Ask / Submit
5

Broken routes to DNS in dual stack network

asked 2015-06-02 22:02:12 +0300

Jari K gravatar image

updated 2015-06-03 21:01:49 +0300

After connecting to WLAN, DNS queries don't work due to incorrect routes to DNS servers (in this example the servers are 62.xxx.xxx.245, 62.xxx.xxx.246, 2001:14b8:1000:0:x:x:x:1, 2001:14b8:1000:0:x:x:x:2; addresses are mangled with x manually):

# ip r sh
default via 192.168.0.1 dev wlan0 
62.xxx.xxx.245 dev wlan0  scope link
62.xxx.xxx.245 via 192.168.0.1 dev wlan0 
62.xxx.xxx.246 dev wlan0  scope link 
62.xxx.xxx.246 via 192.168.0.1 dev wlan0 
192.168.0.0/24 dev wlan0  proto kernel  scope link  src 192.168.0.12 
192.168.0.1 dev wlan0  scope link 
# ip -6 r sh
2001:14b8:1000:0:x:x:x:1 dev wlan0  metric 1 
2001:14b8:1000:0:x:x:x:2 dev wlan0  metric 1 
2001:14ba:16fe:xxxx::/64 dev wlan0  proto kernel  metric 256 
unreachable fe80::/64 dev lo  proto kernel  metric 256  error -101
fe80::/64 dev wlan0  proto kernel  metric 256 
default via fe80::x:x:x:x dev wlan0  proto kernel  metric 1024  expires 1794sec
# ip a sh
...
11: wlan0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 100
...
    inet 192.168.0.12/24 brd 192.168.0.255 scope global wlan0
    inet6 2001:14ba:16fe:x:x:x:x:x/64 scope global 
       valid_lft forever preferred_lft forever
...

If "dev wlan0" routes to DNS servers are removed manually, everything works ok. Not sure if it is related, but the problem seemed to appear at the same time when the operator (DNA Welho) enabled IPv6. Other tested devices work ok (Symbian, Fedora Linux).

There are some errors in journal:

kesä 02 20:06:27 Jolla kernel: wlan0: IPv6 duplicate address 2001:14ba:16fe:x:x:x:x:x detected!
...
kesä 02 20:06:29 Jolla connmand[696]: Adding host route failed (No such process)
kesä 02 20:06:29 Jolla connmand[696]: Adding host route failed (No such process)
kesä 02 20:06:29 Jolla connmand[696]: Set IPv6 host route error (Invalid argument)
kesä 02 20:06:29 Jolla connmand[696]: Set IPv6 host route error (Invalid argument)
edit retag flag offensive close delete

Comments

1

Seems that in some cases, the incorrect route gets added over and over again so manually deleting it is not possible. In these cases, connmand is also flooding "Set IPv6 host route error" to journal.

Jari K ( 2015-06-03 09:16:20 +0300 )edit

Same situation here ("eduroam" at University of Lausanne, CH).

  • IP range: 130.223.120.0/22, Gateway:130.223.120.1
  • Nameservers: 130.223.4.5, 130.223.8.20, 2001:620:610:10::10, 2001:620:610:12::12

You'll notive that the DNS server DOES NOT lie on the same subnet as the IP given to the phone (that's a common configuration on "eduroam" accross unis, and I suspect in some enterprises too). Route table:

default via 130.223.252.1 dev wlan0
130.223.4.5 dev wlan0  scope link
130.223.4.5 via 130.223.252.1 dev wlan0
130.223.8.20 dev wlan0  scope link
130.223.8.20 via 130.223.252.1 dev wlan0
130.223.252.0/22 dev wlan0  proto kernel  scope link  src 130.223.252.84
130.223.252.1 dev wlan0  scope link
192.168.2.0/24 dev rndis0  proto kernel  scope link  src 192.168.2.15

The "scope link" routes are utterly wrong. Name resolution fails, until I :

ip route del 130.223.4.5
ip route del 130.223.8.20
default via 130.223.252.1 dev wlan0
130.223.4.5 via 130.223.252.1 dev wlan0
130.223.8.20 via 130.223.252.1 dev wlan0
130.223.252.0/22 dev wlan0  proto kernel  scope link  src 130.223.252.84
130.223.252.1 dev wlan0  scope link
192.168.2.0/24 dev rndis0  proto kernel  scope link  src 192.168.2.15

Using the DNS with a gateway now works.

All these are the actual (non-mangled) addresses as used at this University. I can run tests if that can help fixing the problem.

DrYak ( 2015-06-05 21:00:09 +0300 )edit

3 Answers

Sort by » oldest newest most voted
4

answered 2015-06-06 02:49:13 +0300

tigeli gravatar image

I've fixed this issue already on 23rd March '15 (https://github.com/mer-packages/connman/commit/a6f64f11c23dda60f39254766f26ab0bb5f1c196) and it will be included on the upcoming update.

edit flag offensive delete publish link more

Comments

1

Thank you very much! BTW, any ETA for the update ?

DrYak ( 2015-06-06 08:50:09 +0300 )edit

Very interesting stuff, indeed. Was going to do some traces next week but maybe you can tell me if this could be the root of my ongoing issues with o2 roaming? @chemist says it's probably a problen on my providers side, but since most other cellphones I tried work I have a feeling something like this could be at work, when roaming on o2 networks.

lispy ( 2015-06-06 21:39:35 +0300 )edit
1

@DrYak Yes, real soon now. Though not on Sunday. :)

@lispy Most probably it is the apn-setting if the mobile data can't be established.

tigeli ( 2015-06-06 23:20:11 +0300 )edit

Yup. That was it. Thanks. Didn't know there was another longpress menu hidden.

lispy ( 2015-06-06 23:27:25 +0300 )edit

@tigeli did install 'Aaslakkajärvi' today. yup, indeed, with your patch the routes are now setup correctly: (still eduroam, this time at Univesity of Geneva, CH)

default via 192.33.216.1 dev wlan0 
8.8.8.8 via 192.33.216.1 dev wlan0 
192.33.214.14 via 192.33.216.1 dev wlan0 
192.33.216.0/24 dev wlan0  proto kernel  scope link  src 192.33.216.235 
192.33.216.1 dev wlan0  scope link

No more confusing scope link extraneous entries.

(Note: that network apparently only provides 1 single DNS server, so connman uses one of the FallbackNameservers I've provided)

DrYak ( 2015-06-15 17:42:02 +0300 )edit
1

answered 2018-02-20 16:27:49 +0300

nahuel gravatar image

Check this bug report: https://01.org/jira/browse/CM-691 and this patch: https://gitlab.ii.org.nz/resin-os/meta-resin/commit/fe0dc932403c83ba430f23ed2d85dd2594ea4457?view=inline

edit flag offensive delete publish link more
0

answered 2015-06-05 22:03:46 +0300

DrYak gravatar image

updated 2015-06-05 22:05:31 +0300

Not an actual fix of the bug, just a quick hack around the problem:

#!/bin/bash

DEV='wlan0'
TESTHOST="slashdot.org"

IPREX='([[:digit:]]+)\.([[:digit:]]+)\.([[:digit:]]+)\.([[:digit:]]+)'

declare -a IP
declare -a MASK
declare -a ROUTE


#  inet addr:130.223.252.84  Bcast:130.223.255.255  Mask:255.255.252.0
if [[ `ifconfig $DEV` =~ inet\ addr:${IPREX}.*Mask:${IPREX} ]]; then
    IP=( ${BASH_REMATCH[@]:1:4} )
    MASK=( ${BASH_REMATCH[@]:5:8} )
else
    echo "No IPv4 found for ${DEV}"
    exit 2
fi


# 130.223.4.5 dev wlan0  scope link
ROUTEREX="(${IPREX})\ dev\ ${DEV}\ +scope\ link"
ip -4 route | while read line; do
    if [[ "${line}" =~ "${ROUTEREX}" ]]; then
        ROUTE_IP="${BASH_REMATCH[1]}"
        ROUTE=( ${BASH_REMATCH[@]:2:5} )
        R=0
        for (( I = 0; I < 4; I++ )); do
            (( R += ( ${ROUTE[$I]} ^ ${IP[$I]} ) & ${MASK[$I]} ))
        done;
        if (( $R )); then
            echo -e "\e[31m${ROUTE_IP}\e[0m"
            ip -4 route del ${ROUTE_IP} scope link
        fi
    fi
done

if ping -c 1 ${TESTHOST}; then 
    echo -e "\n\e[32msuccess\e[0m"
else 
    echo -e "\n\e[31mfail\e[0m"
fi

This bash script automatically deletes "scope link" routes which are out of IPv4 range of said link

You can put it into /usr/local/bin and run it as root

Now if somebody could be nice enough to explain me how to make a GUI around this or have connman execute it as post-run...

edit flag offensive delete publish link more

Comments

Why gui, wouldn't desktop icon be enough? (ok root part... maybe not)

tathhu ( 2015-06-05 22:30:50 +0300 )edit
Login/Signup to Answer

Question tools

Follow
3 followers

Stats

Asked: 2015-06-02 22:02:12 +0300

Seen: 503 times

Last updated: Feb 20 '18