Package: isc-dhcp-client
Version: 4.2.2.dfsg.1-5
Severity: normal
Tags: upstream ipv6 patch
dhclient unconditionally assumes an on-link prefix matching the address
and with a length of 64 when setting an IPv6 address. Like routing
information, on-link prefix information is not part of the DHCPv6
protocol, so this is just a guess from the part of dhclient.
RFC 5942 asserts that on-link prefixes and addresses are independent
concepts, and on-link prefix information must only come from Router
Advertisements or manual configuration. Section 5 specifically points
out that a /64 prefix must not be assumed.
In my case where a /112 prefix is used, the routing table becomes
nordmark@strix:~$ ip -6 route
2001:6b0:1:1e90::40:0/112 dev wlan0 proto kernel metric 256 expires
2592301sec
2001:6b0:1:1e90::/64 dev wlan0 proto kernel metric 256
default via fe80::92e6:baff:fe68:ce8f dev wlan0 proto kernel metric
1024 expires 1777sec
and hosts sharing the /64 prefix but not the /112 are falsely determined
as being on-link, and have become unreachable.
This is (probably, the bug tracking is closed so I can not verify)
reported upstream as ISC-Bugs #29468.
The corresponding bug where Network Manager wrongly trusts the prefix
length information from dhclient is #661885.
The incuded patch removes the use of the bogus ip6_prefixlen variables
from dhclient-script and uses /128 when setting an address. Should other
programs use these variables, they are hard coded as 128 instead of 64.
Arne
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages isc-dhcp-client depends on:
ii debianutils 4.3.2
ii iproute 20120521-3
ii isc-dhcp-common 4.2.2.dfsg.1-5
ii libc6 2.13-33
isc-dhcp-client recommends no packages.
Versions of packages isc-dhcp-client suggests:
ii avahi-autoipd 0.6.31-1
ii resolvconf 1.67
-- no debconf information
--- a/client/dhc6.c
+++ b/client/dhc6.c
@@ -3899,11 +3899,10 @@
piaddr(addr->address),
(unsigned) addr->plen);
} else {
- /* Current practice is that all subnets are /64's, but
- * some suspect this may not be permanent.
+ /* Prefixlen set to 128 since this is only an address.
*/
client_envadd(client, prefix, "ip6_prefixlen",
- "%d", 64);
+ "%d", 128);
client_envadd(client, prefix, "ip6_address",
"%s", piaddr(addr->address));
}
--- a/debian/dhclient-script.linux
+++ b/debian/dhclient-script.linux
@@ -344,9 +344,9 @@
;;
BOUND6|RENEW6|REBIND6)
- if [ "${new_ip6_address}" ] && [ "${new_ip6_prefixlen}" ]; then
+ if [ "${new_ip6_address}" ]; then
# set leased IP
- ip -6 addr add ${new_ip6_address}/${new_ip6_prefixlen} \
+ ip -6 addr add ${new_ip6_address}/128 \
dev ${interface} scope global
fi
@@ -360,23 +360,19 @@
;;
DEPREF6)
- if [ -z "${cur_ip6_prefixlen}" ]; then
- exit_with_hooks 2
- fi
-
# set preferred lifetime of leased IP to 0
- ip -6 addr change ${cur_ip6_address}/${cur_ip6_prefixlen} \
+ ip -6 addr change ${cur_ip6_address}/128 \
dev ${interface} scope global preferred_lft 0
;;
EXPIRE6|RELEASE6|STOP6)
- if [ -z "${old_ip6_address}" ] || [ -z "${old_ip6_prefixlen}" ]; then
+ if [ -z "${old_ip6_address}" ]; then
exit_with_hooks 2
fi
# delete leased IP
- ip -6 addr del ${old_ip6_address}/${old_ip6_prefixlen} \
+ ip -6 addr del ${old_ip6_address}/128 \
dev ${interface}
;;