andrebl / ip6neigh Goto Github PK

This maybe by design, but devices that are rarely used drop out of IPv6 DNS.

For example, my WiFi extender and server out of band remote access device drop out of IPv6 DNS. If I reboot these devices, they go back into DNS for several hours.

Also pinging these devices by the IPv6 address on the router, brings them back into DNS.

This maybe a feature, i.e. the table has to be scavenged some how.

After ip6neigh has been running for a while, I start getting it erroring out when I try to list the hosts:
awkNR: cmd. line:1: Unexpected token

Trying to debug it with sh -x, I'm not familiar enough with awk to know what it's trying to do.

root@OpenWrt:~# sh -x /usr/bin/ip6neigh list
+ . /lib/functions.sh
+ N='
'
+ _C=0
+ NO_EXPORT=1
+ LOAD_STATE=1
+ LIST_SEP=' '
+ reset_cb
+ '[' -z  ]
+ '[' -f /lib/config/uci.sh ]
+ . /lib/config/uci.sh
+ CONFIG_APPEND=
+ . /lib/functions/network.sh
+ readonly 'CMD_TOOL_VERSION=1.7.2'
+ readonly 'HOSTS_FILE=/tmp/hosts/ip6neigh'
+ readonly 'CACHE_FILE=/tmp/ip6neigh.cache'
+ readonly 'SERVICE_NAME=ip6neigh-svc.sh'
+ readonly 'SBIN_DIR=/usr/sbin/'
+ readonly 'SHARE_DIR=/usr/share/ip6neigh/'
+ readonly 'SERVICE_SCRIPT=/usr/sbin/ip6neigh-svc.sh'
+ readonly 'OUI_FILE=/usr/share/ip6neigh/oui.gz'
+ '[' list '=' --version ]
+ . /usr/lib/ip6neigh/ip6addr_functions.sh
+ IP6ADDR_LIB_VERSION=1.7.1
+ '[' list '=' --version ]
+ CMD=/usr/bin/ip6neigh
+ list_hosts  
+ check_running
+ is_running
+ pgrep -f ip6neigh-svc.sh
+ return 0
+ return 0
+ check_files
+ '[' -f /tmp/hosts/ip6neigh ]
+ '[' -f /tmp/ip6neigh.cache ]
+ return 0
+ grep -n '^#Discovered' /tmp/hosts/ip6neigh
+ cut -d : -f1
+ local 'ln='
+ echo '#Predefined hosts'
#Predefined hosts
+ awk 'NR>1&&NR<(-1) {printf "%-30s %s\n",$2,$1}' /tmp/hosts/ip6neigh
+ sort
+ echo -e '\n#Discovered hosts'

#Discovered hosts
+ awk 'NR> {printf "%-30s %s\n",$2,$1}' /tmp/hosts/ip6neigh
+ sort
awkNR: cmd. line:1: Unexpected token

Hi,

I'm using ip6neigh on OpenWrt 18.06.4, it's working fine and really helps me out in local IPv6 name resolving.
My only problem is that dnsmasq is "almost" constantly reloading because of temporary addresses appearing when I "use" my devices.
Is there any way to ignore temporary addresses totally? I'm mainly interested in GUA and LUA addresses to help out in name resolving locally. I know that this will greatly reduce the efficiency of your first point under Motivation section, I can live with that :)

Thanks for your great work. ip6neigh makes IPv6 so much nicer to deal with. 🙂

As you mention in the README, macOS and iOS devices do not use the EUI-64 to generate a stable IPv6 address. ip6neigh cannot differentiate the stable addresses that they use from their temporary addresses. And the interface identifiers of these "stable" addresses do change if the prefix changes, so it is also often not possible to predefine these hosts.

I just wanted to report, that I have found a nice workaround, that accomplishes the following:

• Make these devices addressable with only their hostname, i.e. I do not have to remember that I have to type ping6 hostname1 for some devices and ping6 hostname2.tmp for others.
• Still keep the distinction between stable and temporary addresses for other devices. (Note the contrast to setting option tmp_label '0'.)

I simply define a CNAME record for these devices in /etc/config/dhcp:

config cname
	option cname 'host.your.local.domain'
	option target 'host.TMP.your.local.domain'

I realize this is not really an earth-shattering revelation, but it works well enough for me. Maybe having it here for reference will be useful to others. Feel free to close this issue.

This is an interesting project. Unfortunately it seems pretty tied to OpenWRT and it's use of dnsmasq etc. at the moment.

It would be interesting to see how well this could be ported to a more generic environment.

Assume I don't use OpenWRT for example, but do run ISC dhcpv4 (for IPv4 address management) and bind9 with DDNS updates from dhcpv4. IPv6 is configured with SLAAC so what is missing of course is updating bind9 using DDNS for SLAAC (self-)assigned addresses.

I cannot see why this tool could not run on say, the bind9 recursive resolver host that every host in the network has to use and have it doing DDNS updates to bind9.

Thoughts?

Hey, I've installed your script and it does exactly what I needed it for. Awesome stuff. However, all of the IPv6 entries in the 'Connections' page of Luci show UNROUTED? Is it possible to disable this so that all the devices simply show only their IPv4 DHCP hostname? Thanks :)

Thank you for ip6neigh. It has been useful as I configure IPv6 on my home network.

I am running openwrt 17.01.4 on a NETGEAR WNDR3800. I installed the "IPv6 Neighbors" and "ip6neigh log" custom commands in the luci gui as described in README.md.

The command "ip6neigh list active" works from the command line. It didn't work initially from luci as ip6neigh used the busybox ip command from /sbin/ip, rather than the full ip from /usr/sbin/ip. My work around was to add the full path to ip at line 160 of ip6neigh.

I have some dhcp configs with multiple mac addresses, and it results in a bogus hostname record of 14.LL.home (where home) is the configured domain.

From /etc/config/dhcp:

config host
        option dns '1'
        option name 'server10g'
        option ip '192.168.1.51'
        option mac '<mac1> <mac2>'

In /tmp/ip6neigh.cache, I see this: <mac1> <mac2> 14 server10g
So, 14 is picked up as the name.

1. Limit the frequency of reloading the hosts files in dnsmasq to avoid flooding the log and wasting CPU power. This would help the script to scale up to larger networks with larger generated hosts file and also more frequent changes in neighbor reachability status.

root@OpenWrt:~# ip6neigh oui download
Downloading Nmap MAC prefixes...
Downloading 'http://linuxnet.ca/ieee/oui/nmap-mac-prefixes'
Connecting to 24.222.55.20:80
Failed to redirect to /ieee/oui/nmap-mac-prefixes on linuxnet.ca

PD: forgot to add some background, no idea if its needed, this is in an Archer C7 router with:

root@OpenWrt:~# uname -a
Linux OpenWrt 4.9.111 #0 Mon Jul 30 16:25:17 2018 mips GNU/Linux

On Luci:
Powered by LuCI openwrt-18.06 branch (git-18.210.69179-6df9a57) / OpenWrt 18.06.0 r7188-b0b5c64c22

More backgorund, the script installed correctly the ip6neigh part, its ""guessing"" names correctly, everything works correctly but i have a tv tunner that dont get a proper name and i was thinking that maybe the oui will solve that, for the moment ive set a static address with a name for it so im fine, but the oui script might need to be corrected...

Last bit of background, i can open manually the site on a browser without a problem, i see a list of codes/devices so i dont have routing problem as far as i can see...

Thank you for your project. It works fine on the most recent OpenWRT version. Is it possible to support more than one logical interface? If not, any hint will be appreciated where to look at to change the script.

EDIT: somehow I must've hit enter before typing this out?

After the latest ip6neigh update, I've noticed that the logging shows weird newlines in the old-name parts of messages:

Thu Feb  1 11:55:24 PST 2024 Unknown host qbittorrent
qbittorrent now has got a proper name. Replacing all entries.
Thu Feb  1 11:55:24 PST 2024 Renamed host: qbittorrent
qbittorrent to qbittorrent
Thu Feb  1 11:55:26 PST 2024 Unknown host EAP670
EAP670 now has got a proper name. Replacing all entries.
Thu Feb  1 11:55:26 PST 2024 Renamed host: EAP670
EAP670 to EAP670

Hi again Andre,

Been using your tool for ages and need to do a reinstall, unfortunately it seems ip-full <4.4 has gone off of the packages list and the current version for OpenWRT/LEDE is still 4.16.

The link in the readme needs updating (if it's available anywhere else).

Thanks for the project,
does it work with recent OpenWrt versions?

Good night,

After installing I got an warning:

WARNING: ip6neigh requires package 'ip-full' version 4.4.0-9 or above to run on LEDE. Using an older build will not work due to an issue with the 'ip monitor' command. Please visit https://github.com/AndreBL/ip6neigh for more info about installing or upgrading this package.

Is this normal? cause when I use the command ip6neigh list active I get nothing.

Thanks!

I haven't changed my setup of interfaces or the ip6neigh config in a long time. But suddenly I see my GUA addresses have gone from "Predefined hosts", ULA ones are still present. I also no longer have any GUA addresses listed under the "Discovered hosts" now are all UNROUTED.lan.

The only options have different from the default example config file are:
option lan_wipe '1'
option router_name 'lanrouter'
option dad_snoop '1'
list fw_script '/root/ip6neigh_rules.sh'

I have OpenWrt 19.07.3 installed.

They do not match the hwaddr, but they are not temporary but rather stable within the network.

Can you maybe make this a regular OpenWrt package so it can be built and installed like other packages?
Reason is my router only has 4 MB flash so my curl is built without TLS hence I can't use the installer.

It would be very helpful if you could make a trailing dot at the end of a configured suffix (most notably gua_label) prevent the configured domain from being appended to the name. That way, I could have all of the following:

• MyMachine.home resolves to the ULA address (and the ipv4)
• MyMachine.LL.home resolves to the link-local address
• MyMachine.example.com resolves to the global address

Currently, if I were to set option 'gua_label' 'example.com.', the resulting hostname would likely be MyMachine.example.com..home.

This project really should be a package or a core part of OpenWrt as it makes IPv6 so much more useful on OpenWrt!
But anyway, thankfully this still works on fw4 with minor mods for "Configuration: Dynamic Firewall Rules".

The Change to /etc/firewall.user (step 3) that seems correct and works for me is:

#ip6neigh
touch /tmp/etc/firewall.ip6neigh
nft add chain inet fw4 wan6_forwarding
nft list chain inet fw4 forward_wan | grep -q wan6_forwarding 
if [ $? -ne 0 ] ; then
nft insert 'rule inet fw4 forward_wan iifname { "pppoe-wan", "wan" } ip6 daddr 2000::/3 jump wan6_forwarding'
else
echo 'wan6_forwarding rule already in place'
fi

I have added in a check to see if wan6_forwarding is already there and a check that this rule is only applied to Intenet addresses and not ULA ones.

The example /root/ip6neigh_rules.sh from step 4 can become:

#!/bin/sh

#Initialize the temp firewall script
TMP_SCRIPT='/tmp/etc/firewall.ip6neigh'
echo "nft flush chain inet fw4 wan6_forwarding" > $TMP_SCRIPT

#Create new rules for dynamic IPv6 addresses here. Example for accepting TCP connections on port 80 on a local server that identifies itself as 'Webserver' through DHCP.
echo "nft add 'rule inet fw4 wan6_forwarding ip6 daddr $(ip6neigh addr Webserver.gua.lan 1) tcp dport 80 jump accept_to_lan'" >> $TMP_SCRIPT

#Run the generated temp firewall script
/bin/sh "$TMP_SCRIPT"

And of course the rest of your firewall.user needs to be fw4 compatible i.e. nftables. Once it is it needs flagged as such in /etc/config/firewall:

config include
	option path /etc/firewall.user
	option fw4_compatible 1

Just putting out here in case the author wants to update or if this is useful to anyone else.