* [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs
@ 2014-02-01 13:29 Chuck Anderson
2014-02-01 16:43 ` Dave Taht
2014-03-26 2:40 ` Chuck Anderson
0 siblings, 2 replies; 11+ messages in thread
From: Chuck Anderson @ 2014-02-01 13:29 UTC (permalink / raw)
To: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 9044 bytes --]
This morning my Linux PC which has a direct connection to my Comcast
cable modem (no router in between) lost its IPv4 address. During
troubleshooting, I noticed that the dhclient was unable to get an IPv4
address from Comcast. I ran tcpdump and discovered that the CeroWRT
router, also connected to the same cable modem via a switch, was
flooding the WAN with DHCPv6 SOLICIT packets with about 4700
packets/sec, 6.6 megabits/sec of traffic! I immediately unplugged
CeroWRT from the WAN and then my PC was able to get an IPv4 address
from Comcast.
I know CeroWrt 3.7.5-2 is old at this point, but I'm wondering if
something else changed to cause this behavior. Maybe Comcast
IPv6-enabled my CMTS finally? I've been using HE tunnels for IPv6,
one on a Linksys OpenWRT for my "production" network and a separate
tunnel on this CeroWRT for "testing".
There is one other change that was made to my Linux PC--I booted into
a new kernel yesterday morning and had a similar problem with the
inability to get an IPv4 address via DHCP from Comcast for about 30
minutes, then it just started working on its own. (I hadn't noticed
initially since I was using IPv6 to get where I needed to go.) I
didn't have time to troubleshoot it at the time, but I assumed it was
due to this IPv6 change in the Fedora kernel:
* Wed Jan 29 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-201
- ipv6 addrconf: revert /proc/net/if_inet6 ifa_flag format (rhbz 1056711)
* Tue Jan 28 2014 Josh Boyer <jwboyer@fedoraproject.org>
- Add patch from Stanislaw Gruszka to fix ath9k BUG (rhbz 990955)
* Mon Jan 27 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-200
- Backport new IPv6 address flag IFA_F_NOPREFIXROUTE and IFA_F_MANAGETEMPADDR (rhbz 1056711)
- Linux v3.12.9
- i915: remove pm_qos request on error (rhbz 1057533)
See https://bugzilla.redhat.com/show_bug.cgi?id=1056711 for details
about that.
Each time this loss of IPv4 happened, I noticed the NIC link went down
right before it started. Maybe the flooding was happening yesterday
morning too, and the flooding caused my poor 5-port Netgear switch to
flake out and flap the NIC links? Alternatively, maybe the link flap
itself was what caused odhcp6c to wig out and start flooding in the
first place? Unfortunately I don't have a tcpdump from yesterday
morning to confirm this.
CeroWRT status:
Router Name cerowrt
Router Model NETGEAR WNDR3700v2
Firmware Version CeroWrt Modena 3.7.5-2 / LuCI Trunk (trunk+svn)
Kernel Version 3.7.5
Local Time Sat Feb 1 07:54:43 2014
Uptime 58d 6h 56m 51s
The DHCPv6 client is odhcp6c:
root@cerowrt:~# ps |grep dhc
980 root 1720 S udhcpc -p /var/run/udhcpc-ge00.pid -s /lib/netifd/dh
1335 root 804 R odhcp6c -s /lib/netifd/dhcpv6.script -Ntry -P60 ge00
3725 root 1704 S grep dhc
Here is an example packet from the DHCPv6 flood:
No. Time Source Destination Protocol Length Info
1 0.000000 fe80::c63d:c7ff:feb0:8f41 ff02::1:2 DHCPv6 179 Solicit XID: 0x45eb91 CID: 00030001c43dc7b08f41
Frame 1: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Feb 1, 2014 07:20:27.723633000 EST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1391257227.723633000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 179 bytes (1432 bits)
Capture Length: 179 bytes (1432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ipv6:udp:dhcpv6]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41), Dst: IPv6mcast_00:01:00:02 (33:33:00:01:00:02)
Destination: IPv6mcast_00:01:00:02 (33:33:00:01:00:02)
Address: IPv6mcast_00:01:00:02 (33:33:00:01:00:02)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41)
Address: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41), Dst: ff02::1:2 (ff02::1:2)
0110 .... = Version: 6
[0110 .... = This field makes the filter "ip.version == 6" possible: 6]
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
.... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000)
.... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set
.... .... ...0 .... .... .... .... .... = ECN-CE: Not set
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 125
Next header: UDP (17)
Hop limit: 1
Source: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41)
[Source SA MAC: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41)]
Destination: ff02::1:2 (ff02::1:2)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: dhcpv6-client (546), Dst Port: dhcpv6-server (547)
Source port: dhcpv6-client (546)
Destination port: dhcpv6-server (547)
Length: 125
Checksum: 0xda1c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
DHCPv6
Message type: Solicit (1)
Transaction ID: 0x45eb91
Elapsed time
Option: Elapsed time (8)
Length: 2
Value: ffff
Elapsed-time: 655350 ms
Option Request
Option: Option Request (6)
Length: 10
Value: 00170018003800160015
Requested Option code: DNS recursive name server (23)
Requested Option code: Domain Search List (24)
Requested Option code: Unknown (56)
Requested Option code: SIP Servers IPv6 Address List (22)
Requested Option code: SIP Server Domain Name List (21)
Client Identifier
Option: Client Identifier (1)
Length: 10
Value: 00030001c43dc7b08f41
DUID: 00030001c43dc7b08f41
DUID Type: link-layer address (3)
Hardware type: Ethernet (1)
Link-layer address: c4:3d:c7:b0:8f:41
Reconfigure Accept
Option: Reconfigure Accept (20)
Length: 0
Fully Qualified Domain Name
Option: Fully Qualified Domain Name (39)
Length: 10
Value: 00076365726f77727400
0000 0... = Reserved: 0x00
.... .0.. = N bit: Server should perform DNS updates
.... ..0. = O bit: Server has not overridden client's S bit preference
.... ...0 = S bit: Server should not perform forward DNS updates
Domain: cerowrt
Identity Association for Non-temporary Address
Option: Identity Association for Non-temporary Address (3)
Length: 12
Value: 000000010000000000000000
IAID: 00000001
T1: 0
T2: 0
Identity Association for Prefix Delegation
Option: Identity Association for Prefix Delegation (25)
Length: 41
Value: 000000010000000000000000001a00190000000000000000...
IAID: 00000001
T1: 0
T2: 0
IA Prefix
Option: IA Prefix (26)
Length: 25
Value: 00000000000000003c000000000000000000000000000000...
Preferred lifetime: 0
Valid lifetime: 0
Prefix length: 60
Prefix address: :: (::)
0000 33 33 00 01 00 02 c4 3d c7 b0 8f 41 86 dd 60 00 33.....=...A..`.
0010 00 00 00 7d 11 01 fe 80 00 00 00 00 00 00 c6 3d ...}...........=
0020 c7 ff fe b0 8f 41 ff 02 00 00 00 00 00 00 00 00 .....A..........
0030 00 00 00 01 00 02 02 22 02 23 00 7d da 1c 01 45 .......".#.}...E
0040 eb 91 00 08 00 02 ff ff 00 06 00 0a 00 17 00 18 ................
0050 00 38 00 16 00 15 00 01 00 0a 00 03 00 01 c4 3d .8.............=
0060 c7 b0 8f 41 00 14 00 00 00 27 00 0a 00 07 63 65 ...A.....'....ce
0070 72 6f 77 72 74 00 00 03 00 0c 00 00 00 01 00 00 rowrt...........
0080 00 00 00 00 00 00 00 19 00 29 00 00 00 01 00 00 .........)......
0090 00 00 00 00 00 00 00 1a 00 19 00 00 00 00 00 00 ................
00a0 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 ..<.............
00b0 00 00 00 ...
The CeroWRT system log is attached. Nothing looks strange except the
loss of ge00 link around 6:24 this morning, which is right around when
I lost IPv4 connectivity to my Linux PC (I have a system monitoring
this IP and it SMS's me if it goes down). My PC's NIC link went down
at exactly the same time. At 7:24 is when I unplugged CeroWRT.
[-- Attachment #2: cerowrt-dhcpv6-solicit-flood-system.log --]
[-- Type: text/plain, Size: 16147 bytes --]
Feb 1 03:44:30 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 03:47:19 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 03:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 03:50:22 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 03:53:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 03:56:41 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated
Feb 1 03:57:04 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 03:58:00 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 88.119.198.49 to the global_no_access list for 120 minutes
Feb 1 03:58:28 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 58.63.69.150 to the global_no_access list for 120 minutes
Feb 1 03:59:08 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 03:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 03:59:42 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated
Feb 1 04:02:32 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 04:06:00 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 04:08:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 04:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 04:11:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 04:13:56 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 04:18:43 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 04:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 04:20:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 04:21:43 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated
Feb 1 04:22:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 04:28:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 04:29:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 04:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 04:31:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 04:32:44 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated
Feb 1 04:36:44 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 04:38:16 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 04:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 04:39:44 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated
Feb 1 04:41:10 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 04:44:21 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 04:47:58 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 04:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 04:50:43 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 04:53:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 04:56:01 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 04:57:45 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated
Feb 1 04:58:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 04:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 05:01:41 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 05:04:28 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 05:07:24 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 05:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 05:09:54 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 05:13:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 05:13:40 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 60.165.210.96 to the global_no_access list for 120 minutes
Feb 1 05:16:00 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 05:17:49 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 05:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 05:22:10 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 05:25:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 05:26:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 05:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 05:29:44 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 05:34:45 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 05:35:04 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 05:37:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 05:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 05:43:33 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 05:44:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 05:46:24 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 05:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 05:52:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 05:53:29 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 05:55:50 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 05:58:48 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated
Feb 1 05:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 06:00:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 06:03:02 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 06:04:52 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 06:08:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 06:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 06:11:32 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 06:12:22 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 71.187.187.196 to the global_no_access list for 120 minutes
Feb 1 06:13:23 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 06:18:19 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 06:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 06:21:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 06:21:21 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 06:24:12 cerowrt kern.info kernel: [5030779.328125] ge00: link down
Feb 1 06:24:16 cerowrt kern.debug kernel: [5030783.343750] ar71xx: pll_reg 0xb8050014: 0x11110000
Feb 1 06:24:16 cerowrt kern.info kernel: [5030783.343750] ge00: link up (1000Mbps/Full duplex)
Feb 1 06:24:30 cerowrt kern.info kernel: [5030797.406250] ge00: link down
Feb 1 06:24:55 cerowrt kern.debug kernel: [5030822.503906] ar71xx: pll_reg 0xb8050014: 0x11110000
Feb 1 06:24:55 cerowrt kern.info kernel: [5030822.503906] ge00: link up (1000Mbps/Full duplex)
Feb 1 06:27:56 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 06:29:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 06:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 06:31:07 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 06:36:39 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 06:38:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 06:38:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 06:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 06:44:26 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 06:46:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 06:47:26 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 06:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 06:52:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 06:54:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 06:56:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 06:59:00 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 187.54.249.118 to the global_no_access list for 120 minutes
Feb 1 06:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 07:02:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 07:02:53 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 07:05:08 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 07:07:25 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 181.50.13.174 to the global_no_access list for 120 minutes
Feb 1 07:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 07:11:33 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 07:11:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 07:13:52 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated
Feb 1 07:14:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 07:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 07:20:09 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 07:20:30 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 07:23:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 07:24:57 cerowrt kern.info kernel: [5034424.527343] ge00: link down
Feb 1 07:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 07:29:41 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 07:29:50 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 07:32:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 07:38:52 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da IEEE 802.11: authenticated
Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da IEEE 802.11: associated (aid 2)
Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da RADIUS: starting accounting session 52806EEC-0000005B
Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da WPA: pairwise key handshake completed (RSN)
Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPDISCOVER(sw00) 172.30.42.74 74:e5:43:69:09:da
Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPOFFER(sw00) 172.30.42.74 74:e5:43:69:09:da
Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPREQUEST(sw00) 172.30.42.74 74:e5:43:69:09:da
Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPACK(sw00) 172.30.42.74 74:e5:43:69:09:da a
Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 07:39:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-SOLICIT(sw00) 74:e5:43:69:09:da
Feb 1 07:39:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 07:39:14 cerowrt daemon.info dnsmasq-dhcp[2896]: SLAAC-CONFIRM(sw00) 2001:470:89c6:1:76e5:43ff:fe69:9da a
Feb 1 07:39:15 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPINFORMATION-REQUEST(sw00) 00:04:fc:3a:bd:af:bb:b3:64:10:e1:fd:72:cf:0f:0c:c1:14 a
Feb 1 07:39:19 cerowrt authpriv.info dropbear[3709]: Child connection from 172.30.42.74:53620
Feb 1 07:39:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 07:39:25 cerowrt authpriv.info dropbear[3709]: Exit before auth: Exited normally
Feb 1 07:39:28 cerowrt authpriv.info dropbear[3710]: Child connection from 172.30.42.74:53621
Feb 1 07:39:35 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621
Feb 1 07:39:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 07:39:38 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da WPA: group key handshake completed (RSN)
Feb 1 07:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN)
Feb 1 07:39:39 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621
Feb 1 07:39:44 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621
Feb 1 07:39:44 cerowrt authpriv.info dropbear[3710]: Exit before auth: Exited normally
Feb 1 07:39:45 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2::
Feb 1 07:39:52 cerowrt kern.debug kernel: [5035318.730468] icmpv6_send: no reply to icmp error
Feb 1 07:39:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 07:39:56 cerowrt kern.debug kernel: [5035322.816406] icmpv6_send: no reply to icmp error
Feb 1 07:40:00 cerowrt kern.debug kernel: [5035327.488281] icmpv6_send: no reply to icmp error
Feb 1 07:40:07 cerowrt authpriv.info dropbear[3712]: Child connection from 172.30.42.74:53629
Feb 1 07:40:10 cerowrt kern.debug kernel: [5035336.816406] icmpv6_send: no reply to icmp error
Feb 1 07:40:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1::
Feb 1 07:40:13 cerowrt authpriv.notice dropbear[3712]: Password auth succeeded for 'root' from 172.30.42.74:53629
Feb 1 07:40:28 cerowrt kern.debug kernel: [5035355.472656] icmpv6_send: no reply to icmp error
Feb 1 07:40:43 cerowrt kern.info kernel: [5035370.363281] device ge00 entered promiscuous mode
Feb 1 07:40:44 cerowrt kern.info kernel: [5035371.164062] device ge00 left promiscuous mode
Feb 1 07:40:46 cerowrt kern.info kernel: [5035372.847656] device ge00 entered promiscuous mode
Feb 1 07:40:49 cerowrt kern.info kernel: [5035376.109375] device ge00 left promiscuous mode
Feb 1 07:46:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6::
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs 2014-02-01 13:29 [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs Chuck Anderson @ 2014-02-01 16:43 ` Dave Taht 2014-02-01 16:54 ` Dave Taht 2014-02-01 19:33 ` Jim Gettys 2014-03-26 2:40 ` Chuck Anderson 1 sibling, 2 replies; 11+ messages in thread From: Dave Taht @ 2014-02-01 16:43 UTC (permalink / raw) To: cerowrt-devel I am painfully aware that a change in comcast's deployment starting in late december started messing up older versions of cerowrt, openwrt, etc. (short version, they started announcing ras every three seconds, which triggers a reload/reconfiguration of openwrt that takes longer than 3 seconds...) The openwrt folk fixed it upstream a few weeks back and the last couple development releases of cero have the fixes. (ghu help those that are merely ipv6 certified and not paying attention) https://lists.bufferbloat.net/pipermail/cerowrt-devel/2014-January/002093.html I have since produced several comcast specific releases. This one is pretty stable http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/comcast/3.10.28-4/ I recomend all comcast users on cerowrt upgrade ASAP as comcast is aggressively turning on ipv6 everywhere. (and it's pretty wonderful when it works) Note that you should make a backup, reflash from scratch, and re-apply your mods via the gui as much as changed since 3.8. I usually take a backup via scp root@gw.home.lan:/overlay and then look hard at the modified files in /etc and /etc/config As this is still a dev release it has some problems, notably HT40+ mode seems to be borked on 5ghz. Also I am discovering that providers deploying ipv6 (AT&T, now possibly comcast) seem to be (inadvertently) disabling various forms of tunnelling. I still haven't got he to work again simultaneously with native ipv6 on comcast. (but unlike the first comcast-specific release, trying to enable one doesn't blow up the router) Another option for you is to disable the dhcp-pd request on your current version so you don't get native ipv6... I hope to resume marching towards a final stable release over the coming weeks. In the interim, on comcast, upgrade ASAP. On Sat, Feb 1, 2014 at 5:29 AM, Chuck Anderson <cra@wpi.edu> wrote: > This morning my Linux PC which has a direct connection to my Comcast > cable modem (no router in between) lost its IPv4 address. During > troubleshooting, I noticed that the dhclient was unable to get an IPv4 > address from Comcast. I ran tcpdump and discovered that the CeroWRT > router, also connected to the same cable modem via a switch, was > flooding the WAN with DHCPv6 SOLICIT packets with about 4700 > packets/sec, 6.6 megabits/sec of traffic! I immediately unplugged > CeroWRT from the WAN and then my PC was able to get an IPv4 address > from Comcast. > > I know CeroWrt 3.7.5-2 is old at this point, but I'm wondering if > something else changed to cause this behavior. Maybe Comcast > IPv6-enabled my CMTS finally? I've been using HE tunnels for IPv6, > one on a Linksys OpenWRT for my "production" network and a separate > tunnel on this CeroWRT for "testing". > > There is one other change that was made to my Linux PC--I booted into > a new kernel yesterday morning and had a similar problem with the > inability to get an IPv4 address via DHCP from Comcast for about 30 > minutes, then it just started working on its own. (I hadn't noticed > initially since I was using IPv6 to get where I needed to go.) I > didn't have time to troubleshoot it at the time, but I assumed it was > due to this IPv6 change in the Fedora kernel: > > * Wed Jan 29 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-201 > - ipv6 addrconf: revert /proc/net/if_inet6 ifa_flag format (rhbz 1056711) > > * Tue Jan 28 2014 Josh Boyer <jwboyer@fedoraproject.org> > - Add patch from Stanislaw Gruszka to fix ath9k BUG (rhbz 990955) > > * Mon Jan 27 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-200 > - Backport new IPv6 address flag IFA_F_NOPREFIXROUTE and IFA_F_MANAGETEMPADDR (rhbz 1056711) > - Linux v3.12.9 > - i915: remove pm_qos request on error (rhbz 1057533) > > See https://bugzilla.redhat.com/show_bug.cgi?id=1056711 for details > about that. > > Each time this loss of IPv4 happened, I noticed the NIC link went down > right before it started. Maybe the flooding was happening yesterday > morning too, and the flooding caused my poor 5-port Netgear switch to > flake out and flap the NIC links? Alternatively, maybe the link flap > itself was what caused odhcp6c to wig out and start flooding in the > first place? Unfortunately I don't have a tcpdump from yesterday > morning to confirm this. > > CeroWRT status: > > Router Name cerowrt > Router Model NETGEAR WNDR3700v2 > Firmware Version CeroWrt Modena 3.7.5-2 / LuCI Trunk (trunk+svn) > Kernel Version 3.7.5 > Local Time Sat Feb 1 07:54:43 2014 > Uptime 58d 6h 56m 51s > > The DHCPv6 client is odhcp6c: > > root@cerowrt:~# ps |grep dhc > 980 root 1720 S udhcpc -p /var/run/udhcpc-ge00.pid -s /lib/netifd/dh > 1335 root 804 R odhcp6c -s /lib/netifd/dhcpv6.script -Ntry -P60 ge00 > 3725 root 1704 S grep dhc > > Here is an example packet from the DHCPv6 flood: > > No. Time Source Destination Protocol Length Info > 1 0.000000 fe80::c63d:c7ff:feb0:8f41 ff02::1:2 DHCPv6 179 Solicit XID: 0x45eb91 CID: 00030001c43dc7b08f41 > > Frame 1: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) > Encapsulation type: Ethernet (1) > Arrival Time: Feb 1, 2014 07:20:27.723633000 EST > [Time shift for this packet: 0.000000000 seconds] > Epoch Time: 1391257227.723633000 seconds > [Time delta from previous captured frame: 0.000000000 seconds] > [Time delta from previous displayed frame: 0.000000000 seconds] > [Time since reference or first frame: 0.000000000 seconds] > Frame Number: 1 > Frame Length: 179 bytes (1432 bits) > Capture Length: 179 bytes (1432 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: eth:ipv6:udp:dhcpv6] > [Coloring Rule Name: UDP] > [Coloring Rule String: udp] > Ethernet II, Src: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41), Dst: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) > Destination: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) > Address: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) > .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) > .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) > Source: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) > Address: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) > .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) > .... ...0 .... .... .... .... = IG bit: Individual address (unicast) > Type: IPv6 (0x86dd) > Internet Protocol Version 6, Src: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41), Dst: ff02::1:2 (ff02::1:2) > 0110 .... = Version: 6 > [0110 .... = This field makes the filter "ip.version == 6" possible: 6] > .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 > .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000) > .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set > .... .... ...0 .... .... .... .... .... = ECN-CE: Not set > .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 > Payload length: 125 > Next header: UDP (17) > Hop limit: 1 > Source: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41) > [Source SA MAC: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41)] > Destination: ff02::1:2 (ff02::1:2) > [Source GeoIP: Unknown] > [Destination GeoIP: Unknown] > User Datagram Protocol, Src Port: dhcpv6-client (546), Dst Port: dhcpv6-server (547) > Source port: dhcpv6-client (546) > Destination port: dhcpv6-server (547) > Length: 125 > Checksum: 0xda1c [validation disabled] > [Good Checksum: False] > [Bad Checksum: False] > DHCPv6 > Message type: Solicit (1) > Transaction ID: 0x45eb91 > Elapsed time > Option: Elapsed time (8) > Length: 2 > Value: ffff > Elapsed-time: 655350 ms > Option Request > Option: Option Request (6) > Length: 10 > Value: 00170018003800160015 > Requested Option code: DNS recursive name server (23) > Requested Option code: Domain Search List (24) > Requested Option code: Unknown (56) > Requested Option code: SIP Servers IPv6 Address List (22) > Requested Option code: SIP Server Domain Name List (21) > Client Identifier > Option: Client Identifier (1) > Length: 10 > Value: 00030001c43dc7b08f41 > DUID: 00030001c43dc7b08f41 > DUID Type: link-layer address (3) > Hardware type: Ethernet (1) > Link-layer address: c4:3d:c7:b0:8f:41 > Reconfigure Accept > Option: Reconfigure Accept (20) > Length: 0 > Fully Qualified Domain Name > Option: Fully Qualified Domain Name (39) > Length: 10 > Value: 00076365726f77727400 > 0000 0... = Reserved: 0x00 > .... .0.. = N bit: Server should perform DNS updates > .... ..0. = O bit: Server has not overridden client's S bit preference > .... ...0 = S bit: Server should not perform forward DNS updates > Domain: cerowrt > Identity Association for Non-temporary Address > Option: Identity Association for Non-temporary Address (3) > Length: 12 > Value: 000000010000000000000000 > IAID: 00000001 > T1: 0 > T2: 0 > Identity Association for Prefix Delegation > Option: Identity Association for Prefix Delegation (25) > Length: 41 > Value: 000000010000000000000000001a00190000000000000000... > IAID: 00000001 > T1: 0 > T2: 0 > IA Prefix > Option: IA Prefix (26) > Length: 25 > Value: 00000000000000003c000000000000000000000000000000... > Preferred lifetime: 0 > Valid lifetime: 0 > Prefix length: 60 > Prefix address: :: (::) > > 0000 33 33 00 01 00 02 c4 3d c7 b0 8f 41 86 dd 60 00 33.....=...A..`. > 0010 00 00 00 7d 11 01 fe 80 00 00 00 00 00 00 c6 3d ...}...........= > 0020 c7 ff fe b0 8f 41 ff 02 00 00 00 00 00 00 00 00 .....A.......... > 0030 00 00 00 01 00 02 02 22 02 23 00 7d da 1c 01 45 .......".#.}...E > 0040 eb 91 00 08 00 02 ff ff 00 06 00 0a 00 17 00 18 ................ > 0050 00 38 00 16 00 15 00 01 00 0a 00 03 00 01 c4 3d .8.............= > 0060 c7 b0 8f 41 00 14 00 00 00 27 00 0a 00 07 63 65 ...A.....'....ce > 0070 72 6f 77 72 74 00 00 03 00 0c 00 00 00 01 00 00 rowrt........... > 0080 00 00 00 00 00 00 00 19 00 29 00 00 00 01 00 00 .........)...... > 0090 00 00 00 00 00 00 00 1a 00 19 00 00 00 00 00 00 ................ > 00a0 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 ..<............. > 00b0 00 00 00 ... > > The CeroWRT system log is attached. Nothing looks strange except the > loss of ge00 link around 6:24 this morning, which is right around when > I lost IPv4 connectivity to my Linux PC (I have a system monitoring > this IP and it SMS's me if it goes down). My PC's NIC link went down > at exactly the same time. At 7:24 is when I unplugged CeroWRT. > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs 2014-02-01 16:43 ` Dave Taht @ 2014-02-01 16:54 ` Dave Taht 2014-02-01 19:33 ` Jim Gettys 1 sibling, 0 replies; 11+ messages in thread From: Dave Taht @ 2014-02-01 16:54 UTC (permalink / raw) To: cerowrt-devel > On Sat, Feb 1, 2014 at 5:29 AM, Chuck Anderson <cra@wpi.edu> wrote: >> This morning my Linux PC which has a direct connection to my Comcast >> cable modem (no router in between) lost its IPv4 address. During >> troubleshooting, I noticed that the dhclient was unable to get an IPv4 >> address from Comcast. I ran tcpdump and discovered that the CeroWRT >> router, also connected to the same cable modem via a switch, was >> flooding the WAN with DHCPv6 SOLICIT packets with about 4700 >> packets/sec, 6.6 megabits/sec of traffic! I immediately unplugged >> CeroWRT from the WAN and then my PC was able to get an IPv4 address >> from Comcast. One thing to clarify the behavior you saw. Most people are plugging in their boxes behind cerowrt exclusively (except you and I) and running the SQM system. One thing that happens is that all streams get FQ'd on the way out of the router, so that (in this case) a ton of dhcpv6 requests get deprioritized relative to the other flows. As you were running alongside the box, rather than behind, cero assumed it had all the bandwidth to itself and filled up your modem to the point to where even simple dhcp traffic can't get through. I do not doubt there is many a cerowrt/openwrt/dd-wrt/3rd party box today flooding upstream with useless requests, with users that don't notice anything except a slight (sub ms) delay. You can construe this to be a feature or a bug depending on your point of view. >> I know CeroWrt 3.7.5-2 is old at this point, but I'm wondering if >> something else changed to cause this behavior. Maybe Comcast >> IPv6-enabled my CMTS finally? I've been using HE tunnels for IPv6, >> one on a Linksys OpenWRT for my "production" network and a separate >> tunnel on this CeroWRT for "testing". >> >> There is one other change that was made to my Linux PC--I booted into >> a new kernel yesterday morning and had a similar problem with the >> inability to get an IPv4 address via DHCP from Comcast for about 30 >> minutes, then it just started working on its own. (I hadn't noticed >> initially since I was using IPv6 to get where I needed to go.) I >> didn't have time to troubleshoot it at the time, but I assumed it was >> due to this IPv6 change in the Fedora kernel: >> >> * Wed Jan 29 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-201 >> - ipv6 addrconf: revert /proc/net/if_inet6 ifa_flag format (rhbz 1056711) >> >> * Tue Jan 28 2014 Josh Boyer <jwboyer@fedoraproject.org> >> - Add patch from Stanislaw Gruszka to fix ath9k BUG (rhbz 990955) >> >> * Mon Jan 27 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-200 >> - Backport new IPv6 address flag IFA_F_NOPREFIXROUTE and IFA_F_MANAGETEMPADDR (rhbz 1056711) >> - Linux v3.12.9 >> - i915: remove pm_qos request on error (rhbz 1057533) >> >> See https://bugzilla.redhat.com/show_bug.cgi?id=1056711 for details >> about that. >> >> Each time this loss of IPv4 happened, I noticed the NIC link went down >> right before it started. Maybe the flooding was happening yesterday >> morning too, and the flooding caused my poor 5-port Netgear switch to >> flake out and flap the NIC links? Alternatively, maybe the link flap >> itself was what caused odhcp6c to wig out and start flooding in the >> first place? Unfortunately I don't have a tcpdump from yesterday >> morning to confirm this. >> >> CeroWRT status: >> >> Router Name cerowrt >> Router Model NETGEAR WNDR3700v2 >> Firmware Version CeroWrt Modena 3.7.5-2 / LuCI Trunk (trunk+svn) >> Kernel Version 3.7.5 >> Local Time Sat Feb 1 07:54:43 2014 >> Uptime 58d 6h 56m 51s >> >> The DHCPv6 client is odhcp6c: >> >> root@cerowrt:~# ps |grep dhc >> 980 root 1720 S udhcpc -p /var/run/udhcpc-ge00.pid -s /lib/netifd/dh >> 1335 root 804 R odhcp6c -s /lib/netifd/dhcpv6.script -Ntry -P60 ge00 >> 3725 root 1704 S grep dhc >> >> Here is an example packet from the DHCPv6 flood: >> >> No. Time Source Destination Protocol Length Info >> 1 0.000000 fe80::c63d:c7ff:feb0:8f41 ff02::1:2 DHCPv6 179 Solicit XID: 0x45eb91 CID: 00030001c43dc7b08f41 >> >> Frame 1: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) >> Encapsulation type: Ethernet (1) >> Arrival Time: Feb 1, 2014 07:20:27.723633000 EST >> [Time shift for this packet: 0.000000000 seconds] >> Epoch Time: 1391257227.723633000 seconds >> [Time delta from previous captured frame: 0.000000000 seconds] >> [Time delta from previous displayed frame: 0.000000000 seconds] >> [Time since reference or first frame: 0.000000000 seconds] >> Frame Number: 1 >> Frame Length: 179 bytes (1432 bits) >> Capture Length: 179 bytes (1432 bits) >> [Frame is marked: False] >> [Frame is ignored: False] >> [Protocols in frame: eth:ipv6:udp:dhcpv6] >> [Coloring Rule Name: UDP] >> [Coloring Rule String: udp] >> Ethernet II, Src: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41), Dst: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) >> Destination: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) >> Address: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) >> .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) >> .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) >> Source: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) >> Address: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) >> .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) >> .... ...0 .... .... .... .... = IG bit: Individual address (unicast) >> Type: IPv6 (0x86dd) >> Internet Protocol Version 6, Src: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41), Dst: ff02::1:2 (ff02::1:2) >> 0110 .... = Version: 6 >> [0110 .... = This field makes the filter "ip.version == 6" possible: 6] >> .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 >> .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000) >> .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set >> .... .... ...0 .... .... .... .... .... = ECN-CE: Not set >> .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 >> Payload length: 125 >> Next header: UDP (17) >> Hop limit: 1 >> Source: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41) >> [Source SA MAC: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41)] >> Destination: ff02::1:2 (ff02::1:2) >> [Source GeoIP: Unknown] >> [Destination GeoIP: Unknown] >> User Datagram Protocol, Src Port: dhcpv6-client (546), Dst Port: dhcpv6-server (547) >> Source port: dhcpv6-client (546) >> Destination port: dhcpv6-server (547) >> Length: 125 >> Checksum: 0xda1c [validation disabled] >> [Good Checksum: False] >> [Bad Checksum: False] >> DHCPv6 >> Message type: Solicit (1) >> Transaction ID: 0x45eb91 >> Elapsed time >> Option: Elapsed time (8) >> Length: 2 >> Value: ffff >> Elapsed-time: 655350 ms >> Option Request >> Option: Option Request (6) >> Length: 10 >> Value: 00170018003800160015 >> Requested Option code: DNS recursive name server (23) >> Requested Option code: Domain Search List (24) >> Requested Option code: Unknown (56) >> Requested Option code: SIP Servers IPv6 Address List (22) >> Requested Option code: SIP Server Domain Name List (21) >> Client Identifier >> Option: Client Identifier (1) >> Length: 10 >> Value: 00030001c43dc7b08f41 >> DUID: 00030001c43dc7b08f41 >> DUID Type: link-layer address (3) >> Hardware type: Ethernet (1) >> Link-layer address: c4:3d:c7:b0:8f:41 >> Reconfigure Accept >> Option: Reconfigure Accept (20) >> Length: 0 >> Fully Qualified Domain Name >> Option: Fully Qualified Domain Name (39) >> Length: 10 >> Value: 00076365726f77727400 >> 0000 0... = Reserved: 0x00 >> .... .0.. = N bit: Server should perform DNS updates >> .... ..0. = O bit: Server has not overridden client's S bit preference >> .... ...0 = S bit: Server should not perform forward DNS updates >> Domain: cerowrt >> Identity Association for Non-temporary Address >> Option: Identity Association for Non-temporary Address (3) >> Length: 12 >> Value: 000000010000000000000000 >> IAID: 00000001 >> T1: 0 >> T2: 0 >> Identity Association for Prefix Delegation >> Option: Identity Association for Prefix Delegation (25) >> Length: 41 >> Value: 000000010000000000000000001a00190000000000000000... >> IAID: 00000001 >> T1: 0 >> T2: 0 >> IA Prefix >> Option: IA Prefix (26) >> Length: 25 >> Value: 00000000000000003c000000000000000000000000000000... >> Preferred lifetime: 0 >> Valid lifetime: 0 >> Prefix length: 60 >> Prefix address: :: (::) >> >> 0000 33 33 00 01 00 02 c4 3d c7 b0 8f 41 86 dd 60 00 33.....=...A..`. >> 0010 00 00 00 7d 11 01 fe 80 00 00 00 00 00 00 c6 3d ...}...........= >> 0020 c7 ff fe b0 8f 41 ff 02 00 00 00 00 00 00 00 00 .....A.......... >> 0030 00 00 00 01 00 02 02 22 02 23 00 7d da 1c 01 45 .......".#.}...E >> 0040 eb 91 00 08 00 02 ff ff 00 06 00 0a 00 17 00 18 ................ >> 0050 00 38 00 16 00 15 00 01 00 0a 00 03 00 01 c4 3d .8.............= >> 0060 c7 b0 8f 41 00 14 00 00 00 27 00 0a 00 07 63 65 ...A.....'....ce >> 0070 72 6f 77 72 74 00 00 03 00 0c 00 00 00 01 00 00 rowrt........... >> 0080 00 00 00 00 00 00 00 19 00 29 00 00 00 01 00 00 .........)...... >> 0090 00 00 00 00 00 00 00 1a 00 19 00 00 00 00 00 00 ................ >> 00a0 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 ..<............. >> 00b0 00 00 00 ... >> >> The CeroWRT system log is attached. Nothing looks strange except the >> loss of ge00 link around 6:24 this morning, which is right around when >> I lost IPv4 connectivity to my Linux PC (I have a system monitoring >> this IP and it SMS's me if it goes down). My PC's NIC link went down >> at exactly the same time. At 7:24 is when I unplugged CeroWRT. >> >> _______________________________________________ >> Cerowrt-devel mailing list >> Cerowrt-devel@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cerowrt-devel >> > > > > -- > Dave Täht > > Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs 2014-02-01 16:43 ` Dave Taht 2014-02-01 16:54 ` Dave Taht @ 2014-02-01 19:33 ` Jim Gettys 1 sibling, 0 replies; 11+ messages in thread From: Jim Gettys @ 2014-02-01 19:33 UTC (permalink / raw) To: Dave Taht; +Cc: cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 13229 bytes --] I will note when I talked to John Brzozowski last summer about when IPv6 would appear in the Boston area, he said it would be soon; the hold up was no longer the CMTS firmware, but a key router complex in the greater Boston that they had to replace that would happen sometime soon (sometime soon was last fall or this winter). So as Dave says, very large areas of Comcast's networks are going live for native IPv6 now. http://corporate.comcast.com/comcast-voices/comcasts-xfinity-internet-now-the-worlds-largest-native-ipv6-deployment - Jim On Sat, Feb 1, 2014 at 11:43 AM, Dave Taht <dave.taht@gmail.com> wrote: > I am painfully aware that a change in comcast's deployment starting in > late december started messing up older versions of cerowrt, openwrt, > etc. > > (short version, they started announcing ras every three seconds, which > triggers a reload/reconfiguration of openwrt that > takes longer than 3 seconds...) > > The openwrt folk fixed it upstream a few weeks back and the last > couple development releases of cero have the fixes. > (ghu help those that are merely ipv6 certified and not paying attention) > > > https://lists.bufferbloat.net/pipermail/cerowrt-devel/2014-January/002093.html > > I have since produced several comcast specific releases. This one is > pretty stable > > http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/comcast/3.10.28-4/ > > I recomend all comcast users on cerowrt upgrade ASAP as comcast is > aggressively > turning on ipv6 everywhere. (and it's pretty wonderful when it works) > > Note that you should make a backup, > reflash from scratch, and re-apply your mods via the gui as much as > changed since 3.8. > > I usually take a backup via scp root@gw.home.lan:/overlay and then > look hard at the modified files > in /etc and /etc/config > > > As this is still a dev release it has some problems, notably HT40+ > mode seems to be borked > on 5ghz. Also I am discovering that providers deploying ipv6 (AT&T, > now possibly comcast) seem > to be (inadvertently) disabling various forms of tunnelling. I still > haven't got he to work again > simultaneously with native ipv6 on comcast. (but unlike the first > comcast-specific release, > trying to enable one doesn't blow up the router) > > Another option for you is to disable the dhcp-pd request on your > current version so you don't get native ipv6... > > I hope to resume marching towards a final stable release over the > coming weeks. In the interim, > on comcast, upgrade ASAP. > > > On Sat, Feb 1, 2014 at 5:29 AM, Chuck Anderson <cra@wpi.edu> wrote: > > This morning my Linux PC which has a direct connection to my Comcast > > cable modem (no router in between) lost its IPv4 address. During > > troubleshooting, I noticed that the dhclient was unable to get an IPv4 > > address from Comcast. I ran tcpdump and discovered that the CeroWRT > > router, also connected to the same cable modem via a switch, was > > flooding the WAN with DHCPv6 SOLICIT packets with about 4700 > > packets/sec, 6.6 megabits/sec of traffic! I immediately unplugged > > CeroWRT from the WAN and then my PC was able to get an IPv4 address > > from Comcast. > > > > I know CeroWrt 3.7.5-2 is old at this point, but I'm wondering if > > something else changed to cause this behavior. Maybe Comcast > > IPv6-enabled my CMTS finally? I've been using HE tunnels for IPv6, > > one on a Linksys OpenWRT for my "production" network and a separate > > tunnel on this CeroWRT for "testing". > > > > There is one other change that was made to my Linux PC--I booted into > > a new kernel yesterday morning and had a similar problem with the > > inability to get an IPv4 address via DHCP from Comcast for about 30 > > minutes, then it just started working on its own. (I hadn't noticed > > initially since I was using IPv6 to get where I needed to go.) I > > didn't have time to troubleshoot it at the time, but I assumed it was > > due to this IPv6 change in the Fedora kernel: > > > > * Wed Jan 29 2014 Justin M. Forbes <jforbes@fedoraproject.org> - > 3.12.9-201 > > - ipv6 addrconf: revert /proc/net/if_inet6 ifa_flag format (rhbz 1056711) > > > > * Tue Jan 28 2014 Josh Boyer <jwboyer@fedoraproject.org> > > - Add patch from Stanislaw Gruszka to fix ath9k BUG (rhbz 990955) > > > > * Mon Jan 27 2014 Justin M. Forbes <jforbes@fedoraproject.org> - > 3.12.9-200 > > - Backport new IPv6 address flag IFA_F_NOPREFIXROUTE and > IFA_F_MANAGETEMPADDR (rhbz 1056711) > > - Linux v3.12.9 > > - i915: remove pm_qos request on error (rhbz 1057533) > > > > See https://bugzilla.redhat.com/show_bug.cgi?id=1056711 for details > > about that. > > > > Each time this loss of IPv4 happened, I noticed the NIC link went down > > right before it started. Maybe the flooding was happening yesterday > > morning too, and the flooding caused my poor 5-port Netgear switch to > > flake out and flap the NIC links? Alternatively, maybe the link flap > > itself was what caused odhcp6c to wig out and start flooding in the > > first place? Unfortunately I don't have a tcpdump from yesterday > > morning to confirm this. > > > > CeroWRT status: > > > > Router Name cerowrt > > Router Model NETGEAR WNDR3700v2 > > Firmware Version CeroWrt Modena 3.7.5-2 / LuCI Trunk (trunk+svn) > > Kernel Version 3.7.5 > > Local Time Sat Feb 1 07:54:43 2014 > > Uptime 58d 6h 56m 51s > > > > The DHCPv6 client is odhcp6c: > > > > root@cerowrt:~# ps |grep dhc > > 980 root 1720 S udhcpc -p /var/run/udhcpc-ge00.pid -s > /lib/netifd/dh > > 1335 root 804 R odhcp6c -s /lib/netifd/dhcpv6.script -Ntry > -P60 ge00 > > 3725 root 1704 S grep dhc > > > > Here is an example packet from the DHCPv6 flood: > > > > No. Time Source Destination Protocol > Length Info > > 1 0.000000 fe80::c63d:c7ff:feb0:8f41 ff02::1:2 > DHCPv6 179 Solicit XID: 0x45eb91 CID: 00030001c43dc7b08f41 > > > > Frame 1: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) > > Encapsulation type: Ethernet (1) > > Arrival Time: Feb 1, 2014 07:20:27.723633000 EST > > [Time shift for this packet: 0.000000000 seconds] > > Epoch Time: 1391257227.723633000 seconds > > [Time delta from previous captured frame: 0.000000000 seconds] > > [Time delta from previous displayed frame: 0.000000000 seconds] > > [Time since reference or first frame: 0.000000000 seconds] > > Frame Number: 1 > > Frame Length: 179 bytes (1432 bits) > > Capture Length: 179 bytes (1432 bits) > > [Frame is marked: False] > > [Frame is ignored: False] > > [Protocols in frame: eth:ipv6:udp:dhcpv6] > > [Coloring Rule Name: UDP] > > [Coloring Rule String: udp] > > Ethernet II, Src: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41), Dst: > IPv6mcast_00:01:00:02 (33:33:00:01:00:02) > > Destination: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) > > Address: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) > > .... ..1. .... .... .... .... = LG bit: Locally administered > address (this is NOT the factory default) > > .... ...1 .... .... .... .... = IG bit: Group address > (multicast/broadcast) > > Source: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) > > Address: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) > > .... ..0. .... .... .... .... = LG bit: Globally unique address > (factory default) > > .... ...0 .... .... .... .... = IG bit: Individual address > (unicast) > > Type: IPv6 (0x86dd) > > Internet Protocol Version 6, Src: fe80::c63d:c7ff:feb0:8f41 > (fe80::c63d:c7ff:feb0:8f41), Dst: ff02::1:2 (ff02::1:2) > > 0110 .... = Version: 6 > > [0110 .... = This field makes the filter "ip.version == 6" > possible: 6] > > .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 > > .... 0000 00.. .... .... .... .... .... = Differentiated > Services Field: Default (0x00000000) > > .... .... ..0. .... .... .... .... .... = ECN-Capable Transport > (ECT): Not set > > .... .... ...0 .... .... .... .... .... = ECN-CE: Not set > > .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 > > Payload length: 125 > > Next header: UDP (17) > > Hop limit: 1 > > Source: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41) > > [Source SA MAC: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41)] > > Destination: ff02::1:2 (ff02::1:2) > > [Source GeoIP: Unknown] > > [Destination GeoIP: Unknown] > > User Datagram Protocol, Src Port: dhcpv6-client (546), Dst Port: > dhcpv6-server (547) > > Source port: dhcpv6-client (546) > > Destination port: dhcpv6-server (547) > > Length: 125 > > Checksum: 0xda1c [validation disabled] > > [Good Checksum: False] > > [Bad Checksum: False] > > DHCPv6 > > Message type: Solicit (1) > > Transaction ID: 0x45eb91 > > Elapsed time > > Option: Elapsed time (8) > > Length: 2 > > Value: ffff > > Elapsed-time: 655350 ms > > Option Request > > Option: Option Request (6) > > Length: 10 > > Value: 00170018003800160015 > > Requested Option code: DNS recursive name server (23) > > Requested Option code: Domain Search List (24) > > Requested Option code: Unknown (56) > > Requested Option code: SIP Servers IPv6 Address List (22) > > Requested Option code: SIP Server Domain Name List (21) > > Client Identifier > > Option: Client Identifier (1) > > Length: 10 > > Value: 00030001c43dc7b08f41 > > DUID: 00030001c43dc7b08f41 > > DUID Type: link-layer address (3) > > Hardware type: Ethernet (1) > > Link-layer address: c4:3d:c7:b0:8f:41 > > Reconfigure Accept > > Option: Reconfigure Accept (20) > > Length: 0 > > Fully Qualified Domain Name > > Option: Fully Qualified Domain Name (39) > > Length: 10 > > Value: 00076365726f77727400 > > 0000 0... = Reserved: 0x00 > > .... .0.. = N bit: Server should perform DNS updates > > .... ..0. = O bit: Server has not overridden client's S bit > preference > > .... ...0 = S bit: Server should not perform forward DNS updates > > Domain: cerowrt > > Identity Association for Non-temporary Address > > Option: Identity Association for Non-temporary Address (3) > > Length: 12 > > Value: 000000010000000000000000 > > IAID: 00000001 > > T1: 0 > > T2: 0 > > Identity Association for Prefix Delegation > > Option: Identity Association for Prefix Delegation (25) > > Length: 41 > > Value: 000000010000000000000000001a00190000000000000000... > > IAID: 00000001 > > T1: 0 > > T2: 0 > > IA Prefix > > Option: IA Prefix (26) > > Length: 25 > > Value: 00000000000000003c000000000000000000000000000000... > > Preferred lifetime: 0 > > Valid lifetime: 0 > > Prefix length: 60 > > Prefix address: :: (::) > > > > 0000 33 33 00 01 00 02 c4 3d c7 b0 8f 41 86 dd 60 00 33.....=...A..`. > > 0010 00 00 00 7d 11 01 fe 80 00 00 00 00 00 00 c6 3d ...}...........= > > 0020 c7 ff fe b0 8f 41 ff 02 00 00 00 00 00 00 00 00 .....A.......... > > 0030 00 00 00 01 00 02 02 22 02 23 00 7d da 1c 01 45 .......".#.}...E > > 0040 eb 91 00 08 00 02 ff ff 00 06 00 0a 00 17 00 18 ................ > > 0050 00 38 00 16 00 15 00 01 00 0a 00 03 00 01 c4 3d .8.............= > > 0060 c7 b0 8f 41 00 14 00 00 00 27 00 0a 00 07 63 65 ...A.....'....ce > > 0070 72 6f 77 72 74 00 00 03 00 0c 00 00 00 01 00 00 rowrt........... > > 0080 00 00 00 00 00 00 00 19 00 29 00 00 00 01 00 00 .........)...... > > 0090 00 00 00 00 00 00 00 1a 00 19 00 00 00 00 00 00 ................ > > 00a0 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 ..<............. > > 00b0 00 00 00 ... > > > > The CeroWRT system log is attached. Nothing looks strange except the > > loss of ge00 link around 6:24 this morning, which is right around when > > I lost IPv4 connectivity to my Linux PC (I have a system monitoring > > this IP and it SMS's me if it goes down). My PC's NIC link went down > > at exactly the same time. At 7:24 is when I unplugged CeroWRT. > > > > _______________________________________________ > > Cerowrt-devel mailing list > > Cerowrt-devel@lists.bufferbloat.net > > https://lists.bufferbloat.net/listinfo/cerowrt-devel > > > > > > -- > Dave Täht > > Fixing bufferbloat with cerowrt: > http://www.teklibre.com/cerowrt/subscribe.html > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > [-- Attachment #2: Type: text/html, Size: 16149 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs 2014-02-01 13:29 [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs Chuck Anderson 2014-02-01 16:43 ` Dave Taht @ 2014-03-26 2:40 ` Chuck Anderson 2014-03-26 3:19 ` Dave Taht 1 sibling, 1 reply; 11+ messages in thread From: Chuck Anderson @ 2014-03-26 2:40 UTC (permalink / raw) To: cerowrt-devel This happened again, but this time it killed the eMTA in my cable modem, knocking out my Xfinity Voice service. The Arris Telephony Modem got stuck at Telephony-DHCP and wouldn't boot past that point, which is unsurprising given the large flood of DHCPv6 Solicit packets going through it. As soon as I unplugged the CeroWrt WAN interface, the Arris eMTA was able to boot and my phone service was restored. This was with the CeroWrt comcast release 3.10.28-4 which has been sitting there running for 52 days. It appears to take a long time to see this issue, so mabye no one here has seen it because they reboot or upgrade their CeroWrt routers more often than that, or maybe no one is using odhcp6c anymore. This is definitely a severe bug in odhcp6c. It should have built-in rate limiting to prevent it from trashing the network. It is never correct for a DHCP client to send packets this rapidly. The odhcp6c process is currently taking all available CPU, about 86%, with 12% taken by rngd. How can I debug this currently running process? There is no "strace" binary to see what it is doing... 17039 1182 root R 828 1% 86% odhcp6c -s /lib/netifd/dhcpv6.script 1778 1 root S 816 1% 12% /sbin/rngd -f -r /dev/urandom -W 4000 1286 1 root S 2756 2% 0% /usr/sbin/snmpd -Lf /dev/null -p /var 20565 20081 root R 1708 1% 0% top 20064 1326 root S 1300 1% 0% dropbear -i 1601 1 root S 1216 1% 0% /usr/sbin/babeld -D -I /var/run/babel 1098 2 root SW 0 0% 0% [kworker/0:3] 1254 1 root S 4828 4% 0% /usr/sbin/lighttpd -D -f /etc/lighttp 1226 1 www-data S 4244 3% 0% /usr/sbin/lighttpd -D -f /etc/lighttp 1628 1 root S 3952 3% 0% /usr/sbin/hostapd -P /var/run/wifi-ph 1663 1 root S 3952 3% 0% /usr/sbin/hostapd -P /var/run/wifi-ph 1537 1 nobody S 2320 2% 0% avahi-daemon: running [cerowrt.local] 1450 1 root S 1756 1% 0% /usr/sbin/dbus-daemon --system 1348 1182 root S 1716 1% 0% udhcpc -p /var/run/udhcpc-ge00.pid -s 20081 20064 root S 1716 1% 0% -ash 1242 1 root S 1712 1% 0% /usr/sbin/crond -f -c /etc/crontabs - 1791 1 root S 1708 1% 0% /usr/sbin/ntpd -n -l -p 0.openwrt.poo 1182 1 root S 1576 1% 0% /sbin/netifd 16232 1 nobody S 1436 1% 0% /usr/sbin/dnsmasq -C /var/etc/dnsmasq ^C233 16232 root S 1432 1% 0% /usr/sbin/dnsmasq -C /var/etc/dnsmasq root@cerowrt:/# uptime 22:32:31 up 52 days, 1:10, load average: 1.27, 1.29, 1.26 Tcpdump output: 22:04:42.703054 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.703239 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.703422 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.703603 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.703786 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.703968 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.704151 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.704334 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.704516 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.704698 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.704881 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.705104 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.705290 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.705472 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.705655 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.705837 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.706020 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.706202 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.706385 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.706566 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.706749 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.706932 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.707116 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.707298 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.707481 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.707664 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.707846 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.708028 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.708211 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.708393 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.708576 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.708759 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.708981 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.709202 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.709387 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.709617 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.709801 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.709983 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.710167 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.710350 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.710533 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.710715 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.710898 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.752919 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.753102 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.753285 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.753468 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.753650 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.753834 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.754016 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.754199 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.754382 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.754564 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.754747 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.754931 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.755113 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.755346 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.755529 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.755712 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.755964 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.756152 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.756335 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.756517 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.756700 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.756883 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.757073 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.757256 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.757439 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.757623 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.757806 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.757990 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.758171 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.758355 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.758536 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.758719 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.890376 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.890562 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.890745 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.890928 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.891120 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.891303 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 22:04:42.891487 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit On Sat, Feb 01, 2014 at 08:29:50AM -0500, Chuck Anderson wrote: > This morning my Linux PC which has a direct connection to my Comcast > cable modem (no router in between) lost its IPv4 address. During > troubleshooting, I noticed that the dhclient was unable to get an IPv4 > address from Comcast. I ran tcpdump and discovered that the CeroWRT > router, also connected to the same cable modem via a switch, was > flooding the WAN with DHCPv6 SOLICIT packets with about 4700 > packets/sec, 6.6 megabits/sec of traffic! I immediately unplugged > CeroWRT from the WAN and then my PC was able to get an IPv4 address > from Comcast. > > I know CeroWrt 3.7.5-2 is old at this point, but I'm wondering if > something else changed to cause this behavior. Maybe Comcast > IPv6-enabled my CMTS finally? I've been using HE tunnels for IPv6, > one on a Linksys OpenWRT for my "production" network and a separate > tunnel on this CeroWRT for "testing". > > There is one other change that was made to my Linux PC--I booted into > a new kernel yesterday morning and had a similar problem with the > inability to get an IPv4 address via DHCP from Comcast for about 30 > minutes, then it just started working on its own. (I hadn't noticed > initially since I was using IPv6 to get where I needed to go.) I > didn't have time to troubleshoot it at the time, but I assumed it was > due to this IPv6 change in the Fedora kernel: > > * Wed Jan 29 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-201 > - ipv6 addrconf: revert /proc/net/if_inet6 ifa_flag format (rhbz 1056711) > > * Tue Jan 28 2014 Josh Boyer <jwboyer@fedoraproject.org> > - Add patch from Stanislaw Gruszka to fix ath9k BUG (rhbz 990955) > > * Mon Jan 27 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-200 > - Backport new IPv6 address flag IFA_F_NOPREFIXROUTE and IFA_F_MANAGETEMPADDR (rhbz 1056711) > - Linux v3.12.9 > - i915: remove pm_qos request on error (rhbz 1057533) > > See https://bugzilla.redhat.com/show_bug.cgi?id=1056711 for details > about that. > > Each time this loss of IPv4 happened, I noticed the NIC link went down > right before it started. Maybe the flooding was happening yesterday > morning too, and the flooding caused my poor 5-port Netgear switch to > flake out and flap the NIC links? Alternatively, maybe the link flap > itself was what caused odhcp6c to wig out and start flooding in the > first place? Unfortunately I don't have a tcpdump from yesterday > morning to confirm this. > > CeroWRT status: > > Router Name cerowrt > Router Model NETGEAR WNDR3700v2 > Firmware Version CeroWrt Modena 3.7.5-2 / LuCI Trunk (trunk+svn) > Kernel Version 3.7.5 > Local Time Sat Feb 1 07:54:43 2014 > Uptime 58d 6h 56m 51s > > The DHCPv6 client is odhcp6c: > > root@cerowrt:~# ps |grep dhc > 980 root 1720 S udhcpc -p /var/run/udhcpc-ge00.pid -s /lib/netifd/dh > 1335 root 804 R odhcp6c -s /lib/netifd/dhcpv6.script -Ntry -P60 ge00 > 3725 root 1704 S grep dhc > > Here is an example packet from the DHCPv6 flood: > > No. Time Source Destination Protocol Length Info > 1 0.000000 fe80::c63d:c7ff:feb0:8f41 ff02::1:2 DHCPv6 179 Solicit XID: 0x45eb91 CID: 00030001c43dc7b08f41 > > Frame 1: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) > Encapsulation type: Ethernet (1) > Arrival Time: Feb 1, 2014 07:20:27.723633000 EST > [Time shift for this packet: 0.000000000 seconds] > Epoch Time: 1391257227.723633000 seconds > [Time delta from previous captured frame: 0.000000000 seconds] > [Time delta from previous displayed frame: 0.000000000 seconds] > [Time since reference or first frame: 0.000000000 seconds] > Frame Number: 1 > Frame Length: 179 bytes (1432 bits) > Capture Length: 179 bytes (1432 bits) > [Frame is marked: False] > [Frame is ignored: False] > [Protocols in frame: eth:ipv6:udp:dhcpv6] > [Coloring Rule Name: UDP] > [Coloring Rule String: udp] > Ethernet II, Src: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41), Dst: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) > Destination: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) > Address: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) > .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) > .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) > Source: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) > Address: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) > .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) > .... ...0 .... .... .... .... = IG bit: Individual address (unicast) > Type: IPv6 (0x86dd) > Internet Protocol Version 6, Src: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41), Dst: ff02::1:2 (ff02::1:2) > 0110 .... = Version: 6 > [0110 .... = This field makes the filter "ip.version == 6" possible: 6] > .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 > .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000) > .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set > .... .... ...0 .... .... .... .... .... = ECN-CE: Not set > .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 > Payload length: 125 > Next header: UDP (17) > Hop limit: 1 > Source: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41) > [Source SA MAC: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41)] > Destination: ff02::1:2 (ff02::1:2) > [Source GeoIP: Unknown] > [Destination GeoIP: Unknown] > User Datagram Protocol, Src Port: dhcpv6-client (546), Dst Port: dhcpv6-server (547) > Source port: dhcpv6-client (546) > Destination port: dhcpv6-server (547) > Length: 125 > Checksum: 0xda1c [validation disabled] > [Good Checksum: False] > [Bad Checksum: False] > DHCPv6 > Message type: Solicit (1) > Transaction ID: 0x45eb91 > Elapsed time > Option: Elapsed time (8) > Length: 2 > Value: ffff > Elapsed-time: 655350 ms > Option Request > Option: Option Request (6) > Length: 10 > Value: 00170018003800160015 > Requested Option code: DNS recursive name server (23) > Requested Option code: Domain Search List (24) > Requested Option code: Unknown (56) > Requested Option code: SIP Servers IPv6 Address List (22) > Requested Option code: SIP Server Domain Name List (21) > Client Identifier > Option: Client Identifier (1) > Length: 10 > Value: 00030001c43dc7b08f41 > DUID: 00030001c43dc7b08f41 > DUID Type: link-layer address (3) > Hardware type: Ethernet (1) > Link-layer address: c4:3d:c7:b0:8f:41 > Reconfigure Accept > Option: Reconfigure Accept (20) > Length: 0 > Fully Qualified Domain Name > Option: Fully Qualified Domain Name (39) > Length: 10 > Value: 00076365726f77727400 > 0000 0... = Reserved: 0x00 > .... .0.. = N bit: Server should perform DNS updates > .... ..0. = O bit: Server has not overridden client's S bit preference > .... ...0 = S bit: Server should not perform forward DNS updates > Domain: cerowrt > Identity Association for Non-temporary Address > Option: Identity Association for Non-temporary Address (3) > Length: 12 > Value: 000000010000000000000000 > IAID: 00000001 > T1: 0 > T2: 0 > Identity Association for Prefix Delegation > Option: Identity Association for Prefix Delegation (25) > Length: 41 > Value: 000000010000000000000000001a00190000000000000000... > IAID: 00000001 > T1: 0 > T2: 0 > IA Prefix > Option: IA Prefix (26) > Length: 25 > Value: 00000000000000003c000000000000000000000000000000... > Preferred lifetime: 0 > Valid lifetime: 0 > Prefix length: 60 > Prefix address: :: (::) > > 0000 33 33 00 01 00 02 c4 3d c7 b0 8f 41 86 dd 60 00 33.....=...A..`. > 0010 00 00 00 7d 11 01 fe 80 00 00 00 00 00 00 c6 3d ...}...........= > 0020 c7 ff fe b0 8f 41 ff 02 00 00 00 00 00 00 00 00 .....A.......... > 0030 00 00 00 01 00 02 02 22 02 23 00 7d da 1c 01 45 .......".#.}...E > 0040 eb 91 00 08 00 02 ff ff 00 06 00 0a 00 17 00 18 ................ > 0050 00 38 00 16 00 15 00 01 00 0a 00 03 00 01 c4 3d .8.............= > 0060 c7 b0 8f 41 00 14 00 00 00 27 00 0a 00 07 63 65 ...A.....'....ce > 0070 72 6f 77 72 74 00 00 03 00 0c 00 00 00 01 00 00 rowrt........... > 0080 00 00 00 00 00 00 00 19 00 29 00 00 00 01 00 00 .........)...... > 0090 00 00 00 00 00 00 00 1a 00 19 00 00 00 00 00 00 ................ > 00a0 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 ..<............. > 00b0 00 00 00 ... > > The CeroWRT system log is attached. Nothing looks strange except the > loss of ge00 link around 6:24 this morning, which is right around when > I lost IPv4 connectivity to my Linux PC (I have a system monitoring > this IP and it SMS's me if it goes down). My PC's NIC link went down > at exactly the same time. At 7:24 is when I unplugged CeroWRT. > Feb 1 03:44:30 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 03:47:19 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 03:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 03:50:22 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 03:53:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 03:56:41 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated > Feb 1 03:57:04 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 03:58:00 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 88.119.198.49 to the global_no_access list for 120 minutes > Feb 1 03:58:28 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 58.63.69.150 to the global_no_access list for 120 minutes > Feb 1 03:59:08 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 03:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 03:59:42 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated > Feb 1 04:02:32 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 04:06:00 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 04:08:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 04:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 04:11:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 04:13:56 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 04:18:43 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 04:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 04:20:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 04:21:43 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated > Feb 1 04:22:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 04:28:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 04:29:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 04:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 04:31:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 04:32:44 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated > Feb 1 04:36:44 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 04:38:16 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 04:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 04:39:44 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated > Feb 1 04:41:10 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 04:44:21 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 04:47:58 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 04:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 04:50:43 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 04:53:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 04:56:01 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 04:57:45 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated > Feb 1 04:58:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 04:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 05:01:41 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 05:04:28 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 05:07:24 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 05:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 05:09:54 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 05:13:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 05:13:40 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 60.165.210.96 to the global_no_access list for 120 minutes > Feb 1 05:16:00 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 05:17:49 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 05:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 05:22:10 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 05:25:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 05:26:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 05:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 05:29:44 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 05:34:45 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 05:35:04 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 05:37:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 05:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 05:43:33 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 05:44:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 05:46:24 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 05:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 05:52:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 05:53:29 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 05:55:50 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 05:58:48 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated > Feb 1 05:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 06:00:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 06:03:02 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 06:04:52 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 06:08:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 06:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 06:11:32 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 06:12:22 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 71.187.187.196 to the global_no_access list for 120 minutes > Feb 1 06:13:23 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 06:18:19 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 06:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 06:21:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 06:21:21 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 06:24:12 cerowrt kern.info kernel: [5030779.328125] ge00: link down > Feb 1 06:24:16 cerowrt kern.debug kernel: [5030783.343750] ar71xx: pll_reg 0xb8050014: 0x11110000 > Feb 1 06:24:16 cerowrt kern.info kernel: [5030783.343750] ge00: link up (1000Mbps/Full duplex) > Feb 1 06:24:30 cerowrt kern.info kernel: [5030797.406250] ge00: link down > Feb 1 06:24:55 cerowrt kern.debug kernel: [5030822.503906] ar71xx: pll_reg 0xb8050014: 0x11110000 > Feb 1 06:24:55 cerowrt kern.info kernel: [5030822.503906] ge00: link up (1000Mbps/Full duplex) > Feb 1 06:27:56 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 06:29:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 06:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 06:31:07 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 06:36:39 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 06:38:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 06:38:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 06:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 06:44:26 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 06:46:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 06:47:26 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 06:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 06:52:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 06:54:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 06:56:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 06:59:00 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 187.54.249.118 to the global_no_access list for 120 minutes > Feb 1 06:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 07:02:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 07:02:53 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 07:05:08 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 07:07:25 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 181.50.13.174 to the global_no_access list for 120 minutes > Feb 1 07:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 07:11:33 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 07:11:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 07:13:52 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated > Feb 1 07:14:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 07:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 07:20:09 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 07:20:30 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 07:23:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 07:24:57 cerowrt kern.info kernel: [5034424.527343] ge00: link down > Feb 1 07:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 07:29:41 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 07:29:50 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 07:32:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 07:38:52 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da IEEE 802.11: authenticated > Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da IEEE 802.11: associated (aid 2) > Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da RADIUS: starting accounting session 52806EEC-0000005B > Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da WPA: pairwise key handshake completed (RSN) > Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPDISCOVER(sw00) 172.30.42.74 74:e5:43:69:09:da > Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPOFFER(sw00) 172.30.42.74 74:e5:43:69:09:da > Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPREQUEST(sw00) 172.30.42.74 74:e5:43:69:09:da > Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPACK(sw00) 172.30.42.74 74:e5:43:69:09:da a > Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 07:39:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-SOLICIT(sw00) 74:e5:43:69:09:da > Feb 1 07:39:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 07:39:14 cerowrt daemon.info dnsmasq-dhcp[2896]: SLAAC-CONFIRM(sw00) 2001:470:89c6:1:76e5:43ff:fe69:9da a > Feb 1 07:39:15 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPINFORMATION-REQUEST(sw00) 00:04:fc:3a:bd:af:bb:b3:64:10:e1:fd:72:cf:0f:0c:c1:14 a > Feb 1 07:39:19 cerowrt authpriv.info dropbear[3709]: Child connection from 172.30.42.74:53620 > Feb 1 07:39:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 07:39:25 cerowrt authpriv.info dropbear[3709]: Exit before auth: Exited normally > Feb 1 07:39:28 cerowrt authpriv.info dropbear[3710]: Child connection from 172.30.42.74:53621 > Feb 1 07:39:35 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621 > Feb 1 07:39:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 07:39:38 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da WPA: group key handshake completed (RSN) > Feb 1 07:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) > Feb 1 07:39:39 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621 > Feb 1 07:39:44 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621 > Feb 1 07:39:44 cerowrt authpriv.info dropbear[3710]: Exit before auth: Exited normally > Feb 1 07:39:45 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: > Feb 1 07:39:52 cerowrt kern.debug kernel: [5035318.730468] icmpv6_send: no reply to icmp error > Feb 1 07:39:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 07:39:56 cerowrt kern.debug kernel: [5035322.816406] icmpv6_send: no reply to icmp error > Feb 1 07:40:00 cerowrt kern.debug kernel: [5035327.488281] icmpv6_send: no reply to icmp error > Feb 1 07:40:07 cerowrt authpriv.info dropbear[3712]: Child connection from 172.30.42.74:53629 > Feb 1 07:40:10 cerowrt kern.debug kernel: [5035336.816406] icmpv6_send: no reply to icmp error > Feb 1 07:40:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: > Feb 1 07:40:13 cerowrt authpriv.notice dropbear[3712]: Password auth succeeded for 'root' from 172.30.42.74:53629 > Feb 1 07:40:28 cerowrt kern.debug kernel: [5035355.472656] icmpv6_send: no reply to icmp error > Feb 1 07:40:43 cerowrt kern.info kernel: [5035370.363281] device ge00 entered promiscuous mode > Feb 1 07:40:44 cerowrt kern.info kernel: [5035371.164062] device ge00 left promiscuous mode > Feb 1 07:40:46 cerowrt kern.info kernel: [5035372.847656] device ge00 entered promiscuous mode > Feb 1 07:40:49 cerowrt kern.info kernel: [5035376.109375] device ge00 left promiscuous mode > Feb 1 07:46:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs 2014-03-26 2:40 ` Chuck Anderson @ 2014-03-26 3:19 ` Dave Taht 2014-03-26 3:41 ` Dave Taht 0 siblings, 1 reply; 11+ messages in thread From: Dave Taht @ 2014-03-26 3:19 UTC (permalink / raw) To: cerowrt-devel, Steven B. It sounds like a 32 bit overflow of some kind (23.x days *s) In looking through the relevant commits for odhcpd, I don't see any fixes targetted at it. We had another similar bug with the ra flooding thing comcast was doing but I think this is different. an strace would be good to have. opkg update opkg install strace strace -p t`pidof odhcp6c` 2> /tmp/strace.log wait a bit, do a control-c, send the log. I realize this is a very severe bug, but at one level, I'm happy - we're making 52 days of uptime without a problem! Next stop, YEARS. On Tue, Mar 25, 2014 at 7:40 PM, Chuck Anderson <cra@wpi.edu> wrote: > This happened again, but this time it killed the eMTA in my cable > modem, knocking out my Xfinity Voice service. The Arris Telephony > Modem got stuck at Telephony-DHCP and wouldn't boot past that point, > which is unsurprising given the large flood of DHCPv6 Solicit packets > going through it. As soon as I unplugged the CeroWrt WAN interface, > the Arris eMTA was able to boot and my phone service was restored. > > This was with the CeroWrt comcast release 3.10.28-4 which has been > sitting there running for 52 days. It appears to take a long time to > see this issue, so mabye no one here has seen it because they reboot > or upgrade their CeroWrt routers more often than that, or maybe no one > is using odhcp6c anymore. > > This is definitely a severe bug in odhcp6c. It should have built-in > rate limiting to prevent it from trashing the network. It is never > correct for a DHCP client to send packets this rapidly. > > The odhcp6c process is currently taking all available CPU, about 86%, > with 12% taken by rngd. How can I debug this currently running > process? There is no "strace" binary to see what it is doing... > > 17039 1182 root R 828 1% 86% odhcp6c -s /lib/netifd/dhcpv6.script > 1778 1 root S 816 1% 12% /sbin/rngd -f -r /dev/urandom -W 4000 > 1286 1 root S 2756 2% 0% /usr/sbin/snmpd -Lf /dev/null -p /var > 20565 20081 root R 1708 1% 0% top > 20064 1326 root S 1300 1% 0% dropbear -i > 1601 1 root S 1216 1% 0% /usr/sbin/babeld -D -I /var/run/babel > 1098 2 root SW 0 0% 0% [kworker/0:3] > 1254 1 root S 4828 4% 0% /usr/sbin/lighttpd -D -f /etc/lighttp > 1226 1 www-data S 4244 3% 0% /usr/sbin/lighttpd -D -f /etc/lighttp > 1628 1 root S 3952 3% 0% /usr/sbin/hostapd -P /var/run/wifi-ph > 1663 1 root S 3952 3% 0% /usr/sbin/hostapd -P /var/run/wifi-ph > 1537 1 nobody S 2320 2% 0% avahi-daemon: running [cerowrt.local] > 1450 1 root S 1756 1% 0% /usr/sbin/dbus-daemon --system > 1348 1182 root S 1716 1% 0% udhcpc -p /var/run/udhcpc-ge00.pid -s > 20081 20064 root S 1716 1% 0% -ash > 1242 1 root S 1712 1% 0% /usr/sbin/crond -f -c /etc/crontabs - > 1791 1 root S 1708 1% 0% /usr/sbin/ntpd -n -l -p 0.openwrt.poo > 1182 1 root S 1576 1% 0% /sbin/netifd > 16232 1 nobody S 1436 1% 0% /usr/sbin/dnsmasq -C /var/etc/dnsmasq > ^C233 16232 root S 1432 1% 0% /usr/sbin/dnsmasq -C /var/etc/dnsmasq > > root@cerowrt:/# uptime > 22:32:31 up 52 days, 1:10, load average: 1.27, 1.29, 1.26 > > > Tcpdump output: > > 22:04:42.703054 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.703239 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.703422 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.703603 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.703786 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.703968 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.704151 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.704334 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.704516 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.704698 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.704881 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.705104 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.705290 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.705472 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.705655 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.705837 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.706020 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.706202 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.706385 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.706566 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.706749 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.706932 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.707116 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.707298 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.707481 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.707664 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.707846 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.708028 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.708211 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.708393 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.708576 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.708759 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.708981 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.709202 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.709387 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.709617 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.709801 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.709983 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.710167 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.710350 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.710533 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.710715 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.710898 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.752919 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.753102 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.753285 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.753468 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.753650 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.753834 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.754016 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.754199 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.754382 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.754564 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.754747 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.754931 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.755113 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.755346 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.755529 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.755712 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.755964 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.756152 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.756335 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.756517 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.756700 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.756883 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.757073 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.757256 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.757439 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.757623 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.757806 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.757990 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.758171 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.758355 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.758536 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.758719 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.890376 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.890562 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.890745 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.890928 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.891120 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.891303 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 22:04:42.891487 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > > > On Sat, Feb 01, 2014 at 08:29:50AM -0500, Chuck Anderson wrote: >> This morning my Linux PC which has a direct connection to my Comcast >> cable modem (no router in between) lost its IPv4 address. During >> troubleshooting, I noticed that the dhclient was unable to get an IPv4 >> address from Comcast. I ran tcpdump and discovered that the CeroWRT >> router, also connected to the same cable modem via a switch, was >> flooding the WAN with DHCPv6 SOLICIT packets with about 4700 >> packets/sec, 6.6 megabits/sec of traffic! I immediately unplugged >> CeroWRT from the WAN and then my PC was able to get an IPv4 address >> from Comcast. >> >> I know CeroWrt 3.7.5-2 is old at this point, but I'm wondering if >> something else changed to cause this behavior. Maybe Comcast >> IPv6-enabled my CMTS finally? I've been using HE tunnels for IPv6, >> one on a Linksys OpenWRT for my "production" network and a separate >> tunnel on this CeroWRT for "testing". >> >> There is one other change that was made to my Linux PC--I booted into >> a new kernel yesterday morning and had a similar problem with the >> inability to get an IPv4 address via DHCP from Comcast for about 30 >> minutes, then it just started working on its own. (I hadn't noticed >> initially since I was using IPv6 to get where I needed to go.) I >> didn't have time to troubleshoot it at the time, but I assumed it was >> due to this IPv6 change in the Fedora kernel: >> >> * Wed Jan 29 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-201 >> - ipv6 addrconf: revert /proc/net/if_inet6 ifa_flag format (rhbz 1056711) >> >> * Tue Jan 28 2014 Josh Boyer <jwboyer@fedoraproject.org> >> - Add patch from Stanislaw Gruszka to fix ath9k BUG (rhbz 990955) >> >> * Mon Jan 27 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-200 >> - Backport new IPv6 address flag IFA_F_NOPREFIXROUTE and IFA_F_MANAGETEMPADDR (rhbz 1056711) >> - Linux v3.12.9 >> - i915: remove pm_qos request on error (rhbz 1057533) >> >> See https://bugzilla.redhat.com/show_bug.cgi?id=1056711 for details >> about that. >> >> Each time this loss of IPv4 happened, I noticed the NIC link went down >> right before it started. Maybe the flooding was happening yesterday >> morning too, and the flooding caused my poor 5-port Netgear switch to >> flake out and flap the NIC links? Alternatively, maybe the link flap >> itself was what caused odhcp6c to wig out and start flooding in the >> first place? Unfortunately I don't have a tcpdump from yesterday >> morning to confirm this. >> >> CeroWRT status: >> >> Router Name cerowrt >> Router Model NETGEAR WNDR3700v2 >> Firmware Version CeroWrt Modena 3.7.5-2 / LuCI Trunk (trunk+svn) >> Kernel Version 3.7.5 >> Local Time Sat Feb 1 07:54:43 2014 >> Uptime 58d 6h 56m 51s >> >> The DHCPv6 client is odhcp6c: >> >> root@cerowrt:~# ps |grep dhc >> 980 root 1720 S udhcpc -p /var/run/udhcpc-ge00.pid -s /lib/netifd/dh >> 1335 root 804 R odhcp6c -s /lib/netifd/dhcpv6.script -Ntry -P60 ge00 >> 3725 root 1704 S grep dhc >> >> Here is an example packet from the DHCPv6 flood: >> >> No. Time Source Destination Protocol Length Info >> 1 0.000000 fe80::c63d:c7ff:feb0:8f41 ff02::1:2 DHCPv6 179 Solicit XID: 0x45eb91 CID: 00030001c43dc7b08f41 >> >> Frame 1: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) >> Encapsulation type: Ethernet (1) >> Arrival Time: Feb 1, 2014 07:20:27.723633000 EST >> [Time shift for this packet: 0.000000000 seconds] >> Epoch Time: 1391257227.723633000 seconds >> [Time delta from previous captured frame: 0.000000000 seconds] >> [Time delta from previous displayed frame: 0.000000000 seconds] >> [Time since reference or first frame: 0.000000000 seconds] >> Frame Number: 1 >> Frame Length: 179 bytes (1432 bits) >> Capture Length: 179 bytes (1432 bits) >> [Frame is marked: False] >> [Frame is ignored: False] >> [Protocols in frame: eth:ipv6:udp:dhcpv6] >> [Coloring Rule Name: UDP] >> [Coloring Rule String: udp] >> Ethernet II, Src: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41), Dst: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) >> Destination: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) >> Address: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) >> .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) >> .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) >> Source: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) >> Address: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) >> .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) >> .... ...0 .... .... .... .... = IG bit: Individual address (unicast) >> Type: IPv6 (0x86dd) >> Internet Protocol Version 6, Src: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41), Dst: ff02::1:2 (ff02::1:2) >> 0110 .... = Version: 6 >> [0110 .... = This field makes the filter "ip.version == 6" possible: 6] >> .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 >> .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000) >> .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set >> .... .... ...0 .... .... .... .... .... = ECN-CE: Not set >> .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 >> Payload length: 125 >> Next header: UDP (17) >> Hop limit: 1 >> Source: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41) >> [Source SA MAC: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41)] >> Destination: ff02::1:2 (ff02::1:2) >> [Source GeoIP: Unknown] >> [Destination GeoIP: Unknown] >> User Datagram Protocol, Src Port: dhcpv6-client (546), Dst Port: dhcpv6-server (547) >> Source port: dhcpv6-client (546) >> Destination port: dhcpv6-server (547) >> Length: 125 >> Checksum: 0xda1c [validation disabled] >> [Good Checksum: False] >> [Bad Checksum: False] >> DHCPv6 >> Message type: Solicit (1) >> Transaction ID: 0x45eb91 >> Elapsed time >> Option: Elapsed time (8) >> Length: 2 >> Value: ffff >> Elapsed-time: 655350 ms >> Option Request >> Option: Option Request (6) >> Length: 10 >> Value: 00170018003800160015 >> Requested Option code: DNS recursive name server (23) >> Requested Option code: Domain Search List (24) >> Requested Option code: Unknown (56) >> Requested Option code: SIP Servers IPv6 Address List (22) >> Requested Option code: SIP Server Domain Name List (21) >> Client Identifier >> Option: Client Identifier (1) >> Length: 10 >> Value: 00030001c43dc7b08f41 >> DUID: 00030001c43dc7b08f41 >> DUID Type: link-layer address (3) >> Hardware type: Ethernet (1) >> Link-layer address: c4:3d:c7:b0:8f:41 >> Reconfigure Accept >> Option: Reconfigure Accept (20) >> Length: 0 >> Fully Qualified Domain Name >> Option: Fully Qualified Domain Name (39) >> Length: 10 >> Value: 00076365726f77727400 >> 0000 0... = Reserved: 0x00 >> .... .0.. = N bit: Server should perform DNS updates >> .... ..0. = O bit: Server has not overridden client's S bit preference >> .... ...0 = S bit: Server should not perform forward DNS updates >> Domain: cerowrt >> Identity Association for Non-temporary Address >> Option: Identity Association for Non-temporary Address (3) >> Length: 12 >> Value: 000000010000000000000000 >> IAID: 00000001 >> T1: 0 >> T2: 0 >> Identity Association for Prefix Delegation >> Option: Identity Association for Prefix Delegation (25) >> Length: 41 >> Value: 000000010000000000000000001a00190000000000000000... >> IAID: 00000001 >> T1: 0 >> T2: 0 >> IA Prefix >> Option: IA Prefix (26) >> Length: 25 >> Value: 00000000000000003c000000000000000000000000000000... >> Preferred lifetime: 0 >> Valid lifetime: 0 >> Prefix length: 60 >> Prefix address: :: (::) >> >> 0000 33 33 00 01 00 02 c4 3d c7 b0 8f 41 86 dd 60 00 33.....=...A..`. >> 0010 00 00 00 7d 11 01 fe 80 00 00 00 00 00 00 c6 3d ...}...........= >> 0020 c7 ff fe b0 8f 41 ff 02 00 00 00 00 00 00 00 00 .....A.......... >> 0030 00 00 00 01 00 02 02 22 02 23 00 7d da 1c 01 45 .......".#.}...E >> 0040 eb 91 00 08 00 02 ff ff 00 06 00 0a 00 17 00 18 ................ >> 0050 00 38 00 16 00 15 00 01 00 0a 00 03 00 01 c4 3d .8.............= >> 0060 c7 b0 8f 41 00 14 00 00 00 27 00 0a 00 07 63 65 ...A.....'....ce >> 0070 72 6f 77 72 74 00 00 03 00 0c 00 00 00 01 00 00 rowrt........... >> 0080 00 00 00 00 00 00 00 19 00 29 00 00 00 01 00 00 .........)...... >> 0090 00 00 00 00 00 00 00 1a 00 19 00 00 00 00 00 00 ................ >> 00a0 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 ..<............. >> 00b0 00 00 00 ... >> >> The CeroWRT system log is attached. Nothing looks strange except the >> loss of ge00 link around 6:24 this morning, which is right around when >> I lost IPv4 connectivity to my Linux PC (I have a system monitoring >> this IP and it SMS's me if it goes down). My PC's NIC link went down >> at exactly the same time. At 7:24 is when I unplugged CeroWRT. > >> Feb 1 03:44:30 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 03:47:19 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 03:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 03:50:22 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 03:53:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 03:56:41 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >> Feb 1 03:57:04 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 03:58:00 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 88.119.198.49 to the global_no_access list for 120 minutes >> Feb 1 03:58:28 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 58.63.69.150 to the global_no_access list for 120 minutes >> Feb 1 03:59:08 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 03:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 03:59:42 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >> Feb 1 04:02:32 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 04:06:00 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 04:08:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 04:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 04:11:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 04:13:56 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 04:18:43 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 04:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 04:20:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 04:21:43 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >> Feb 1 04:22:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 04:28:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 04:29:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 04:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 04:31:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 04:32:44 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >> Feb 1 04:36:44 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 04:38:16 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 04:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 04:39:44 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >> Feb 1 04:41:10 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 04:44:21 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 04:47:58 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 04:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 04:50:43 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 04:53:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 04:56:01 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 04:57:45 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >> Feb 1 04:58:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 04:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 05:01:41 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 05:04:28 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 05:07:24 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 05:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 05:09:54 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 05:13:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 05:13:40 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 60.165.210.96 to the global_no_access list for 120 minutes >> Feb 1 05:16:00 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 05:17:49 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 05:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 05:22:10 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 05:25:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 05:26:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 05:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 05:29:44 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 05:34:45 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 05:35:04 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 05:37:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 05:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 05:43:33 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 05:44:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 05:46:24 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 05:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 05:52:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 05:53:29 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 05:55:50 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 05:58:48 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >> Feb 1 05:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 06:00:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 06:03:02 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 06:04:52 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 06:08:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 06:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 06:11:32 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 06:12:22 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 71.187.187.196 to the global_no_access list for 120 minutes >> Feb 1 06:13:23 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 06:18:19 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 06:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 06:21:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 06:21:21 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 06:24:12 cerowrt kern.info kernel: [5030779.328125] ge00: link down >> Feb 1 06:24:16 cerowrt kern.debug kernel: [5030783.343750] ar71xx: pll_reg 0xb8050014: 0x11110000 >> Feb 1 06:24:16 cerowrt kern.info kernel: [5030783.343750] ge00: link up (1000Mbps/Full duplex) >> Feb 1 06:24:30 cerowrt kern.info kernel: [5030797.406250] ge00: link down >> Feb 1 06:24:55 cerowrt kern.debug kernel: [5030822.503906] ar71xx: pll_reg 0xb8050014: 0x11110000 >> Feb 1 06:24:55 cerowrt kern.info kernel: [5030822.503906] ge00: link up (1000Mbps/Full duplex) >> Feb 1 06:27:56 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 06:29:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 06:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 06:31:07 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 06:36:39 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 06:38:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 06:38:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 06:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 06:44:26 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 06:46:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 06:47:26 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 06:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 06:52:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 06:54:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 06:56:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 06:59:00 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 187.54.249.118 to the global_no_access list for 120 minutes >> Feb 1 06:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 07:02:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 07:02:53 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 07:05:08 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 07:07:25 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 181.50.13.174 to the global_no_access list for 120 minutes >> Feb 1 07:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 07:11:33 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 07:11:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 07:13:52 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >> Feb 1 07:14:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 07:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 07:20:09 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 07:20:30 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 07:23:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 07:24:57 cerowrt kern.info kernel: [5034424.527343] ge00: link down >> Feb 1 07:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 07:29:41 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 07:29:50 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 07:32:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 07:38:52 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da IEEE 802.11: authenticated >> Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da IEEE 802.11: associated (aid 2) >> Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da RADIUS: starting accounting session 52806EEC-0000005B >> Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da WPA: pairwise key handshake completed (RSN) >> Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPDISCOVER(sw00) 172.30.42.74 74:e5:43:69:09:da >> Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPOFFER(sw00) 172.30.42.74 74:e5:43:69:09:da >> Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPREQUEST(sw00) 172.30.42.74 74:e5:43:69:09:da >> Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPACK(sw00) 172.30.42.74 74:e5:43:69:09:da a >> Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 07:39:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-SOLICIT(sw00) 74:e5:43:69:09:da >> Feb 1 07:39:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 07:39:14 cerowrt daemon.info dnsmasq-dhcp[2896]: SLAAC-CONFIRM(sw00) 2001:470:89c6:1:76e5:43ff:fe69:9da a >> Feb 1 07:39:15 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPINFORMATION-REQUEST(sw00) 00:04:fc:3a:bd:af:bb:b3:64:10:e1:fd:72:cf:0f:0c:c1:14 a >> Feb 1 07:39:19 cerowrt authpriv.info dropbear[3709]: Child connection from 172.30.42.74:53620 >> Feb 1 07:39:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 07:39:25 cerowrt authpriv.info dropbear[3709]: Exit before auth: Exited normally >> Feb 1 07:39:28 cerowrt authpriv.info dropbear[3710]: Child connection from 172.30.42.74:53621 >> Feb 1 07:39:35 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621 >> Feb 1 07:39:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 07:39:38 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da WPA: group key handshake completed (RSN) >> Feb 1 07:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >> Feb 1 07:39:39 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621 >> Feb 1 07:39:44 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621 >> Feb 1 07:39:44 cerowrt authpriv.info dropbear[3710]: Exit before auth: Exited normally >> Feb 1 07:39:45 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >> Feb 1 07:39:52 cerowrt kern.debug kernel: [5035318.730468] icmpv6_send: no reply to icmp error >> Feb 1 07:39:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 07:39:56 cerowrt kern.debug kernel: [5035322.816406] icmpv6_send: no reply to icmp error >> Feb 1 07:40:00 cerowrt kern.debug kernel: [5035327.488281] icmpv6_send: no reply to icmp error >> Feb 1 07:40:07 cerowrt authpriv.info dropbear[3712]: Child connection from 172.30.42.74:53629 >> Feb 1 07:40:10 cerowrt kern.debug kernel: [5035336.816406] icmpv6_send: no reply to icmp error >> Feb 1 07:40:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >> Feb 1 07:40:13 cerowrt authpriv.notice dropbear[3712]: Password auth succeeded for 'root' from 172.30.42.74:53629 >> Feb 1 07:40:28 cerowrt kern.debug kernel: [5035355.472656] icmpv6_send: no reply to icmp error >> Feb 1 07:40:43 cerowrt kern.info kernel: [5035370.363281] device ge00 entered promiscuous mode >> Feb 1 07:40:44 cerowrt kern.info kernel: [5035371.164062] device ge00 left promiscuous mode >> Feb 1 07:40:46 cerowrt kern.info kernel: [5035372.847656] device ge00 entered promiscuous mode >> Feb 1 07:40:49 cerowrt kern.info kernel: [5035376.109375] device ge00 left promiscuous mode >> Feb 1 07:46:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs 2014-03-26 3:19 ` Dave Taht @ 2014-03-26 3:41 ` Dave Taht 2014-03-26 4:42 ` Valdis.Kletnieks 0 siblings, 1 reply; 11+ messages in thread From: Dave Taht @ 2014-03-26 3:41 UTC (permalink / raw) To: cerowrt-devel, Steven B., Chuck Anderson, Hauke Mehrtens Dear Chuck: Not only was this a severe bug... ... it was fixed on march 7th. commit 5b98f902f616bd9b96a2128587bc6995555a43c1 Author: Steven Barth <steven@midlink.org> Date: Fri Mar 7 10:33:49 2014 +0100 fix integer overflow after 50 days (thx Hauke Mehrtens) I was looking at the wrong git repo. So the fix is certainly in 3.10.32-12, please upgrade to that. http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.10.32-12/ :whew: Hat tip to Hauke for finding and fixing it! I am removing the comcast specific builds now as the mainline cero works right in most cases. So now we're down to just two long term bugs we know of - the dnssec/ntp bug, and the problems jim gettys was having with a long term heavily active he tunnel and tcp syns. Jim is presently running without ipv6 or syn flood protection to see if that clears it up, and I'm still at a loss as to the most correct way to bring up dnssec. On Tue, Mar 25, 2014 at 8:19 PM, Dave Taht <dave.taht@gmail.com> wrote: > It sounds like a 32 bit overflow of some kind (23.x days *s) > > In looking through the relevant commits for odhcpd, I don't see any > fixes targetted at it. > > We had another similar bug with the ra flooding thing comcast was > doing but I think this is different. > an strace would be good to have. > > opkg update > opkg install strace > strace -p t`pidof odhcp6c` 2> /tmp/strace.log > wait a bit, do a control-c, send the log. > > I realize this is a very severe bug, but at one level, I'm happy - > we're making 52 days of uptime without a problem! Next stop, YEARS. > > > On Tue, Mar 25, 2014 at 7:40 PM, Chuck Anderson <cra@wpi.edu> wrote: >> This happened again, but this time it killed the eMTA in my cable >> modem, knocking out my Xfinity Voice service. The Arris Telephony >> Modem got stuck at Telephony-DHCP and wouldn't boot past that point, >> which is unsurprising given the large flood of DHCPv6 Solicit packets >> going through it. As soon as I unplugged the CeroWrt WAN interface, >> the Arris eMTA was able to boot and my phone service was restored. >> >> This was with the CeroWrt comcast release 3.10.28-4 which has been >> sitting there running for 52 days. It appears to take a long time to >> see this issue, so mabye no one here has seen it because they reboot >> or upgrade their CeroWrt routers more often than that, or maybe no one >> is using odhcp6c anymore. >> >> This is definitely a severe bug in odhcp6c. It should have built-in >> rate limiting to prevent it from trashing the network. It is never >> correct for a DHCP client to send packets this rapidly. >> >> The odhcp6c process is currently taking all available CPU, about 86%, >> with 12% taken by rngd. How can I debug this currently running >> process? There is no "strace" binary to see what it is doing... >> >> 17039 1182 root R 828 1% 86% odhcp6c -s /lib/netifd/dhcpv6.script >> 1778 1 root S 816 1% 12% /sbin/rngd -f -r /dev/urandom -W 4000 >> 1286 1 root S 2756 2% 0% /usr/sbin/snmpd -Lf /dev/null -p /var >> 20565 20081 root R 1708 1% 0% top >> 20064 1326 root S 1300 1% 0% dropbear -i >> 1601 1 root S 1216 1% 0% /usr/sbin/babeld -D -I /var/run/babel >> 1098 2 root SW 0 0% 0% [kworker/0:3] >> 1254 1 root S 4828 4% 0% /usr/sbin/lighttpd -D -f /etc/lighttp >> 1226 1 www-data S 4244 3% 0% /usr/sbin/lighttpd -D -f /etc/lighttp >> 1628 1 root S 3952 3% 0% /usr/sbin/hostapd -P /var/run/wifi-ph >> 1663 1 root S 3952 3% 0% /usr/sbin/hostapd -P /var/run/wifi-ph >> 1537 1 nobody S 2320 2% 0% avahi-daemon: running [cerowrt.local] >> 1450 1 root S 1756 1% 0% /usr/sbin/dbus-daemon --system >> 1348 1182 root S 1716 1% 0% udhcpc -p /var/run/udhcpc-ge00.pid -s >> 20081 20064 root S 1716 1% 0% -ash >> 1242 1 root S 1712 1% 0% /usr/sbin/crond -f -c /etc/crontabs - >> 1791 1 root S 1708 1% 0% /usr/sbin/ntpd -n -l -p 0.openwrt.poo >> 1182 1 root S 1576 1% 0% /sbin/netifd >> 16232 1 nobody S 1436 1% 0% /usr/sbin/dnsmasq -C /var/etc/dnsmasq >> ^C233 16232 root S 1432 1% 0% /usr/sbin/dnsmasq -C /var/etc/dnsmasq >> >> root@cerowrt:/# uptime >> 22:32:31 up 52 days, 1:10, load average: 1.27, 1.29, 1.26 >> >> >> Tcpdump output: >> >> 22:04:42.703054 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.703239 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.703422 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.703603 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.703786 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.703968 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.704151 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.704334 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.704516 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.704698 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.704881 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.705104 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.705290 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.705472 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.705655 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.705837 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.706020 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.706202 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.706385 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.706566 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.706749 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.706932 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.707116 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.707298 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.707481 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.707664 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.707846 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.708028 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.708211 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.708393 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.708576 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.708759 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.708981 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.709202 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.709387 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.709617 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.709801 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.709983 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.710167 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.710350 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.710533 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.710715 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.710898 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.752919 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.753102 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.753285 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.753468 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.753650 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.753834 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.754016 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.754199 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.754382 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.754564 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.754747 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.754931 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.755113 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.755346 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.755529 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.755712 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.755964 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.756152 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.756335 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.756517 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.756700 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.756883 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.757073 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.757256 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.757439 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.757623 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.757806 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.757990 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.758171 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.758355 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.758536 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.758719 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.890376 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.890562 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.890745 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.890928 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.891120 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.891303 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> 22:04:42.891487 IP6 fe80::2eb0:5dff:fe7f:7096.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit >> >> >> On Sat, Feb 01, 2014 at 08:29:50AM -0500, Chuck Anderson wrote: >>> This morning my Linux PC which has a direct connection to my Comcast >>> cable modem (no router in between) lost its IPv4 address. During >>> troubleshooting, I noticed that the dhclient was unable to get an IPv4 >>> address from Comcast. I ran tcpdump and discovered that the CeroWRT >>> router, also connected to the same cable modem via a switch, was >>> flooding the WAN with DHCPv6 SOLICIT packets with about 4700 >>> packets/sec, 6.6 megabits/sec of traffic! I immediately unplugged >>> CeroWRT from the WAN and then my PC was able to get an IPv4 address >>> from Comcast. >>> >>> I know CeroWrt 3.7.5-2 is old at this point, but I'm wondering if >>> something else changed to cause this behavior. Maybe Comcast >>> IPv6-enabled my CMTS finally? I've been using HE tunnels for IPv6, >>> one on a Linksys OpenWRT for my "production" network and a separate >>> tunnel on this CeroWRT for "testing". >>> >>> There is one other change that was made to my Linux PC--I booted into >>> a new kernel yesterday morning and had a similar problem with the >>> inability to get an IPv4 address via DHCP from Comcast for about 30 >>> minutes, then it just started working on its own. (I hadn't noticed >>> initially since I was using IPv6 to get where I needed to go.) I >>> didn't have time to troubleshoot it at the time, but I assumed it was >>> due to this IPv6 change in the Fedora kernel: >>> >>> * Wed Jan 29 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-201 >>> - ipv6 addrconf: revert /proc/net/if_inet6 ifa_flag format (rhbz 1056711) >>> >>> * Tue Jan 28 2014 Josh Boyer <jwboyer@fedoraproject.org> >>> - Add patch from Stanislaw Gruszka to fix ath9k BUG (rhbz 990955) >>> >>> * Mon Jan 27 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.12.9-200 >>> - Backport new IPv6 address flag IFA_F_NOPREFIXROUTE and IFA_F_MANAGETEMPADDR (rhbz 1056711) >>> - Linux v3.12.9 >>> - i915: remove pm_qos request on error (rhbz 1057533) >>> >>> See https://bugzilla.redhat.com/show_bug.cgi?id=1056711 for details >>> about that. >>> >>> Each time this loss of IPv4 happened, I noticed the NIC link went down >>> right before it started. Maybe the flooding was happening yesterday >>> morning too, and the flooding caused my poor 5-port Netgear switch to >>> flake out and flap the NIC links? Alternatively, maybe the link flap >>> itself was what caused odhcp6c to wig out and start flooding in the >>> first place? Unfortunately I don't have a tcpdump from yesterday >>> morning to confirm this. >>> >>> CeroWRT status: >>> >>> Router Name cerowrt >>> Router Model NETGEAR WNDR3700v2 >>> Firmware Version CeroWrt Modena 3.7.5-2 / LuCI Trunk (trunk+svn) >>> Kernel Version 3.7.5 >>> Local Time Sat Feb 1 07:54:43 2014 >>> Uptime 58d 6h 56m 51s >>> >>> The DHCPv6 client is odhcp6c: >>> >>> root@cerowrt:~# ps |grep dhc >>> 980 root 1720 S udhcpc -p /var/run/udhcpc-ge00.pid -s /lib/netifd/dh >>> 1335 root 804 R odhcp6c -s /lib/netifd/dhcpv6.script -Ntry -P60 ge00 >>> 3725 root 1704 S grep dhc >>> >>> Here is an example packet from the DHCPv6 flood: >>> >>> No. Time Source Destination Protocol Length Info >>> 1 0.000000 fe80::c63d:c7ff:feb0:8f41 ff02::1:2 DHCPv6 179 Solicit XID: 0x45eb91 CID: 00030001c43dc7b08f41 >>> >>> Frame 1: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) >>> Encapsulation type: Ethernet (1) >>> Arrival Time: Feb 1, 2014 07:20:27.723633000 EST >>> [Time shift for this packet: 0.000000000 seconds] >>> Epoch Time: 1391257227.723633000 seconds >>> [Time delta from previous captured frame: 0.000000000 seconds] >>> [Time delta from previous displayed frame: 0.000000000 seconds] >>> [Time since reference or first frame: 0.000000000 seconds] >>> Frame Number: 1 >>> Frame Length: 179 bytes (1432 bits) >>> Capture Length: 179 bytes (1432 bits) >>> [Frame is marked: False] >>> [Frame is ignored: False] >>> [Protocols in frame: eth:ipv6:udp:dhcpv6] >>> [Coloring Rule Name: UDP] >>> [Coloring Rule String: udp] >>> Ethernet II, Src: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41), Dst: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) >>> Destination: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) >>> Address: IPv6mcast_00:01:00:02 (33:33:00:01:00:02) >>> .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) >>> .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) >>> Source: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) >>> Address: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41) >>> .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) >>> .... ...0 .... .... .... .... = IG bit: Individual address (unicast) >>> Type: IPv6 (0x86dd) >>> Internet Protocol Version 6, Src: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41), Dst: ff02::1:2 (ff02::1:2) >>> 0110 .... = Version: 6 >>> [0110 .... = This field makes the filter "ip.version == 6" possible: 6] >>> .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 >>> .... 0000 00.. .... .... .... .... .... = Differentiated Services Field: Default (0x00000000) >>> .... .... ..0. .... .... .... .... .... = ECN-Capable Transport (ECT): Not set >>> .... .... ...0 .... .... .... .... .... = ECN-CE: Not set >>> .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 >>> Payload length: 125 >>> Next header: UDP (17) >>> Hop limit: 1 >>> Source: fe80::c63d:c7ff:feb0:8f41 (fe80::c63d:c7ff:feb0:8f41) >>> [Source SA MAC: Netgear_b0:8f:41 (c4:3d:c7:b0:8f:41)] >>> Destination: ff02::1:2 (ff02::1:2) >>> [Source GeoIP: Unknown] >>> [Destination GeoIP: Unknown] >>> User Datagram Protocol, Src Port: dhcpv6-client (546), Dst Port: dhcpv6-server (547) >>> Source port: dhcpv6-client (546) >>> Destination port: dhcpv6-server (547) >>> Length: 125 >>> Checksum: 0xda1c [validation disabled] >>> [Good Checksum: False] >>> [Bad Checksum: False] >>> DHCPv6 >>> Message type: Solicit (1) >>> Transaction ID: 0x45eb91 >>> Elapsed time >>> Option: Elapsed time (8) >>> Length: 2 >>> Value: ffff >>> Elapsed-time: 655350 ms >>> Option Request >>> Option: Option Request (6) >>> Length: 10 >>> Value: 00170018003800160015 >>> Requested Option code: DNS recursive name server (23) >>> Requested Option code: Domain Search List (24) >>> Requested Option code: Unknown (56) >>> Requested Option code: SIP Servers IPv6 Address List (22) >>> Requested Option code: SIP Server Domain Name List (21) >>> Client Identifier >>> Option: Client Identifier (1) >>> Length: 10 >>> Value: 00030001c43dc7b08f41 >>> DUID: 00030001c43dc7b08f41 >>> DUID Type: link-layer address (3) >>> Hardware type: Ethernet (1) >>> Link-layer address: c4:3d:c7:b0:8f:41 >>> Reconfigure Accept >>> Option: Reconfigure Accept (20) >>> Length: 0 >>> Fully Qualified Domain Name >>> Option: Fully Qualified Domain Name (39) >>> Length: 10 >>> Value: 00076365726f77727400 >>> 0000 0... = Reserved: 0x00 >>> .... .0.. = N bit: Server should perform DNS updates >>> .... ..0. = O bit: Server has not overridden client's S bit preference >>> .... ...0 = S bit: Server should not perform forward DNS updates >>> Domain: cerowrt >>> Identity Association for Non-temporary Address >>> Option: Identity Association for Non-temporary Address (3) >>> Length: 12 >>> Value: 000000010000000000000000 >>> IAID: 00000001 >>> T1: 0 >>> T2: 0 >>> Identity Association for Prefix Delegation >>> Option: Identity Association for Prefix Delegation (25) >>> Length: 41 >>> Value: 000000010000000000000000001a00190000000000000000... >>> IAID: 00000001 >>> T1: 0 >>> T2: 0 >>> IA Prefix >>> Option: IA Prefix (26) >>> Length: 25 >>> Value: 00000000000000003c000000000000000000000000000000... >>> Preferred lifetime: 0 >>> Valid lifetime: 0 >>> Prefix length: 60 >>> Prefix address: :: (::) >>> >>> 0000 33 33 00 01 00 02 c4 3d c7 b0 8f 41 86 dd 60 00 33.....=...A..`. >>> 0010 00 00 00 7d 11 01 fe 80 00 00 00 00 00 00 c6 3d ...}...........= >>> 0020 c7 ff fe b0 8f 41 ff 02 00 00 00 00 00 00 00 00 .....A.......... >>> 0030 00 00 00 01 00 02 02 22 02 23 00 7d da 1c 01 45 .......".#.}...E >>> 0040 eb 91 00 08 00 02 ff ff 00 06 00 0a 00 17 00 18 ................ >>> 0050 00 38 00 16 00 15 00 01 00 0a 00 03 00 01 c4 3d .8.............= >>> 0060 c7 b0 8f 41 00 14 00 00 00 27 00 0a 00 07 63 65 ...A.....'....ce >>> 0070 72 6f 77 72 74 00 00 03 00 0c 00 00 00 01 00 00 rowrt........... >>> 0080 00 00 00 00 00 00 00 19 00 29 00 00 00 01 00 00 .........)...... >>> 0090 00 00 00 00 00 00 00 1a 00 19 00 00 00 00 00 00 ................ >>> 00a0 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 ..<............. >>> 00b0 00 00 00 ... >>> >>> The CeroWRT system log is attached. Nothing looks strange except the >>> loss of ge00 link around 6:24 this morning, which is right around when >>> I lost IPv4 connectivity to my Linux PC (I have a system monitoring >>> this IP and it SMS's me if it goes down). My PC's NIC link went down >>> at exactly the same time. At 7:24 is when I unplugged CeroWRT. >> >>> Feb 1 03:44:30 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 03:47:19 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 03:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 03:50:22 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 03:53:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 03:56:41 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >>> Feb 1 03:57:04 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 03:58:00 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 88.119.198.49 to the global_no_access list for 120 minutes >>> Feb 1 03:58:28 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 58.63.69.150 to the global_no_access list for 120 minutes >>> Feb 1 03:59:08 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 03:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 03:59:42 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >>> Feb 1 04:02:32 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 04:06:00 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 04:08:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 04:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 04:11:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 04:13:56 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 04:18:43 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 04:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 04:20:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 04:21:43 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >>> Feb 1 04:22:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 04:28:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 04:29:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 04:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 04:31:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 04:32:44 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >>> Feb 1 04:36:44 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 04:38:16 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 04:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 04:39:44 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >>> Feb 1 04:41:10 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 04:44:21 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 04:47:58 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 04:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 04:50:43 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 04:53:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 04:56:01 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 04:57:45 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >>> Feb 1 04:58:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 04:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 05:01:41 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 05:04:28 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 05:07:24 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 05:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 05:09:54 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 05:13:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 05:13:40 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 60.165.210.96 to the global_no_access list for 120 minutes >>> Feb 1 05:16:00 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 05:17:49 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 05:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 05:22:10 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 05:25:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 05:26:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 05:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 05:29:44 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 05:34:45 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 05:35:04 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 05:37:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 05:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 05:43:33 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 05:44:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 05:46:24 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 05:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 05:52:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 05:53:29 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 05:55:50 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 05:58:48 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >>> Feb 1 05:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 06:00:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 06:03:02 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 06:04:52 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 06:08:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 06:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 06:11:32 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 06:12:22 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 71.187.187.196 to the global_no_access list for 120 minutes >>> Feb 1 06:13:23 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 06:18:19 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 06:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 06:21:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 06:21:21 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 06:24:12 cerowrt kern.info kernel: [5030779.328125] ge00: link down >>> Feb 1 06:24:16 cerowrt kern.debug kernel: [5030783.343750] ar71xx: pll_reg 0xb8050014: 0x11110000 >>> Feb 1 06:24:16 cerowrt kern.info kernel: [5030783.343750] ge00: link up (1000Mbps/Full duplex) >>> Feb 1 06:24:30 cerowrt kern.info kernel: [5030797.406250] ge00: link down >>> Feb 1 06:24:55 cerowrt kern.debug kernel: [5030822.503906] ar71xx: pll_reg 0xb8050014: 0x11110000 >>> Feb 1 06:24:55 cerowrt kern.info kernel: [5030822.503906] ge00: link up (1000Mbps/Full duplex) >>> Feb 1 06:27:56 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 06:29:14 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 06:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 06:31:07 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 06:36:39 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 06:38:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 06:38:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 06:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 06:44:26 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 06:46:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 06:47:26 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 06:49:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 06:52:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 06:54:47 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 06:56:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 06:59:00 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 187.54.249.118 to the global_no_access list for 120 minutes >>> Feb 1 06:59:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 07:02:03 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 07:02:53 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 07:05:08 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 07:07:25 cerowrt daemon.crit xinetd[2832]: 2832 {process_sensor} Adding 181.50.13.174 to the global_no_access list for 120 minutes >>> Feb 1 07:09:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 07:11:33 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 07:11:35 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 07:13:52 cerowrt daemon.info xinetd[2832]: At least 1 DENY_TIME has expired, global_no_access list updated >>> Feb 1 07:14:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 07:19:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 07:20:09 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 07:20:30 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 07:23:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 07:24:57 cerowrt kern.info kernel: [5034424.527343] ge00: link down >>> Feb 1 07:29:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 07:29:41 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 07:29:50 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 07:32:36 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 07:38:52 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >>> Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da IEEE 802.11: authenticated >>> Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da IEEE 802.11: associated (aid 2) >>> Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da RADIUS: starting accounting session 52806EEC-0000005B >>> Feb 1 07:39:12 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da WPA: pairwise key handshake completed (RSN) >>> Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPDISCOVER(sw00) 172.30.42.74 74:e5:43:69:09:da >>> Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPOFFER(sw00) 172.30.42.74 74:e5:43:69:09:da >>> Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPREQUEST(sw00) 172.30.42.74 74:e5:43:69:09:da >>> Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPACK(sw00) 172.30.42.74 74:e5:43:69:09:da a >>> Feb 1 07:39:12 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 07:39:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-SOLICIT(sw00) 74:e5:43:69:09:da >>> Feb 1 07:39:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 07:39:14 cerowrt daemon.info dnsmasq-dhcp[2896]: SLAAC-CONFIRM(sw00) 2001:470:89c6:1:76e5:43ff:fe69:9da a >>> Feb 1 07:39:15 cerowrt daemon.info dnsmasq-dhcp[2896]: DHCPINFORMATION-REQUEST(sw00) 00:04:fc:3a:bd:af:bb:b3:64:10:e1:fd:72:cf:0f:0c:c1:14 a >>> Feb 1 07:39:19 cerowrt authpriv.info dropbear[3709]: Child connection from 172.30.42.74:53620 >>> Feb 1 07:39:20 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 07:39:25 cerowrt authpriv.info dropbear[3709]: Exit before auth: Exited normally >>> Feb 1 07:39:28 cerowrt authpriv.info dropbear[3710]: Child connection from 172.30.42.74:53621 >>> Feb 1 07:39:35 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621 >>> Feb 1 07:39:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 07:39:38 cerowrt daemon.info hostapd: sw00: STA 74:e5:43:69:09:da WPA: group key handshake completed (RSN) >>> Feb 1 07:39:38 cerowrt daemon.info hostapd: sw00: STA e0:75:7d:6c:67:de WPA: group key handshake completed (RSN) >>> Feb 1 07:39:39 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621 >>> Feb 1 07:39:44 cerowrt authpriv.warn dropbear[3710]: Login attempt for nonexistent user from 172.30.42.74:53621 >>> Feb 1 07:39:44 cerowrt authpriv.info dropbear[3710]: Exit before auth: Exited normally >>> Feb 1 07:39:45 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw10) 2001:470:89c6:2:: >>> Feb 1 07:39:52 cerowrt kern.debug kernel: [5035318.730468] icmpv6_send: no reply to icmp error >>> Feb 1 07:39:55 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 07:39:56 cerowrt kern.debug kernel: [5035322.816406] icmpv6_send: no reply to icmp error >>> Feb 1 07:40:00 cerowrt kern.debug kernel: [5035327.488281] icmpv6_send: no reply to icmp error >>> Feb 1 07:40:07 cerowrt authpriv.info dropbear[3712]: Child connection from 172.30.42.74:53629 >>> Feb 1 07:40:10 cerowrt kern.debug kernel: [5035336.816406] icmpv6_send: no reply to icmp error >>> Feb 1 07:40:13 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(sw00) 2001:470:89c6:1:: >>> Feb 1 07:40:13 cerowrt authpriv.notice dropbear[3712]: Password auth succeeded for 'root' from 172.30.42.74:53629 >>> Feb 1 07:40:28 cerowrt kern.debug kernel: [5035355.472656] icmpv6_send: no reply to icmp error >>> Feb 1 07:40:43 cerowrt kern.info kernel: [5035370.363281] device ge00 entered promiscuous mode >>> Feb 1 07:40:44 cerowrt kern.info kernel: [5035371.164062] device ge00 left promiscuous mode >>> Feb 1 07:40:46 cerowrt kern.info kernel: [5035372.847656] device ge00 entered promiscuous mode >>> Feb 1 07:40:49 cerowrt kern.info kernel: [5035376.109375] device ge00 left promiscuous mode >>> Feb 1 07:46:37 cerowrt daemon.info dnsmasq-dhcp[2896]: RTR-ADVERT(se00) 2001:470:89c6:: >> _______________________________________________ >> Cerowrt-devel mailing list >> Cerowrt-devel@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cerowrt-devel > > > > -- > Dave Täht > > Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs 2014-03-26 3:41 ` Dave Taht @ 2014-03-26 4:42 ` Valdis.Kletnieks 2014-03-26 6:38 ` Dave Taht 2014-03-26 10:36 ` Aaron Wood 0 siblings, 2 replies; 11+ messages in thread From: Valdis.Kletnieks @ 2014-03-26 4:42 UTC (permalink / raw) To: Dave Taht; +Cc: Hauke Mehrtens, Steven B., cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 265 bytes --] On Tue, 25 Mar 2014 20:41:53 -0700, Dave Taht said: > I'm still at a loss as to the most correct way to bring up dnssec. Don't sweat it too much - nobody else in the security business knows how to do it either. :) DNSSEC has even less uptake than IPv6.... [-- Attachment #2: Type: application/pgp-signature, Size: 848 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs 2014-03-26 4:42 ` Valdis.Kletnieks @ 2014-03-26 6:38 ` Dave Taht 2014-03-26 10:36 ` Aaron Wood 1 sibling, 0 replies; 11+ messages in thread From: Dave Taht @ 2014-03-26 6:38 UTC (permalink / raw) To: Valdis.Kletnieks; +Cc: Hauke Mehrtens, Steven Barth, cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 351 bytes --] On Mar 25, 2014 9:43 PM, <Valdis.Kletnieks@vt.edu> wrote: > > On Tue, 25 Mar 2014 20:41:53 -0700, Dave Taht said: > > > I'm still at a loss as to the most correct way to bring up dnssec. > > Don't sweat it too much - nobody else in the security business knows > how to do it either. :) DNSSEC has even less uptake than IPv6.... Not for long I hope! [-- Attachment #2: Type: text/html, Size: 510 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs 2014-03-26 4:42 ` Valdis.Kletnieks 2014-03-26 6:38 ` Dave Taht @ 2014-03-26 10:36 ` Aaron Wood 2014-03-26 12:20 ` Török Edwin 1 sibling, 1 reply; 11+ messages in thread From: Aaron Wood @ 2014-03-26 10:36 UTC (permalink / raw) To: Valdis Kletnieks; +Cc: Hauke Mehrtens, Steven B., cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 1258 bytes --] I also don't consider the ntp/dnssec issue a blocker, not at the moment. It's a larger problem to solve, and one that needs solving in a wider context than just CeroWRT, and so we should keep working on a solution, but not make it a "release blocking" issue. It's a known issue, a known bit of research to continue chiseling away it, but not a major blocker. Especially since we can always switch to raw-ip addresses for the ntp servers, as a workaround. But I like some of the workarounds suggested such as starting secure, and then slowly ratching down the security as things fail. So long as we don't expose a way to cripple the unit, or otherwise coerce it into misbehavior, I think we'll find a solution along those routes. -Aaron On Wed, Mar 26, 2014 at 5:42 AM, <Valdis.Kletnieks@vt.edu> wrote: > On Tue, 25 Mar 2014 20:41:53 -0700, Dave Taht said: > > > I'm still at a loss as to the most correct way to bring up dnssec. > > Don't sweat it too much - nobody else in the security business knows > how to do it either. :) DNSSEC has even less uptake than IPv6.... > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > > [-- Attachment #2: Type: text/html, Size: 1873 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs 2014-03-26 10:36 ` Aaron Wood @ 2014-03-26 12:20 ` Török Edwin 0 siblings, 0 replies; 11+ messages in thread From: Török Edwin @ 2014-03-26 12:20 UTC (permalink / raw) To: cerowrt-devel On 03/26/2014 12:36 PM, Aaron Wood wrote: > I also don't consider the ntp/dnssec issue a blocker, not at the moment. It's a larger problem to solve, and one that needs solving in a wider context than just CeroWRT, and so we should keep working on a solution, but not make it a "release blocking" issue. It's a known issue, a known bit of research to continue chiseling away it, but not a major blocker. > > Especially since we can always switch to raw-ip addresses for the ntp servers, as a workaround. > > But I like some of the workarounds suggested such as starting secure, and then slowly ratching down the security as things fail. So long as we don't expose a way to cripple the unit, or otherwise coerce it into misbehavior, I think we'll find a solution along those routes. This suggests using 'tlsdate', or the dhcp time option (if provided by another DHCP server): http://tools.ietf.org/id/draft-mglt-homenet-dnssec-validator-dhc-options-01.txt tlsdate looks interesting, as you'd still have *some* protection from the TLS certificate check, even if you patch it to fallback to an insecure DNS lookup. Best regards, --Edwin ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2014-03-26 12:20 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-02-01 13:29 [Cerowrt-devel] odhcp6c went crazy flooding Comcast with DHCPv6 SOLICITs Chuck Anderson 2014-02-01 16:43 ` Dave Taht 2014-02-01 16:54 ` Dave Taht 2014-02-01 19:33 ` Jim Gettys 2014-03-26 2:40 ` Chuck Anderson 2014-03-26 3:19 ` Dave Taht 2014-03-26 3:41 ` Dave Taht 2014-03-26 4:42 ` Valdis.Kletnieks 2014-03-26 6:38 ` Dave Taht 2014-03-26 10:36 ` Aaron Wood 2014-03-26 12:20 ` Török Edwin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox