[FS#1241] firewall: Enabling logging for the WAN zone causes excessive "MSSFIX" log spam

LEDE Bugs lede-bugs at lists.infradead.org
Fri Dec 22 14:14:10 PST 2017 

A new Flyspray task has been opened.  Details are below. 

User who did this - silentcreek (silentcreek) 

Attached to Project - LEDE Project
Summary - firewall: Enabling logging for the WAN zone causes excessive "MSSFIX" log spam
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - lede-17.01
Due in Version - Undecided
Due Date - Undecided
Details - When I enable logging of rejected/dropped packages on my WAN zone via the UCI option "log", the system log get's spammed with thousands of MSSFIX messages in just a few hours. The messages look like these (IP and MAC addresses redacted):
Fri Dec 22 22:43:55 2017 kern.warn kernel: [37622.753479] MSSFIX(wan): IN=br-lan OUT=eth0 MAC= SRC= DST= LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=37548 DF PROTO=TCP SPT=57454 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
Fri Dec 22 22:44:05 2017 kern.warn kernel: [37632.021289] MSSFIX(wan): IN=br-lan OUT=eth0 MAC= SRC= DST= LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=20338 DF PROTO=TCP SPT=57455 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
Fri Dec 22 22:44:05 2017 kern.warn kernel: [37632.078328] MSSFIX(wan): IN=br-lan OUT=eth0 MAC= SRC= DST= LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=11712 DF PROTO=TCP SPT=57456 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
Fri Dec 22 22:44:11 2017 kern.warn kernel: [37638.223127] MSSFIX(wan): IN=br-lan OUT=eth0 MAC= SRC= DST= LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=28644 DF PROTO=TCP SPT=52576 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0

The documentation suggests that the option log would only log rejected and dropped packages, which is what I'm interested in. I don't need the MSSFIX messages.

My WAN zone has masquerading as well as the option "mtu_fix" enabled (by default). The "mtu_fix" option seems to cause these messages. Apparently, this has been an issue in OpenWrt a long time ago, was then fixed and somehow got reintroduced? See ticket [1]

How can I enabled logging but not log the useless MSSFIX messages?

Thank you!

[1] https://dev.openwrt.org/ticket/10681

P.S.: I'm using LEDE 17.01.4 on a TP-Link Archer C7 V2.

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=1241

More information about the lede-bugs mailing list