News: No news.
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
July 31, 2014, 01:14:51
Pages: [1]
  Print  
Topic: System log flooding  (Read 4106 times)
« on: November 23, 2012, 18:37:11 »
Fred Grayson
Global Moderator
*****
Posts: 937

IPV6 configuration is as follows:

DHCP on WAN (fxp1)

DHCP-PD on LAN (fxp0) with Managed IPv6 router advertisements enabled. Prefix delegation is 0/64

ISP is Comcast Cable (United States)

The m0n0wall System Log is flooded with many entries like this:

rtadvd[214]: <ra_input> received RA from fe80::201:5cff:fe22:c9c1 on non-advertising interface(fxp1)

This is followed by many entries like this which repeat every ten minutes or so.

last message repeated 167 times

IPv6 service seems to work without any apparent problems.

Can anyone shed some light on the System Log messages, what they mean, and if they indicate a problem, what is the solution? If they are harmless is there some way to suppress them?

Thanks.
Logged

--
Google is your friend and Bob's your uncle.
« Reply #1 on: November 27, 2012, 17:21:09 »
iridris ***
Posts: 145

What device does that address match up to (using the ARP/NDP table to reference the MAC)?
Logged
« Reply #2 on: November 27, 2012, 17:59:15 »
Fred Grayson
Global Moderator
*****
Posts: 937

From Diagnostics: ARP/NDP table:

IP Address                         MAC address                     Interface
fe80::201:5cff:fe22:c9c1   000:01:5c:22:c9:c1       WAN

I do not recognize the above MAC address, must be upstream.

From Status: Interfaces:

fe80::201:5cff:fe22:c9c1 is the IPv6 gateway shown on the WAN Interface.
Logged

--
Google is your friend and Bob's your uncle.
« Reply #3 on: December 17, 2012, 17:28:41 »
Fred Grayson
Global Moderator
*****
Posts: 937

Anyone have any insight into this? Anyone...Bueller..... Bueller....Anyone?
Logged

--
Google is your friend and Bob's your uncle.
« Reply #4 on: December 17, 2012, 19:10:32 »
iridris ***
Posts: 145

Well, about the only insight I have is to confirm that it is upstream. The MAC address you posted belongs to Cadant, who makes network equipment that ISP's would be using.

http://www.coffer.com/mac_find/?string=00%3A01%3A5c%3A22%3Ac9%3Ac1+
Logged
« Reply #5 on: December 17, 2012, 19:24:51 »
Fred Grayson
Global Moderator
*****
Posts: 937

That would be my cable ISP's CMTS.
Logged

--
Google is your friend and Bob's your uncle.
« Reply #6 on: April 03, 2013, 01:55:27 »
Fred Grayson
Global Moderator
*****
Posts: 937

Someone on another forum pointed me to this. Maybe a developer can look into it and adjust something to quite my logs.

From the source code of rtadvd on OpenBSD:


        /*
         * RA consistency check according to RFC-2461 6.2.7
         */
        if ((rai = if_indextorainfo(pi->ipi6_ifindex)) == 0) {
                log_info("received RA from %s on non-advertising interface(%s)",
                    inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
                        INET6_ADDRSTRLEN),
                    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
                goto done;
        }



If you look at the RFC specified (RFC-2461, ¶ 6.2.7), it appears to me that it is talking about the contents of RA packets, not whether or not those packets appear on an interface. So, imo, the logging of the packets is overly aggressive.

As I mentioned in an earlier message, that piece of code goes back to the original KAME project. The code may have never been touched because, until recently, there not has been a major ISP that is providing dual-stack IPv6 capability.
Logged

--
Google is your friend and Bob's your uncle.
« Reply #7 on: April 03, 2013, 05:59:31 »
rpsmith ***
Posts: 113

I'm beginning to think the "Developers" are like Elvis.

"Ladies and gentlemen, Elvis has left the building. Thank you and goodnight."

 Grin

Roy...
« Last Edit: April 03, 2013, 06:02:43 by rpsmith » Logged
« Reply #8 on: April 03, 2013, 15:29:51 »
brushedmoss
Administrator
*****
Posts: 442

It sounds like Comcast are sending an RA to you, and as you are a router running rtadvd, its sending this message out to notify you that its getting a message on an interface it's not advertising on.

The whole use case of dhcp-pd is a bit strange anyway, rfc6204 section w-3 for example indicates that a router should take its route from an RA, but freebsd nd6.c specifically prevents this (we had to patch this behaviour to get it to work right)

So this message can be ignored, and we would have to patch rtadvd to silence this message if using dhcp-pd etc, by adding some flags etc.
Logged
« Reply #9 on: April 03, 2013, 15:42:16 »
Fred Grayson
Global Moderator
*****
Posts: 937

Thanks for looking into this.

I would appreciate such a patch very much as my System Log is rendered useless because all it holds is many messages related to this. All other content is scrolled off almost as soon as it is entered.

Logged

--
Google is your friend and Bob's your uncle.
 
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines