Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#1853 - odhcpd: Router Advertisement message leaks to WAN in relay mode when stopping the service #5943

Closed
openwrt-bot opened this issue Sep 17, 2018 · 2 comments
Labels

Comments

@openwrt-bot
Copy link

openwrt-bot commented Sep 17, 2018

LGA1150:

Internet connection is DHCP(IPv4)/SLAAC(IPv6)

Current DHCP settings:
root@OpenWrt:~# uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].rebind_protection='0'
dhcp.@dnsmasq[0].noresolv='1'
dhcp.@dnsmasq[0].localservice='0'
dhcp.@dnsmasq[0].nonwildcard='0'
dhcp.@dnsmasq[0].dnsforwardmax='1500'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.ra='relay'
dhcp.lan.ndp='relay'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.wan6=dhcp
dhcp.wan6.interface='wan'
dhcp.wan6.ra='relay'
dhcp.wan6.ndp='relay'
dhcp.wan6.master='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'

When stopping the odhcpd service by either /etc/init.d/odhcpd stop or killall odhcpd in relay mode, an RA message is sent to WAN by mistake.

Current workaround: dropping RA messages with ip6tables
ip6tables -A output_wan_rule -p icmpv6 --icmpv6-type 134 -j DROP

@openwrt-bot
Copy link
Author

openwrt-bot commented Sep 18, 2018

dedeckeh:

Can you repeat the test by setting odhcpd loglevel to 7 (uci set dhcp.odhcpd.loglevel=7; uci commit) and do a logread after you've stopped odhcpd ?

@openwrt-bot
Copy link
Author

openwrt-bot commented Sep 20, 2018

LGA1150:

Fri Sep 21 01:58:20 2018 user.notice -------cut-here-------: <----- stopping odhcpd
Fri Sep 21 01:58:21 2018 daemon.info odhcpd[8126]: Using a RA lifetime of 0 seconds on eth1
Fri Sep 21 01:58:21 2018 daemon.notice odhcpd[8126]: Failed to send to ff02::1%eth1 (Operation not permitted)
Fri Sep 21 01:58:21 2018 daemon.info odhcpd[8126]: Using a RA lifetime of 0 seconds on br-lan
Fri Sep 21 01:58:21 2018 daemon.debug odhcpd[8126]: Sent 64 bytes to ff02::1%br-lan

It did try sending RA message to eth1(WAN), got Operation not permitted error because of that ip6tables rule I've used above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant