Linksys sucks at coding, and about my linksys-wrt3g-tools

Some know that I live nearly offline, only connected to the world through an unstable and low-bandwidth (40kB/s) UMTS connection. We have to use a directed UMTS antenna and a Linksys UMTS Router (WRT54G3G-EU) to connect to the cell phone tower some villages away.

Since the connection is relatively unstable - the router keeps being connected, but neither sends nor receives any data packages until it gets rebooted - we needed a way to easily check its status and reboot it, without logging into the admin web interface.

This is where I started to hack on my linksys-wrt3g-tools some year ago. Only basic functionality, preg_match'ing the status page to extract connection status information, and a simple authenticated HTTP POST call to the apply.cgi(!) file that reboots it. And a munin plugin for monitoring, of course :)

Cleaning up

The script worked as it should, but was a dirty hack - hard-coded configuration, only partial status display, dirty translations ("Upgrade are failed!"). I decided to do it the proper way and switched to DOM-based HTML scraping, real configuration files and nifty command line switches (using PEAR's excellent Console_CommandLine package).

While getting samples of the HTML for the unit tests, I became aware of the HTML header comments:

*   Copyright 2003, CyberTAN  Inc.  All Rights Reserved *

the contents of this file may not be disclosed to third parties,
copied or duplicated in any form without the prior written
permission of CyberTAN Inc.

This software should be used as a reference only, and it not
intended for production use!

The HTML is really ugly, totally invalid, wrongly nested (as non-wellformed as HTML can get) and full of JavaScript text replacements.

Another issue came to light when I added HTTP status code checking:

$ wget http://admin:pass@
--2010-12-16 23:21:42--  http://admin:pass@
Connecting to connected.
HTTP request sent, awaiting response... 200 Unauthorized

So we get a 200 (which means OK) status code when the username and password do not match. Oh, great. And that's only one single file. All the other (status) URLs I tested gave a correct 401.

So we have the following:

That's what a customer gets for paying a relatively big bunch of money.

Written by Christian Weiske.

Comments? Please send an e-mail.