Disable Homeplug feature on Fritzbox?
I wanted to test something with Wireshark and upon launching it, I noticed that some device named "AvmAudio" continuously broadcasts some "SW version request" (HomePlug AV protocol) even though our power line does not support this. My guess is that this is a feature of the FritzBox 7530 I've got here, but I cannot find an option in the admin panel to disable this feature. Is it even possible to disable it?
EDIT: Thanks to @wsd for providing a modified version of Lorenzo Fontana's UDP packet filter. I modified it a little more, because I didn't like the void pointer arithmetic going on there.
/*
* File: homeplug_av_drop.c
* Compile: clang -I /usr/include/x86_64-linux-gnu -O2 -target bpf -c homeplug_av_drop.c -o homeplug_av_drop.o
* Load: ip link set dev <devname> xdp obj homeplug_av_drop.o sec .text
* Unload: ip link set dev <devname> xdp off
*/
#include <linux/bpf.h>
#include <linux/in.h>
#include <linux/if_ether.h>
#define SEC(NAME) __attribute__((section(NAME), used))
#define htons(x) ((__be16)___constant_swab16((x)))
#define ETH_P_HOMEPLUG 0x88e1
#define ETH_P_MEDIAXSTREAM 0x8912
int dropper (struct xdp_md* ctx) {
long ethhdr_addr = (long)ctx->data;
long ethhdr_end_addr = ethhdr_addr + sizeof(struct ethhdr);
if (ethhdr_end_addr > (long)ctx->data_end) {
return XDP_PASS;
}
struct ethhdr* eth = (struct ethhdr*)ethhdr_addr;
if (eth->h_proto == htons(ETH_P_HOMEPLUG) || eth->h_proto == htons(ETH_P_MEDIAXSTREAM)) {
return XDP_DROP;
} else {
return XDP_PASS;
}
}
char _license[] SEC("license") = "GPL";
EDIT 2 (June 2020): I sent AVM an email describing the problem and asking whether or not there is a way to make the FRITZ!Box stop sending those packets. Their response (translated from German) reads:
The evaluation of the support data you provided did not reveal any errors on the part of the FRITZ!Box.
We have no plans to add the ability to disable the protocols mentioned. The guide you found in our knowledge base describes a persistent solution to avoid future notifications [about unrequested packages hitting the firewall].
This Problem is still around, and it doesn't look like fixing it is on the roadmap. The most relevant piece of information from AVM is a knowledge base article about what to do if your firewall reports an "attack" with packets of type 0x88e1. Unfortunately the page is not available in English, so here's a summary:
A firewall or a program for the analysis of network activity like Wireshark reports packets of type 0x88e1 every 5 seconds.
The incoming connections do not originate from the internet, but from the FRITZ!Box, and do not present a security problem.
Type 0x88e1: The FRITZ!Box regularly uses packets of type 0x88e1 to detect whether FRITZ!Powerline adapters are present in the network. The detected adapters are shown in the FRITZ!Box user interface in the "Local Network > Mesh" tab.
If you do not want to receive these notifications, configure your device firewall to allow incoming connections of packet type 0x88e1.
Depending on your use case, here are some workarounds (note that I handle both 0x88e1 and 0x8912, as those seem to coincide):
-
If the packets are obscuring your wireshark output, filter them like this:
! ether proto 0x88E1 and ! ether proto 0x8912
-
If you want to stop them reaching any programs (e.g. RAW sockets with ETH_P_ALL), filter then using XDP, with a small BPF program based on a snippet by Lorenzo Fontana (GPL):
#include <linux/bpf.h> #include <linux/in.h> #include <linux/if_ether.h> #define SEC(NAME) __attribute__((section(NAME), used)) #define htons(x) ((__be16)___constant_swab16((x))) int homeplug_av_drop(struct xdp_md *ctx) { void *data = (void *)(long)ctx->data; void *data_end = (void *)(long)ctx->data_end; struct ethhdr *eth = data; if (data + sizeof(*eth) > data_end) { return XDP_PASS; } if (eth->h_proto == htons(0x88e1) || eth->h_proto == htons(0x8912)) { return XDP_DROP; } else { return XDP_PASS; } } char _license[] SEC("license") = "GPL";
Save that as
filter.c
, then compile, load and unload (when you're done):clang -I/usr/include/x86_64-linux-gnu -O2 -target bpf -c filter.c -o filter.o sudo ip link set dev eth0 xdp obj filter.o sec .text sudo ip link set dev eth0 xdp off