Firewall reloading every time when different lease time is obtained after udhcpc: sending renew

psherman · January 28, 2022, 8:19pm

In that case (which is understandable), I’d say that if it isn’t causing any actual network issues, just leave it be and deal with the troubleshooting of this issue at some future time. If it is actually impacting your network (aside from the log spam), you should prioritize that root-cause analysis as soon as it is reasonable to do so.

dave14305 · January 28, 2022, 8:22pm

You can force it to occur at will by running

kill -USR1 $(pidof udhcpc)

Not that it helps solve it, but forcing renewal will update the remaining lease time. Run ifstatus wan before and after.

sppmaster · February 4, 2022, 11:26pm

I've completely uninstalled adblock but that didn't solve the issue.
Then I decided to replace the router with another one just to test.
The spare router (using current master snapshot), that was working fine on another network with WAN getting IP via DHCP, is now experiencing the same behaviour as described in the first post. Lease times of 7200s and 3600s follow one after another, then Reloading firewall due to ifupdate of wan and adblock and banIP restart.
Really wonder about the reason for this. My router is connected to the ISP router device currently configured as a bridge device with WLAN turned off.

dave14305:

You can force it to occur at will by running
kill -USR1 $(pidof udhcpc)
Not that it helps solve it, but forcing renewal will update the remaining lease time. Run ifstatus wan before and after.

Sorry @dave14305 but I don't understand what kill -USR1 $(pidof udhcpc) command does. Can you explain a little bit more.

psherman · February 4, 2022, 11:29pm

Does the problem happen if you run the router in the near default state (i.e. no Adblock or banIP, minimal changes for your network and wifi configurations)?

sppmaster · February 4, 2022, 11:30pm

The same problem without both Adblock and banIP. The second router I've connected didn't do this on another network. The only difference that I know of, is that on the problem ISP network, the ISP is using MAC address access list. So I have to call the ISP support so they change their settings and after that the router gets an IP.

anon89577378 · February 4, 2022, 11:50pm

DHCP and the firewall should also be turned off on the ISP device.

The OpenWRT device should be doing DHCP, wireless, and firewall.

sppmaster · February 4, 2022, 11:53pm

As long as I know DHCP and the firewall are turned off on the ISP device. I asked the ISP to do so because I use my own router doing all of that.

anon89577378 · February 5, 2022, 12:02am

Normally, users go in to the ISP device GUI and do that themselves.

You might check that to be sure.

sppmaster · February 5, 2022, 12:10am

I don't have access to the ISP device. Only the ISP can manage it. That is the reason to use my own router.

anon89577378 · February 5, 2022, 12:16am

Then confirm it with the ISP.

dave14305 · February 6, 2022, 12:26am

It forces the router to renew the lease.

sppmaster · February 17, 2022, 6:32pm

I've used the command and got this

daemon.notice netifd: wan (7429): udhcpc: performing DHCP renew
daemon.notice netifd: wan (7429): udhcpc: sending renew to xx.xx.2.1
daemon.notice netifd: wan (7429): udhcpc: lease of xx.xx.2.6 obtained, lease time 3140
user.notice firewall: Reloading firewall due to ifupdate of wan (eth0.2)

Probably what is expected... but how can this help with the firewall reloading.

sppmaster · March 2, 2022, 7:49am

I've changed the router with new R7800 using NSS-offloading firmware based on latest master snapshot with firewall4. It's with default settings.
The above described issue is still present.

user.notice firewall: Reloading firewall due to ifupdate of wan (eth0.2)

Should I report a bug on Github.

dave14305 · March 2, 2022, 3:00pm

It probably doesn’t hurt, but it’s really a question of “Is there any valid reason to restart the firewall if only data section is updated (no addresses)?”. I don’t think any of the possible data elements would warrant a restart, but I’m no authority.

github.com

openwrt/openwrt/blob/8235723c78b535635ef47951ec8fa61d6a4f3593/package/network/config/netifd/files/lib/netifd/dhcp.script#L55


      
          	for i in $domain; do
          		proto_add_dns_search "$i"
          	done
          
          	# TODO: Deprecate timesvr in favor of timesrv
          	if [ -n "$timesvr" -a -z "$timesrv" ]; then
          		timesrv="$timesvr"
          		echo "Environment variable 'timesvr' will be deprecated; use 'timesrv' instead."
          	fi
          
          	proto_add_data
          	[ -n "$ZONE" ]     && json_add_string zone "$ZONE"
          	[ -n "$ntpsrv" ]   && json_add_string ntpserver "$ntpsrv"
          	[ -n "$timesrv" ]  && json_add_string timeserver "$timesrv"
          	[ -n "$hostname" ] && json_add_string hostname "$hostname"
          	[ -n "$message" ]  && json_add_string message "$message"
          	[ -n "$timezone" ] && json_add_int timezone "$timezone"
          	[ -n "$lease" ]    && json_add_int leasetime "$lease"
          	[ -n "$serverid" ] && json_add_string dhcpserver "$serverid"
          	proto_close_data

sppmaster · March 4, 2022, 10:01am

Today I saw another occurrence of the firewall restart. It's with different ISP with latest snapshot of OpenWRT

Fri Mar  4 09:29:59 2022 daemon.notice netifd: wan (3322): udhcpc: sending renew to server xx.xx.xx.20
Fri Mar  4 09:29:59 2022 daemon.notice netifd: wan (3322): udhcpc: lease of xx.xx.xx.100 obtained from xx.xx.xx.20, lease time 1800
Fri Mar  4 09:44:59 2022 daemon.notice netifd: wan (3322): udhcpc: sending renew to server xx.xx.xx.20
Fri Mar  4 09:45:00 2022 daemon.notice netifd: wan (3322): udhcpc: lease of xx.xx.xx.100 obtained from xx.xx.xx.20, lease time 7200

The only difference is the lease time obtained - 1800 vs 7200. In my first post it is clear that lease time changes after every sending renew.
Then we have firewall restart and in my opinion it's because of the different lease time of 7200.

Mar  4 09:45:00 2022 user.notice firewall: Reloading firewall due to ifupdate of wan (eth0.2)

anon89577378 · March 4, 2022, 11:25pm

It seems you are overlooking this...

sppmaster · March 5, 2022, 12:00am

This happens without AdBlock.

anon89577378 · March 5, 2022, 12:38am

If it were me, I would backup the configuration, reset the device, and reconfigure from scratch.

Plain vanilla install...no additional packages or custom configurations.

Then, add them back in, one at a time, until the issue occurs.

SSH in to the router and run opkg list-installed

That, and the config backup, will give you a list of what you have currently, which you can use as a guide.

sppmaster · March 5, 2022, 12:59am

I see the same on three different routers. One of them with default settings.

dave14305 · March 5, 2022, 1:24am

Yeah, until your ISP stops changing the lease time, it’s going to be a problem, or modify the hotplug script to ignore the DATA update condition,