Outbound traffic view empty

[0vercl0k]

I've been running into this for the past few days; basically the 'outbound traffic' view is empty (both on iOS & website). I've looked at some of the log and this one might be relevant (from superdb):

2024/01/15 16:40:12 [-] Empty db configuration, initializing

[lts-rad]

to diagnose:

1. traffic can be retreived with these calls:

curl -u admin:admin http://spr.local/traffic_history curl -u admin:admin http://spr.local/iphistory

do these return 200? data?

2. if the above failed do you see table ip accounting if you run "nft list ruleset | less" ?

[lts-rad]

As for the log configuration log that is expected until a user has customized their events. that error is probably too verbose then. it will use the defaults

        // default config
        config := &LogConfig{
                SaveEvents: []string{"log:api", "dns:block:event", "dns:override:event", "dns:serve:", "wifi:auth:", "auth:failure:"},
                MaxSize:    250 * 1024 * 1024, //bytes
        }
        data, err := ioutil.ReadFile(gConfigPath)
``

[0vercl0k]

Okay so hitting iphistory returns a 404, traffic_history does return something that looks healthy. I also see a table ip accounting ruleset.

[lts-rad]

so the right function was iptraffic not iphistory.

curl -u admin:admin http://192.168.2.1/iptraffic

on the router you can check:

nft -j list set ip accounting all_ip;

I suspect this is empty for some reason.

[lts-rad]

unclear how this would happen. the rules look like this:

set all_ip {
        type ifname . ipv4_addr . ipv4_addr
        counter
        flags dynamic
        timeout 1h
        size 4096
      }

      chain FORWARD {
        type filter hook forward priority -150 ; policy accept;

        # Log all input ip pairs (input interface, src ip, dst ip)
        add @all_ip { iifname . ip saddr . ip daddr }
        iifname . ip saddr . ip daddr @all_ip

        ip daddr @local_lan jump count_in
        ip saddr @local_lan jump count_out
      }

[0vercl0k]

Hitting iptraffic seems to return some healthy data, and nft -j list set ip accounting all_ip; as well (it is not empty either) 🤔

On Thu, Jan 18, 2024 at 2:53 PM Alex Rad @.***> wrote:

unclear how this would happen. the rules look like this:

    type ifname . ipv4_addr . ipv4_addr
    counter
    flags dynamic
    timeout 1h
    size 4096
  }

  chain FORWARD {
    type filter hook forward priority -150 ; policy accept;

    # Log all input ip pairs (input interface, src ip, dst ip)
    add @all_ip { iifname . ip saddr . ip daddr }
    iifname . ip saddr . ip daddr @all_ip

    ip daddr @local_lan jump count_in
    ip saddr @local_lan jump count_out
  }

— Reply to this email directly, view it on GitHub https://github.com/spr-networks/super/issues/262#issuecomment-1899347278, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALIORO22B33TSMGF5WDJZLYPGRX3AVCNFSM6AAAAABB3T6BMWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJZGM2DOMRXHA . You are receiving this because you authored the thread.Message ID: @.***>

[lts-rad]

okay so tracked this down

    //update firewall table rules to service the new tiny networks, where needed
    flushSupernetworkEntries()
    for _, supernet := range TinyNets {
        addSupernetworkEntry(supernet)
    }

seems like local_lan is missing the full supernets entries. lets see why this isnt running ons tartup

[lts-rad]

startup goes initDHCP-> loadDHCPConfig -> updateFirewallSubnets(getLANIP(), gDhcpConfig.TinyNets)

its unclear then how this would get out of sync

[lts-rad]

closing for now

[0vercl0k]

Thanks again for figuring it out!