Hotplug arsenal is incomplete

[LupeChristoph]

I've developed my own firewall script, which needs to read the addresses from pppoe-wan (that works sufficiently) and br-lan. I'm getting only an ifup event for br-lan. I need to act on the assignment of an IPv6 global address to br-lan.

For now, I'm using a /40 address in my script, but I'd rather use the assigned /60 address. While hotplug is designed to generate ifupdate events, they are only generated for the wan interface. wan_6 is missing, too.

Is there any chance to add more hotplug events to OpenWRT?

I've posted this question in the forum and made some progress with the help of brada4, but we both lack insight into the current mechanism that generates hotplug events. I found some hints to a transition to procd, but nothing pointing to specific code.

I'm willing to contribute, but I need pointers to the places in the code that could use some love.

It was suggested to me that this should not be an enhancement request but filed against netifd. I politely disagree because I found some mentions of procd being involved in hotplug events. But the entire hotplug generation mechanism is unclear to me and I have yet to find somebody or some document who/that explains that. So here we are...

[brada4]

Usually you link to previous discussion https://forum.openwrt.org/t/unreliable-missing-hotplug-events/200859?u=brada4 to save on research time for others

[LupeChristoph]

Thanks for the suggestion. I've linked to anomeome's and your comment.

[jow-]

So you get no ifup event for wan?

[LupeChristoph]

So you get no ifup event for wan?

I get ifdown, ifup, ifupdate and even, when Deutsche Telekom is working on the DSL line, ipup-failed. For wan_6 I do not get ipup-failed but the other three.

It's been a while since I analyzed this, so I'm not exactly clear anymore if I was missing events when the IPv4 address was assigned. Same for the IPv6 link-local address. I'm sure I do not get an event when the global IPv6 address is assigned. Same for br-lan.

That's why I wrote

I'm getting only an ifup event for br-lan. I need to act on the assignment of an IPv6 global address to br-lan.

I would like to use my firewall script as a template and insert the assigned addresses before I run it. Except I can't because I do not get a trigger. I considered writing a watchdog to monitor pppoe-wan and br-lan for assigned addresses, but so far I haven't.

[jow-]

Afair ifupdate events are only emitted for dynamic IP acquisition protocols such as PPPoE, DHCP, DHCPv6 - so basically for "received" addresses. There are no ifupdate events for IP changes due to static config or IP changes related to IPv6 downstream redelegation.

You could listen on ifupdate for wan_6 and inspect the ipv6-prefix and ipv6-prefix-assignment properties of the ifstatus wan_6 output to see which portion of the dynamic prefix was assigned downstream to lan (or other interfaces).

[LupeChristoph]

ifstatus wan_6 was the puzzle piece I was missing. I'll change my iface hotplug script to query wan_6 and lan when I receive a ifupdate for either.

It may take me a while to do that, I'm a little busy right now.

Thanks a lot for that pointer!

[LupeChristoph]

OK, I wrote a little Python program that extracts addresses and prefixes from the ifstatus output and put that in a hotplug script. Here is the output from a fresh boot:

Jun 30 20:50:45 routergnome hotplug-iface: 10-ifstatus: wan ifup 87.xxx.xxx.xxx fe80::xxxx:xxxx:xxxx:xxxx
Jun 30 20:50:48 routergnome hotplug-iface: 10-ifstatus: wan ifupdate 87.xxx.xxx.xxx fe80::xxxx:xxxx:xxxx:xxxx
Jun 30 20:50:51 routergnome hotplug-iface: 10-ifstatus: wan_6 ifup 2003:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
Jun 30 20:51:07 routergnome hotplug-iface: 10-ifstatus: wan_6 ifdown 2003:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx 2003:xxxx:xxxx:xxxx::/56
Jun 30 20:51:07 routergnome hotplug-iface: 10-ifstatus: wan_6 ifup 2003:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx 2003:xxxx:xxxx:xxxx::/56

For comparison, here is the output from ip addr show dev pppoe-wan and br-lan:

12: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
    link/ppp 
    inet 87.xxx.xxx.xxx peer 62.xxxx.xxx.xxx/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever
    inet6 2003:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/64 scope global dynamic noprefixroute 
       valid_lft 14215sec preferred_lft 1615sec
    inet6 fe80::xxxx:xxxx:xxxx:xxxx peer fe80::xxxx:xxxx:xxxx:xxxx/128 scope link 
       valid_lft forever preferred_lft forever

10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 32:f7:b8:0c:4e:7e brd ff:ff:ff:ff:ff:ff
    inet 172.xxx.xxx.1/24 brd 172.xxx.xxx.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 2003:xxxx:xxxx:xxxx::1/60 scope global dynamic noprefixroute 
       valid_lft 86217sec preferred_lft 86217sec
    inet6 fdxx:xxxx:xxxx::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::xxxx:xxxx:xxxx:xxxx/64 scope link 
       valid_lft forever preferred_lft forever

The hotplug script does not filter, it is gathers the output of ifstatus for every event. As you can see there was no event on br-lan. Then combined events on wan and wan_6 show all addresses on pppoe-wan. I find it interesting that the link-local IPv6 address is assigned to wan rather than wan_6. Probably to allow bootstrapping the IPv6 connection.

On br-lan, I have a combination of static and dynamic addresses. Most are static, but 2003:xxxx:xxxx:xxxx::1 is combined from a dynamic prefix and a static host part. This is what I'm missing for my firewall script. Of course I can hard code the static parts in my script, but lacking an event that triggers when the dynamic prefix is assigned I have to resort to polling the interface for changes. I'd rather forgo that, polling can break when you need it most.

I'm attaching the hotplug script and the Python program. Because Github is anal retentive, I renamed them to $foo.txt. 10-ifstatus.txt parse_ifstatus.txt

[LupeChristoph]

I've written a shell script that monitors lan/br-lan and wan/wan_6/pppoe-wan. In case somebody who reads this might find it useful, I;mm attaching it. I'm also updating parse_ifstatus/ monitor-addr-pref.txt parse_ifstatus.txt

Monitoring the interfaces by polling them still feels kludgy. But at least I get all the iface scripts rerun when an interface changes.