[Chilli] Crazy TCP resets when CoovaChilli is enabled (UAM redirection problem)

Yuh-Rong Leu yuhrong.leu at gmail.com
Wed Apr 27 14:33:13 UTC 2011


I found the root cause of the crazy TCP reset messages.

In dhcp.c, the dhcp_data_req() function calls dhcp_undoDNAT with the
do_reset parameter set to 1 when authstate == DHCP_AUTH_DNAT (at around
line# 4074). Therefore, crazy TCP reset messages will be sent inside
dhcp_undoDNAT.

After the code is changed to use 0 for the do_reset  parameter when calling
dhcp_undoDNAT, the problem goes away, and Web redirection works well with
any triggering any URL on any browser.

Yuh-Rong Leu



2011/4/26 Yuh-Rong Leu <yuhrong.leu at gmail.com>

> Web redirection doesn't work stably with my CoovaChilli/OpenWrt box. Here
> are the test results:
>
> If the browser home page is set to http://www.google.com:
> - IE9 is seldom redirected to the welcome/login page
> - Chrome 10 is redirected to the welcome/login page most of the time.
> - Firefox 4 is is redirected to the welcome/login page most of the time.
>
> If the browser home page is set to http://www.microsoft.com:
> - Redirection works quite fine with all kinds of browsers.
>
> If the browser home page is set to http://www.apple.com or
> http://www.bing.com:
> - Redirection does not work at all with any browsers.
>
> Peeking the packets with Wireshark, I found TCP connections are reset
> several times by CoovaChilli/OpenWrt. And some TCP reset messages sent by
> CoovaChilli/OpenWrt have insanely large SEQ number. As the attached
> Wireshard packet capture, which was generated by "telnet 64.233.183.105 80,"
> shows, 5 RST messages were sent, and 4 of them are with Seq=1246334216.
>
> I believe it's these crazy RST messages that make UAM redirection not work
> stably. I doubt the RST messages were due to Firwall rules CoovaChilli added
> to iptables, but I have not been able to figure out where the firewall rules
> reside.
>
> Can anyone tell how CoovaChilli manipulates iptables before it sends HTTP
> 302 Moved Temporarily for UAM redireciton?
>
> Yuh-Rong Leu
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20110427/09197169/attachment.html>


More information about the Chilli mailing list