Unreliable/missing hotplug events

lupe · June 12, 2024, 5:07pm

I've developed my own firewall script, which needs to read the addresses from pppoe-wan (that works sufficiently) and br-lan. I'm getting only an ifup event for br-lan. I need to act on the assignment of an IPv6 global address to br-lan.

For now, I'm using a /40 address in my script, but I'd rather use the assigned /60 address. While hotplug is designed to generate ifupdate events, they are only generated for the wan interface. wan_6 is missing, too.

Is there any chance to add more hotplug events to OpenWRT?

I haven't tried to analyze the hotplug system, but given some pointer to the code, I'm willing to put some effort into finding the right place and add code to generate the events I desire.

brada4 · June 12, 2024, 6:01pm

https://openwrt.org/docs/guide-user/base-system/hotplug#iface
ifupdate_addresses variable says what you are looking for.

There is some confudion - luci "interface" is abstract category, hotplug interface is what luci calls device and ip/ifconfig calls interface.

lupe · June 12, 2024, 6:26pm

https://openwrt.org/docs/guide-user/base-system/hotplug#iface ifupdate_addresses variable says what you are looking for.

I know that page. It's woefully incomplete. It does not even list the events that might be genererated. It also does not mention that the events may not be generated depending on interface. Read my text please. It explains all of this.

There is some confudion - luci "interface" is abstract category, hotplug interface is what luci calls device and ip/ifconfig calls interface.

There may be "confudion" on your side. If you had been monitoring hotplug events you would heve seen something like this:

00-logger: Wed Jun 12 18:21:21 CEST 2024 USER=root ACTION=ifupdate SHLVL=1 HOME=/ HOTPLUG_TYPE=iface LOGNAME=root DEVICENAME= TERM=linux PATH=/usr/sbin:/usr/bin:/sbin:/bin INTERFACE=wan IFUPDATE_ADDRESSES=1 PWD=/ DEVICE=pppoe-wan IFUPDATE_ROUTES=1

There is an INTERFACE and a DEVICE. And an unused DEVICENAME.

As for luci - it uses similar interface names, e.g. "wan", but some interface names hotplug uses are missing in luci, e.g. wan_6. OTH, luci uses network interface names that include vlan number, e.g. (Deutsche Telekom uses this) wan.7. I've never seen this in hotplug.

Can we now please get to the problem at hand? How hotplug could do a better job?

egc · June 12, 2024, 6:48pm

We welcome your contribution to our Free and Open source project, so feel free to contribute.

lupe · June 12, 2024, 6:53pm

We welcome your contribution to our Free and Open source project, so feel free to contribute.\

If you gave me some pointers where to look how the hotplug events work, I might be able to. Right now, I have no idea where to start looking.

brada4 · June 12, 2024, 6:57pm

The codepath that updates that IP address ?netifd? needs to send ubus message like dhcp client.
It is not class/net message, like in udev.d but something emulated from different source.

brada4 · June 12, 2024, 7:21pm

Also firewall-wide fib match can be used to match local IPs in bulk, you need to propagate bit in mark
prerouting ...
fib saddr . iif oif eq 0 counter meta mark set meta mark or 0x10000
normal places ...
meta mark and 0x10000 ne 0x0 counter log

EDIT: ... list ruleset shows decimal values and flag is 32 bits not 64 bits long.

lupe · June 12, 2024, 8:14pm

The codepath that updates that IP address ?netifd? needs to send ubus message like dhcp client.
It is not class/net message, like in udev.d but something emulated from different source.

Also firewall-wide fib match can be used to match local IPs in bulk, you need to propagate bit in mark
prerouting ...
fib saddr . iif oif eq 0 counter meta mark set meta mark or 0x10000
normal places ...
meta mark and 0x10000 ne 0x0 counter log

EDIT: ... list ruleset shows decimal values and flag is 32 bits not 64 bits long.

I have no idea what you are talking about except that ```list ruleset`` is an nftables command. Which I am using only implicitly by issuing iptables commands to iptables-restore. So, consequently, also no idea how this relates to my question. I repeat:
If you gave me some pointers where to look how the hotplug events work, I might be able to. Right now, I have no idea where to start looking.

brada4 · June 12, 2024, 8:40pm

Please post

ubus call system board

It is about time to go for iptables-translate.

I said all, you need to chase missing (never sent) synthetic pseudo-hotplug event in daemon adding that IP address.

lupe · June 12, 2024, 8:47pm

I still have no clue what you're talking about. But, as you requested, here is the output from ubus call system board:

# ubus call system board
{
        "kernel": "5.15.150",
        "hostname": "routergnome",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "Linksys EA7300 v2",
        "board_name": "linksys,ea7300-v2",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"
        }
}

brada4 · June 12, 2024, 8:55pm

Okii
Problem with missing events is that process configuring IP6 address does not post fake hotplug message like dhcp clients do. I suspect it is netifd.

iptables equivalent is -m addrtype --dst-type LOCAL

lupe · June 12, 2024, 8:59pm

I ran an strace on netifd. But this is more than 8 MB, so I think I need some idea what to look for. execve? UDev? opening some port?

brada4 · June 12, 2024, 9:06pm

I have no idea if it is netifd or some script called from somewhere else adding ip6 address, i just made a guess. Certainly not listening on a port.

lupe · June 12, 2024, 9:14pm

OK, this gives me an idea. I start this from the IP addresses assigned dynamically, assuming that netifd is talking to the DSL line to acquire the addresses and than does some magic to deliver them to pppoe-wan and br-lan (global IPv6 in that case).

This may take some time. I'm fiddling with something too else so I'll try to interleave that.

brada4 · June 12, 2024, 9:21pm

It is likely netlink message, but tcpdump is not configured with it as input. Check addrtype, maybe it fits you just fine and you dont need an event.

lupe · June 12, 2024, 9:44pm

Took a look at the strace and found that I should better not use the -f flag. netifd calls /sbin/hotplug-call and that does on and on...

Without -f the strace file is only about 160kB. I'll have a look later.

Concerning the "netlink message", how am I supposed to capture this? I have used UBus before but never had to look at messages.

Later: netifd is logging some messages:

Jun 12 22:57:13 routergnome netifd: Interface 'wan_6' is disabled
Jun 12 22:57:13 routergnome netifd: Network alias '' link is down
Jun 12 22:57:13 routergnome netifd: Interface 'wan_6' has link connectivity loss
Jun 12 22:57:14 routergnome netifd: Interface 'wan_6' is now down
Jun 12 22:57:14 routergnome netifd: Network device 'pppoe-wan' link is down
Jun 12 22:57:15 routergnome netifd: Interface 'wan' is now down
Jun 12 22:57:41 routergnome netifd: Interface 'wan' is setting up now
Jun 12 22:57:45 routergnome netifd: Network device 'pppoe-wan' link is up
Jun 12 22:57:46 routergnome netifd: Network alias 'pppoe-wan' link is up
Jun 12 22:57:46 routergnome netifd: Interface 'wan' is now up
Jun 12 22:57:46 routergnome netifd: Interface 'wan_6' is enabled
Jun 12 22:57:46 routergnome netifd: Interface 'wan_6' has link connectivity
Jun 12 22:57:46 routergnome netifd: Interface 'wan_6' is setting up now
Jun 12 22:57:52 routergnome netifd: Interface 'wan_6' is now up
Jun 12 22:58:18 routergnome netifd: Interface 'wan_6' has lost the connection
Jun 12 22:58:18 routergnome netifd: Interface 'wan_6' is now up
Jun 12 23:40:39 routergnome netifd: Interface 'wan_6' is disabled
Jun 12 23:40:39 routergnome netifd: Network alias '' link is down
Jun 12 23:40:39 routergnome netifd: Interface 'wan_6' has link connectivity loss
Jun 12 23:40:39 routergnome netifd: Interface 'wan_6' is now down
Jun 12 23:40:40 routergnome netifd: Network device 'pppoe-wan' link is down
Jun 12 23:40:40 routergnome netifd: Interface 'wan' is now down
Jun 12 23:40:46 routergnome netifd: Interface 'wan' is setting up now
Jun 12 23:40:50 routergnome netifd: Network device 'pppoe-wan' link is up
Jun 12 23:40:50 routergnome netifd: Network alias 'pppoe-wan' link is up
Jun 12 23:40:50 routergnome netifd: Interface 'wan' is now up
Jun 12 23:40:51 routergnome netifd: Interface 'wan_6' is enabled
Jun 12 23:40:51 routergnome netifd: Interface 'wan_6' has link connectivity
Jun 12 23:40:51 routergnome netifd: Interface 'wan_6' is setting up now
Jun 12 23:40:56 routergnome netifd: Interface 'wan_6' is now up
Jun 12 23:41:11 routergnome netifd: Interface 'wan_6' has lost the connection
Jun 12 23:41:11 routergnome netifd: Interface 'wan_6' is now up

Nothing about addresses, though. More later.

brada4 · June 13, 2024, 5:42am

restart wan4 to acquire IP4?

lupe · June 26, 2024, 5:15pm

Sorry for leaving this thread hanging. I had to upgrade five systems and ran into problems with Grub. They're all OK now.

I had a look at the strace of netifd. But I couldn't decode all the binary messages it send around. I'm giving up since nobody with a deeper knowledge has graced us with their attention. I'll open a ticket now.

Thanks for your help!

brada4 · June 26, 2024, 5:18pm

It is ubus monitor , the problem is the message is not sent at all.

lupe · June 26, 2024, 5:38pm

I've run into problems restarting pppoe-wan. I don't want to invest more time fiddling around. Maybe a ticket will get some feedback that points to the code that could more hotplug events.

Right now we're not even sure if netifd is the right point, there are more programs involved in starting pppoe-wan, especially when it comes to IPv6. And that is where I'd like to get more hotplug events, especially when the global address is attached to br-lan.