[GH-ISSUE #262] Outbound traffic view empty #105

Closed
opened 2026-03-04 01:34:49 +03:00 by kerem · 10 comments
Owner

Originally created by @0vercl0k on GitHub (Jan 15, 2024).
Original GitHub issue: https://github.com/spr-networks/super/issues/262

I've been running into this for the past few days; basically the 'outbound traffic' view is empty (both on iOS & website). I've looked at some of the log and this one might be relevant (from superdb):

2024/01/15 16:40:12 [-] Empty db configuration, initializing
image
Originally created by @0vercl0k on GitHub (Jan 15, 2024). Original GitHub issue: https://github.com/spr-networks/super/issues/262 I've been running into this for the past few days; basically the 'outbound traffic' view is empty (both on iOS & website). I've looked at some of the log and this one might be relevant (from `superdb`): ``` 2024/01/15 16:40:12 [-] Empty db configuration, initializing ``` <img width="563" alt="image" src="https://github.com/spr-networks/super/assets/1476421/728e7e49-9075-4bec-98e6-096f64daf6a1">
kerem closed this issue 2026-03-04 01:34:49 +03:00
Author
Owner

@lts-rad commented on GitHub (Jan 15, 2024):

to diagnose:

  1. traffic can be retreived with these calls:

curl -u admin:admin http://spr.local/traffic_history
curl -u admin:admin http://spr.local/iphistory

do these return 200? data?

  1. if the above failed do you see table ip accounting if you run "nft list ruleset | less" ?
<!-- gh-comment-id:1892639205 --> @lts-rad commented on GitHub (Jan 15, 2024): to diagnose: 1. traffic can be retreived with these calls: curl -u admin:admin http://spr.local/traffic_history curl -u admin:admin http://spr.local/iphistory do these return 200? data? 2. if the above failed do you see `table ip accounting ` if you run "nft list ruleset | less" ?
Author
Owner

@lts-rad commented on GitHub (Jan 15, 2024):

As for the log configuration log that is expected until a user has customized their events. that error is probably too verbose then. it will use the defaults

        // default config
        config := &LogConfig{
                SaveEvents: []string{"log:api", "dns:block:event", "dns:override:event", "dns:serve:", "wifi:auth:", "auth:failure:"},
                MaxSize:    250 * 1024 * 1024, //bytes
        }
        data, err := ioutil.ReadFile(gConfigPath)
``
<!-- gh-comment-id:1892640631 --> @lts-rad commented on GitHub (Jan 15, 2024): As for the log configuration log that is expected until a user has customized their events. that error is probably too verbose then. it will use the defaults ``` // default config config := &LogConfig{ SaveEvents: []string{"log:api", "dns:block:event", "dns:override:event", "dns:serve:", "wifi:auth:", "auth:failure:"}, MaxSize: 250 * 1024 * 1024, //bytes } data, err := ioutil.ReadFile(gConfigPath) ``
Author
Owner

@0vercl0k commented on GitHub (Jan 15, 2024):

Okay so hitting iphistory returns a 404, traffic_history does return something that looks healthy. I also see a table ip accounting ruleset.

<!-- gh-comment-id:1892703858 --> @0vercl0k commented on GitHub (Jan 15, 2024): Okay so hitting `iphistory` returns a 404, `traffic_history` does return something that looks healthy. I also see a `table ip accounting` ruleset.
Author
Owner

@lts-rad commented on GitHub (Jan 18, 2024):

so the right function was iptraffic not iphistory.

curl -u admin:admin http://192.168.2.1/iptraffic

on the router you can check:

nft -j list set ip accounting all_ip;

I suspect this is empty for some reason.

<!-- gh-comment-id:1899346221 --> @lts-rad commented on GitHub (Jan 18, 2024): so the right function was `iptraffic` not `iphistory`. `curl -u admin:admin http://192.168.2.1/iptraffic` on the router you can check: nft -j list set ip accounting all_ip; I suspect this is empty for some reason.
Author
Owner

@lts-rad commented on GitHub (Jan 18, 2024):

unclear how this would happen. the rules look like this:

set all_ip {
        type ifname . ipv4_addr . ipv4_addr
        counter
        flags dynamic
        timeout 1h
        size 4096
      }

      chain FORWARD {
        type filter hook forward priority -150 ; policy accept;

        # Log all input ip pairs (input interface, src ip, dst ip)
        add @all_ip { iifname . ip saddr . ip daddr }
        iifname . ip saddr . ip daddr @all_ip

        ip daddr @local_lan jump count_in
        ip saddr @local_lan jump count_out
      }
<!-- gh-comment-id:1899347278 --> @lts-rad commented on GitHub (Jan 18, 2024): unclear how this would happen. the rules look like this: ``` set all_ip { type ifname . ipv4_addr . ipv4_addr counter flags dynamic timeout 1h size 4096 } chain FORWARD { type filter hook forward priority -150 ; policy accept; # Log all input ip pairs (input interface, src ip, dst ip) add @all_ip { iifname . ip saddr . ip daddr } iifname . ip saddr . ip daddr @all_ip ip daddr @local_lan jump count_in ip saddr @local_lan jump count_out } ```
Author
Owner

@0vercl0k commented on GitHub (Jan 18, 2024):

Hitting iptraffic seems to return some healthy data, and nft -j list set ip accounting all_ip; as well (it is not empty either) 🤔

On Thu, Jan 18, 2024 at 2:53 PM Alex Rad @.***> wrote:

unclear how this would happen. the rules look like this:

    type ifname . ipv4_addr . ipv4_addr
    counter
    flags dynamic
    timeout 1h
    size 4096
  }

  chain FORWARD {
    type filter hook forward priority -150 ; policy accept;

    # Log all input ip pairs (input interface, src ip, dst ip)
    add @all_ip { iifname . ip saddr . ip daddr }
    iifname . ip saddr . ip daddr @all_ip

    ip daddr @local_lan jump count_in
    ip saddr @local_lan jump count_out
  }


Reply to this email directly, view it on GitHub
https://github.com/spr-networks/super/issues/262#issuecomment-1899347278,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AALIORO22B33TSMGF5WDJZLYPGRX3AVCNFSM6AAAAABB3T6BMWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJZGM2DOMRXHA
.
You are receiving this because you authored the thread.Message ID:
@.***>

<!-- gh-comment-id:1899363285 --> @0vercl0k commented on GitHub (Jan 18, 2024): Hitting `iptraffic` seems to return some healthy data, and `nft -j list set ip accounting all_ip;` as well (it is not empty either) 🤔 On Thu, Jan 18, 2024 at 2:53 PM Alex Rad ***@***.***> wrote: > unclear how this would happen. the rules look like this: > > type ifname . ipv4_addr . ipv4_addr > counter > flags dynamic > timeout 1h > size 4096 > } > > chain FORWARD { > type filter hook forward priority -150 ; policy accept; > > # Log all input ip pairs (input interface, src ip, dst ip) > add @all_ip { iifname . ip saddr . ip daddr } > iifname . ip saddr . ip daddr @all_ip > > ip daddr @local_lan jump count_in > ip saddr @local_lan jump count_out > } > > — > Reply to this email directly, view it on GitHub > <https://github.com/spr-networks/super/issues/262#issuecomment-1899347278>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AALIORO22B33TSMGF5WDJZLYPGRX3AVCNFSM6AAAAABB3T6BMWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJZGM2DOMRXHA> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> >
Author
Owner

@lts-rad commented on GitHub (Jan 18, 2024):

okay so tracked this down

	//update firewall table rules to service the new tiny networks, where needed
	flushSupernetworkEntries()
	for _, supernet := range TinyNets {
		addSupernetworkEntry(supernet)
	}

seems like local_lan is missing the full supernets entries. lets see why this isnt running ons tartup

<!-- gh-comment-id:1899389545 --> @lts-rad commented on GitHub (Jan 18, 2024): okay so tracked this down ```func updateFirewallSubnets(DNSIP string, TinyNets []string) { //update firewall table rules to service the new tiny networks, where needed flushSupernetworkEntries() for _, supernet := range TinyNets { addSupernetworkEntry(supernet) } ``` seems like local_lan is missing the full supernets entries. lets see why this isnt running ons tartup
Author
Owner

@lts-rad commented on GitHub (Jan 18, 2024):

startup goes initDHCP-> loadDHCPConfig ->
updateFirewallSubnets(getLANIP(), gDhcpConfig.TinyNets)

its unclear then how this would get out of sync

<!-- gh-comment-id:1899403237 --> @lts-rad commented on GitHub (Jan 18, 2024): startup goes initDHCP-> loadDHCPConfig -> updateFirewallSubnets(getLANIP(), gDhcpConfig.TinyNets) its unclear then how this would get out of sync
Author
Owner

@lts-rad commented on GitHub (Jan 19, 2024):

closing for now

<!-- gh-comment-id:1900810312 --> @lts-rad commented on GitHub (Jan 19, 2024): closing for now
Author
Owner

@0vercl0k commented on GitHub (Jan 21, 2024):

Thanks again for figuring it out!

<!-- gh-comment-id:1902479636 --> @0vercl0k commented on GitHub (Jan 21, 2024): Thanks again for figuring it out!
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/super#105
No description provided.