search

aparcar / openwrt

Staging tree of Paul Spooren
Other
9 stars 1 forks source link

FS#1241 - firewall: Enabling logging for the WAN zone causes excessive "MSSFIX" log spam #1348

Closed aparcar closed 6 years ago

aparcar commented 6 years ago

silentcreek:

When I enable logging of rejected/dropped packages on my WAN zone via the UCI option "log", the system log get's spammed with thousands of MSSFIX messages in just a few hours. The messages look like these (IP and MAC addresses redacted): Fri Dec 22 22:43:55 2017 kern.warn kernel: [37622.753479] MSSFIX(wan): IN=br-lan OUT=eth0 MAC= SRC= DST= LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=37548 DF PROTO=TCP SPT=57454 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 Fri Dec 22 22:44:05 2017 kern.warn kernel: [37632.021289] MSSFIX(wan): IN=br-lan OUT=eth0 MAC= SRC= DST= LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=20338 DF PROTO=TCP SPT=57455 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 Fri Dec 22 22:44:05 2017 kern.warn kernel: [37632.078328] MSSFIX(wan): IN=br-lan OUT=eth0 MAC= SRC= DST= LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=11712 DF PROTO=TCP SPT=57456 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 Fri Dec 22 22:44:11 2017 kern.warn kernel: [37638.223127] MSSFIX(wan): IN=br-lan OUT=eth0 MAC= SRC= DST= LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=28644 DF PROTO=TCP SPT=52576 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0

The documentation suggests that the option log would only log rejected and dropped packages, which is what I'm interested in. I don't need the MSSFIX messages.

My WAN zone has masquerading as well as the option "mtu_fix" enabled (by default). The "mtu_fix" option seems to cause these messages. Apparently, this has been an issue in OpenWrt a long time ago, was then fixed and somehow got reintroduced? See ticket [1]

How can I enabled logging but not log the useless MSSFIX messages?

Thank you!

[1] https://dev.openwrt.org/ticket/10681

P.S.: I'm using LEDE 17.01.4 on a TP-Link Archer C7 V2.

aparcar commented 6 years ago

linuxonlinehelp:

I agree, my Routers logs mssfix too.

found this but had no time to check.. https://dev.archive.openwrt.org/ticket/10681

aparcar commented 6 years ago

jow-:

Fixed in master with https://git.openwrt.org/?p=project/firewall3.git;a=commitdiff;h=a3ef503ed515752f7d1809c8c3238c0e4c7ce150 and https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=7cc9914aae55b87e4fb002b5faf9cf5ff8d44880