Modify

Opened 5 years ago

Last modified 5 years ago

#13457 new defect

trunk failsafe fails to accept connection

Reported by: brent.saner@… Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: base system Version: Trunk
Keywords: failsafe, telnet, tp-link, wr1043nd Cc:

Description

I just built a clean openwrt for TP-Link WR1043ND with no modifications to the default config (except for enabling batman-adv and choosing the target and platform).

I can enter failsafe mode as normal so I think the bootloader's still okay and it's just a softbrick, but (this is connected via the WAN port):

bts@maqabi /tmp $ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is ']'.
Connection closed by foreign host.

the recvudp program never spits out anything.

What's REALLY interesting is I don't think the userland is hosed, as it tries to grab a lease:

22:58:03.669994 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 379)

0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from XX:XX:XX:XX:XX:XX, length 351, xid 0x3de94556, secs 79, Flags [none] (0x0000)

Client-Ethernet-Address XX:XX:XX:XX:XX:XX
Vendor-rfc1048 Extensions

Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 7:

Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, NTP

Vendor-Class Option 60, length 12: "udhcp 1.19.4"

(and does so successfully if I have a DHCP server upstream).

Here's a packet dump of when I try to telnet:

22:58:25.208420 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.1 tell 192.168.1.2, length 28
22:58:25.208594 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.1 is-at xx:xx:xx:xx:xx:xx, length 46
22:58:25.208609 IP (tos 0x10, ttl 64, id 62572, offset 0, flags [DF], proto TCP (6), length 60)

192.168.1.2.49142 > 192.168.1.1.23: Flags [S], cksum 0x8382 (incorrect -> 0x27a9), seq 2917717096, win 14600, options [mss 1460,sackOK,TS val 26746884 ecr 0,nop,wscale 7], length 0

22:58:25.208745 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)

192.168.1.1.23 > 192.168.1.2.49142: Flags [S.], cksum 0xaf8d (correct), seq 3639676984, ack 2917717097, win 14480, options [mss 1460,sackOK,TS val 4294938461 ecr 26746884,nop,wscale 2], length 0

22:58:25.208771 IP (tos 0x10, ttl 64, id 62573, offset 0, flags [DF], proto TCP (6), length 52)

192.168.1.2.49142 > 192.168.1.1.23: Flags ., cksum 0x837a (incorrect -> 0x1672), seq 1, ack 1, win 115, options [nop,nop,TS val 26746884 ecr 4294938461], length 0

22:58:25.208875 IP (tos 0x10, ttl 64, id 62574, offset 0, flags [DF], proto TCP (6), length 76)

192.168.1.2.49142 > 192.168.1.1.23: Flags [P.], cksum 0x8392 (incorrect -> 0xba00), seq 1:25, ack 1, win 115, options [nop,nop,TS val 26746884 ecr 4294938461], length 24 [telnet DO SUPPRESS GO AHEAD, WILL TERMINAL TYPE, WILL NAWS, WILL TSPEED, WILL LFLOW, WILL LINEMODE, WILL NEW-ENVIRON, DO STATUS]

22:58:25.208968 IP (tos 0x0, ttl 64, id 40804, offset 0, flags [DF], proto TCP (6), length 52)

192.168.1.1.23 > 192.168.1.2.49142: Flags ., cksum 0x08a9 (correct), seq 1, ack 25, win 3620, options [nop,nop,TS val 4294938461 ecr 26746884], length 0

22:58:25.210600 IP (tos 0x0, ttl 64, id 40805, offset 0, flags [DF], proto TCP (6), length 52)

192.168.1.1.23 > 192.168.1.2.49142: Flags [R.], cksum 0x08a5 (correct), seq 1, ack 25, win 3620, options [nop,nop,TS val 4294938461 ecr 26746884], length 0

22:58:30.211034 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.2 tell 192.168.1.1, length 46
22:58:30.211075 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.2 is-at yy:yy:yy:yy:yy:yy, length 28
22:58:35.355062 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 72)

192.168.1.2.57621 > 192.168.1.255.57621: [bad udp cksum 0x8497 -> 0x0ce3!] UDP, length 44

22:59:05.355933 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 72)

192.168.1.2.57621 > 192.168.1.255.57621: [bad udp cksum 0x8497 -> 0x0ce3!] UDP, length 44

the bad udp cksum message then continues to be spat out.

here's some interesting nmap results.

normal (non-failsafe) scan:

*MAC addrs have been scrubbed. tp-link is at xx:xx:xx:xx:xx:xx, 192.168.1.1, and laptop is yy:yy:yy:yy:yy:yy, 192.168.1.2

am i missing something?

Attachments (1)

config (130.8 KB) - added by submitter 5 years ago.
.config file

Download all attachments as: .zip

Change History (2)

Changed 5 years ago by submitter

.config file

comment:1 Changed 5 years ago by brent.saner@…

whoops. forgot the nmap results.

normal (non-failsafe) boot:

bts@maqabi /tmp $ nmap -PN -p- -T Aggressive 192.168.1.1/32

Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-02 23:15 EDT
Nmap scan report for 192.168.1.1
Host is up (0.00036s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
53/tcp open domain

Nmap done: 1 IP address (1 host up) scanned in 2619.51 seconds

fresh failsafe boot:

bts@maqabi /tmp $ nmap -PN -p- -T Aggressive 192.168.1.1/32

Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-03 00:05 EDT
Nmap scan report for 192.168.1.1
Host is up (0.00027s latency).
Not shown: 65534 closed ports
PORT STATE SERVICE
23/tcp open telnet

Nmap done: 1 IP address (1 host up) scanned in 1.94 seconds

same failsafe boot immediately after that scan:

bts@maqabi /tmp $ nmap -PN -p- -T Aggressive 192.168.1.1/32

Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-03 00:05 EDT
Nmap scan report for 192.168.1.1
Host is up (0.00044s latency).
All 65535 scanned ports on 192.168.1.1 are closed

Nmap done: 1 IP address (1 host up) scanned in 2.03 seconds

and from a fresh failsafe boot after i attempt to telnet in, same result:

bts@maqabi /tmp $ nmap -PN -p- -T Aggressive 192.168.1.1/32

Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-03 00:06 EDT
Nmap scan report for 192.168.1.1
Host is up (0.00060s latency).
All 65535 scanned ports on 192.168.1.1 are closed

Nmap done: 1 IP address (1 host up) scanned in 3.10 seconds

weird, right? it's as if as soon as telnet gets a SYN, it closes up.

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.