Skip to content

ddns-scripts: add curl source IP bind fallback#29776

Open
user1121114685 wants to merge 4 commits into
openwrt:masterfrom
user1121114685:fix-ddns-curl-bind-fallback
Open

ddns-scripts: add curl source IP bind fallback#29776
user1121114685 wants to merge 4 commits into
openwrt:masterfrom
user1121114685:fix-ddns-curl-bind-fallback

Conversation

@user1121114685

Copy link
Copy Markdown

This fixes a long-standing failure mode in the cURL transfer path when bind_network is active.

ddns-scripts has defaulted bind_network from ip_source=network since 2020, and cURL has bound that network by logical device since the PPPoE fix in 2021. That device binding is still the right first choice because it preserves the existing PPPoE and multi-WAN behavior.

However, on some PPPoE setups libcurl can fail when bound to the logical PPP device while the same request succeeds when bound to the source address of that same network. In the observed case, curl --interface pppoe-wan to the HE.net update endpoint timed out with the TCP connection stuck in SYN_SENT, while curl --interface <wan-ip> succeeded immediately.

This PR keeps the current behavior as the primary path and only retries once with the network source IP when the device-bound cURL transfer fails. That keeps existing users on the original code path unless it fails, preserves the selected network for multi-WAN setups, and makes cURL consistent with the existing GNU Wget path, which already binds to the network IP address.

The sample configuration is also updated to document the implicit bind_network default and the cURL fallback behavior.

Tested:

  • bash -n net/ddns-scripts/files/usr/lib/ddns/dynamic_dns_functions.sh
  • git diff --check HEAD~1..HEAD
  • Runtime checked on a PPPoE WAN setup where device-bound cURL failed and source-IP-bound cURL succeeded against dyn.dns.he.net.

@user1121114685

Copy link
Copy Markdown
Author

@feckert Hi, could you please take a look at this PR for ddns-scripts when you have time? Thanks!

@feckert feckert left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please bump the PKG_Release by one

Comment thread net/ddns-scripts/files/usr/lib/ddns/dynamic_dns_functions.sh
@user1121114685

Copy link
Copy Markdown
Author

Hi @feckert, thanks for taking the time to review!

I've double-checked the code and would like to respectfully clarify the logic regarding those variables:

  1. Variable Scope and Usage: In OpenWrt's ash shell, local is function-scoped, not block-scoped. Declaring __BIND_OPT and __FALLBACK_BIND_OPT as local inside the if [ -n "$bind_network" ] block safely contains them within the do_transfer() function, completely preventing any global leakage. Furthermore, they are actively used just a few lines further down within the exact same function to assemble the final cURL execution and fallback commands (__RUNPROG="$__PROG$__BIND_OPT '$__URL'").

  2. FALLBACK_DESC Declaration: You mentioned this was undeclared, but it is actually explicitly declared as local at the very beginning of the do_transfer() function (alongside __FALLBACK_RUNPROG).

That being said, you are completely right about bumping the PKG_Release! I will update the Makefile by one as requested and push the new commit shortly. Thanks again!

@user1121114685

Copy link
Copy Markdown
Author

I do not think we should keep changing this PR to address the remaining CI failure.

I re-checked the CI runs for this branch:

  • The first failing run on f6ea6895 did include a real ddns-scripts generic test failure: /usr/bin/ddns did not report the package version. That was addressed by 67b3330e, which added -V/--version support.
  • In the later failing run on 67b3330e, ddns-scripts and the related ddns-scripts-* packages pass the generic tests. The remaining failure is from giflib-utils in libs/giflib: none of its executables reports version 5.2.2 to the generic test probe.
  • The latest run for e65e941e is action_required and has no jobs/logs, so it did not provide a new test failure to fix.

giflib-utils is only pulled into this test set as a dependency of ddns-scripts-cnkuai; the failing package is not part of the ddns-scripts change in this PR. If that CI issue needs a package fix, it should be handled separately in libs/giflib (for example with an appropriate version-test override), not by adding unrelated changes to this ddns-scripts PR.

@feckert

feckert commented Jun 26, 2026

Copy link
Copy Markdown
Member

LGTM and thanks for your fix we are almost ready to merge.

Just a quick note: Could you please adjust your commit descriptions so that they do not exceed the 80-character limit. And please move the increase in PKG_VERSION to a separate commit and set PKG_RELEASE to “1”, as you have updated PKG_VERSION already. thanks

@user1121114685 user1121114685 force-pushed the fix-ddns-curl-bind-fallback branch from e65e941 to cd5a0df Compare June 26, 2026 14:35
@user1121114685

Copy link
Copy Markdown
Author

Done, thanks.

I have updated the PR according to your request:

  • wrapped the commit descriptions so every line is within 80 characters
  • moved the PKG_VERSION bump into a separate commit
  • reset PKG_RELEASE to 1 after bumping PKG_VERSION

The branch has been force-pushed and should be ready for another look.

@BKPepe BKPepe force-pushed the fix-ddns-curl-bind-fallback branch from cd5a0df to b275876 Compare June 30, 2026 11:45
@openwrt

openwrt Bot commented Jun 30, 2026

Copy link
Copy Markdown

Formality Check: Failed

We completed the verification flow. Please review the formatting overview logs below.

🛑 CRITICAL ERRORS

Commit 24b4c74 - ddns-scripts: add curl source IP bind fallback:

  • Author name format is invalid ('shaoxia')

Commit f5328f7 - ddns-scripts: support version output in frontend:

  • Author name format is invalid ('shaoxia')

Commit 3228011 - ddns-scripts: fix one.com prerm test syntax:

  • Author name format is invalid ('shaoxia')

Commit 289f05a - ddns-scripts: update to 2.8.4:

  • Author name format is invalid ('shaoxia')

Something broken? Consider reporting an issue.
Running version 8cdcd46 deployed on 2026-07-04 20:33:16 CEST

Keep the existing cURL bind_network behavior of binding to the
logical device first. This preserves the behavior introduced for
PPPoE and multi-WAN setups where the selected network must also be
used for the DDNS update request.

Some setups can still fail when libcurl binds directly to the logical
PPP device. In that case the transfer may time out even though binding
to the source address of the same network succeeds. This can make DDNS
updates fail repeatedly on affected systems.

Retry cURL transfers once with the network source IP when the
device-bound transfer fails. This leaves the normal path unchanged,
keeps the update request on the same network, and matches the existing
GNU Wget behavior which already binds to the network IP address.

Also document the implicit bind_network default and the cURL fallback
in the sample configuration.

Signed-off-by: shaoxia <admin@shaoxia.xyz>
The /usr/bin/ddns frontend did not support a version option, so
generic package tests treated it as an executable that could not report
the package version.

Read the installed version file and support -V/--version, matching the
version output style used by dynamic_dns_updater.sh.

Signed-off-by: shaoxia <admin@shaoxia.xyz>
Add the missing spaces around the test bracket in the one.com
pre-removal script and escape IPKG_INSTROOT consistently with the other
subpackages.

Signed-off-by: shaoxia <admin@shaoxia.xyz>
Bump PKG_VERSION for the ddns-scripts changes and reset PKG_RELEASE to
1 as requested.

Signed-off-by: shaoxia <admin@shaoxia.xyz>
@BKPepe BKPepe force-pushed the fix-ddns-curl-bind-fallback branch from b275876 to 289f05a Compare July 4, 2026 18:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants