Gargoyle Forum

A forum to discuss the Gargoyle web interface for Openwrt
https://www.gargoyle-router.com/phpbb/

a DHCP static IP bug..

https://www.gargoyle-router.com/phpbb/viewtopic.php?t=4861

Page 2 of 2

Re: a DHCP static IP bug..

Posted: Sun Oct 27, 2013 12:27 am
by Eric
I can confirm this bug (I was able to reproduce it), and have now committed a fix. Thanks for pointing this out.

Re: a DHCP static IP bug..

Posted: Sun Oct 27, 2013 6:33 am
by fox85
Eric wrote:I'm investigating this now, will report back when I know more.
Thank you, will waiting for the fix

Re: a DHCP static IP bug..

Posted: Sun Oct 27, 2013 12:22 pm
by fox85
Eric wrote:I can confirm this bug (I was able to reproduce it), and have now committed a fix. Thanks for pointing this out.
Hi, Eric

Thanks for the fix :)

I tested your fix, now it can block the mismatch device access to WAN, but LAN is still can access.

And I found the mismatch device would disturbe the legal device ,cause the legal one ping failed .... means lost connection..

Re: a DHCP static IP bug..

Posted: Tue Oct 29, 2013 11:56 am
by Eric
Hmm... I see how that could cause problems. I'll see if I can move the logic into ebtables which should block packets at layer2 instead of layer3 like iptables and therefore prevent access to the LAN too. I'll post here if/when I get that working.

Re: a DHCP static IP bug..

Posted: Tue Oct 29, 2013 2:19 pm
by fox85
Eric wrote:Hmm... I see how that could cause problems. I'll see if I can move the logic into ebtables which should block packets at layer2 instead of layer3 like iptables and therefore prevent access to the LAN too. I'll post here if/when I get that working.
Nice, waiting for your work,thanks Eric :D

Re: a DHCP static IP bug..

Posted: Tue Oct 29, 2013 5:05 pm
by Eric
Bad news... this isn't going to work. Merely blocking access to the WAN is as much as I can do.

The switch drivers of a lot (if not most) routers, don't route packets through ebtables. ebtables works on wireless traffic, but anything connected via a wired connection to the same switch still goes through even if it should get blocked by ebtables.

Re: a DHCP static IP bug..

Posted: Wed Oct 30, 2013 12:26 am
by ispyisail
:(

A naughty person could stop others accessing there allowed quota :(

Re: a DHCP static IP bug..

Posted: Wed Oct 30, 2013 12:27 am
by ispyisail
What about a simple captive portal?

Re: a DHCP static IP bug..

Posted: Wed Oct 30, 2013 2:36 am
by Eric
No... the fix above prevents a user from stealing quota. This was implemented for a while, but there was a problem with that implementation in the latest release that is now fixed.

The issue noted above that cannot be resolved only would allow LAN access (which is not tracked by quotas), not WAN access to users that set a static IP address that already exists on the network. The problem is the wired switch drivers completely by-pass the filtering code in ebtables or iptables, so there is no easy way around this.

Re: a DHCP static IP bug..

Posted: Wed Oct 30, 2013 7:26 am
by fox85
Sounds like related to kernel issue, switch driver by-pass the tables rule :oops:
All times are UTC-04:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited