search

coova / coova-chilli

CoovaChilli is an open-source software access controller for captive portal hotspots.
Other
514 stars 257 forks source link

XT_COOVA bytes count totally screwed up #495

Closed xewonder closed 4 years ago

xewonder commented 4 years ago

Hi,

Running coova-chilli 1.4 with xt_coova

the bytes recorded in coova are totally screwed up against the reality!

root@XXX-DEMO:~# iptables -L FORWARD -nvx --line-numbers Chain FORWARD (policy DROP 400 packets, 38878 bytes) num pkts bytes target prot opt in out source destination
1 95 112773 ACCEPT all -- tun0 0.0.0.0/0 0.0.0.0/0
2 152 21515 ACCEPT all -- tun0 0.0.0.0/0 0.0.0.0/0
3 18053 21007213 ACCEPT all -- eth0.2 wlan0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest 4 16856 11629643 ACCEPT all -- wlan0 eth0.2 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source 5 400 38878 forwarding_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom forwarding rule chain / 6 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED / !fw3 / 7 0 0 zone_lan_forward all -- br-lan 0.0.0.0/0 0.0.0.0/0 / !fw3 / 8 0 0 zone_wan_forward all -- eth0.2 0.0.0.0/0 0.0.0.0/0 / !fw3 /

root@XXX-DEMO:~# chilli_query list C0-4A-09-15-D7-E8 0.0.0.0 none 5d9dbc2600000004 0 - 0/0 0/0 0/0 0/0 0 0 0/0 0/0 - A4-9B-4F-29-0A-03 10.1.0.15 pass 5d9dbc0500000003 1 me.me@gmail.com@waveloc_demo 402/0 3/0 712608635/0 517333959/0 0 0 0%/0 0%/0 http://connectivitycheck.platform.hicloud.com/generate_204_d4f5ec70-c7a9-4bdf-bb86-9a070f19e217 78-A3-51-10-41-73 0.0.0.0 none 5d9dbbb500000002 0 - 0/0 0/0 0/0 0/0 0 0 0/0 0/0 - 00-0C-29-15-36-09 0.0.0.0 none 5d9dbbb500000001 0 - 0/0 0/0 0/0 0/0 0 0 0/0 0/0 -

Any ideas?

xewonder commented 4 years ago

Just to expand on the above.

All is "working" but the upload and download bytes recorded by chilli are totally wrong!

root@WAVELOC-DEMO:~# cat /proc/net/coova/chilli mac=A4-9B-4F-29-0A-03 src=10.1.0.15 state=1 bin=2356931123 bout=17406627982 pin=149696 pout=337663

root@WAVELOC-DEMO:~# chilli_query list C0-4A-09-15-D7-E8 0.0.0.0 none 5d9e160800000002 0 - 0/0 0/0 0/0 0/0 0 0 0/0 0/0 - A4-9B-4F-29-0A-03 10.1.0.15 pass 5d9e15d400000001 1 me.me@gmail.com@waveloc_demo 407/0 26/0 17406627982/0 2356931123/0 0 0 0%/0 0%/0 http://levelupv2.accu-weather.com/widget/levelupv2/weather-data.asp?LangId=28&metric=1&slat=37.87&slon=23.75

root@WAVELOC-DEMO:~# ifconfig br-lan Link encap:Ethernet HWaddr 78:A3:51:10:41:72
inet addr:192.168.70.1 Bcast:192.168.70.255 Mask:255.255.255.0 inet6 addr: fe80::7aa3:51ff:fe10:4172/64 Scope:Link inet6 addr: fdfd:b562:ffdf::1/60 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1554 errors:0 dropped:0 overruns:0 frame:0 TX packets:1493 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:133818 (130.6 KiB) TX bytes:313408 (306.0 KiB)

eth0 Link encap:Ethernet HWaddr C0:4A:09:15:D7:E8
inet6 addr: fe80::c24a:9ff:fe15:d7e8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:381250 errors:0 dropped:1 overruns:0 frame:0 TX packets:151592 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:568371982 (542.0 MiB) TX bytes:12355120 (11.7 MiB) Interrupt:5

eth0.1 Link encap:Ethernet HWaddr 78:A3:51:10:41:72
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1554 errors:0 dropped:0 overruns:0 frame:0 TX packets:1493 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:133818 (130.6 KiB) TX bytes:313408 (306.0 KiB)

eth0.2 Link encap:Ethernet HWaddr 78:A3:51:10:41:73
inet addr:192.168.1.37 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::7aa3:51ff:fe10:4173/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:340171 errors:0 dropped:0 overruns:0 frame:0 TX packets:150085 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:559311163 (533.4 MiB) TX bytes:11433015 (10.9 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:48 errors:0 dropped:0 overruns:0 frame:0 TX packets:48 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3771 (3.6 KiB) TX bytes:3771 (3.6 KiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:11.1.0.1 P-t-P:11.1.0.1 Mask:255.255.0.0 inet6 addr: fe80::f302:3fe5:4a32:fb24/64 Scope:Link UP POINTOPOINT RUNNING MTU:1500 Metric:1 RX packets:842 errors:0 dropped:0 overruns:0 frame:0 TX packets:568 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:74077 (72.3 KiB) TX bytes:244951 (239.2 KiB)

wlan0 Link encap:Ethernet HWaddr C0:4A:09:15:D7:E8
inet addr:10.1.0.1 Bcast:10.255.255.255 Mask:255.0.0.0 inet6 addr: fe80::c24a:9ff:fe15:d7e8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:151684 errors:0 dropped:0 overruns:0 frame:0 TX packets:377676 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11533944 (10.9 MiB) TX bytes:573891743 (547.3 MiB)

wlan0-1 Link encap:Ethernet HWaddr C2:4A:09:15:D7:E8
inet6 addr: fe80::c04a:9ff:fe15:d7e8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:120 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:29892 (29.1 KiB)

root@WAVELOC-DEMO:~# iptables -L -nvx --line-numbers Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination
1 32 2274 ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 / !fw3 / 2 3939 336122 input_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom input rule chain / 3 1776 144322 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED / !fw3 / 4 82 4920 syn_flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 / !fw3 / 5 0 0 zone_lan_input all -- br-lan 0.0.0.0/0 0.0.0.0/0 / !fw3 / 6 658 132036 zone_wan_input all -- eth0.2 0.0.0.0/0 0.0.0.0/0 / !fw3 / 7 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 8 29 1252 ACCEPT tcp -- wlan0 0.0.0.0/0 11.1.0.1 tcp dpt:3990coova: name: chilli side: source 9 331 10964 INPUT_tun0 all -- tun0 0.0.0.0/0 0.0.0.0/0
10 1423 55332 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "IPTables-INPUT-Dropped:" 11 1423 55332 DROP all -- * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 745 packets, 69640 bytes) num pkts bytes target prot opt in out source destination
1 134 95219 ACCEPT all -- tun0 0.0.0.0/0 0.0.0.0/0
2 190 24807 ACCEPT all -- tun0 0.0.0.0/0 0.0.0.0/0
3 337665 558822744 ACCEPT all -- wlan0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest 4 149669 9284240 ACCEPT all -- wlan0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source 5 745 69640 forwarding_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom forwarding rule chain / 6 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED / !fw3 / 7 0 0 zone_lan_forward all -- br-lan 0.0.0.0/0 0.0.0.0/0 / !fw3 / 8 0 0 zone_wan_forward all -- eth0.2 0.0.0.0/0 0.0.0.0/0 / !fw3 /

Chain OUTPUT (policy ACCEPT 5 packets, 1141 bytes) num pkts bytes target prot opt in out source destination
1 32 2274 ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 / !fw3 / 2 2030 460025 output_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom output rule chain / 3 1905 448235 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED / !fw3 / 4 0 0 zone_lan_output all -- br-lan 0.0.0.0/0 0.0.0.0/0 / !fw3 / 5 120 10649 zone_wan_output all -- eth0.2 0.0.0.0/0 0.0.0.0/0 / !fw3 */

Chain INPUT_tun0 (1 references) num pkts bytes target prot opt in out source destination
1 53 3180 ACCEPT tcp -- tun0 0.0.0.0/0 11.1.0.1 tcp dpt:3990 2 278 7784 RETURN all -- * 0.0.0.0/0 0.0.0.0/0

Chain forwarding_lan_rule (1 references) num pkts bytes target prot opt in out source destination

Chain forwarding_rule (1 references) num pkts bytes target prot opt in out source destination

Chain forwarding_wan_rule (1 references) num pkts bytes target prot opt in out source destination

Chain input_lan_rule (1 references) num pkts bytes target prot opt in out source destination

Chain input_rule (1 references) num pkts bytes target prot opt in out source destination

Chain input_wan_rule (1 references) num pkts bytes target prot opt in out source destination

Chain output_lan_rule (1 references) num pkts bytes target prot opt in out source destination

Chain output_rule (1 references) num pkts bytes target prot opt in out source destination

Chain output_wan_rule (1 references) num pkts bytes target prot opt in out source destination

Chain reject (1 references) num pkts bytes target prot opt in out source destination
1 6 264 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 / !fw3 / reject-with tcp-reset 2 478 80374 REJECT all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 / reject-with icmp-port-unreachable

Chain syn_flood (1 references) num pkts bytes target prot opt in out source destination
1 82 4920 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50 / !fw3 / 2 0 0 DROP all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /

Chain zone_lan_dest_ACCEPT (4 references) num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- br-lan 0.0.0.0/0 0.0.0.0/0 / !fw3 */

Chain zone_lan_forward (1 references) num pkts bytes target prot opt in out source destination
1 0 0 forwarding_lan_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom lan forwarding rule chain / 2 0 0 zone_wan_dest_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Zone lan to wan forwarding policy / 3 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate DNAT / !fw3: Accept port forwards / 4 0 0 zone_lan_dest_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /

Chain zone_lan_input (1 references) num pkts bytes target prot opt in out source destination
1 0 0 input_lan_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom lan input rule chain / 2 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate DNAT / !fw3: Accept port redirections / 3 0 0 zone_lan_src_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /

Chain zone_lan_output (1 references) num pkts bytes target prot opt in out source destination
1 0 0 output_lan_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom lan output rule chain / 2 0 0 zone_lan_dest_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /

Chain zone_lan_src_ACCEPT (1 references) num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- br-lan 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED / !fw3 */

Chain zone_wan_dest_ACCEPT (2 references) num pkts bytes target prot opt in out source destination
1 2 80 DROP all -- eth0.2 0.0.0.0/0 0.0.0.0/0 ctstate INVALID / !fw3: Prevent NAT leakage / 2 118 10569 ACCEPT all -- eth0.2 0.0.0.0/0 0.0.0.0/0 / !fw3 /

Chain zone_wan_dest_DROP (1 references) num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- eth0.2 0.0.0.0/0 0.0.0.0/0 / !fw3 */

Chain zone_wan_forward (1 references) num pkts bytes target prot opt in out source destination
1 0 0 forwarding_wan_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom wan forwarding rule chain / 2 0 0 zone_lan_dest_ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Allow-IPSec-ESP / 3 0 0 zone_lan_dest_ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500 / !fw3: Allow-ISAKMP / 4 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate DNAT / !fw3: Accept port forwards / 5 0 0 zone_wan_dest_DROP all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /

Chain zone_wan_input (1 references) num pkts bytes target prot opt in out source destination
1 658 132036 input_wan_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom wan input rule chain / 2 162 51030 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 / !fw3: Allow-DHCP-Renew / 3 0 0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 / !fw3: Allow-Ping / 4 12 368 ACCEPT 2 -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Allow-IGMP / 5 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate DNAT / !fw3: Accept port redirections / 6 484 80638 zone_wan_src_REJECT all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /

Chain zone_wan_output (1 references) num pkts bytes target prot opt in out source destination
1 120 10649 output_wan_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom wan output rule chain / 2 120 10649 zone_wan_dest_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /

Chain zone_wan_src_REJECT (1 references) num pkts bytes target prot opt in out source destination
1 484 80638 reject all -- eth0.2 0.0.0.0/0 0.0.0.0/0 / !fw3 */

Any Ideas?