# Cowrie Backend default filter and OpenWRT ## Instruction Recently, I encountered an issue that when using a stable release openwrt [image](https://downloads.openwrt.org/releases/22.03.3/targets/x86/64/openwrt-22.03.3-x86-64-generic-ext4-combined-efi.img.gz) as a cowrie backend with cowrie's default network filter([default_filter.xml](https://github.com/cowrie/cowrie/blob/master/share/cowrie/pool_configs/default_filter.xml)), the backend vm can't recieve dhcp replies so cowrie can't establish ssh connections to the backend. ## Analysis After days of debugging, I noticed during OpenWRT's boot procedure, it will send a udp packet about **FAILSAFE MODE** from `192.168.1.1` to `192.168.1.255`.  It seems that this packet will mislead the filter about the vm's ip address, which makes SSH traffics unreachable. ## Workaround My workaround is to build my own image from [OpenWRT source](https://openwrt.org/docs/guide-developer/toolchain/use-buildsystem). The bellow parameters in `Image configuration` will disable the failsafe mode and that packet. ``` CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE=y CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG=y ``` The result image will work correctly under the default network filter. However, I don't know why the OpenWRT image provided by cowrie doesn't send that packet when it is started by cowrie. The packet can be found if I start the vm with `virsh define {filename}.xml` command. The `xml` file is copied from vm generated by cowrie.