Firewall reloading every time when different lease time is obtained after udhcpc: sending renew

sppmaster · February 4, 2022, 11:53pm

As long as I know DHCP and the firewall are turned off on the ISP device. I asked the ISP to do so because I use my own router doing all of that.

anon89577378 · February 5, 2022, 12:02am

Normally, users go in to the ISP device GUI and do that themselves.

You might check that to be sure.

sppmaster · February 5, 2022, 12:10am

I don't have access to the ISP device. Only the ISP can manage it. That is the reason to use my own router.

anon89577378 · February 5, 2022, 12:16am

Then confirm it with the ISP.

dave14305 · February 6, 2022, 12:26am

It forces the router to renew the lease.

sppmaster · February 17, 2022, 6:32pm

I've used the command and got this

daemon.notice netifd: wan (7429): udhcpc: performing DHCP renew
daemon.notice netifd: wan (7429): udhcpc: sending renew to xx.xx.2.1
daemon.notice netifd: wan (7429): udhcpc: lease of xx.xx.2.6 obtained, lease time 3140
user.notice firewall: Reloading firewall due to ifupdate of wan (eth0.2)

Probably what is expected... but how can this help with the firewall reloading.

sppmaster · March 2, 2022, 7:49am

I've changed the router with new R7800 using NSS-offloading firmware based on latest master snapshot with firewall4. It's with default settings.
The above described issue is still present.

user.notice firewall: Reloading firewall due to ifupdate of wan (eth0.2)

Should I report a bug on Github.

dave14305 · March 2, 2022, 3:00pm

It probably doesn’t hurt, but it’s really a question of “Is there any valid reason to restart the firewall if only data section is updated (no addresses)?”. I don’t think any of the possible data elements would warrant a restart, but I’m no authority.

github.com

openwrt/openwrt/blob/8235723c78b535635ef47951ec8fa61d6a4f3593/package/network/config/netifd/files/lib/netifd/dhcp.script#L55


      
          	for i in $domain; do
          		proto_add_dns_search "$i"
          	done
          
          	# TODO: Deprecate timesvr in favor of timesrv
          	if [ -n "$timesvr" -a -z "$timesrv" ]; then
          		timesrv="$timesvr"
          		echo "Environment variable 'timesvr' will be deprecated; use 'timesrv' instead."
          	fi
          
          	proto_add_data
          	[ -n "$ZONE" ]     && json_add_string zone "$ZONE"
          	[ -n "$ntpsrv" ]   && json_add_string ntpserver "$ntpsrv"
          	[ -n "$timesrv" ]  && json_add_string timeserver "$timesrv"
          	[ -n "$hostname" ] && json_add_string hostname "$hostname"
          	[ -n "$message" ]  && json_add_string message "$message"
          	[ -n "$timezone" ] && json_add_int timezone "$timezone"
          	[ -n "$lease" ]    && json_add_int leasetime "$lease"
          	[ -n "$serverid" ] && json_add_string dhcpserver "$serverid"
          	proto_close_data

sppmaster · March 4, 2022, 10:01am

Today I saw another occurrence of the firewall restart. It's with different ISP with latest snapshot of OpenWRT

Fri Mar  4 09:29:59 2022 daemon.notice netifd: wan (3322): udhcpc: sending renew to server xx.xx.xx.20
Fri Mar  4 09:29:59 2022 daemon.notice netifd: wan (3322): udhcpc: lease of xx.xx.xx.100 obtained from xx.xx.xx.20, lease time 1800
Fri Mar  4 09:44:59 2022 daemon.notice netifd: wan (3322): udhcpc: sending renew to server xx.xx.xx.20
Fri Mar  4 09:45:00 2022 daemon.notice netifd: wan (3322): udhcpc: lease of xx.xx.xx.100 obtained from xx.xx.xx.20, lease time 7200

The only difference is the lease time obtained - 1800 vs 7200. In my first post it is clear that lease time changes after every sending renew.
Then we have firewall restart and in my opinion it's because of the different lease time of 7200.

Mar  4 09:45:00 2022 user.notice firewall: Reloading firewall due to ifupdate of wan (eth0.2)

anon89577378 · March 4, 2022, 11:25pm

It seems you are overlooking this...

sppmaster · March 5, 2022, 12:00am

This happens without AdBlock.

anon89577378 · March 5, 2022, 12:38am

If it were me, I would backup the configuration, reset the device, and reconfigure from scratch.

Plain vanilla install...no additional packages or custom configurations.

Then, add them back in, one at a time, until the issue occurs.

SSH in to the router and run opkg list-installed

That, and the config backup, will give you a list of what you have currently, which you can use as a guide.

sppmaster · March 5, 2022, 12:59am

I see the same on three different routers. One of them with default settings.

dave14305 · March 5, 2022, 1:24am

Yeah, until your ISP stops changing the lease time, it’s going to be a problem, or modify the hotplug script to ignore the DATA update condition,

psherman · March 5, 2022, 2:19am

Here’s another question/perspective: does it matter that the firewall is reloaded? Is there any interruption in connectivity or performance issue that results, or is it just a bit of log spam?

sppmaster · March 5, 2022, 6:17am

It's more like a log spam. The side effect is, if you have Adblock, banIP those will restart at every such occurrence which seems as unnecessary overburden to download filters from Internet every few minutes.

sppmaster · March 8, 2022, 1:37pm

At the moment there is a solution at least for Adblock endless restarts here

Pitterling · July 12, 2022, 9:33am

facing the same issue .. in my case fw restart leads sometimes to short disconnects.
Did you file a bug n Github? I could not find anything ....

Pitterling · July 12, 2022, 7:41pm

but that is for Adblock only .. Adblock and other service only suffer, they are not the culprit ..

sppmaster · July 12, 2022, 10:03pm

You are right,
as I wrote in my previous post at least there was a solution for the Adblock endless restarts.
Unfortunately I cannot add anything else about firewall restarts caused by different lease time obtained every time. I didn't file a bug on Github.