[Cerowrt-devel] test-ipv6.com vs dnssec

Sebastian Moeller moeller0 at gmx.de
Sun Apr 27 15:49:02 EDT 2014


Hi Dave,

thanks for the information.


On Apr 27, 2014, at 18:15 , Dave Taht <dave.taht at gmail.com> wrote:

> On Sat, Apr 26, 2014 at 12:41 PM, Sebastian Moeller <moeller0 at gmx.de> wrote:
>> Hi List, hi Dave,
>> 
>> so I had to restart cerowrt 3.10.36-6 today after coming home from a 5 day trip. I had some issues connecting with a macbook and one of 2 nexus 4s. after a reboot of the router both MacBooks connected fine on the 5GHz radio but none of the nexi connected to either the 2.4GHz nor the 5GHz radio, instead they produced endless repetitions of:
>> Sat Apr 26 21:27:15 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
>> Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 IEEE 802.11: disassociated
>> Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 IEEE 802.11: authenticated
>> Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 IEEE 802.11: associated (aid 1)
>> Sat Apr 26 21:27:29 2014 daemon.info hostapd: sw00: STA 10:68:3f:4b:0b:48 WPA: pairwise key handshake completed (RSN)
>> Sat Apr 26 21:27:30 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
>> Sat Apr 26 21:27:33 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
>> Sat Apr 26 21:27:35 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
>> Sat Apr 26 21:27:39 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
>> Sat Apr 26 21:27:47 2014 daemon.warn dnsmasq-dhcp[2560]: no address range available for DHCP request via sw00
> 
> Well, somehow dnsmasq ran out of leases, or was unable to derive an
> ip address range from  the interface's
> ifconfig. There are only a very few leases by default (28), and they
> time out after a few hours,  so  a bunch  of  drive-by
> dhcp requests  could have  run you out,  but I'd suspect a bug unless
> you have/had a large number of leases in
> /tmp/dhcp.leases.

	Alas, I rebooted before checking that file (I should have saved the borked state somewhere, but was too eager to get internet access working again ;) ) I will monitor tis more closely on 3.10.38-1.

Best Regards
	Sebastian

> 
> I have been fiddling with things, and (for  example)  changing  wifi
> parameters and  doing a reload sometimes
> loses  the ip address  on one  or  more wifi interfaces. (you get a
> different error from dnsmasq  in  that case)
> 
> So I figure we have multiple  race conditions right now causing
> problems,  in  addition to  some  long  term
> bugs in  wifi  handling.  Tighter integration of dnsmasq with the ubus
> system  would  be good.  A better  grip
> on how  to exercise  and  debug  ubus events would be good too.
> 
> Of possible relevance, this just landed  in openwrt  head:
> 
> https://dev.openwrt.org/changeset/40573
> 
> There are also some routing  bugs fixed  in 3.10.37
> 
> I have been running without setting a  multicast_rate now for  half  a
> day on 3.10.36-7
> 
> 
>> 
>> Following Dave's recommendation of issuing a "/etc/init.d/dnsmasq reload" allowed both phones to connect again, so we might still have a race hidden somewhere… (This is on a system without working ipv6 currently). 3.10.36-6 looks like it needs a bit more maturation time ;) It would be interesting to learn whether the same approach might help other people as well...
>> 
>> Best Regards
>>        Sebastian
>> 
>> 
>> 
>> On Apr 25, 2014, at 21:42 , Dave Taht <dave.taht at gmail.com> wrote:
>> 
>>> We used to arbitrarily restart dnsmasq after boot with a script.
>>> Perhaps doing a /etc/init.d/dnsmasq reload 60 sec after boo will show
>>> something.
>>> 
>>> But I am puzzled as to not getting an ipv4 route. This hints at an
>>> issue on the ubus.
>>> 
>>> I am trying to take a bit of vacation for the next week or so, it was
>>> my hope everything was actually working...
>>> 
>>> ... and even if it isn't, I need a break. Good Luck on this y'all,
>>> I'll be back after a tan.
>>> 
>>> 
>>> On Fri, Apr 25, 2014 at 12:24 PM, Török Edwin
>>> <edwin+ml-cerowrt at etorok.net> wrote:
>>>> On 04/25/2014 09:01 PM, Jim Gettys wrote:
>>>>> More specifically, after boot, most of the time test-ipv6.com <http://test-ipv6.com> reports lots of problems.
>>>>> 
>>>>> Then I turned off both dnssec and dnssec-check-unsigned, and restarted dnsmasq; clean bill of health from test-ipv6.com <http://test-ipv6.com>.
>>>>> 
>>>>> 
>>>>> So we seem to have a boot time race of some sort.
>>>> 
>>>> There is definitely something wrong when ipv6 is enabled (I just noticed that since my latest upgrade I forgot to enable it).
>>>> When I enable ipv6 for PPPoE, then IPv6 works in the sense I can ping6 stuff from the router ... except IPv4 is completely broken: there is no default route added according to 'ip route show',
>>>> and even if I add a default route machines from LAN still can't reach IPv4 (presumably firewall would need to be reloaded too?).
>>>> It doesn't seem to be dnssec related, as even if I turn both dnssec and dnssec-check-unsigned off the behaviour is still the same.
>>>> I haven't investigated more deeply whats wrong yet. Do you think it could be related to your race condition?
>>>> 
>>>>> Then I turned on dnssec only, leaving dnssec-check-unsigned, and got a clean bill of health.
>>>> 
>>>> I've been using this for a while, it gets me a 0/10 score, i.e. ipv4 works, ipv6 fails, dual stack works with ipv4.
>>>> 
>>>>> 
>>>>> Then I turned on both at the same time, and things are working.
>>>> 
>>>> With both on I get a 'n/a' as a result, saying that dual-stack lookups timed out, presumably because ipv6 is off see below.
>>>> 
>>>> 
>>>> 
>>>> Best regards,
>>>> --Edwin
>>>> _______________________________________________
>>>> Cerowrt-devel mailing list
>>>> Cerowrt-devel at lists.bufferbloat.net
>>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>>> 
>>> 
>>> 
>>> --
>>> Dave Täht
>>> 
>>> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
>>> _______________________________________________
>>> Cerowrt-devel mailing list
>>> Cerowrt-devel at lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>> 
> 
> 
> 
> -- 
> Dave Täht
> 
> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article




More information about the Cerowrt-devel mailing list