BPI-R2 Kernel 4.14 HNAT

frank-w · January 3, 2018, 10:09am

thank you Gary, in the block-diagram the PSE is always between system-bus (i assume to CPU) and the GMACs how do you conclude, that hnat does not affect QOS and port-forwarding?

in https://github.com/frank-w/BPI-R2-4.14/blob/hnat/0026-net-mediatek-backport-v4.10-driver.patch i’ve read, that the driver is backported from 4.10, but i had not found that original patch yet…maybe there it is adapted to the per-net-functions, so i can look if i have done make it right

have you a block-diagram of WAN/LAN to GMAC1/2? for LAN/WAN-Separation…

noralee · January 3, 2018, 11:10am

Dear Gary,

We are not allowed to open MT7623N datasheet’s content which shows “Foxconn confidential” that will against Foxconn NDA with MTK.

Pls only provide open source MT7623N datasheet which shows “Banana Pi”, Tks for your kind cooperation!

Nora Lee Banana Pi PM

garywang · January 3, 2018, 11:33am

Thanks for your reminder, Nora.

BR Gary

frank-w · January 18, 2018, 8:02am

How can we test if its working? is it enough loading the module and set up a nat via ip-tables or there are additional steps needed? How to define type of hnat if possible?

garywang · January 18, 2018, 10:49am

Hi Frank

We just need to load the hnat driver, other things will be done by driver, we can check the interrupt count of ethernet to see if ethernet packet is passed to CPU.

frank-w · January 18, 2018, 11:13am

How to check cpu-pass of packets?

garywang · January 18, 2018, 2:00pm

cat /proc/interrupt If you see the interrupt count of ethernet increases quickly when testing the throughput, that means the hardware NAT doesn’t work.

frank-w · January 19, 2018, 10:12am

user pkalemba tries to test it, but it seems not working in 4.14. are there any requirements (maybe 2nd gmac)?

the following steps must be imho done (first without hnat then enable hnat):

make sure all interfaces used have ip-adresses (lan/wan different subnets)
setting up NAT: ${ipt} -t nat -A POSTROUTING -o ${if_wan} -j MASQUERADE
set up port-forwarding to your client-machine: ${ipt} -t nat -A PREROUTING -p udp --dport $inport -j DNAT --to-destination $dip:$dport
enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward
test connection between lan-wan
loading hnat-kernelmodule via “modprobe mtkhnat”
“watch cat /proc/interrupts” and generating traffic like with iperf

is that right?

i currently on the way setup NAT (without HNAT) on wan-interface…added rules on my other router and the pi, my raspberry is accessable from a client (which goes first over my other router). i now try to find a way how to test if NAT really works (i’t not a simple forwarding).

iptables itself says it’s right:

root@bpi-r2:~# iptables -L -v -t nat
...
Chain POSTROUTING (policy ACCEPT 233 packets, 14339 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   20  1368 MASQUERADE  all  --  any    wan     anywhere             anywhere

but tcpdump looks like normal routing:

root@bpi-r2:~# tcpdump -i wan

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wan, link-type EN10MB (Ethernet), capture size 262144 bytes
14:04:26.285393 IP 192.168.50.1 > 192.168.50.2: ICMP echo request, id 2160, seq 1, length 64
14:04:26.286030 IP 192.168.50.2 > 192.168.50.1: ICMP echo reply, id 2160, seq 1, length 64
14:04:27.287170 IP 192.168.50.1 > 192.168.50.2: ICMP echo request, id 2160, seq 2, length 64
14:04:27.287793 IP 192.168.50.2 > 192.168.50.1: ICMP echo reply, id 2160, seq 2, length 64
14:04:28.288186 IP 192.168.50.1 > 192.168.50.2: ICMP echo request, id 2160, seq 3, length 64
14:04:28.288817 IP 192.168.50.2 > 192.168.50.1: ICMP echo reply, id 2160, seq 3, length 64
14:04:31.327195 ARP, Request who-has 192.168.50.1 tell 192.168.50.2, length 46
14:04:31.327220 ARP, Reply 192.168.50.1 is-at 72:56:c3:44:17:77 (oui Unknown), length 28
14:04:31.343694 ARP, Request who-has 192.168.50.2 tell 192.168.50.1, length 28
14:04:31.344246 ARP, Reply 192.168.50.2 is-at b8:27:eb:5f:b8:a2 (oui Unknown), length 46

wan on r2 has the 192.168.50.1, my raspberrypi directly connected to wan has .2, NAT is activated like above:

/sbin/iptables -t nat -A POSTROUTING -o wan -j MASQUERADE

xbgmsharp · January 19, 2018, 1:40pm

Where can i find the module hnat-kernel module in the kernel config? I am trying with 4.14.14.

frank-w · January 19, 2018, 1:41pm

it’s currently only in the hnat-branch (not main) till it is tested and working…

i see that a build warning came up and compiled again with CONFIG_DEBUG_SECTION_MISMATCH=y

WARNING: drivers/net/ethernet/mediatek/mtk_hnat/mtkhnat.o(.text+0x658): Section mismatch in reference from the function hnat_probe() to the function .init.text:hnat_init_debugfs()
The function hnat_probe() references
the function __init hnat_init_debugfs().
This is often because hnat_probe lacks a __init 
annotation or the annotation of hnat_init_debugfs is wrong.

currently i can’t see no error (except hnat_probe has no header-entry and no __init…but should it have it??):

drivers/net/ethernet/mediatek/mtk_hnat/hnat.c:236:static int hnat_probe(struct platform_device *pdev)

drivers/net/ethernet/mediatek/mtk_hnat/hnat.h:422:extern int __init hnat_init_debugfs(struct hnat_priv *h); drivers/net/ethernet/mediatek/mtk_hnat/hnat_debugfs.c:426:int __init hnat_init_debugfs(struct hnat_priv *h)

frank-w · January 28, 2018, 10:11am

anyone is testing it?

with kernel from main-branch i can setup NAT this way:

[rpi] eth0: 192.168.50.2 (vlan60 196.268.60.2)
|
[bpi-r2]: 192.168.50.1 (vlan60 196.268.60.1)
iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
ip route add default via 192.168.50.2
|
you router must be configured to route packets to 50.2 to 0.10 (lan-IP of BPI-R2 in your net), currently seems not working
route add -net 192.168.50.0 netmask 255.255.255.0 gw 192.168.0.10
|
client
route add -net 192.168.50.0 netmask 255.255.255.0 gw 192.168.0.10

now if you ping 192.168.50.2, you should get a response, if you look at the rpi (or client holding the IP behind the NAT) with TCP-Dump you should only see the IP 50.1 not that one from the client (0.x)

that works from my client only if i set the route there to subnet 50.x, not over the existing router

pkalemba · January 28, 2018, 1:26pm

i cannot get working hnat,even i cannot get connection to my router on wan interface. Looks like wan is not responding with packets…

frank-w · January 28, 2018, 2:01pm

Have you configured it with main-kernel first (working?) then with hnat-kernel without hnat-module loaded (still working)?

I need to know when the problem comes up…maybe it’s a problem, where lede (from which the patch comes from) uses 2nd gmac for wan…

maybe this is related: https://github.com/frank-w/BPI-R2-4.14/blob/24452db480fa6683472d44bdc83ccb28def772da/drivers/net/ethernet/mediatek/mtk_eth_soc.c#L702

it’s not clear what is done here, because fport is overridden after the if…but also on original-patch: https://github.com/frank-w/BPI-R2-4.14/blob/4.9/patches_from_lede/0056-net-mediatek-add-hw-nat-support.patch

@pkalemba please try using the mtk_eth.c from main-branch and compile with this…hnat will not be work, but wan should work and we know thats a problem with this file

pkalemba · January 28, 2018, 8:33pm

so with main kernel its working by default,when i load hnat kernel it’s not even if i dont load hnat module( loading it not helps) @frank-w i will try tomorrow

frank-w · January 29, 2018, 5:52pm

With mtk_eth.c from main it works,so it seems that there is something missing.

@garywang have you an idea?

Maybe we must first get gmac #2 working. Does anybody know how this can be done?

Ryder.Lee · February 7, 2018, 11:54am

The HNAT related patches are under review (mainline kernel), so please wait.

frank-w · April 18, 2018, 7:40am

Anything new? I still see no patches for hnat/2nd gmac. Lede-patches for 4.14 are not working (still no response on my bug-reports [github-commit,lede bugtracker,johncrispin,sean wang])

moore · April 18, 2018, 10:27am

1.HNAT framework patch is not accepted so far.
2.In my opinion, 2nd GMAC is not important because 1st GMAC is TRGMII and can reach up to 2Gbps. In other words. The ideal LAN<->WAN NAT bi-direction throughput can up to 2Gbps.

Image%2041

frank-w · May 22, 2018, 6:53pm

Anything new for hnat?

frank-w · June 30, 2018, 1:48pm

after we got gmac#2 working i returned to hnat-branch

the only issue i currently have so far is:

WARNING: drivers/net/ethernet/mediatek/mtk_hnat/mtkhnat.o(.text+0x620): Section mismatch in reference from the function hnat_probe() to the function .init.text:hnat_init_debugfs()
The function hnat_probe() references
the function __init hnat_init_debugfs().
This is often because hnat_probe lacks a __init 
annotation or the annotation of hnat_init_debugfs is wrong.

drivers/net/ethernet/mediatek/mtk_hnat/hnat.c:236:static int hnat_probe(struct platform_device *pdev)

drivers/net/ethernet/mediatek/mtk_hnat/hnat.h:422:extern int __init hnat_init_debugfs(struct hnat_priv *h); drivers/net/ethernet/mediatek/mtk_hnat/hnat_debugfs.c:426:int __init hnat_init_debugfs(struct hnat_priv *h)

tried removing __init from both hnat_init_debugfs and adding it to hnat_probe, but this results in this:

WARNING: drivers/net/ethernet/mediatek/mtk_hnat/mtkhnat.o(.data+0x0): Section mismatch in reference from the variable hnat_driver to the function .init.text:hnat_probe()
The variable hnat_driver references
the function __init hnat_probe()
If the reference is valid then annotate the
variable with __init* or __refdata (see linux/init.h) or name the variable:
*_template, *_timer, *_sht, *_ops, *_probe, *_probe_one, *_console

with * it brings many compile-errors…any idea?

currently i dropped the __init, hoping it works

btw. @moore your picture seems wrong…we get gmacs only running after both are same mode (rgmii or trgmii). actual both running with trgmii. if we set them different, cpu_port0 have damaged traffic outgoing