Failsafe mode packet source ip address

mpattera · November 12, 2020, 12:29pm

Netgear EX3700
OpenWrt 19.07.2 r10947-65030d81f3

During boot the failsafe mode packet is sent to inform that the router is in the time window for entering failsafe mode. I noticed that the packet source ip address is 192.168.1.1 and this is conflicting with another device in my network that triggers a duplicate address alarm.

Why it's sending out a packet with a source address that isn't the actual interface address? Any solution or workaround?

anon50098793 · November 12, 2020, 12:38pm

you'll need to start by running the latest release...

lantis1008 · November 12, 2020, 1:09pm

This is part of preinit, so it will always come from that address as that's the failsafe address. Your config hasn't even been loaded yet.
You can change this in the build config if you compile your own images.
CONFIG_TARGET_PREINIT_IP

mpattera · November 12, 2020, 1:58pm

@lantis1008
Given this, I think I would prefer to deactivate the packet sending (or at most use a dummy ip address just for this packet, preserving 192.168.1.1 as failsafe ip address).

lantis1008 · November 13, 2020, 1:02am

I think your answer is here:

 140 preinit_net_echo() {
 141         [ -n "$pi_ifname" ] && grep -q "$pi_ifname" /proc/net/dev && {
 142                 {
 143                         [ "$pi_preinit_net_messages" = "y" ] || {
 144                                 [ "$pi_failsafe_net_message" = "true" ] &&
 145                                         [ "$pi_preinit_no_failsafe_netmsg" != "y" ]
 146                         }
 147                 } && netmsg $pi_broadcast "$1"
 148         }
 149 }

and here:

  76 define ImageConfigOptions
  77         mkdir -p $(1)/lib/preinit
  78         echo 'pi_suppress_stderr="$(CONFIG_TARGET_PREINIT_SUPPRESS_STDERR)"' >$(1)/lib/preinit/00_preinit.conf
  79         echo 'fs_failsafe_wait_timeout=$(if $(CONFIG_TARGET_PREINIT_TIMEOUT),$(CONFIG_TARGET_PREINIT_TIMEOUT),2)' >>$(1)/lib/preinit/00_preinit.conf
  80         echo 'pi_init_path="$(TARGET_INIT_PATH)"' >>$(1)/lib/preinit/00_preinit.conf
  81         echo 'pi_init_env=$(if $(CONFIG_TARGET_INIT_ENV),$(CONFIG_TARGET_INIT_ENV),"")' >>$(1)/lib/preinit/00_preinit.conf
  82         echo 'pi_init_cmd=$(if $(CONFIG_TARGET_INIT_CMD),$(CONFIG_TARGET_INIT_CMD),"/sbin/init")' >>$(1)/lib/preinit/00_preinit.conf
  83         echo 'pi_init_suppress_stderr="$(CONFIG_TARGET_INIT_SUPPRESS_STDERR)"' >>$(1)/lib/preinit/00_preinit.conf
  84         echo 'pi_ifname=$(if $(CONFIG_TARGET_PREINIT_IFNAME),$(CONFIG_TARGET_PREINIT_IFNAME),"")' >>$(1)/lib/preinit/00_preinit.conf
  85         echo 'pi_ip=$(if $(CONFIG_TARGET_PREINIT_IP),$(CONFIG_TARGET_PREINIT_IP),"192.168.1.1")' >>$(1)/lib/preinit/00_preinit.conf
  86         echo 'pi_netmask=$(if $(CONFIG_TARGET_PREINIT_NETMASK),$(CONFIG_TARGET_PREINIT_NETMASK),"255.255.255.0")' >>$(1)/lib/preinit/00_preinit.conf
  87         echo 'pi_broadcast=$(if $(CONFIG_TARGET_PREINIT_BROADCAST),$(CONFIG_TARGET_PREINIT_BROADCAST),"192.168.1.255")' >>$(1)/lib/preinit/00_preinit.conf
  88         echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
  89         echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
  90         echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf
  91 endef

It looks like setting CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG in your config and compiling your own image might keep the failsafe functionality, but stop it broadcasting the packet.
What i can't quite figure out is whether it is going to broadcast something anyway during preinit? The logic looks a bit weird to me but i don't have time to dig further about where it goes.

Hope that helps.

mpattera · November 13, 2020, 10:18am

In addition it looks like CONFIG_TARGET_PREINIT_SHOW_NETMSG must be not set (default) to not have that packet sent.

Anyway I'm thinking about opening a bug report, because it's not expected that the router sends out packets from addresses different than those configured.

lantis1008 · November 13, 2020, 10:49am

It is to ensure a consistent experience during failsafe. I don't really think it is a bug.
You can raise a bug but i don't think it will be accepted. However please link it to here if you do, i would be interested to know the outcome.

Like i said, the filesystem hasn't even loaded at this point so how can it know what IP you have configured? This is the preinit environment.

mpattera · November 13, 2020, 11:11am

It's exactly about consistency! Net msg with failsafe sender address are ok to me only after failsafe mode is entered. If it's not possibile to get the configured address during preinit, it would be safer to just not send those messages.

You're right it's not a bug, but it's a matter of default configuration.. it's not safe.

EDIT: this is about MAC address.. but basically the same issue https://bugs.openwrt.org/index.php?do=details&task_id=1909

lantis1008 · November 13, 2020, 12:15pm

The point of the packet is to indicate that failsafe can now be entered.

mpattera · May 4, 2021, 8:48am

I understand, but the question is: do we really need to send this packet with an arbitrary address that may conflict with other hosts on the network?