All subnets on every interface
fda77 opened this issue · 5 comments
I have multiple vlan, to make it simple lets say br-lan & br-xxx. As i have no IPv6 public subnet or even prefix, im using nat6. Because of this im using ULA fda0:1:1:1::9/64 and fda0:2:2:2::9/64 for the bridges and set RAs to "force".
I'm expecting RA of fda0:1:1:1::/64 is sent only to br-lan and fda0:2:2:2::/64 only to br-xxx.
The bug: on every bridge are all subnets announced by odhcpd. Not immediately but after some time. And for sure after service odhcp restart. So all clients get multiple subnets, of which is always only 1 is working.
Workaround: Allow RAs only by correct interface-ip with iptables...
ip6tables -I output_lan_rule -d ff99::/8 ! -s ::aabb:ccFF:FEdd:ee01 -j DROP
ip6tables -I output_xxx_rule -d ff99::/8 ! -s ::aabb:ccFF:FEdd:ee02 -j DROP
Now is only the correct subnet on every bridge and syslog is spamed by 1000s...
odhcpd[$$]: Failed to send to ff02::1%lan@br-lan (Operation not permitted)
odhcpd[$$]: Failed to send to ff02::1%xxx@br-xxx (Operation not permitted)
created here https://github.com/openwrt/odhcpd/blob/master/src/odhcpd.c#L210 . This is called from send_router_advert() by https://github.com/openwrt/odhcpd/blob/master/src/router.c#L746
So i think the loop https://github.com/openwrt/odhcpd/blob/master/src/router.c#L851 should not run for all interfaces/bridges, but only the correct
@fda77 I am currently facing the same issue. The link you posted now references openwrt/openwrt#8239 which seems unrelated.
Did you find a proper fix for this issue?
@ngehrsitz: Bill Gates caused it!!!11
I've 1 lan port with a untagged and multiple tagges vlans. This is (was) attached to a unmanaged switch which just forwared all packets unchanged. An attached windows PC now gets ALL vlan packets - and the silly windows just strips the vlan tags and so windows devices get broadcasts from all Vlans!
So use a managed switch and put only 1 untagged vlan for windows
With linux devices this is not a problem
Thanks for the hint! It was exactly the same thing for me.
Fortunately for my Intel I225 there is a registry key to fix this misbehavior:
https://www.intel.com/content/www/us/en/support/articles/000005498/ethernet-products.html
If it doesn´t work make sure to check if you have multiple entries in that registry folder for the same NIC. At first I mistakenly changed it on the entry for an old driver.
For Intel i217 network adapter i tested with a "server driver" (cant remember exactly the name) which created for every Vlan an additional network device in Windows. This worked, BUT the next VMware updated wasted the whole network stack of Windows 10 :)
So i just relpaced my 16 port switch by a cheap TL-SG1016DE