We’re unable to send data over our WP based device’s eth0 interface and are currently stuck trying to find the problem. The interface physically is working fine (we can ping it over a LAN) but can’t send WAN data over udp or tcp sockets. We also can’t ping anywhere from the device, which suggests a firewall issue but the iptables rules are the same for the eth0 as they are for rmnet_data0 (and WAN access works fine in cellular applications - in some settings the hardware has a live SIM in others we need to send and receive via a separate router).

Any suggestions would be appreciated as would any links to example Legato code that uses eth0.

These are our iptables rules:

Generated by iptables-save v1.4.21

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

Exceptions from default INPUT policy DROP:

Allow all traffic from loopback interface

-A INPUT -i lo -j ACCEPT

Allow traffic on already established connections

-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

Allow DNS replies

-A INPUT -p udp -m udp --sport 53 -j ACCEPT

Allow PING replies

-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT

xattr set ‘security.SMACK64’ ‘app.myapp’ /usr/bin/ssh

Allow SSH, PING and DHCP over ECM interface, however it was named

-A INPUT -i @ECM_IF@ -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i @ECM_IF@ -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i @ECM_IF@ -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i @ECM_IF@ -p udp --dport 67:68 --sport 67:68 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i eth0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
-A INPUT -i rmnet_data0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i rmnet_data0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i rmnet_data0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i rmnet_data0 -p udp --dport 67:68 --sport 67:68

Allow SSH, PING and DHCP over bridge0 interface

-A INPUT -i bridge0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i bridge0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i bridge0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT

can the WP module ping outside in the linux console?

Here is an example script for sharing the cellular data to ethernet client:

No it can’t ping external IP addresses from the console.

The requirement we have is to use ethernet instead of a cell network (our telematics hardware uses primarily cellular for its data needs but not exclusively - sometimes there’s already a router in the environment in which case we need to use it and send via ethernet).

On further testing it seems to be a side effect of disabling SMACK, which we need to do to be able to connect remotely over a reverse SSH tunnel. Not sure why that would have any effect on Ethernet connectivity?

do you mean it is ok to run cfg_ethernet.sh on normal FW, but once disable SMACK, there is problem on running the script to let ethernet client ping external IP address?

Sorry for the delayed response, I’m just able to get back to this now.

cfg_ethernet doesn’t seem to be present on our system (a WP7603 based design using legato version 19.11.2). After further testing it seems the association we thought there was with SMACK was a case of coincidental timing, and SMACK is unrelated. The real issue seems to be driver related. These are the kernel error messages we’re seeing related to Ethernet:

[ 609.768119] usb 1-1.3: USB disconnect, device number 5
[ 609.768175] usb 1-1.3.1: USB disconnect, device number 6
[ 609.772752] smsc95xx 1-1.3.1:1.0 eth0: unregister ‘smsc95xx’ usb-7c00000.hsic_host-1.3.1, smsc95xx USB 2.0 Ethernet
[ 609.772887] smsc95xx 1-1.3.1:1.0 eth0: hardware isn’t capable of remote wakeup
[ 609.779970] [RMNET:HI] rmnet_config_notify_cb(): Kernel is trying to unregister eth0
[ 609.800467] [RMNET:HI] rmnet_config_notify_cb(): Kernel is trying to unregister eth0
[ 609.920335] usb 1-1: reset high-speed USB device number 2 using msm_hsic_host
[ 610.006259] USB QCMAP NL IOCTL Snd GETNEIGH Succ
[ 610.013979] QTI:LINK_DOWN message posted
[ 610.018180] QTI:LINK_DOWN Processed
[ 610.371268] usb 1-1.3: new high-speed USB device number 7 using msm_hsic_host
[ 610.484411] usb 1-1.3: New USB device found, idVendor=0424, idProduct=9514
[ 610.484446] usb 1-1.3: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 610.486511] hub 1-1.3:1.0: USB hub found
[ 610.486730] hub 1-1.3:1.0: 5 ports detected
[ 610.771229] usb 1-1.3.1: new high-speed USB device number 8 using msm_hsic_host
[ 610.883231] usb 1-1.3.1: New USB device found, idVendor=0424, idProduct=ec00
[ 610.883265] usb 1-1.3.1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 610.887543] smsc95xx v1.0.4
[ 610.987784] smsc95xx 1-1.3.1:1.0 eth0: register ‘smsc95xx’ at usb-7c00000.hsic_host-1.3.1, smsc95xx USB 2.0 Ethernet, cb5d3788
[ 611.174253] smsc95xx 1-1.3.1:1.0 eth0: hardware isn’t capable of remote wakeup
[ 611.174554] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[ 611.185737] USB QCMAP NL IOCTL Snd GETNEIGH Succ
[ 612.613879] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 612.621629] smsc95xx 1-1.3.1:1.0 eth0: link up, 100Mbps, full-duplex, lpa 0x45E1
[ 612.707385] QTI:ETH mode
[ 612.714045] QTI:LINK_UP Processed
[ 612.718704] QTI:LINK_UP message posted

Once the USB hub is disconnected and reconnected, which can take up to 10 minutes, Ethernet works. Unfortunately the 10 minute delay is not going to work with customers, so we’re looking for the explanation and a fix. Oddly the ethernet port physically shows up and even has a DHCP assigned address (from the external router we need to go through), but there is no data throughput possible until the USB disconnect-connect occurs. And when it reconnects and works, the MAC address of our board and assigned IP address are both changed.

do you see such problem in mangoh green or mangoh red board?
If no, probably there is something wrong in your hardware.