Failsafe mode packet source ip address

Netgear EX3700
OpenWrt 19.07.2 r10947-65030d81f3

During boot the failsafe mode packet is sent to inform that the router is in the time window for entering failsafe mode. I noticed that the packet source ip address is and this is conflicting with another device in my network that triggers a duplicate address alarm.

Why it's sending out a packet with a source address that isn't the actual interface address? Any solution or workaround?

you'll need to start by running the latest release...

1 Like

This is part of preinit, so it will always come from that address as that's the failsafe address. Your config hasn't even been loaded yet.
You can change this in the build config if you compile your own images.


Given this, I think I would prefer to deactivate the packet sending (or at most use a dummy ip address just for this packet, preserving as failsafe ip address).

I think your answer is here:

 140 preinit_net_echo() {
 141         [ -n "$pi_ifname" ] && grep -q "$pi_ifname" /proc/net/dev && {
 142                 {
 143                         [ "$pi_preinit_net_messages" = "y" ] || {
 144                                 [ "$pi_failsafe_net_message" = "true" ] &&
 145                                         [ "$pi_preinit_no_failsafe_netmsg" != "y" ]
 146                         }
 147                 } && netmsg $pi_broadcast "$1"
 148         }
 149 }

and here:
  76 define ImageConfigOptions
  77         mkdir -p $(1)/lib/preinit
  78         echo 'pi_suppress_stderr="$(CONFIG_TARGET_PREINIT_SUPPRESS_STDERR)"' >$(1)/lib/preinit/00_preinit.conf
  79         echo 'fs_failsafe_wait_timeout=$(if $(CONFIG_TARGET_PREINIT_TIMEOUT),$(CONFIG_TARGET_PREINIT_TIMEOUT),2)' >>$(1)/lib/preinit/00_preinit.conf
  80         echo 'pi_init_path="$(TARGET_INIT_PATH)"' >>$(1)/lib/preinit/00_preinit.conf
  81         echo 'pi_init_env=$(if $(CONFIG_TARGET_INIT_ENV),$(CONFIG_TARGET_INIT_ENV),"")' >>$(1)/lib/preinit/00_preinit.conf
  82         echo 'pi_init_cmd=$(if $(CONFIG_TARGET_INIT_CMD),$(CONFIG_TARGET_INIT_CMD),"/sbin/init")' >>$(1)/lib/preinit/00_preinit.conf
  83         echo 'pi_init_suppress_stderr="$(CONFIG_TARGET_INIT_SUPPRESS_STDERR)"' >>$(1)/lib/preinit/00_preinit.conf
  84         echo 'pi_ifname=$(if $(CONFIG_TARGET_PREINIT_IFNAME),$(CONFIG_TARGET_PREINIT_IFNAME),"")' >>$(1)/lib/preinit/00_preinit.conf
  85         echo 'pi_ip=$(if $(CONFIG_TARGET_PREINIT_IP),$(CONFIG_TARGET_PREINIT_IP),"")' >>$(1)/lib/preinit/00_preinit.conf
  86         echo 'pi_netmask=$(if $(CONFIG_TARGET_PREINIT_NETMASK),$(CONFIG_TARGET_PREINIT_NETMASK),"")' >>$(1)/lib/preinit/00_preinit.conf
  87         echo 'pi_broadcast=$(if $(CONFIG_TARGET_PREINIT_BROADCAST),$(CONFIG_TARGET_PREINIT_BROADCAST),"")' >>$(1)/lib/preinit/00_preinit.conf
  88         echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
  89         echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
  90         echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf
  91 endef

It looks like setting CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG in your config and compiling your own image might keep the failsafe functionality, but stop it broadcasting the packet.
What i can't quite figure out is whether it is going to broadcast something anyway during preinit? The logic looks a bit weird to me but i don't have time to dig further about where it goes.

Hope that helps.

1 Like

In addition it looks like CONFIG_TARGET_PREINIT_SHOW_NETMSG must be not set (default) to not have that packet sent.

Anyway I'm thinking about opening a bug report, because it's not expected that the router sends out packets from addresses different than those configured.

It is to ensure a consistent experience during failsafe. I don't really think it is a bug.
You can raise a bug but i don't think it will be accepted. However please link it to here if you do, i would be interested to know the outcome.

Like i said, the filesystem hasn't even loaded at this point so how can it know what IP you have configured? This is the preinit environment.

1 Like

It's exactly about consistency! Net msg with failsafe sender address are ok to me only after failsafe mode is entered. If it's not possibile to get the configured address during preinit, it would be safer to just not send those messages.

You're right it's not a bug, but it's a matter of default configuration.. it's not safe.

EDIT: this is about MAC address.. but basically the same issue

The point of the packet is to indicate that failsafe can now be entered.

I understand, but the question is: do we really need to send this packet with an arbitrary address that may conflict with other hosts on the network?