[Cerowrt-devel] test-ipv6.com vs dnssec
Dave Taht
dave.taht at gmail.com
Sun Apr 27 12:15:56 EDT 2014
On Sat, Apr 26, 2014 at 12:41 PM, Sebastian Moeller <moeller0 at gmx.de> wrote:
> Hi List, hi Dave,
>
> so I had to restart cerowrt 3.10.36-6 today after coming home from a 5 day trip. I had some issues connecting with a macbook and one of 2 nexus 4s. after a reboot of the router both MacBooks connected fine on the 5GHz radio but none of the nexi connected to either the 2.4GHz nor the 5GHz radio, instead they produced endless repetitions of:
> Sat Apr 26 21:27:15 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
> Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 IEEE 802.11: disassociated
> Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 IEEE 802.11: authenticated
> Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 IEEE 802.11: associated (aid 1)
> Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 WPA: pairwise key handshake completed (RSN)
> Sat Apr 26 21:27:30 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
> Sat Apr 26 21:27:33 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
> Sat Apr 26 21:27:35 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
> Sat Apr 26 21:27:39 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
> Sat Apr 26 21:27:47 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
Well, somehow dnsmasq ran out of leases, or was unable to derive an
ip address range from the interface's
ifconfig. There are only a very few leases by default (28), and they
time out after a few hours, so a bunch of drive-by
dhcp requests could have run you out, but I'd suspect a bug unless
you have/had a large number of leases in
/tmp/dhcp.leases.
I have been fiddling with things, and (for example) changing wifi
parameters and doing a reload sometimes
loses the ip address on one or more wifi interfaces. (you get a
different error from dnsmasq in that case)
So I figure we have multiple race conditions right now causing
problems, in addition to some long term
bugs in wifi handling. Tighter integration of dnsmasq with the ubus
system would be good. A better grip
on how to exercise and debug ubus events would be good too.
Of possible relevance, this just landed in openwrt head:
https://dev.openwrt.org/changeset/40573
There are also some routing bugs fixed in 3.10.37
I have been running without setting a multicast_rate now for half a
day on 3.10.36-7
>
> Following Dave's recommendation of issuing a "/etc/init.d/dnsmasq reload" allowed both phones to connect again, so we might still have a race hidden somewhere… (This is on a system without working ipv6 currently). 3.10.36-6 looks like it needs a bit more maturation time ;) It would be interesting to learn whether the same approach might help other people as well...
>
> Best Regards
> Sebastian
>
>
>
> On Apr 25, 2014, at 21:42 , Dave Taht <dave.taht at gmail.com> wrote:
>
>> We used to arbitrarily restart dnsmasq after boot with a script.
>> Perhaps doing a /etc/init.d/dnsmasq reload 60 sec after boo will show
>> something.
>>
>> But I am puzzled as to not getting an ipv4 route. This hints at an
>> issue on the ubus.
>>
>> I am trying to take a bit of vacation for the next week or so, it was
>> my hope everything was actually working...
>>
>> ... and even if it isn't, I need a break. Good Luck on this y'all,
>> I'll be back after a tan.
>>
>>
>> On Fri, Apr 25, 2014 at 12:24 PM, Török Edwin
>> <edwin+ml-cerowrt at etorok.net> wrote:
>>> On 04/25/2014 09:01 PM, Jim Gettys wrote:
>>>> More specifically, after boot, most of the time test-ipv6.com <http://test-ipv6.com> reports lots of problems.
>>>>
>>>> Then I turned off both dnssec and dnssec-check-unsigned, and restarted dnsmasq; clean bill of health from test-ipv6.com <http://test-ipv6.com>.
>>>>
>>>>
>>>> So we seem to have a boot time race of some sort.
>>>
>>> There is definitely something wrong when ipv6 is enabled (I just noticed that since my latest upgrade I forgot to enable it).
>>> When I enable ipv6 for PPPoE, then IPv6 works in the sense I can ping6 stuff from the router ... except IPv4 is completely broken: there is no default route added according to 'ip route show',
>>> and even if I add a default route machines from LAN still can't reach IPv4 (presumably firewall would need to be reloaded too?).
>>> It doesn't seem to be dnssec related, as even if I turn both dnssec and dnssec-check-unsigned off the behaviour is still the same.
>>> I haven't investigated more deeply whats wrong yet. Do you think it could be related to your race condition?
>>>
>>>> Then I turned on dnssec only, leaving dnssec-check-unsigned, and got a clean bill of health.
>>>
>>> I've been using this for a while, it gets me a 0/10 score, i.e. ipv4 works, ipv6 fails, dual stack works with ipv4.
>>>
>>>>
>>>> Then I turned on both at the same time, and things are working.
>>>
>>> With both on I get a 'n/a' as a result, saying that dual-stack lookups timed out, presumably because ipv6 is off see below.
>>>
>>>
>>>
>>> Best regards,
>>> --Edwin
>>> _______________________________________________
>>> Cerowrt-devel mailing list
>>> Cerowrt-devel at lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>>
>>
>>
>> --
>> Dave Täht
>>
>> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel at lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
More information about the Cerowrt-devel
mailing list