Joined: 12 Dec 2007 Posts: 780 Location: Pittsburgh, PA USA
Posted: Mon Oct 04, 2021 20:42 Post subject: Solved: Detect IPv6 packets via CRON / script issue.
I have Verizon as my ISP, and they have not yet rolled out IPV6 to all locations. While reading the DSLReports.com forums on Verizon and IPV6, I found a script that someone wrote for PFSense that uses TCPDump to listen for IPV6 RA packets, thereby letting you know when IPV6 gets turned up in your area. After installing a few things in Entware (coreutils-timeout, mstmp, and busybox), I was able to adapt the script to run under DD-WRT r47225 (and subsequent releses). It's installed on a USB thumbdrive partition mounted as /jffs. I should add that this is on a WRT1900AC v1.
The script is intended to run once per day and listen for 5 minutes, then if a packet is detected, send an email notifying me. It also logs the start and end of the script in the system log. I have syslogd and klogd enabled.
If I run the script from the command line (SSH), it listens for 5 minutes and the two log entries are exactly 5 minutes apart. If I run it from a cron job, the end entry immediately follows the start entry, meaning it didn't listen for any time at all. I thought the difference in behavior had to do with it not running under root access, but I think I've ruled that out. The script is supposed to run at 5:01AM.
Currently my cron entry is:
1 5 * * * root sh /jffs/v6test.sh
But I've also tried
1 5 * * * sh /jffs/v6test.sh
1 5 * * * root /jffs/v6test.sh
I'm hoping someone can help me figure out what I'm doing wrong. I have searched the forums, the wiki, and anything else on Google related to Cron jobs.
The code for the script is below (email address redacted):
Code:
#!/bin/sh
# set the variable below to your FIOS interface
IF=eth1
logger -t v6test "Starting daily scan for IPV6"
timeout 300 tcpdump -ni ${IF} 'icmp6 && ip6[40] == 134' -c 10 >/tmp/${IF}_RAs.out
FSIZE=$(stat /tmp/${IF}_RAs.out)
FSIZE2=$(echo $FSIZE | cut -c33-34)
echo $FSIZE2
if [ "$FSIZE2" -gt 1 ]; then
logger -t v6test "RA packet detected on eth1 $0"
cat /jffs/mail.txt | msmtp -a gmail redacted@mydomain.com
fi
logger -t v6test "End scan for IPV6"
I've tried most of the newer builds since 47225. I'm on 47656 right now and it's still happening
Code:
root@Barricade:/tmp/var/log# cat messages | grep v6test
Nov 21 09:19:00 Barricade user.notice v6test: Starting daily scan for IPV6
Nov 21 09:19:00 Barricade user.notice v6test: End scan for IPV6
Nov 21 09:20:32 Barricade user.notice v6test: Starting daily scan for IPV6
Nov 21 09:25:32 Barricade user.notice v6test: End scan for IPV6
The first two are from the CRON job, where the last two lines are a manual run.
Timeout is running of a USB stick. One of those links seemed to indicate that might be related. _________________ __________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
Joined: 12 Dec 2007 Posts: 780 Location: Pittsburgh, PA USA
Posted: Fri Dec 10, 2021 10:35 Post subject:
The & seemed like a good call, but sadly, it didn't make any difference. I also tried removing the .sh extension, and ran chmod +x each time I renamed the file. When that didn't work, I tried every variant I could think of between the two. Best case, it did the same as before, ran for less than a second. Worst case, it didn't run at all.
My experience with bash is limited to DD-WRT, and this is really the first time I tried to do anything in cron. My job involves a lot of Windows Powershell. I'm explaining my backstory in case my next question is stupid or obvious.
Do I need to enclose the command in quotes or brackets or something to make sure cron reads the whole command? _________________ __________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
Joined: 12 Dec 2007 Posts: 780 Location: Pittsburgh, PA USA
Posted: Fri Dec 10, 2021 19:04 Post subject:
I figured it out. I had to modify the script to include explicit paths to the various commands. I guess it couldn't find timeout or some of the other commands.
Anyone else on Verizon FIOS is welcome to steal the script. It can certainly be modified to search for other types of traffic as well.
Thanks to all who offered suggestions. I love this community.
Code:
#!/bin/sh
# set the variable below to your FIOS interface
IF=eth1
logger -t v6test "Starting daily scan for IPV6"
/opt/bin/timeout 5m /opt/sbin/tcpdump -ni ${IF} 'icmp6 && ip6[40] == 134' -c 10 >/tmp/${IF}_RAs.out
FSIZE=$(/opt/bin/stat /tmp/${IF}_RAs.out)
FSIZE2=$(echo $FSIZE | cut -c33-34)
echo $FSIZE2
if [ "$FSIZE2" -gt 1 ]; then
logger -t v6test "RA packet detected on eth1 $0"
cat /jffs/mail.txt | /opt/bin/msmtp -a gmail redacted@mydomain.com
fi
logger -t v6test "End scan for IPV6"
Joined: 08 May 2018 Posts: 14221 Location: Texas, USA
Posted: Fri Dec 10, 2021 19:36 Post subject:
Glad you solved it; I don't think modifying $PATH is readily available via startup script due to the main flash filesystem being read-only, but doesn't Entware automatically add the path to command binaries? I knew somehow there was a missing "link" that was the issue, though. Now we know _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Explicit full path is always the best way to go in Linux/Unix world.
Lesson learned.
dpp3530 wrote:
I figured it out. I had to modify the script to include explicit paths to the various commands. I guess it couldn't find timeout or some of the other commands.
Anyone else on Verizon FIOS is welcome to steal the script. It can certainly be modified to search for other types of traffic as well.
Thanks to all who offered suggestions. I love this community.
Code:
#!/bin/sh
# set the variable below to your FIOS interface
IF=eth1
logger -t v6test "Starting daily scan for IPV6"
/opt/bin/timeout 5m /opt/sbin/tcpdump -ni ${IF} 'icmp6 && ip6[40] == 134' -c 10 >/tmp/${IF}_RAs.out
FSIZE=$(/opt/bin/stat /tmp/${IF}_RAs.out)
FSIZE2=$(echo $FSIZE | cut -c33-34)
echo $FSIZE2
if [ "$FSIZE2" -gt 1 ]; then
logger -t v6test "RA packet detected on eth1 $0"
cat /jffs/mail.txt | /opt/bin/msmtp -a gmail redacted@mydomain.com
fi
logger -t v6test "End scan for IPV6"
_________________ DD-WRT V3.0-r49626 std (08/03/22) on WRT3200ACM and flying...