follow up on the WZR600DHP problems
0 views
Skip to first unread message
Russell Senior
Apr 28, 2017, 2:10:29 AM4/28/17
to ops list
At the meeting last night I mentioned the troubles I had discovered
with the Buffalo WZR600DHPs on recent firmwares. I did some debugging
and found the general source of the problem. It turns out, images
built from lede-project.org source since about August 5, 2016 suffer a
problem where, if either of two kernel modules are loaded
(br_netfilter and xt_physdev) during boot, and an ethernet link is
present on a LAN port (eth0), the kernel is likely to panic.
It isn't clear why. It isn't clear that we need the functionality
provided by those modules for what we are doing. I have disabled
their loading in my test bed, and the router seems to still function
as expected. I did a survey of where these routers are deployed:
NodeMatt pad 3.10.58 #13 Sun Nov 9 01:31:20 PST 2014 mips GNU/Linux
NodeLuckyLabSW spot 3.10.58 #14 Sun Nov 9 01:43:18 PST 2014 mips GNU/Linux
NodeQuinn widget 3.10.58 #15 Sun Nov 9 02:11:22 PST 2014 mips GNU/Linux
NodeSunnyside keep 3.10.58 #16 Sun Nov 9 02:39:20 PST 2014 mips GNU/Linux
NodeSunflower seed 3.10.58 #17 Sun Nov 9 03:12:33 PST 2014 mips GNU/Linux
NodeStreetRoots rag 3.10.58 #19 Sun Nov 9 16:00:22 PST 2014 mips GNU/Linux
NodeBarXV fifteen 3.10.58 #9 Sun Nov 9 00:43:22 PST 2014 mips GNU/Linux
NodeHancock sine 3.14.32 #2 Tue Feb 10 12:28:00 PST 2015 mips GNU/Linux
NodeBithouse nip 3.18.17 #2 Fri Jul 10 18:34:03 PDT 2015 mips GNU/Linux
NodeKeegan wave 4.1.11 #9 Sun Nov 1 17:31:12 PST 2015 mips n
NodeBrunner glow 4.1.16 #2 Sun Mar 6 02:19:46 UTC 2016 mips GNU/Linux
NodeFlorio scone 4.1.20 #26 Sun Apr 24 03:28:30 UTC 2016 mips GNU/Linux
NodeKnow herb 4.4.21 #0 Fri Sep 16 21:00:01 2016 mips GNU/Linux
NodeNewDeal dime 4.4.24 #0 Wed Oct 12 08:30:09 2016 mips GNU/Linux
NodeBillyRays billyrays 4.4.30 #0 Thu Nov 3 17:40:46 2016 mips GNU/Linux
NodeSmart smart 4.4.32 #0 Wed Nov 23 15:21:13 2016 mips GNU/Linux
NodeCrowBar loki 4.4.42 #0 Wed Jan 25 21:33:13 2017 mips GNU/Linux
NodeWygant dawn 4.4.53 #0 Wed Mar 22 20:59:29 2017 mips GNU/Linux
NodePotatoChampion spud 4.4.59 #0 Wed Apr 12 07:29:39 2017 mips GNU/Linux
Of these, currently only NodeQuinn, NodeStreetRoots, NodeWygant and
Node PotatoChampion have anything plugged into a LAN port, and would
be affected by this bug. NodePatch has a Buffalo, acting as a "dumb
ap". The list from NodeKnow down are currently vulnerable, should an
ethernet cable be plugged in at boot time.
There is an open flyswatter bug filed with lede-project.org:
https://bugs.lede-project.org/index.php?do=details&task_id=737
Hopefully, whatever the underlying cause is, we get it fixed properly.
In the meantime, we can develop a work around to disable the
problematic modules loading.
It is possible that the WNDR3800 is affected as well, thus far
unexplored territory.
Anyway, wanted to keep you all up to date.
--
Russell Senior, President
rus...@personaltelco.net
with the Buffalo WZR600DHPs on recent firmwares. I did some debugging
and found the general source of the problem. It turns out, images
built from lede-project.org source since about August 5, 2016 suffer a
problem where, if either of two kernel modules are loaded
(br_netfilter and xt_physdev) during boot, and an ethernet link is
present on a LAN port (eth0), the kernel is likely to panic.
It isn't clear why. It isn't clear that we need the functionality
provided by those modules for what we are doing. I have disabled
their loading in my test bed, and the router seems to still function
as expected. I did a survey of where these routers are deployed:
NodeMatt pad 3.10.58 #13 Sun Nov 9 01:31:20 PST 2014 mips GNU/Linux
NodeLuckyLabSW spot 3.10.58 #14 Sun Nov 9 01:43:18 PST 2014 mips GNU/Linux
NodeQuinn widget 3.10.58 #15 Sun Nov 9 02:11:22 PST 2014 mips GNU/Linux
NodeSunnyside keep 3.10.58 #16 Sun Nov 9 02:39:20 PST 2014 mips GNU/Linux
NodeSunflower seed 3.10.58 #17 Sun Nov 9 03:12:33 PST 2014 mips GNU/Linux
NodeStreetRoots rag 3.10.58 #19 Sun Nov 9 16:00:22 PST 2014 mips GNU/Linux
NodeBarXV fifteen 3.10.58 #9 Sun Nov 9 00:43:22 PST 2014 mips GNU/Linux
NodeHancock sine 3.14.32 #2 Tue Feb 10 12:28:00 PST 2015 mips GNU/Linux
NodeBithouse nip 3.18.17 #2 Fri Jul 10 18:34:03 PDT 2015 mips GNU/Linux
NodeKeegan wave 4.1.11 #9 Sun Nov 1 17:31:12 PST 2015 mips n
NodeBrunner glow 4.1.16 #2 Sun Mar 6 02:19:46 UTC 2016 mips GNU/Linux
NodeFlorio scone 4.1.20 #26 Sun Apr 24 03:28:30 UTC 2016 mips GNU/Linux
NodeKnow herb 4.4.21 #0 Fri Sep 16 21:00:01 2016 mips GNU/Linux
NodeNewDeal dime 4.4.24 #0 Wed Oct 12 08:30:09 2016 mips GNU/Linux
NodeBillyRays billyrays 4.4.30 #0 Thu Nov 3 17:40:46 2016 mips GNU/Linux
NodeSmart smart 4.4.32 #0 Wed Nov 23 15:21:13 2016 mips GNU/Linux
NodeCrowBar loki 4.4.42 #0 Wed Jan 25 21:33:13 2017 mips GNU/Linux
NodeWygant dawn 4.4.53 #0 Wed Mar 22 20:59:29 2017 mips GNU/Linux
NodePotatoChampion spud 4.4.59 #0 Wed Apr 12 07:29:39 2017 mips GNU/Linux
Of these, currently only NodeQuinn, NodeStreetRoots, NodeWygant and
Node PotatoChampion have anything plugged into a LAN port, and would
be affected by this bug. NodePatch has a Buffalo, acting as a "dumb
ap". The list from NodeKnow down are currently vulnerable, should an
ethernet cable be plugged in at boot time.
There is an open flyswatter bug filed with lede-project.org:
https://bugs.lede-project.org/index.php?do=details&task_id=737
Hopefully, whatever the underlying cause is, we get it fixed properly.
In the meantime, we can develop a work around to disable the
problematic modules loading.
It is possible that the WNDR3800 is affected as well, thus far
unexplored territory.
Anyway, wanted to keep you all up to date.
--
Russell Senior, President
rus...@personaltelco.net
Tom
Apr 28, 2017, 2:42:15 PM4/28/17
to ptp...@googlegroups.com
AFAIK netfilter module is needed by iptables.
So, we might have a problem, unless we do not use iptables or we can load the netfilter module after the boot completed.
Tomas
Russell Senior
Apr 28, 2017, 2:56:11 PM4/28/17
to Tom, ptp...@googlegroups.com
br_netfilter is not the same thing as netfilter. It has specific
bridge relevant matching rules, afaict.
> --
> The Personal Telco Project - https://personaltelco.net/
> Donate to PTP: https://personaltelco.net/donate
> To post to this group, send email to ptp...@googlegroups.com
> ---
> You received this message because you are subscribed to the Google Groups
> "ptp-ops" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ptp-ops+u...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
bridge relevant matching rules, afaict.
> The Personal Telco Project - https://personaltelco.net/
> Donate to PTP: https://personaltelco.net/donate
> To post to this group, send email to ptp...@googlegroups.com
> ---
> You received this message because you are subscribed to the Google Groups
> "ptp-ops" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ptp-ops+u...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages