Ssh client issue / general outbound traffic issue?

dextex321 · 28 October 2017 17:50

Tom_Doyle:

Hi,

This may help:
expresshosting.net
SSH Hangs After Authentication on Raspberry Pi 3 -

SSH Hanging when Connecting to Raspberry Pi 3 We recently encountered a rather odd problem with a new device we were testing. We had a Raspberry Pi 3 in the office and were doing some testing with the device. The Raspberry Pi 3 was completely up to…

Thanks Tom.

EXCELLENT shot Tom. Thanks!

Now, the question is how to force all programs to not mark the ToS byte?

Tom_Doyle · 28 October 2017 18:55

Hi,

So is ssh working as it should now?

Thanks Tom.

dillthedog · 28 October 2017 20:26

Kudos to Tom for this find!

I just did a bit of digging into this and it seems like it’s not an issue with SSH but with the Pi 3 Broadcom BCM43438 WiFi/BT chip firmware/driver. So only WiFi on the Pi 3 is affected - and then perhaps only on some routers.

https://www.raspberrypi.org/forums/viewtopic.php?f=28&t=138631&start=100

dextex321 · 29 October 2017 07:06

Yes, it is.

dextex321 · 29 October 2017 07:31

There is a workaround for SSH and that is fine but what about the others programs e.g. telnet? I tried to manually set ToS=0 using netfilter mangle table but it didn’t help.

Does OSCM plan to upgrade the firmware for that Broadcom adapter?

JimKnopf · 29 October 2017 08:02

@dextex321: Well, I think not the firmware of the Broadcom chip is the problem but instead your WLAN-router has a problem to understand the type of service field.

Tom_Doyle · 29 October 2017 08:35

Hi,

Other than telnet, which other programs are you having issues with?

Thanks Tom.

dextex321 · 29 October 2017 08:45

I think it is not my router, it is Raspberry PI3 WLAN firmware/driver. I have just did another test over wired connection on the same PI and the same router and everything works fine there:

root@osmc:/home/osmc# telnet google.com 80
Trying 216.58.209.78…
Connected to google.com.
Escape character is ‘^]’.
^]

When I switch to WLAN problem appears. Why?

Yes indeed, I am using more sophisticated router than 90% of OSMC users but believe me - it is aware of ToS byte and it can route such packets without any problem. Mikrotik knows very well how to deal with ToS packets

dextex321 · 29 October 2017 09:02

By adding IPQoS 0x00 to the /etc/ssh/ssh_config I made SSH to work.
By setting ToS=0 via mangle table (/sbin/iptables -t mangle -I POSTROUTING 1 -o wlan0 -j TOS --set-tos 0x00) I made NTP to synchronize.
Telnet is still not working. Solution 2) did not help.
I expect that there could be other programs as well.

On the wired network everything works out-of-the-box.

dillthedog · 29 October 2017 09:40

If, as seems to be the case, it’s an issue with the Broadcom BCM43438 WiFi/BT chip firmware/driver, then I very much doubt if OSMC can do much about it. You already saw that Raspbian has the same issue, since it’ll be using the same firmware/driver code as OSMC, as will any other system running the built-in WiFi on a Pi 3.

AFAICT, the driver/firmware is supplied as a binary blob and, although the Raspberry Pi Foundation might have access to the source code, it’ll be covered by a non-disclosure agreement. The thread I linked to was discussing the issue back in April 2016, so it looks like nobody is hurrying to fix it.

I wouldn’t be so sure it’s not an issue with the Mikrotik router. While their RouterOS firmware is very configurable and “geek friendly”, it’ll still have bugs and weak spots. Since we don’t know exactly what the issue is with the Broadcom driver/firmware, it might be a bug or some combination of circumstances that don’t play well with RouterOS.

Realistically, you’re going to have to work around this one. Either:

don’t use telnet - which seems sensible; or
use a cable; or
use an external WiFi adapter.

fzinken · 29 October 2017 10:45

Not getting a clear picture from the bug report https://github.com/raspberrypi/linux/issues/1519

Not sure if @popcornmix knows more and can comment on it

dextex321 · 29 October 2017 11:19

I just thought that OSMC as one of the biggest players on the market place can push Raspberry team to solve to issue.

dextex321 · 7 November 2017 10:56

No?

sam_nazarko · 7 November 2017 17:35

Unfortunately there is no newer firmware available for the Raspberry Pi’s integrated WiFi solution at this time.

We will continue to monitor this problem however and make any solutions available promptly when they are available.

dextex321 · 8 November 2017 14:53

What if we use the drivers delivered by Broadcom instead of the open-source?

https://wiki.debian.org/wl

sam_nazarko · 8 November 2017 15:03

We are already using closed source firmware for the WiFi / BT module.

dextex321 · 15 November 2017 14:57

Hmmm… I thought that brcmfmac is open-source. Isn’t it?

ethtool -i wlan0
driver: brcmfmac
version: 7.45.41.46
firmware-version: 01-f8a78378
bus-info: mmc1:0001:1
supports-statistics: no
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no

dillthedog · 15 November 2017 16:06

Correct. brcmfmac - Debian Wiki. You’ll notice that it states: "Non-free firmware is required. "

As Sam says:

So the driver is open source, but the firmware isn’t.

dextex321 · 15 November 2017 19:22

OK. Clear.

I have just test it on the Volumio (volumio.org) and that problem does not exist there. Strange.

Is is possible to use Broadcom driver?

dillthedog · 15 November 2017 20:08

Why not give it a go?

If it doesn’t work, you can insert the SD card into your laptop and copy back the original firmware.