[Chilli] Crazy TCP resets when CoovaChilli is enabled (UAM redirection problem)

David Bird david at coova.com
Wed Apr 27 19:31:04 UTC 2011


Thanks for the message. I will review it in more detail as soon as possible, sometime next week.

Best regards,
David

Yuh-Rong Leu <yuhrong.leu at gmail.com> wrote:

>I found the root cause of the crazy TCP reset messages.
>
>In dhcp.c, the dhcp_data_req() function calls dhcp_undoDNAT with the
>do_reset parameter set to 1 when authstate == DHCP_AUTH_DNAT (at around
>line# 4074). Therefore, crazy TCP reset messages will be sent inside
>dhcp_undoDNAT.
>
>After the code is changed to use 0 for the do_reset  parameter when calling
>dhcp_undoDNAT, the problem goes away, and Web redirection works well with
>any triggering any URL on any browser.
>
>Yuh-Rong Leu
>
>
>
>2011/4/26 Yuh-Rong Leu <yuhrong.leu at gmail.com>
>
>> Web redirection doesn't work stably with my CoovaChilli/OpenWrt box. Here
>> are the test results:
>>
>> If the browser home page is set to http://www.google.com:
>> - IE9 is seldom redirected to the welcome/login page
>> - Chrome 10 is redirected to the welcome/login page most of the time.
>> - Firefox 4 is is redirected to the welcome/login page most of the time.
>>
>> If the browser home page is set to http://www.microsoft.com:
>> - Redirection works quite fine with all kinds of browsers.
>>
>> If the browser home page is set to http://www.apple.com or
>> http://www.bing.com:
>> - Redirection does not work at all with any browsers.
>>
>> Peeking the packets with Wireshark, I found TCP connections are reset
>> several times by CoovaChilli/OpenWrt. And some TCP reset messages sent by
>> CoovaChilli/OpenWrt have insanely large SEQ number. As the attached
>> Wireshard packet capture, which was generated by "telnet 64.233.183.105 80,"
>> shows, 5 RST messages were sent, and 4 of them are with Seq=1246334216.
>>
>> I believe it's these crazy RST messages that make UAM redirection not work
>> stably. I doubt the RST messages were due to Firwall rules CoovaChilli added
>> to iptables, but I have not been able to figure out where the firewall rules
>> reside.
>>
>> Can anyone tell how CoovaChilli manipulates iptables before it sends HTTP
>> 302 Moved Temporarily for UAM redireciton?
>>
>> Yuh-Rong Leu
>>
>
>_______________________________________________
>Chilli mailing list
>Chilli at coova.org
>http://lists.coova.org/cgi-bin/mailman/listinfo/chilli


More information about the Chilli mailing list