[avahi] Avahi tosses unicast packets from same host
jimc
jimc at jfcarter.net
Sat May 13 19:03:07 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This is for avahi-0.6.31-26.1.x86_64 from OpenSuSE "Leap" 42.1. I've
written a set of simple test scripts that check if daemons are
functioning, restarting them if not. The one for avahi-daemon basically
does: (illustrated executing on host kermit)
dig -p 5353 +short @kermit kermit.local. A
No RR's are returned and the query times out. In syslog I see
"Received packet from invalid interface." If I ask about Kermit but
executing on any different host, the correct content is returned, and
similarly for all pairs of hosts on my net: a unicast query to the
execution host yields nothing, but to a different host is answered
reliably. Every query fails/succeeds equally, e.g. an AAAA record, or
asking for the PTR at _ssh._tcp.local. It fails/succeeds equally when
the IPv4 or IPv6 address of the server is used. Multicast queries to
224.0.0.251 and ff02::fb are answered even from the execution host.
I tracked this down to (source)/avahi-core/server.c ; see
dispatch_packet() in that file. The AvahiIfIndex (believed same as
/sys/class/net/${IFC}/ifindex) is 1, identifying lo (loopback) on my
machine, and its i->announcing flag is zero (as it should be). But the
contingency at the start of this subroutine causes packets received from
non-announcing interfaces to be tossed with the "invalid interface"
message, explaining the symptom. But I don't see how multicast packets
escape the ax.
I wish a distinction could be made between interfaces (e.g. lo) whose
address should not be announced, versus deny-interfaces members.
There's a second issue which I should mention, though it may be hard to
fix. On my net, Linux boxes generally have a fixed IP gotten by DHCP,
plus a RFC 4862 address (prefix + EUI-64). Avahi-daemon lets the kernel
pick which one to send from. "dig", but not Perl's Net::DNS::Resolver,
rejects packets from other than the address it sent the (unicast) query
to, and so from half the machines, Avahi responses are rejected noisily
by "dig" but are functional on other software. I wish that avahi-daemon
would respond to unicast queries (of course not multicast) using the
source address in the query packet.
/etc/avahi/avahi-daemon.conf follows, with comments removed. Changes
from (source>/avahi-daemon/avahi-daemon.conf are noted.
[server]
use-ipv4=yes
use-ipv6=yes # Local mod, turned on
allow-interfaces=wlan0 # Local mod to explicitly allow wlan0
ratelimit-interval-usec=1000000
ratelimit-burst=1000
[wide-area]
enable-wide-area=yes
[publish]
publish-a-on-ipv6=yes # Local mod, turned on
[reflector]
# no reflector
[rlimits]
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=768
rlimit-stack=4194304
rlimit-nproc=3
- --
James F. Carter Email: jimc at jfcarter.net
Web: http://www.math.ucla.edu/~jimc (q.v. for PGP key)
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEwCO3Ffd4f3UN9nvKddigLE9RfKkFAlkXWG0ACgkQddigLE9R
fKkRpwgAnKNuIOiIABXHFV18dHNb3PSWdRdxCUJ8i8AOQspVw0fl/z7jjtOryuWn
BqqLUdZGBpPXLTLX6h7V9cBwClJE3bx6xyoMR1aXgRIrZnONtoSY/OhSP01GBrq/
JC6PIqrodIePWl/1OQm9NkiotILFFMzl/Y9exXxqcQyExOmZM33BKvwzu7GIBAIf
nUj1SnBVV7YNoXgv0IJMiL5nDcupwXlfCYbbyXivJyvpGf+T/5HNBxBXjV3K1A+b
cRhIShbILFtbB6wYh27A2+rQaTlRqC60jdg4iKqXe2zuSdknTklPHepTN6y6Zyni
dAWeYbfXY68zAXcj9IPpylxbrDro+g==
=fNbk
-----END PGP SIGNATURE-----
More information about the avahi
mailing list