search

openwrt / odhcpd

This repository is a mirror of https://git.openwrt.org/?p=project/odhcpd.git. Pull requests will be accepted which will be merged in odhcpd.git
GNU General Public License v2.0
160 stars 96 forks source link

All subnets on every interface #174

Closed fda77 closed 2 years ago

fda77 commented 2 years ago

I have multiple vlan, to make it simple lets say br-lan & br-xxx. As i have no IPv6 public subnet or even prefix, im using nat6. Because of this im using ULA fda0:1:1:1::9/64 and fda0:2:2:2::9/64 for the bridges and set RAs to "force".

I'm expecting RA of fda0:1:1:1::/64 is sent only to br-lan and fda0:2:2:2::/64 only to br-xxx.

The bug: on every bridge are all subnets announced by odhcpd. Not immediately but after some time. And for sure after service odhcp restart. So all clients get multiple subnets, of which is always only 1 is working.

Workaround: Allow RAs only by correct interface-ip with iptables...

ip6tables  -I output_lan_rule  -d ff99::/8  ! -s ::aabb:ccFF:FEdd:ee01 -j DROP
ip6tables  -I output_xxx_rule  -d ff99::/8  ! -s ::aabb:ccFF:FEdd:ee02 -j DROP

Now is only the correct subnet on every bridge and syslog is spamed by 1000s...

odhcpd[$$]: Failed to send to ff02::1%lan@br-lan (Operation not permitted)
odhcpd[$$]: Failed to send to ff02::1%xxx@br-xxx (Operation not permitted)

created here https://github.com/openwrt/odhcpd/blob/master/src/odhcpd.c#L210 . This is called from send_router_advert() by https://github.com/openwrt/odhcpd/blob/master/src/router.c#L746

So i think the loop https://github.com/openwrt/odhcpd/blob/master/src/router.c#L851 should not run for all interfaces/bridges, but only the correct

fda77 commented 2 years ago

https://bugs.openwrt.org/index.php?do=details&task_id=3373

ngehrsitz commented 1 year ago

@fda77 I am currently facing the same issue. The link you posted now references https://github.com/openwrt/openwrt/issues/8239 which seems unrelated. Did you find a proper fix for this issue?

fda77 commented 1 year ago

@ngehrsitz: Bill Gates caused it!!!11 I've 1 lan port with a untagged and multiple tagges vlans. This is (was) attached to a unmanaged switch which just forwared all packets unchanged. An attached windows PC now gets ALL vlan packets - and the silly windows just strips the vlan tags and so windows devices get broadcasts from all Vlans! So use a managed switch and put only 1 untagged vlan for windows With linux devices this is not a problem

ngehrsitz commented 1 year ago

Thanks for the hint! It was exactly the same thing for me. Fortunately for my Intel I225 there is a registry key to fix this misbehavior: https://www.intel.com/content/www/us/en/support/articles/000005498/ethernet-products.html If it doesn´t work make sure to check if you have multiple entries in that registry folder for the same NIC. At first I mistakenly changed it on the entry for an old driver.

fda77 commented 1 year ago

For Intel i217 network adapter i tested with a "server driver" (cant remember exactly the name) which created for every Vlan an additional network device in Windows. This worked, BUT the next VMware updated wasted the whole network stack of Windows 10 :) So i just relpaced my 16 port switch by a cheap TL-SG1016DE