Hi Bastian,
On Thu, Oct 10, 2013 at 10:36 , Bastian Bittorf bittorf@bluebottle.com wrote:
we see a strange behaviour using OpenWrt r38277 with kernel 3.10.14 and batman-adv: 2013.3.0
we use a http-splash-page, where the laptop's must click 'ok'. the iptables-rules are working like this, when the button is pressed:
iptables -t mangle -I PREROUTING -d $laptop_ip -j ACCEPT iptables -t mangle -I PREROUTING -m mac --mac-source $laptop_mac -j ACCEPT
we had the effect, that laptop can press the button and the rules are active, but 'internet was not working'.
looking deeper into this, we can see that the second rule (mac) was not used, so the laptop gets the splash-page again and again.
via using:
iptables -t mangle -I PREROUTING -s $laptop_ip -j LOG
we can see, that the mac-adress which the kernel/iptables sees is not the one from the laptop, the log-entry looks like this: (IP 192.168.99.243 = Laptop)
[ 2579.600000] from_192.168.99.243: IN=eth0.1 OUT= MAC=02:00:ca:b1:00:99:02:00:de:ad:00:02:08:00:45:00:00:3c SRC=192.168.99.243 DST=193.99.144.80 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=43918 DF PROTO=TCP SPT=55132 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
the mac seems strange, the real mac is '00:13:e8:82:7e:4b'. but the pattern is interesting:
MAC=02:00:ca:b1:00:99:02:00:de:ad:00:02:08:00:45:00:00:3c
the mac consists of 3 macs somehow: 02:00:ca:b1:00:99 02:00:de:ad:00:02 08:00:45:00:00:3c
To state the obvious: The last MAC address looks pretty much like the eth-type (0800) and the ipv4 (45..) header. Some sort of offset error?
// Martin