Broken policy routing table observed

[Juul]

On a node flashed with latest available built firmware images as of June 28 2018 (sudowrt v0.3.0) I observed the following:

root@sudomesh-node:~# ip rule show 
0:	from all lookup 128 
1:	from all lookup local 
13000:	from 192.168.1.0/24 lookup main 
13000:	from all to 192.168.1.0/24 lookup main 
32766:	from all lookup main 
32767:	from all lookup default 

This resulted in no IPs being reachable from the public interfaces (except for those of the node itself) because (due to missing ip policy routing rules) traffic was attempting to use the main routing table even when coming from the public interfaces and that traffic was then of course being dropped by the firewall FORWARD rules.

[Juul]

Rebooting resolved the issue and it is now showing:

root@sudomesh-node:~# ip rule show
0:	from all lookup 128 
1:	from all lookup local 
14000:	from 172.22.0.0/24 lookup main 
14000:	from all to 172.22.0.0/24 lookup main 
14000:	from 172.30.0.0/24 lookup main 
14000:	from all to 172.30.0.0/24 lookup main 
15000:	from all iif br-priv lookup main 
16000:	from all lookup public 
32766:	from all lookup main 
32767:	from all lookup default 

This same node seemed to have also changed its own root password after some number of hours even though we had manually changed the password before that time.

Is it possible that both of these issues were somehow caused by the script that runs after some number of hours after flashing to remove the default root password? @paidforby

[paidforby]

Maybe has something to do with the way meshrouting is being started? See sudomesh/sudowrt-firmware#135
Also did you make sure to also delete the cron job, not just change the root/admin passwords? Located in /etc/crontabs/root, this triggers the pw_reset script. Not sure how this could be related to the routing rules, but it's possible?

[bennlich]

@Juul If this happens again I would look in /var/log/messages for evidence of meshrouting failing to start. That's where those rules get set AFAIK: https://github.com/sudomesh/sudowrt-firmware/blob/master/files/opt/mesh/templates/etc/init.d/meshrouting#L143-L160.