The current behavior stomps on the rules that programs like
podman or tailscale set up for port forwarding.
With this change, we split port forwardings into a separate chain,
which allows us to create the ruleset once at startup and then only
update the port forwardings specifically (the only dynamic part
of router7’s nftables ruleset).
External ICMP does not necessarily work.
It typically does, but not always.
Last week, for a day or two, ICMP traffic was dropped by Google.
So now we use ICMP only for network equipment targets (default gateway),
and instead use TCP for external connectivity checks.
fixes#77
This has the advantage that it also works for static DHCP leases,
provided the device obtains a DHCP lease at all (and isn’t configured with a
static IP address, like the shelly motion sensors for example).
Thus far, we have only had forwarded bytes metrics.
Notably, forwarded bytes does not include bytes that were sent by the router
itself, e.g. by the webserver or rsync server running on the machine.
fixes https://github.com/rtr7/router7/issues/71
* internal/dhcp*: switch to github.com/mdlayher/packet
* internal/dhcp4d: update test constructor name to avoid packet conflict
Signed-off-by: Matt Layher <mdlayher@gmail.com>
Previously, a permanent error would not be persisted for future
invocations of ObtainOrRenew. In practice, the daemon immediately
exited, so this made no difference.
If upstreams were reordered between start of an upstream request and its
conclusion, the move-to-front operation would likely incorrectly reorder
upstreams: duplicate one and remove another. Instead, we abandon the
move-to-front operation if that was about to happen.
Previously SetHostname could operate on an expired lease, or even on a
lease for a different hwaddr, if the lease for the correct hwaddr
expired and the same lease ID was given away to someone else.
That's though mostly a theoretical concern, given the actual usage of
SetHostname and the time scales involved.
It is generally not a good idea to have multiple IP addresses on the same
interface unless managing their relative priorities via metrics etc.
During an outage, I noticed that with multiple IP addresses,
Linux was using the old obsolete one to send out packets,
which does not work with the ISP.
With this change,
we still hold on to IP addresses for as long as possible,
but no longer.
fixes issue #57
The Nintendo Switch has been observed to hold on to IP addresses even after
their expiration. My guess is that this is an oversight: likely the device
enters power saving mode with a configured IP address and just sleeps through
the expiration time.
As the device seems to wake up once every hour, we enforce a minimum lease time
of 1 hour, but only for affected devices. The rest of the network gets short
lease times.
https://twitter.com/zekjur/status/1263949112036282374
