WL18xx: L4.4 IPTABLES NAT issue

Moving this to the WiLink forum.

Hi Eyal,

checked the .config and the CONFIG

CONFIG_NETFILTER=y
CONFIG_NETFILTER_ADVANCED=y

are there.

To be sure I also ran verify_kernel_config.sh on the .config (this was after a git pull on the build-utilities to make sure it is the latest)

~/wl18xx/git/build-utilites/verify_kernel_config.sh .config

Validating kernel .config (base_config[@])

Missing - CONFIG_SECURITY=y
Do you want to add it [y/n] ? n
CONFIG_SECURITY=y was not added.
Missing - CONFIG_WIRELESS_EXT=y
Do you want to add it [y/n] ? n
CONFIG_WIRELESS_EXT=y was not added.
Missing - CONFIG_CRYPTO_ARC4=y
Do you want to add it [y/n] ? n
CONFIG_CRYPTO_ARC4=y was not added.
Missing - CONFIG_CRYPTO_ECB=y
Do you want to add it [y/n] ? n
CONFIG_CRYPTO_ECB=y was not added.
Missing - CONFIG_CRYPTO_MICHAEL_MIC=y
Do you want to add it [y/n] ? n
CONFIG_CRYPTO_MICHAEL_MIC=y was not added.
Missing - CONFIG_CRYPTO_CCM=y
Do you want to add it [y/n] ? n
CONFIG_CRYPTO_CCM=y was not added.
Missing - CONFIG_CRYPTO_GCM=y
Do you want to add it [y/n] ? n
CONFIG_CRYPTO_GCM=y was not added.
Missing - CONFIG_CRC7=y
Do you want to add it [y/n] ? n
CONFIG_CRC7=y was not added.
Missing - CONFIG_INPUT_UINPUT=y
Do you want to add it [y/n] ? n
CONFIG_INPUT_UINPUT=y was not added.

It doesn't look like any of the netfilter configs are missing. Could you check what else could be missing?

I am attaching the .config (this should be the one from a stock OOB PSDK3.01.00.06)

config.tar.gz

Regards,

--Gunter

Hi Eyal,

I found it I think, the missing config is CONFIG_IP_NF_NAT=m

This causes some other dependent configs to be enabled. Here is a diff of the .config to the original
--- .config.orig 2016-12-12 08:56:23.249544751 -0800
+++ .config 2016-12-12 10:00:13.036420132 -0800
@@ -817,7 +817,7 @@ CONFIG_NF_NAT_PROTO_SCTP=m
# CONFIG_NF_NAT_IRC is not set
# CONFIG_NF_NAT_SIP is not set
# CONFIG_NF_NAT_TFTP is not set
-# CONFIG_NF_NAT_REDIRECT is not set
+CONFIG_NF_NAT_REDIRECT=m
# CONFIG_NF_TABLES is not set
CONFIG_NETFILTER_XTABLES=m

@@ -837,12 +837,12 @@ CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
# CONFIG_NETFILTER_XT_TARGET_LED is not set
# CONFIG_NETFILTER_XT_TARGET_LOG is not set
CONFIG_NETFILTER_XT_TARGET_MARK=m
-# CONFIG_NETFILTER_XT_NAT is not set
-# CONFIG_NETFILTER_XT_TARGET_NETMAP is not set
+CONFIG_NETFILTER_XT_NAT=m
+CONFIG_NETFILTER_XT_TARGET_NETMAP=m
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
-# CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set

@@ -907,7 +907,7 @@ CONFIG_NF_CONNTRACK_PROC_COMPAT=y
# CONFIG_NF_LOG_IPV4 is not set
# CONFIG_NF_REJECT_IPV4 is not set
CONFIG_NF_NAT_IPV4=m
-# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set
+CONFIG_NF_NAT_MASQUERADE_IPV4=m
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
CONFIG_IP_NF_IPTABLES=m
@@ -917,7 +917,10 @@ CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_FILTER=m
# CONFIG_IP_NF_TARGET_REJECT is not set
# CONFIG_IP_NF_TARGET_SYNPROXY is not set
-# CONFIG_IP_NF_NAT is not set
+CONFIG_IP_NF_NAT=m
+CONFIG_IP_NF_TARGET_MASQUERADE=m
+CONFIG_IP_NF_TARGET_NETMAP=m
+CONFIG_IP_NF_TARGET_REDIRECT=m
# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_ARPTABLES=m


NAT works now
root@am437x-evm:/usr/share/wl18xx# ./ap_start.sh
adding wlan1 interface
Configuration file: /usr/share/wl18xx/hostapd.conf
[ 52.914365] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: interface state UNINITIALIZED->COUNTRY_UPDATE
[ 53.143109] cfg80211: Regulatory domain changed to country: US
[ 53.149071] cfg80211: DFS Master region: FCC
[ 53.155062] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
[ 53.164993] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (N/A, 3000 mBm), (N/A)
[ 53.177195] cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 1700 mBm), (N/A)
[ 53.188452] cfg80211: (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2300 mBm), (0 s)
[ 53.199803] cfg80211: (5735000 KHz - 5835000 KHz @ 80000 KHz), (N/A, 3000 mBm), (N/A)
[ 53.209551] cfg80211: (57240000 KHz - 63720000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A)
Using interface wlan1 with hwaddr 5c:31:3e:e1:da:1b and ssid "SitaraAP"
[ 53.233130] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
wlan1: interface state COUNTRY_UPDATE->ENABLED
wlan1: AP-ENABLED

[ 53.873219] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 53.918275] nf_conntrack version 0.5.0 (16074 buckets, 64296 max)


With this I can do a ping to 8.8.8.8 from the station, which uses NAT in the AP I think to get out to the internet..


Regards,
--Gunter

Hi Eyal,

could you test the CONFIG_IP)NF_NAT change and then push the updated kernel configuration (maybe in an updated config fragment) back to the Linux PSDK team, so they can update their OOB as well?

Thanks!

--Gunter

Hi Gunter,

Glad it works for you!

Actually checking the ti-linux-kernel (branch ti-linux-4.4.y) and using the ti_config_fragments/defconfig_builder.sh for generating the default defconfig for the am335x board I do see this switch there already.

How did you create your .config?

BR,
Eyal

Hi Eyal,

I was using the PSDK3.01.00.06 and the OOB defconfig.

As far as I understand, this defconfig is a result of a basic defconfig and then merged with additional fragments.

So the PSDK team needs to make sure what they merge has this CONFIG_

Regards,

--Gunter