Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#2541 - Hardware offloading causes some flows to fail to be NAT-ed #7331

Open
openwrt-bot opened this issue Oct 9, 2019 · 2 comments
Open

FS#2541 - Hardware offloading causes some flows to fail to be NAT-ed #7331

openwrt-bot opened this issue Oct 9, 2019 · 2 comments
Labels
flyspray kernel release/19.07

Comments

@openwrt-bot
Copy link

@openwrt-bot openwrt-bot commented Oct 9, 2019

bjonglez:

Just after a reboot, some flows are not NATed: packets from a machine in the LAN are sent to the WAN port with a private source IP address.

This is on a Linksys RE6500 (ramips mt7621) running openwrt 19.07-SNAPSHOT r10578-b3d70f628.
It is configured with ''flow_offloading'' and ''flow_offloading_hw''.

Here is a tcpdump capture showing the problem on the WAN port (''172.23.184.0/24'' is my LAN address space):

root@openwrt:~# tcpdump -n -i eth0.20 net 172.23.184.0/24
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.20, link-type EN10MB (Ethernet), capture size 262144 bytes
18:51:21.756552 IP 172.23.184.119.51001 > 91.224.XX.YY.52001: UDP, length 112
18:51:22.651556 IP 172.23.184.119.51001 > 91.224.XX.YY.52001: UDP, length 148
18:51:26.681032 IP 172.23.184.119.51001 > 91.224.XX.YY.52001: UDP, length 768
18:51:27.771654 IP 172.23.184.119.51001 > 91.224.XX.YY.52001: UDP, length 148

Here is what ''conntrack -L'' says:

udp 17 55 src=172.23.184.119 dst=91.224.XX.YY sport=51001 dport=52001 packets=93 bytes=20412 [UNREPLIED] src=91.224.XX.YY dst=172.23.184.119 sport=52001 dport=51001 packets=0 bytes=0 mark=0 use=1

Notice the second ''dst='' that shows the private IP address of the LAN machine.

After restarting the firewall, the flow is correctly NAT-ed and ''conntrack -L'' shows the correct entry (193.33.ZZ.WW is my public IP address):

udp 17 175 src=172.23.184.119 dst=91.224.XX.YY sport=51001 dport=52001 packets=4 bytes=704 [UNREPLIED] src=91.224.XX.YY dst=193.33.ZZ.WW sport=52001 dport=51001 packets=0 bytes=0 mark=0 use=1

Note: when I only enable ''flow_offloading'', the issue does not appear anymore, so this really seems to be an issue with the hw offloading integration in the firewall.

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Oct 18, 2019

cwbsw:

This issue affects me too.

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Feb 6, 2020

wajo666:

This issue affects me too. on Xiaomi mir3g

@aparcar aparcar added release/19.07 kernel labels Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray kernel release/19.07
Projects
None yet
Development

No branches or pull requests

2 participants