Topics

Chromium issue...

Mike B
 

So I run Pat for winlink capability...

...I started having a lot of timeout problems so I was monitoring axlisten...

There I noticed a problem with Chromium.
...Chromium is apparently broadcasting Upnp info over the udr0: port...triggering the radio to transmit...and or interrupting other packet comm and completely screwing up the data transmission.

Is there something in the Draws config that can stop that...or are the IP address ports for udr0 and udr1 enabling it

I know that Pat is not part of Draws...but Chromium comes installed...and whenever Chromium is running it attempts to send packets over udr0:

Anywhere I can look for info?
udr0: fm KF5xxx-10 to QST ctl UI pid=CC(IP) len 195 13:13:34IP: len 195 192.168.255.2->239.255.255.250 ihl 20 ttl 1 DF prot UDPUDP: len 175 58661->1900 Data 167M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900MAN: "ssdp:discover"MX: 1ST: urn:dial-multiscreen-org:service:dial:1USER-AGENT: Chromium/78.0.3904.108 Linux



Mike

 

Basil may have some input, but this is a Raspbian/Chromium issue.  The images are a courtesy, and not a NW Digital Radio product.  However, you could probably use iptables to build a DROP for the interfaces.

On Thu, May 28, 2020 at 2:56 PM Mike B <kf5dey@...> wrote:
So I run Pat for winlink capability...

...I started having a lot of timeout problems so I was monitoring axlisten...

There I noticed a problem with Chromium.
...Chromium is apparently broadcasting Upnp info over the udr0: port...triggering the radio to transmit...and or interrupting other packet comm and completely screwing up the data transmission.

Is there something in the Draws config that can stop that...or are the IP address ports for udr0 and udr1 enabling it

I know that Pat is not part of Draws...but Chromium comes installed...and whenever Chromium is running it attempts to send packets over udr0:

Anywhere I can look for info?
udr0: fm KF5xxx-10 to QST ctl UI pid=CC(IP) len 195 13:13:34IP: len 195 192.168.255.2->239.255.255.250 ihl 20 ttl 1 DF prot UDPUDP: len 175 58661->1900 Data 167M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900MAN: "ssdp:discover"MX: 1ST: urn:dial-multiscreen-org:service:dial:1USER-AGENT: Chromium/78.0.3904.108 Linux



Mike



--
John D. Hays
Kingston, WA
K7VE

 

Basil Gunn
 

So I run Pat for winlink capability...
I don't support PAT. I do support paclink-unix and mutt, claws-mail, rainloop
mail apps

...I started having a lot of timeout problems so I was monitoring axlisten...
Where did you get axlisten? The NWDR image comes with listen.

There I noticed a problem with Chromium. ...Chromium is apparently
broadcasting Upnp info over the udr0: port...triggering the radio to
transmit...and or interrupting other packet comm and completely
screwing up the data transmission.
The NWDR image comes configured with iptables to prevent that. I take it
you are not using the NWDR image? iptables gets setup when you run
./app_config.sh core if you follow the "Getting Started Guide".
https://nw-digital-radio.groups.io/g/udrc/wiki/8921

Is there something in the Draws config that can stop that...or are the
IP address ports for udr0 and udr1 enabling it
Yes I am well aware of the Chromecast problem, as well as
Bonjour/Multicast DNS, Dropbox, Samba broadcasts. All of those apps bind
to all Network interfaces. iptables fixes that.

I know that Pat is not part of Draws...but Chromium comes
installed...and whenever Chromium is running it attempts to send
packets over udr0:

Anywhere I can look for info?


udr0: fm KF5xxx-10 to QST ctl UI pid=CC(IP) len 195 13:13:34IP: len 195
192.168.255.2->239.255.255.250 ihl 20 ttl 1 DF prot UDPUDP: len 175
58661->1900 Data 167M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900MAN:
"ssdp:discover"MX: 1ST: urn:dial-multiscreen-org:service:dial:1USER-AGENT:
Chromium/78.0.3904.108 Linux

Basil Gunn
 

Thanks John.

If you use the NWDR image & follow the "Getting Started" Guide you will
not have this problem. iptables is already installed on the image & gets
configured when you run ./app_config.sh core.

John D Hays - K7VE <@john_hays> writes:

Basil may have some input, but this is a Raspbian/Chromium issue. The
images are a courtesy, and not a NW Digital Radio product. However, you
could probably use iptables to build a DROP for the interfaces.

On Thu, May 28, 2020 at 2:56 PM Mike B <kf5dey@...> wrote:

So I run Pat for winlink capability...

...I started having a lot of timeout problems so I was monitoring
axlisten...

There I noticed a problem with Chromium.
...Chromium is apparently broadcasting Upnp info over the udr0:
port...triggering the radio to transmit...and or interrupting other packet
comm and completely screwing up the data transmission.

Is there something in the Draws config that can stop that...or are the IP
address ports for udr0 and udr1 enabling it

I know that Pat is not part of Draws...but Chromium comes installed...and
whenever Chromium is running it attempts to send packets over udr0:

Anywhere I can look for info?

udr0: fm KF5xxx-10 to QST ctl UI pid=CC(IP) len 195 13:13:34IP: len 195
192.168.255.2->239.255.255.250 ihl 20 ttl 1 DF prot UDPUDP: len 175
58661->1900 Data 167M-SEARCH * HTTP/1.1HOST: 239.255.255.250:1900MAN:
"ssdp:discover"MX: 1ST: urn:dial-multiscreen-org:service:dial:1USER-AGENT:
Chromium/78.0.3904.108 Linux

Mike B
 

Thanks for pointing that out...yes I am running the NW image...but the iptables may have been overwritten...I will have to see.

Mike B
 

I found the directory in /n7nix/iptables/ and ran the flush and install...

It seems to have solved the problem.

So another lesson learned.

Mike

Basil Gunn
 

Mike B <kf5dey@...> writes:

I found the directory in /n7nix/iptables/ and ran the flush and install...
It seems to have solved the problem.
Happy that's working for you.

iptable-check.sh - Lists current iptables rules
iptable-flush.sh - Clear all iptables rules
iptable-up.sh - Add all iptables rules

So another lesson learned.

Mike

Mike B
 

Ok, the iptable-up.sh does reinstall the iptables...

...but when I reboot, they get overwritten again...

Now I have to figure out what is in the startup sequence that can over write the iptables...
...I do know that every time chromium opens it want to do an upgrade..

Basil Gunn
 

If you use an NWDR SD card image and follow the "Getting Started"
instructions then iptables will get installed properly. Along with
iptables, the iptables-persistent package also gets installed.

Running iptable_install.sh script by itself MIGHT work to fix your
problem. Running ./app_config.sh core as is described in the "Getting
Started" WILL definitely work because that is what I test.

One of the things the iptable_install.sh script does is it creates a
/lib/dhcpcd/dhcpcd-hooks/70-ipv4.ax25 file that restores iptables rules
from a boot. That is most likely missing in your current setup but might
not be the only thing missing.

I would recommend starting with a fresh NWDR image & following the
"Getting Started" Guide.

/Basil n7nix


Mike B <kf5dey@...> writes:

Ok, the iptable-up.sh does reinstall the iptables...

...but when I reboot, they get overwritten again...

Now I have to figure out what is in the startup sequence that can over write the iptables...
...I do know that every time chromium opens it want to do an upgrade..

Mike B
 

I would like to point out that I was running an image, did the appropriate updates etc...for a few months... then probably something I did broke the iptables...

...so I can start over (the equivalent of reinstalling windows) but chances are good I will successfully break iptables again.

I am not saying it is your fault...Chromium is the issue...but iptables is the weakness that Chromium is exploiting.

I will work on what you wrote, and see if I can work around this...

Mike

Basil Gunn
 

I would like to point out that I was running an image, did the
appropriate updates etc...for a few months... then probably something
I did broke the iptables...
I know passing emails back & forth is not very satisfying when trying to
fix problems. If I was in front of your RPi I could fix your problem
in short order so it is a little frustrating for both of us.

...so I can start over (the equivalent of reinstalling windows) but
chances are good I will successfully break iptables again.
I would like to know how you do that so I could make the configure
scripts more robust.

I am not saying it is your fault...Chromium is the issue...but
iptables is the weakness that Chromium is exploiting.
iptables is the solution to fixing a Chromium problem that binds to all
network interfaces.

I will work on what you wrote, and see if I can work around this...
Try running the iptable_install.sh script by itself. Then look for
this file:

/lib/dhcpcd/dhcpcd-hooks/70-ipv4.ax25

It needs to have the following line in it that will allow iptables rules
to be loaded at boot time.

iptables-restore < /etc/iptables/rules.ipv4.ax25

Mike B
 

Ok gave up on other fixes..downloaded the fresh Draws version 16, wrote it to a new unused sd card...

...started from new on the 'Getting Started' https://nw-digital-radio.groups.io/g/udrc/wiki/8921

cd
cd n7nix
git pull

sudo su
apt-get update
apt-get dist-upgrade


(BTW at this point you need to 'exit' root in order to do the next two steps)

cd
cd n7nix/config
# Become root   (again)
sudo su
./app_config.sh core

During that ./app_config.sh core   I get the following messages...

== setup iptables
iptables v1.8.2 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
iptables v1.8.2 (nf_tables): Couldn't load match `udp':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): Couldn't load match `udp':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
iptables v1.8.2 (nf_tables): Couldn't load match `udp':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): Couldn't load match `udp':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.

2020 05 30 09:52:45 PDT: iptable_install.sh: iptables install/config script FINISHED


I rebooted as directed and guess what... Chromium still attempts to ride on UDR0:

udr0: fm KF5DEY-10 to QST ctl UI pid=CC(IP) len 195
IP: len 195 192.168.255.2->239.255.255.250 ihl 20 ttl 1 DF prot UDP
UDP: len 175 57908->1900 Data 167


Again, this was a brand new sd card, fresh download of draws version16, ran ./app_config.sh core
as described...

Something is wrong somewhere...

Mike

Basil Gunn
 

Thanks for the console output.

The raspbian distro version of iptables has recently changed and no
longer allows setting iptables rules without the ax.25 interface(s)
being up. That means the place where iptables was previously config'ed
in './app_config.sh core' no longer works. I have made some changes to a
number of scripts and need to do more verification but running the new
iptable-check.sh script should fix your problem.

# First start the ax25 interfaces if you haven't already done that

ax25-start

# Then refresh the n7nix repo on your RPi

cd
cd n7nix
git pull
cd config
./bin_refresh.sh

# Now run the new iptable-check.sh script and verify

iptable-check.sh

I would appreciate seeing all the console output from this script.

If the above doesn't work then delete the following two files:

/etc/iptables/rules.ipv4.ax25
/lib/dhcpcd/dhcpcd-hooks/70-ipv4.ax25

and run iptable-check.sh again.

/Basil


Mike B <kf5dey@...> writes:

Ok gave up on other fixes..downloaded the fresh Draws version 16, wrote it to a new unused sd card...

...started from new on the 'Getting Started' https://nw-digital-radio.groups.io/g/udrc/wiki/8921

cd
cd n7nix
git pull

sudo su
apt-get update
apt-get dist-upgrade

(BTW at this point you need to 'exit' root in order to do the next two steps)

cd
cd n7nix/config
# Become root (again)
sudo su
./app_config.sh core

During that ./app_config.sh core I get the following messages...

*== setup iptables*
*iptables v1.8.2 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain OUTPUT*
*iptables v1.8.2 (nf_tables): Couldn't load match `udp':No such file or directory*

*Try `iptables -h' or 'iptables --help' for more information.*
*iptables v1.8.2 (nf_tables): Couldn't load match `udp':No such file or directory*

*Try `iptables -h' or 'iptables --help' for more information.*
*iptables v1.8.2 (nf_tables): RULE_APPEND failed (No such file or directory): rule in chain OUTPUT*
*iptables v1.8.2 (nf_tables): Couldn't load match `udp':No such file or directory*

*Try `iptables -h' or 'iptables --help' for more information.*
*iptables v1.8.2 (nf_tables): Couldn't load match `udp':No such file or directory*

*Try `iptables -h' or 'iptables --help' for more information.*

*2020 05 30 09:52:45 PDT: iptable_install.sh: iptables install/config script FINISHED*

I rebooted as directed and guess what... Chromium still attempts to ride on UDR0:

*udr0: fm KF5DEY-10 to QST ctl UI pid=CC(IP) len 195*
*IP: len 195 192.168.255.2->239.255.255.250 ihl 20 ttl 1 DF prot UDP*
*UDP: len 175 57908->1900 Data 167*

Again, this was a brand new sd card, fresh download of draws version16, ran./app_config.sh core as described...

Something is wrong somewhere...

Mike B
 

This is on the new image that I listed above...I didn't burn a new one...(in my case ax25 was already running by now)

I did not need delete the lines.

This a completely different output than what I had seen before...even while trying to fix my other install

I did a reboot, and launched Chromium, and no drama...so as far as I can tell...it is completely fixed...now I need to fix my old install....

pi@draws:~/n7nix/config $ iptable-check.sh
set sudo
== List current iptables rules
Chain INPUT (policy ACCEPT 3490 packets, 513926 bytes)
    pkts      bytes target     prot opt in     out     source               destination        

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination        

Chain OUTPUT (policy ACCEPT 2686 packets, 663992 bytes)
    pkts      bytes target     prot opt in     out     source               destination        

Number of ax25 iptables rules found: 0
iptables file: /etc/iptables/rules.ipv4.ax25 exists
iptables file: /lib/dhcpcd/dhcpcd-hooks/70-ipv4.ax25 exists
Stopping firewall and allowing everyone...

== setup iptables
Number of ax25 rules now: 6
pi@draws:~/n7nix/config $

Basil Gunn
 

I did a reboot, and launched Chromium, and no drama...so as far as I
can tell...it is completely fixed...now I need to fix my old
install....
On your old install should be able to refresh your files

cd
cd n7nix
git pull
cd config
./bin_refresh.sh

and run the iptable-check.sh script

iptable-check.sh

Mike B
 

Yup did the same procedure and it worked on my old install.

Mike

Basil Gunn
 

Yup did the same procedure and it worked on my old install.
Great to hear Mike.