OpenWrt/LEDE Project

  • Status Closed
  • Percent Complete
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity Medium
  • Priority Very Low
  • Reported Version Trunk
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by 7hunderbug - 29.06.2017
Last edited by Hans Dedecker - 17.07.2017

FS#876 - dnsmasq-full "Exclude interfaces" configuration does not work as expected.

Device problem occurs on: BT Home Hub 5A / Lantiq xrx200

Software versions of LEDE release, packages, etc: LEDE Reboot 17.01.2 r3435-65eec8bd5f / LuCI lede-17.01 branch (git-17.163.57307-c79bb96)

Steps to reproduce:

By default, dnsmasq-full listens on all interfaces, including pppoe-wan, tun0, lo, other vpns etc. I want to restrict dnsmasq to listen only on br-lan and lo (I’m also running dns-crypt, wireguard and openvpn) and I want to exclude pppoe-wan, vpn_wg and tun0.

1. Add each interface in a new line under dhcp configuration “Exclude interfaces” and save.
2. SSH to router and check using ‘netstat -tulnp’ to find that dnsmasq is *still* listening on all interfaces.
3. Examine file /tmp/etc/dnsmasq.conf.cfg02411c to check dnsmasq runtime configuration for multiple “except-interface=” lines. Find that there is only one line showing “except-interface=vpn_wg”.

In my attmepts to troubleshoot, I’ve found that the configuration line “except-interface=” appears for some interfaces only, and only one at a time, otherwise the line is completely absent from the runtime configuration.

I’ve managed to trace the problem to this commit on github:

Reverting this commit on my router fixes the problem and now all interfaces specified for exclusion on the dhcp configuration page are properly ignored and multiple “except-interface=” lines exist in the dnsmasq runtime configuration file.

Closed by  Hans Dedecker
17.07.2017 11:26
Reason for closing:  Fixed
Additional comments about closing:  

Fixed in commit https://git.lede-;a=commit;h=a89 c36b50875e61c790113d3adee10621575788a

Jo-Philipp Wich commented on 29.06.2017 13:55

Please test the following change:

  diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
  index a762cd3309..1ecbb3c689 100644
  --- a/package/network/services/dnsmasq/files/dnsmasq.init
  +++ b/package/network/services/dnsmasq/files/dnsmasq.init
  @@ -116,12 +116,12 @@ append_ipset() {
   append_interface() {
  -       network_get_device ifname "$1" || return
  +       network_get_device ifname "$1" || ifname="$1"
          xappend "--interface=$ifname"
   append_notinterface() {
  -       network_get_device ifname "$1" || return
  +       network_get_device ifname "$1" || ifname="$1"
          xappend "--except-interface=$ifname"
ceri commented on 10.07.2017 03:29

I was having the same issue. The patch above fixes the issue for me.


7hunderbug commented on 25.10.2017 07:21

When will this make it into a release? This problem with dnsmasq still exists in 17.01.4 installed today 25/10/17.


Available keyboard shortcuts


Task Details

Task Editing