search

coova / coova-chilli

CoovaChilli is an open-source software access controller for captive portal hotspots.
Other
512 stars 258 forks source link

XT-coova "screwing up" all "readings" - iptables in particular #568

Closed xewonder closed 1 year ago

xewonder commented 1 year ago

Hello,

I have now this: DISTRIB_ID='OpenWrt' DISTRIB_RELEASE='19.07.7' DISTRIB_REVISION='r11306-c4a6851c72' DISTRIB_TARGET='mt6890/evb6890v1_64_cpe_nand' DISTRIB_ARCH='aarch64_cortex-a55_neon-vfpv4' DISTRIB_DESCRIPTION='OpenWrt 19.07.7 r11306-c4a6851c72' DISTRIB_TAINTS='no-all busybox'

when i enable xt-coova all the "counters" ( bytes in/out) get screwed up with wrong data.... here is an example from fresh (just after reboot). I will upload and download a 100mb file:

everything is about ZERO....

here is before:

ifconfig (note rai0 and ccmni1)

`br-lan2 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.170.254.1 Bcast:192.170.254.255 Mask:255.255.255.0 inet6 addr: fd7e:8d41:f468:10::1/60 Scope:Global inet6 addr: fe80::54d0:b4ff:fe1b:5dbf/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:432 (432.0 B)

brwan Link encap:Ethernet HWaddr 54:D0:B4:2B:5D:BE
UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

ccmni1 Link encap:Ethernet HWaddr A6:2B:32:70:47:20
inet addr:10.184.81.126 Bcast:10.184.81.127 Mask:255.255.255.248 inet6 addr: 2a02:1388:208a:567f::af35:61f1/64 Scope:Global inet6 addr: fe80::af35:61f1/128 Scope:Link UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:76 errors:0 dropped:1 overruns:0 frame:0 TX packets:90 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7123 (6.9 KiB) TX bytes:8498 (8.2 KiB)

eth0 Link encap:Ethernet HWaddr 54:D0:B4:2B:5D:BD
inet addr:192.170.1.1 Bcast:192.170.1.255 Mask:255.255.255.0 inet6 addr: 2a02:1388:208a:567f::1/64 Scope:Global inet6 addr: fe80::1/64 Scope:Link inet6 addr: fe80::56d0:b4ff:fe2b:5dbd/64 Scope:Link inet6 addr: fd7e:8d41:f468::1/60 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:230 errors:0 dropped:9 overruns:0 frame:0 TX packets:95 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:29185 (28.5 KiB) TX bytes:10950 (10.6 KiB) Interrupt:70

eth1 Link encap:Ethernet HWaddr 54:D0:B4:2B:5D:BE
UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:70

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:228 errors:0 dropped:0 overruns:0 frame:0 TX packets:228 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:20255 (19.7 KiB) TX bytes:20255 (19.7 KiB)

ra0 Link encap:Ethernet HWaddr 54:D0:B4:2B:5D:BF
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:11

rai0 Link encap:Ethernet HWaddr 54:D0:B4:2B:5D:C0
inet addr:192.168.182.1 Bcast:192.168.182.255 Mask:255.255.255.0 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:10

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:11.1.0.1 P-t-P:11.1.0.1 Mask:255.255.0.0 inet6 addr: fe80::ad9d:4efd:c6db:1269/64 Scope:Link UP POINTOPOINT RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:576 (576.0 B)`

iptables: `Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- 0.0.0.0/0 161.97.156.113
0 0 ACCEPT all -- 0.0.0.0/0 10.8.0.0/24
153 10774 ACCEPT all -- 0.0.0.0/0 192.170.1.0/24
0 0 ACCEPT all -- 0.0.0.0/0 10.20.0.0/24
0 0 ACCEPT tcp -- rai0 0.0.0.0/0 11.1.0.1 tcp dpt:3990coova: name: chilli side: source 0 0 INPUT_tun0 all -- tun0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- rai0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 0.0.0.0/0 0.0.0.0/0
98 10976 ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 / !fw3 / 126 11668 input_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom input rule chain / 124 11572 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED / !fw3 / 0 0 syn_flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 / !fw3 / 0 0 reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 / !fw3: @rule[8] / 0 0 reject udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:113 / !fw3: @rule[8] / 1 56 zone_lan_input all -- eth0 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_lan2_input all -- br-lan2 0.0.0.0/0 0.0.0.0/0 / !fw3 / 1 40 zone_wan_input all -- ccmni1 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_wan_input all -- brwan 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 DROP all -- * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- ccmni1 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 ccmni1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ccmni1 rai0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest 0 0 ACCEPT all -- rai0 ccmni1 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source 0 0 ACCEPT all -- ccmni0 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 ccmni0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ccmni0 rai0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest 0 0 ACCEPT all -- rai0 ccmni0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source 0 0 DROP all -- rai0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 0.0.0.0/0 0.0.0.0/0
0 0 forwarding_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom forwarding rule chain / 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED / !fw3 / 0 0 zone_lan_forward all -- eth0 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_lan2_forward all -- br-lan2 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_wan_forward all -- ccmni1 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_wan_forward all -- brwan 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 reject all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
98 10976 ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 / !fw3 / 396 38302 output_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom output rule chain / 202 23467 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED / !fw3 / 1 36 zone_lan_output all -- eth0 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_lan2_output all -- br-lan2 0.0.0.0/0 0.0.0.0/0 / !fw3 / 95 6567 zone_wan_output all -- ccmni1 0.0.0.0/0 0.0.0.0/0 / !fw3 / 98 8232 zone_wan_output all -- brwan 0.0.0.0/0 0.0.0.0/0 / !fw3 */

Chain INPUT_tun0 (1 references) pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- tun0 0.0.0.0/0 11.1.0.1 tcp dpt:3990 0 0 RETURN all -- * 0.0.0.0/0 0.0.0.0/0
` now i will connect and do a "metered" 100mb download...

ifconfig: `br-lan2 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.170.254.1 Bcast:192.170.254.255 Mask:255.255.255.0 inet6 addr: fd7e:8d41:f468:10::1/60 Scope:Global inet6 addr: fe80::54d0:b4ff:fe1b:5dbf/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:432 (432.0 B)

brwan Link encap:Ethernet HWaddr 54:D0:B4:2B:5D:BE
UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

ccmni1 Link encap:Ethernet HWaddr A6:2B:32:70:47:20
inet addr:10.184.81.126 Bcast:10.184.81.127 Mask:255.255.255.248 inet6 addr: 2a02:1388:208a:567f::af35:61f1/64 Scope:Global inet6 addr: fe80::af35:61f1/128 Scope:Link UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:84026 errors:0 dropped:1 overruns:0 frame:0 TX packets:11983 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:112815392 (107.5 MiB) TX bytes:1139919 (1.0 MiB)

eth0 Link encap:Ethernet HWaddr 54:D0:B4:2B:5D:BD
inet addr:192.170.1.1 Bcast:192.170.1.255 Mask:255.255.255.0 inet6 addr: 2a02:1388:208a:567f::1/64 Scope:Global inet6 addr: fe80::1/64 Scope:Link inet6 addr: fe80::56d0:b4ff:fe2b:5dbd/64 Scope:Link inet6 addr: fd7e:8d41:f468::1/60 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:567 errors:0 dropped:9 overruns:0 frame:0 TX packets:416 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:54385 (53.1 KiB) TX bytes:66400 (64.8 KiB) Interrupt:70

eth1 Link encap:Ethernet HWaddr 54:D0:B4:2B:5D:BE
UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:70

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:416 errors:0 dropped:0 overruns:0 frame:0 TX packets:416 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:41311 (40.3 KiB) TX bytes:41311 (40.3 KiB)

ra0 Link encap:Ethernet HWaddr 54:D0:B4:2B:5D:BF
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:11

rai0 Link encap:Ethernet HWaddr 54:D0:B4:2B:5D:C0
inet addr:192.168.182.1 Bcast:192.168.182.255 Mask:255.255.255.0 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:4768 errors:70 dropped:0 overruns:0 frame:0 TX packets:86213 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:931734 (909.8 KiB) TX bytes:113748778 (108.4 MiB) Interrupt:10

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:11.1.0.1 P-t-P:11.1.0.1 Mask:255.255.0.0 inet6 addr: fe80::ad9d:4efd:c6db:1269/64 Scope:Link UP POINTOPOINT RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:576 (576.0 B)`

iptables:

`Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- 0.0.0.0/0 161.97.156.113
0 0 ACCEPT all -- 0.0.0.0/0 10.8.0.0/24
422 27286 ACCEPT all -- 0.0.0.0/0 192.170.1.0/24
0 0 ACCEPT all -- 0.0.0.0/0 10.20.0.0/24
0 0 ACCEPT tcp -- rai0 0.0.0.0/0 11.1.0.1 tcp dpt:3990coova: name: chilli side: source 0 0 INPUT_tun0 all -- tun0 0.0.0.0/0 0.0.0.0/0
2 686 DROP all -- rai0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 0.0.0.0/0 0.0.0.0/0
254 28448 ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 / !fw3 / 238 21473 input_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom input rule chain / 235 21321 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED / !fw3 / 0 0 syn_flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 / !fw3 / 0 0 reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 / !fw3: @rule[8] / 0 0 reject udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:113 / !fw3: @rule[8] / 2 112 zone_lan_input all -- eth0 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_lan2_input all -- br-lan2 0.0.0.0/0 0.0.0.0/0 / !fw3 / 1 40 zone_wan_input all -- ccmni1 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_wan_input all -- brwan 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 DROP all -- * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- ccmni1 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 ccmni1 0.0.0.0/0 0.0.0.0/0
2747 976401 ACCEPT all -- ccmni1 rai0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest 2853 570649 ACCEPT all -- rai0 ccmni1 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source 0 0 ACCEPT all -- ccmni0 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 ccmni0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ccmni0 rai0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: dest 0 0 ACCEPT all -- rai0 ccmni0 0.0.0.0/0 0.0.0.0/0 coova: name: chilli side: source 2 1288 DROP all -- rai0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- tun0 0.0.0.0/0 0.0.0.0/0
0 0 forwarding_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom forwarding rule chain / 0 0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED / !fw3 / 0 0 zone_lan_forward all -- eth0 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_lan2_forward all -- br-lan2 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_wan_forward all -- ccmni1 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_wan_forward all -- brwan 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 reject all -- 0.0.0.0/0 0.0.0.0/0 / !fw3 /

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
254 28448 ACCEPT all -- lo 0.0.0.0/0 0.0.0.0/0 / !fw3 / 963 110784 output_rule all -- 0.0.0.0/0 0.0.0.0/0 / !fw3: Custom output rule chain / 544 77107 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED / !fw3 / 2 72 zone_lan_output all -- eth0 0.0.0.0/0 0.0.0.0/0 / !fw3 / 0 0 zone_lan2_output all -- br-lan2 0.0.0.0/0 0.0.0.0/0 / !fw3 / 163 12269 zone_wan_output all -- ccmni1 0.0.0.0/0 0.0.0.0/0 / !fw3 / 254 21336 zone_wan_output all -- brwan 0.0.0.0/0 0.0.0.0/0 / !fw3 */

Chain INPUT_tun0 (1 references) pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- tun0 0.0.0.0/0 11.1.0.1 tcp dpt:3990 0 0 RETURN all -- * 0.0.0.0/0 0.0.0.0/0
`

chilli_query list: 54-D0-B4-2B-5D-C0 0.0.0.0 none 167809676900000003 0 - 0/0 0/0 0/0 0/0 0 0 0/0 0/0 - 5E-D7-36-BC-E6-63 192.168.182.15 pass 167809676900000002 1 5E-D7-36-BC-E6-63 145/0 7/0 1163677/0 748671/0 0 0 0/0 0/0 - 06-16-26-36-46-56 0.0.0.0 none 167809658000000001 0 - 0/0 0/0 0/0 0/0 0 0 0/0 0/0 -

WTF??

image

Any idea?

Removing XT-coova will give the right results...

Any help GREATLY appreciated...

xewonder commented 1 year ago

it was because the wlan card was not assigned to a lan card

option network 'lan3' for the wifi card