odhcp6c: "safe" parameter causes keeping invalid prefixes valid

Paul D newtwen at gmail.com
Mon Oct 27 11:06:01 PDT 2025 

On 2025-10-25 13:27, Jonas Lochmann wrote:
> I am operating OpenWrt routers with mwan3 and also know other people
> that do this. A longstanding issue is that IPv6 allows deprecated
> rules and mwan3 uses them and then has connectivity issues.
> 
> However, deprecated routes should still work. So I suspected an issue
> in the upstream routers (issue was always with IPv6 RA with
> Fritz! routers, but never when OpenWrt itself did PPPoE). A packet
> capture showed that what OpenWrt considerd valid but deprecated was
> sent as invalid (valid lifetime = zero) from the uplink.
> 
> odhcp6c handles RA prefixes here [1] by calling odhcp6c_update_entry;
> the third parameter (called "safe") is hardcoded as 7200 (2 hours).
> In its implementation, something strange is done using it [2]:
> 
> 803         if (x && x->valid > new->valid && new->valid < safe)
> 804                 new->valid = safe;


I was looking at this recently, and there is a PR which attempts to remedy exactly this although the PR seems to have other issues

https://github.com/openwrt/odhcp6c/pull/97/files

Good if you can contribute some comments there or submit a PR yourself?


> 
> Note: x is the previous data for that prefix.
> 
> If new->valid is zero, then it is very likely smaller than x->valid and
> at the same time smaller than safe (2 hours). In this case, valid = 0
> is replaced with valid = 2 hours. As the next RA is received within
> two hours, it is again extended to the full two hours.
> 
> RFC 4861 recommends another behavior:
> 
>> If the prefix is already present in the host's Prefix List as
>> the result of a previously received advertisement, reset its
>> invalidation timer to the Valid Lifetime value in the Prefix
>> Information option.  If the new Lifetime value is zero, time-out
>> the prefix immediately (see Section 6.3.5).
> 
> Now, one could add valid = zero as special case. However, I see an
> bigger issue. I suspect that the whole if statement has a logic error
> and something else was intended. Maybe clamping valid to up to two
> hours?
> 
> [1] https://git.openwrt.org/?p=project/odhcp6c.git;a=blob;f=src/ra.c;h=01a8b721d719f0e0e545a3ca7471c47490597969;hb=77e1ae21e67f81840024ffe5bb7cf69a8fb0d2f0#l511
> [2] https://git.openwrt.org/?p=project/odhcp6c.git;a=blob;f=src/odhcp6c.c;h=8354820746131b8d0c9d01f7141af635edc0b8fe;hb=77e1ae21e67f81840024ffe5bb7cf69a8fb0d2f0#l803
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list