"Simon Lyall" <simon at darkmere.gen.nz> wrote in message
Way to go, D-Link. I'll think twice about buying any of your products.
Poul-Henning, you have my sympathy.

Donating money sounds nice but if it paid the DIX fees, it would end
up subsidising D-Link for being idiots. Damned if you do, damned if
you don't.

Groetjes,
Maarten Wiltink

I'm reminded of Yogi Berra's quote: It's like deja vu, all over again.
I just replaced the firmware on my Linksys WRT54G router with Openwrt
and one benefit is that it doesn't hardwire any ntp servers. The one
annoying thing about the embedded linux that everyone is using on
their routes is that it doesn't have any hooks for tweaking the kernel
clock frequency. The clock seems to be free-running and one can only
step it. Well, I guess I shouldn't criticize the dancing bear's
dancing. It is pretty amazing to have what appears to be a fairly
featureful linux in a $50 device that takes half a dozen watts at
most.

The things I'm most impressed with in the Openwrt firmware are:

* a real ssh that can used an ".ssh/authorized_keys" file for
industrial strength break-in resistance.

* an line editing-enabled /bin/sh look-alike

* a writable flash file system that looks just like a unix fs to the user.

* file-based and command-line based configuration so one can scp a
copy of all the router's settings to a main machine for safe backup.

* an automated in-router way to download additional software.

* IPV6 - it also works just fine for both ssh and ntp.

Anyone that has one of the affected Dlink products might want to look
into replacing the firmware with the more featureful free/open version
from http://www.openwrt.org/ .

-wolfgang

If DLink were just a little bit smarter, they would have used the
stratum-2 list rather than the stratum-1 list, and in that case would have
ended up hammering on my server. I called their Irvine offices, and
eventually spoke to their corporate counsel who seems to be in "deny
everything" mode. They have no intention of doing any sort of recall of
those boxes.

DLink uses 192.152.81.0/24 at their Irvine offices, and

ntpq -n -c peers 192.152.81.100
remote refid st t when poll reach delay offset jitter
==============================================================================
+64.7.210.145 216.218.254.202 2 u 129 256 377 7.710 5.768 4.910
*132.239.1.6 .GPS. 1 u 19 256 377 18.980 -0.428 0.870


DLink also uses 64.7.210.128/27, and

ntpq -n -c peers 64.7.210.145
remote refid st t when poll reach delay offset jitter
==============================================================================
+216.218.192.202 .GPS. 1 u 889 1024 377 19.214 -1.641 0.192
*216.218.254.202 .CDMA. 1 u 8 1024 377 16.256 -1.116 0.699
+207.200.81.113 .ACTS. 1 u 754 1024 377 10.533 0.369 3.415
-69.25.96.13 .ACTS. 1 u 464 1024 377 16.109 -7.599 0.084
66.150.161.133 .INIT. 16 u - 1024 0 0.000 0.000 4000.00
66.150.161.141 .INIT. 16 u - 1024 0 0.000 0.000 4000.00
66.150.161.133 .INIT. 16 u - 1024 0 0.000 0.000 4000.00
-128.9.176.30 .GPS. 1 u 69 1024 333 41.681 14.988 3.867

It is unclear if either of those DLink machines are obeying the access
restrictions of the servers that they are using.

Having read Poul-Hennings open letter, and finding that I had one of
the affected routers, I quickly reconfigured it to use the swedish ntp
pool instead, only to find out that this crap product can't handle
that without crashing :-(

It can also not use an ntp server on the LAN side, apparently, as all
my attempts to use one of my internal NTP-servers failed miserably.

I have now had D-link routers for almost three years, and I am ready
to declare them to be utter crap, or rather the programmers writing
code for them.

My first router was a D-link 804H, which regularly mixed up sessions,
if I was running multiple sessions of the same type (uucp over
tcp). After much struggle I got a firmware version that worked.

When the 804H broke down last summer, I quickly needed a replacement
while I got the broken one fixed/replaced, and I was handed a D-link
624, with 108 Mbps wlan.

The firmware in that router is the worst piece of crap I have ever
seen. There is almost nothing you can change in the config on that
router without the router having to reboot. And if you change almost
anything from the default, you better watch out so that it won't do
cyclic restarts.

After installation it was running fairly well, until I by accident
noticed some frequent unknown multicast traffic on my lan. I found out
that this was UPNP, Universal Plug and Play, and that it was the
router sending out the crap. I found a radio button in the web gui
that would disable this, so I disabled it. Little did I know then that
this was the start of multiple daily reboots of the router.

As I had changed a lot of other things as well, I did not immediately
connect UPNP and the reboots. I logged a service call with the Swedish
support, and they gave me several different firmware versions to try,
including some betas, all to no avail. They even replaced the router,
and this did nothing to improve things.

As the crap router can not reliably save and restore the config
between firmware versions, and the backup is in unreadable binary
format, you better do all configuration manually after each firmware
upgrade, and after a while I got bored fixing everything, so I started
doing the absolute minimum, and noticed that the router would then
stop restarting. It was then just a matter of changing one thing at a
time until it started acting up again, which happened to be when I
disabled UPNP.

After reporting this, I finally got a firmware where I could reliably
disable UPNP, and I have been running this firmware up until tonight,
when I noticed that router has now restarted everyday since I manually
changed the ntp server. That version could at least get the time from
the pool servers when it booted, but would crash each time it would do
its regular syncs.

I found that new firmware was available, and it specifically mentions
some ntp fixes, which I assume is to remove gps.dix.dk as the ntp
server to use. So I downloaded that, and (manually) configured the
router again, and selected se.pool.ntp.org as the ntp server to
use. Apparently the router can not handle this as it will not get the
time at all from that address, with the latest firmware. It will still
not be able to get the time from my internal server.

The support line is closed for easter, so I will have to call them
next week.

Another, incredibly stupid problem, with this routers firmware is that
the virtual server settings will not allow you to redirect different
ports on the wan side to different systems, using the same port, on
the lan side.

I found that when I tried to set up two virtual services for ssh,
where port 22 on the wan side would go to port 22 on system A on the
lan side, and port 10022 on the wan side would go to port 22 on system
B on the lan side. That was not allowed, and the support said that
this was by design! :-( OTOH it would probably have taken at least 10
firmware respins to get that working.

The conclusion is that I will never buy a D-link product again. My
time is worth more to me than having to play with this, which is a
pity as they are pretty simple to set up.

Thomas