OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Kernel
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version openwrt-19.07
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by sgolod - 23.06.2020

FS#3200 - Software flowoffload doesn't work with marked packets

Software offload doesn’t work when custom routing table used:
How to examine:

# create ipset
ipset create IPNET hash:net
ipset add IPNET 139.59.209.225/32
# check ipset
ipset list IPNET
...
Number of entries: 1
Members:
139.59.209.225

# mark packets with dst to IPNET
iptables -t mangle -A PREROUTING -i br-lan -m set –match-set IPNET dst -j MARK –set-mark 0×1111 iptables -t mangle -A OUTPUT -m set –match-set IPNET dst -j MARK –set-mark 0×1111

# add custom routing table for marked packets
ip ru add fwmark 0×1111 lookup 8888 prio 10000

# add route for custom table 8888
ip route add default via 192.168.30.1 table 8888

# enable flow offload in /etc/config/firewall
config defaults

....
option flow_offloading '1'

/etc/init.d/firewall reload

check iptables:
Chain FORWARD (policy DROP 0 packets, 0 bytes)

  pkts      bytes target     prot opt in     out     source               destination         
    24     1947 forwarding_rule  all  --  any    any     anywhere             anywhere             /* !fw3: Custom forwarding rule chain */
    22     1819 FLOWOFFLOAD  all  --  any    any     anywhere             anywhere             /* !fw3: Traffic offloading */ ctstate RELATED,ESTABLISHED FLOWOFFLOAD
    22     1819 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
     2      128 zone_lan_forward  all  --  br-lan any     anywhere             anywhere             /* !fw3 */
     0        0 zone_wan_forward  all  --  pppoe-wan any     anywhere             anywhere             /* !fw3 */
     0        0 zone_wan_forward  all  --  l2tpv3-hetzner any     anywhere             anywhere             /* !fw3 */
     0        0 zone_wan_forward  all  --  wg0    any     anywhere             anywhere             /* !fw3 */
     0        0 reject     all  --  any    any     anywhere             anywhere             /* !fw3 */


But packets with RELATED,ESTABLISHED don’t use custom routing (it seems what flowoffload don’t remember custom routing and try to send packets on table main). When I add manually custom route to main table - flow offload work again

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing