leakage in CTF i.e. slab objects, kmalloc-96. The "slabs" curve from the memory chart with monotonically increasing trend reflects this leakage.
July 2017 Build
I had never expected the need to do another build. However, a few important iptables extensions were not in 60A1_Kp6. I had removed 60A1_Kp6 build directory. Only backup is the Kp6 kernel source. Very unwilling to get my hands wet again as one could imagine but those iptables features are important to my latest need.
I picked up Asuswrt-Merlin v380.66_6 source. Replaced with Kp6 kernel and merged a few changes from v380.66_6. So now my RT-AC56U runs 66r6_Kp7. I decided to disable many features which I never used in the past year. The following screenshot shows what features are enabled at build time. Even that does not tell the full picture since I manually removed quite a few binaries and symbolic links (e.g. dnsmasq, ntp, ntpclient, crontab, firmware_check, gencerts.sh, entware-setup.sh, webs_*.sh, wget etc).
I only require the kernel and bare minimum user space utilities to load it up and run. On the other hand I also don't want to spare more time on finding what to strip. The compromise is a stripped down 14MB image. Small and snappy! I hope this time around 66r6_Kp7 lives until the hardware's decommission. :)
A list of issues I found in asuswrt kernel that are still not fixed:
- crash when iptables -j CLASSIFY
- tc + hfsc terribly broken
- inotify terribly broken
Initially published on Nov 1, 2016