Why router constantly ping ipv6 wireless clients?

tcpdump -i br-lan icmp6[icmptype] == 128 or icmp6[icmptype] == 129

The above trace shows pings to all wireless clients every 20 seconds or so.
What is the purpose of this?

Maybe some hacky check-alive code? (A real check-for-life would use NDP neighbor solicitation and neighbor advertisement, not pings.)

But, we can't say without knowing what host is the origin of the pings. The dump should show you the source address, chase that back to the host and tell us what it is.

2 Likes

In case you are having issues chasing the address back, try these:

ip -6 neigh show | grep 'address-of-interest'
grep 'MAC-of-interest' /var/dhcp.leases

The first will allow you to find the MAC of the device with the address you are seeing. The second will show you the IPv4 of the device, and with luck also its name (although many hosts don't report their name and you'll just see a *, then you'll need to do some sleuthing).

Example where we see the address is that of one of our Samsung phones Anna's A32:

$ ip -6 neigh show | grep 'fd0a:bad:dad:0:11ab:b8da:725d:aa9b'
fd0a:bad:dad:0:11ab:b8da:725d:aa9b dev br-lan lladdr 36:de:0e:62:95:30 used 0/0/0 probes 1 STALE

$ grep '36:de:0e:62:95:30' /var/dhcp.leases
1695592832 36:de:0e:62:95:30 10.1.1.171 anna-s-A32 01:36:de:0e:62:95:30
1 Like

The source is undoubtedly the OpenWrt router. The source IP address is the Router WAN GUA, the source MAC is the router LAN interface, the source SLAAC MAC is the router WAN interface. Packets are visible on br-lan and eth1.1 interfaces, on the rest of interfaces they do not show up. Some process on the router sends two pings in a row every 20 seconds. Any idea how can I track down the culprit process. I tried to install audit, but cannot make it work.

Only thing I can think of is just killing/stopping various processes until it stops.

As an aside, I ran your tcpdump on a couple of my routers for several hours, and only saw one device originating spurious pings. My wife's kindle pings the router about 5 times every 5 minutes or so.

If odhcpd is stopped, the pings from the router stop too. I did strace on odhcpd and there is time correlation between odhcpd making sendmsg() to NETLINK and pings. odhcpd sends a route change request for a client GUA to the kernel and it looks like the kernel pings the client.
My release version is OpenWrt 22.03.5

3 Likes

Now that's interesting. I see ping6 being called when a solicitation is detected during setup steps in config.c, so it seems that the ping should occur once at interface initialization. So, it sounds like there's an error in @Umba's dhcp configuration somewhere and odhcp is looping on reload_services. Or something...

Following the header comment in ping6 -- "neighbor cache to be kept up-to-date" -- I checked the cache on my edge router: ip -6 neigh show lists 65 distinct entries, which seems about right for my ~30 IPv6-capable devices. The OP tcpdump left running never shows odhcp pinging anything. I just rebooted two of my subnet routers and even that didn't cause a ping when doing the DHCPv6.