Ubuntu

wl: telnet/ssh connections blocked when going through NAT to external sites

Reported by Ben Collins on 2008-08-20
74
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Belmont
Medium
Michael Frey
The Dell Mini Project
Undecided
Unassigned
linux-restricted-modules-2.6.24 (Ubuntu)
High
Tim Gardner
Hardy
High
Tim Gardner
linux-restricted-modules (Ubuntu)
High
Tim Gardner
Hardy
Undecided
Unassigned

Bug Description

So I finally got around to testing the wl driver on some Dell hardware I had. It took me awhile to notice a huge bug, and to actually place the blame on the wl driver, since it was so obscure.

My configuration is a Linksys WRT54G AP, setup to NAT my local network to the internet (T1). I put the bcm4321 card in my laptop.

Applications such as Firefox, Pidgin and Evolution were working fine. SSH connections to machines on my local LAN were also working fine.

However, I then tried to SSH to machines outside the LAN, and the connections froze. Using -vv on ssh, it actually made the connection, but then stopped shortly after authentication.

Trying to debug the issue, I used telnet to connect to the external ports. A SYN packet was sent, but never got an ACK. It wouldn't even connect to port 80 on web servers that Firefox was connecting to with no problems.

So the issue is not one of protocol or port, but one of how ssh and telnet's TCP-IP is setup, and how the NAT is handled. A direct connection to the internet (Not NAT'd) works fine.

I confirmed this with another person who was also using wl, and he was able to reproduce it with a different AP (still NAT) on both of our 2.6.24 and 2.6.26 kernels (hardy and intrepid).

So this isn't a regression either. I would spend more time on this, but I suspect I wouldn't be able to get further than "yeah, it's broken".

Changed in linux-restricted-modules:
assignee: nobody → ben-collins
importance: Undecided → High
milestone: none → ubuntu-8.10
status: New → Triaged

I have the same problem using "wl" on a WPA network. I can only ssh into myself as "localhost" using the default SSH client.

The "putty" package allows me to SSH, and filezilla works with SFTP, but anything that uses "ssh" fails.

Cheers,
Kristopher Ives
Santiance Corporation

Ben Collins (ben-collins) wrote :

Forcing vlan_mode to off on initialization of device. Will probably backport hardy too.

Changed in linux-restricted-modules:
milestone: ubuntu-8.10 → intrepid-alpha-5
status: Triaged → Fix Committed
Changed in linux-restricted-modules-2.6.24:
assignee: nobody → ubuntu-kernel-team
importance: Undecided → High
milestone: none → ubuntu-8.04.2
status: New → Triaged
assignee: ubuntu-kernel-team → stefan-bader-canonical
Pete Graner (pgraner) wrote :

The workaround for this in Intrepid (don't know if it will work for hardy) is to first see if you have the ioctls:

root@moltar:/home/pgraner# iwpriv
lo no private ioctls.

eth0 no private ioctls.

eth1 Available private ioctls :
          set_leddc (8BE0) : set 1 int & get 0
          set_vlanmode (8BE1) : set 1 int & get 0
          set_pm (8BE2) : set 1 int & get 0

then actually set it:

pgraner@moltar:~$ sudo iwpriv eth1 set_vlanmode 0

Note this has to be done as root.

Tim Gardner (timg-tpi) wrote :

SRU Justification

Impact: Broadcom wl does not work over ssh or ssl connections.

Patch Description: Force vlan_mode to off on initialization of device

Patch: This commit http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-intrepid-lrm.git;a=commit;h=6b764be76ffe165b7d815afab07a2c6df6eaa59f was hacked up to apply to Hardy linux-restricted-modules

Test Case: See bug description

Tim Gardner (timg-tpi) wrote :

Uploaded linux-restricted-modules-2.6.24_2.6.24.14-21.50

Changed in linux-restricted-modules-2.6.24:
assignee: stefan-bader-canonical → timg-tpi
status: Triaged → Fix Committed
importance: Undecided → High
milestone: none → ubuntu-8.04.2
status: New → Fix Committed
Download full text (9.2 KiB)

Using Dell XPS m1330. Ubuntu 8.04.1.

Almost exactly the same problem, except for two things:
1) I do not have those private ioctls (wireless is eth1):

root@xps-psynophile:~# iwpriv
lo no private ioctls.

eth0 no private ioctls.

eth1 no private ioctls.

The module doesn't seem to know about vland_mode, either, so I can't apply any fix:

root@xps-psynophile:~# modinfo /lib/modules/2.6.24-19-generic/volatile/wl.ko
filename: /lib/modules/2.6.24-19-generic/volatile/wl.ko
alias: pci:v000014E4d00004315sv*sd*bc02sc80i*
depends: ieee80211_crypt
vermagic: 2.6.24-19-generic SMP mod_unload 586
parm: oneonly:int
parm: piomode:int
parm: nompc:int
parm: name:string

2) My SSH problem exists within my network as well as external sites. None work through the wifi. Verified by hooking up to wired, everyting worked fine through the tg3 mod.

Here's ssh -vvv:
root@xps-psynophile:~# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:22:5f:11:53:19
          inet addr:192.168.2.204 Bcast:192.168.2.255 Mask:255.255.255.0
          inet6 addr: fe80::222:5fff:fe11:5319/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:1405 errors:0 dropped:0 overruns:0 frame:48909
          TX packets:1443 errors:5 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1252309 (1.1 MB) TX bytes:250425 (244.5 KB)
          Interrupt:17 Base address:0xc000

root@xps-psynophile:~# ssh -vvv 192.168.2.6
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.6 [192.168.2.6] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: match: OpenSSH_4.7p1 Debian-8ubuntu1.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,<email address hidden>,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_ke...

Read more...

billy (obriendavid1) wrote :

I have the same problem here - but with same characteristics as Curtis E. Combs Jr. reports ie.
1. Tried above fix, but didn't work. "No private ioctls" for iwpriv command
2. problem also present in internal network.
 In initial install of hardy on dell inspiron 1525 wireless was not detected - but then worked when I updated over ethernet. Card is now using this wl driver. Hope there is a fix out there somewhere ;)

Dan Butler (raffi-jaffe) wrote :

Ditto billy. Mine is an HP dv4 running 64-bit Hardy.
How can I make use of the committed patch?

Setting vlan_mode doesn't work after enabling hardy proposed updates repository and doing the kernel+linux-restricted-modules update, though I do get the ioctls:

root@xps-psynophile:/etc/modprobe.d# uname -r
2.6.24-21-generic
root@xps-psynophile:/etc/modprobe.d# iwpriv
lo no private ioctls.

eth0 no private ioctls.

eth1 Available private ioctls :
          set_leddc (8BE0) : set 1 int & get 0
          set_vlanmode (8BE1) : set 1 int & get 0
          set_pm (8BE2) : set 1 int & get 0

root@xps-psynophile:/etc/modprobe.d# iwpriv eth1 set_vlanmode 0
root@xps-psynophile:/etc/modprobe.d# ssh root@192.168.2.6
root@192.168.2.6's password:

...stuck again...

Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in linux-restricted-modules:
status: New → Invalid
Changed in linux-restricted-modules-2.6.24:
milestone: ubuntu-8.04.2 → none
status: Fix Committed → Invalid

My wifi, drops down on september 12th and i report my bug, today i update my system, and the wifi goes back :-)
But i'm so happy by about a half hour. After that the wifi drops down again, and the network applet dissapear from the panel.
You can see my complete report at: https://bugs.launchpad.net/ubuntu/+bug/269533
Hope this can help.

I changed the status of this fix, because after this works starts, it generate another bug, that affect my system. I repport that on the bug #269533.

Changed in linux-restricted-modules-2.6.24:
status: Fix Committed → In Progress

Hello everybody.

Same here. Dell Inspiron 1525, Over wireless, SSH hangs, GFTP via ssh also, Putty doesn't.

Ioctls doesn't work either.

> edumerco@gont:~$ sudo iwpriv eth1 set_vlanmode 0
> eth1 no private ioctls.

...and after that, SSH keeps hanging just like before.

My case is reported with more detail in http://ubuntuforums.org/showthread.php?t=909599 and another that seems just the same, in http://ubuntuforums.org/showthread.php?p=5836384

I will check that -proposed thing, but it seems a little bit too much for a newbie like me. However, if it helps to find the bug, I'll do it.

Thanks to all of you guys... :-)

--
EM

Tim Gardner (timg-tpi) wrote :

vlan mode is fixed in linux-restricted-modules-2.6.24-21.50, though I'm not convinced the vlan mode setting will persist across suspend/resume cycles.

Changed in linux-restricted-modules-2.6.24:
assignee: nobody → timg-tpi
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-restricted-modules - 2.6.27-5.7

---------------
linux-restricted-modules (2.6.27-5.7) intrepid; urgency=low

  [Tim Gardner]

  * wl - Use internal function wlc_iovar_setint() to set VLAN mode.
    - LP: #259816

 -- Tim Gardner <email address hidden> Sun, 05 Oct 2008 16:53:17 -0600

Changed in linux-restricted-modules:
status: Fix Committed → Fix Released
Tim Gardner (timg-tpi) wrote :
Changed in linux-restricted-modules:
assignee: ben-collins → timg-tpi
milestone: intrepid-alpha-5 → ubuntu-8.10
status: Fix Released → Fix Committed
Changed in dell:
status: New → Fix Committed
Martin Pitt (pitti) wrote :

Accepted into hardy-proposed:

 linux-restricted-modules-2.6.24 (2.6.24.14-21.51) hardy-proposed; urgency=low
 .
   * Reimplmented the VLAN mode setting patch. It was occasionally
     causing kernel lock violations.
     LP: #259816

Martin Pitt (pitti) wrote :

linux-restricted-modules-2.6.24 -21 copied to hardy-updates.

Changed in linux-restricted-modules-2.6.24:
status: Fix Committed → Fix Released
Changed in dell:
status: Fix Committed → Fix Released
Changed in linux-restricted-modules:
status: Fix Committed → Fix Released
Changed in belmont:
assignee: nobody → mfrey
importance: Undecided → Medium
milestone: none → maint
status: New → Confirmed
Andrew Lee (andrew-leesquared) wrote :

Even though the fix has been accepted into hardy-updates, it still affects my Dell Inspiron Mini 9.

It looks like the dell-mini repository is still at 2.6.24.13-19.45netbook2; when will this reach the dell-mini version of the hardy-updates repository?

Same here...
I have since upgraded to Intrepid. After a long night, I got it to work by getting the driver and compiling it myself on hardy, but I don't remember the homepage or build instructions. I get compile errors with Intrepid...

Changed in dell-mini:
status: New → Confirmed
Nicola Ferralis (feranick) wrote :

Any news about this (on the Dell-mini)? This is a very serious bug that is preventing many users to connect via SSH with the dell-mini. GIven a patch is available, this should be pushed ASAP.

Thomas Lunde (tlunde) wrote :

I just bumped across this bug again with a dell mini. It affected all ssh connections, even those on my local wlan. This machine has had all the updates applied that are available from deb http://dell-mini.archive.canonical.com/ubuntu/ hardy-updates

Adding this to the end of /etc/network/if-pre-up.d/wireless-tools does workaround the issue for me after a reboot:

#fix for ssh to remote hosts hanging -- tlunde
#http://ubuntuforums.org/archive/index.php/t-948560.html
/sbin/iwpriv eth1 set_vlanmode 0

I don't know how "sticky" the solution is (re: Tim's comment of 2008-09-25)

Should we consider the dell-mini hardy-updates abandoned and change /etc/apt/sources.list ?

Andrew Lee (andrew-leesquared) wrote :

Thomas Lunde wrote:
> Should we consider the dell-mini hardy-updates abandoned and change /etc/apt/sources.list ?

One of the reasons I bought my Dell Mini was the promise of long term support on Ubuntu 8.04, in practice though that hasn't followed through to the dell-mini derivative of 8.04. There are many packages in the core hardy-updates that have yet to make it to the dell-mini repositories.

In my case, this bug and one or two others were show stoppers for me and forced me to update my Dell Mini to Intrepid and also move away from the LPIA packages to the i386 ones.

DiegoWoitasen (diego-woitasen) wrote :

I have this bug in Dell Mini 12 with Ubuntu Hardy. I bought the machine with Ubuntu Pre-installated. The "set_vlanmode 0" workaround works partially. I can connect with ssh but tcp connections hang sometimes: ssh, http (mozilla or wget), etc.

For example, if I am downloading something with wget the bandwith is good but the download stops a few seconds and continue without doing anything. Using ssh the interactivity stops for a few seconds too.

I don't have this problem with ethernet.

I've installed the latest version of wl driver and the bug is still there.

John Moseby (moseby) wrote :

I also have the problem with the Dell Mini 9 (3 days old). I'd like to cast my vote that this issue is of high importance. It is impossible to administer the other machines in the network without ssh. I could use wired ethernet, but that kind of defeats the purpose of a netbook in my opinion.

Jamie Strandboge (jdstrand) wrote :

I just got my shiny new Dell Mini 9 yesterday, with all updates already applied and hit this bug.

DiegoWoitasen (diego-woitasen) wrote :

I've applied the updates, but no sucess. I installed (compiled) the latest wl driver from broadcom too.

My sources.list:

deb http://dell-mini.archive.canonical.com/ubuntu/ hardy main universe multivers
e restricted
deb-src http://dell-mini.archive.canonical.com/ubuntu/ hardy main universe multi
verse restricted

deb http://dell-mini.archive.canonical.com/ubuntu/ hardy-updates main universe m
ultiverse restricted
deb-src http://dell-mini.archive.canonical.com/ubuntu/ hardy-updates main univer
se multiverse restricted

deb http://dell-mini.archive.canonical.com/ubuntu/ hardy-security main universe
multiverse restricted
deb-src http://dell-mini.archive.canonical.com/ubuntu/ hardy-security main unive
rse multiverse restricted

deb http://dell-mini.archive.canonical.com/ubuntu/ hardy-netbook-base main unive
rse multiverse restricted
deb-src http://dell-mini.archive.canonical.com/ubuntu/ hardy-netbook-base main u
niverse multiverse restricted

deb http://dell-mini.archive.canonical.com/ubuntu/ hardy-dell-mini main universe
 multiverse restricted
deb-src http://dell-mini.archive.canonical.com/ubuntu/ hardy-dell-mini main univ
erse multiverse restricted

Dustin Kirkland  (kirkland) wrote :

Is there any ETA on getting this fix available in the Dell Archives?

:-Dustin

Another mini 9 user here who is contemplating upgrading to jaunty or intrepid and leaving the dell version behind because of this bu and a few others.

Nicola Ferralis (feranick) wrote :

Fix released on updated kernel 2.6.24-22-lpia on the custom hardy for the dell mini.

Changed in dell-mini:
status: Confirmed → Fix Released
Changed in belmont:
status: Confirmed → Fix Released
Changed in somerville:
status: New → Fix Released
no longer affects: dell
Timothy R. Chavez (timrchavez) wrote :

The bug task for the somerville project has been removed by an automated script. This bug has been cloned on that project and is available here: https://bugs.launchpad.net/bugs/1305597

no longer affects: somerville
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers