Bug#684009: marked as done (isc-dhcp-client: dhclient must not assume a IPv6 prefix length of 64 when setting an address)

[Debian Bug Tracking System]

Your message dated Sun, 25 Oct 2015 07:34:48 +0000
with message-id <e1zqfpi-0005s5...@franck.debian.org>
and subject line Bug#684009: fixed in isc-dhcp 4.3.3-6
has caused the Debian Bug report #684009,
regarding isc-dhcp-client: dhclient must not assume a IPv6 prefix length of 64 
when setting an address
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
684009: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684009
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: isc-dhcp-client
Version: 4.2.2.dfsg.1-5
Severity: normal
Tags: upstream ipv6 patch

dhclient unconditionally assumes an on-link prefix matching the address and with a length of 64 when setting an IPv6 address. Like routing information, on-link prefix information is not part of the DHCPv6 protocol, so this is just a guess from the part of dhclient.

RFC 5942 asserts that on-link prefixes and addresses are independent concepts, and on-link prefix information must only come from Router Advertisements or manual configuration. Section 5 specifically points out that a /64 prefix must not be assumed.

In my case where a /112 prefix is used, the routing table becomes

nordmark@strix:~$ ip -6 route

2001:6b0:1:1e90::40:0/112 dev wlan0 proto kernel metric 256 expires 2592301sec

2001:6b0:1:1e90::/64 dev wlan0  proto kernel  metric 256

default via fe80::92e6:baff:fe68:ce8f dev wlan0 proto kernel metric 1024 expires 1777sec

and hosts sharing the /64 prefix but not the /112 are falsely determined as being on-link, and have become unreachable.

This is (probably, the bug tracking is closed so I can not verify) reported upstream as ISC-Bugs #29468.

The corresponding bug where Network Manager wrongly trusts the prefix length information from dhclient is #661885.

The incuded patch removes the use of the bogus ip6_prefixlen variables from dhclient-script and uses /128 when setting an address. Should other programs use these variables, they are hard coded as 128 instead of 64.

Arne


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages isc-dhcp-client depends on:
ii  debianutils      4.3.2
ii  iproute          20120521-3
ii  isc-dhcp-common  4.2.2.dfsg.1-5
ii  libc6            2.13-33

isc-dhcp-client recommends no packages.

Versions of packages isc-dhcp-client suggests:
ii  avahi-autoipd  0.6.31-1
ii  resolvconf     1.67

-- no debconf information

--- a/client/dhc6.c
+++ b/client/dhc6.c
@@ -3899,11 +3899,10 @@
 				      piaddr(addr->address),
 				      (unsigned) addr->plen);
 		} else {
-			/* Current practice is that all subnets are /64's, but
-			 * some suspect this may not be permanent.
+			/* Prefixlen set to 128 since this is only an address.
 			 */
 			client_envadd(client, prefix, "ip6_prefixlen",
-				      "%d", 64);
+				      "%d", 128);
 			client_envadd(client, prefix, "ip6_address",
 				      "%s", piaddr(addr->address));
 		}
--- a/debian/dhclient-script.linux
+++ b/debian/dhclient-script.linux
@@ -344,9 +344,9 @@
         ;;
 
     BOUND6|RENEW6|REBIND6)
-        if [ "${new_ip6_address}" ] && [ "${new_ip6_prefixlen}" ]; then
+        if [ "${new_ip6_address}" ]; then
             # set leased IP
-            ip -6 addr add ${new_ip6_address}/${new_ip6_prefixlen} \
+            ip -6 addr add ${new_ip6_address}/128 \
                 dev ${interface} scope global
         fi
 
@@ -360,23 +360,19 @@
         ;;
 
     DEPREF6)
-        if [ -z "${cur_ip6_prefixlen}" ]; then
-            exit_with_hooks 2
-        fi
-
         # set preferred lifetime of leased IP to 0
-        ip -6 addr change ${cur_ip6_address}/${cur_ip6_prefixlen} \
+        ip -6 addr change ${cur_ip6_address}/128 \
             dev ${interface} scope global preferred_lft 0
 
         ;;
 
     EXPIRE6|RELEASE6|STOP6)
-        if [ -z "${old_ip6_address}" ] || [ -z "${old_ip6_prefixlen}" ]; then
+        if [ -z "${old_ip6_address}" ]; then
             exit_with_hooks 2
         fi
 
         # delete leased IP
-        ip -6 addr del ${old_ip6_address}/${old_ip6_prefixlen} \
+        ip -6 addr del ${old_ip6_address}/128 \
             dev ${interface}
 
         ;;

--- End Message ---

--- Begin Message ---

Source: isc-dhcp
Source-Version: 4.3.3-6

We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 684...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated isc-dhcp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 04 Oct 2015 03:24:47 +0000
Source: isc-dhcp
Binary: isc-dhcp-server isc-dhcp-dbg isc-dhcp-server-ldap isc-dhcp-common 
isc-dhcp-dev isc-dhcp-client isc-dhcp-client-ddns isc-dhcp-client-udeb 
isc-dhcp-relay
Architecture: source
Version: 4.3.3-6
Distribution: experimental
Urgency: medium
Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-de...@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description:
 isc-dhcp-client - DHCP client for automatically obtaining an IP address
 isc-dhcp-client-ddns - Dynamic DNS (DDNS) enabled DHCP client
 isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb)
 isc-dhcp-common - common files used by all of the isc-dhcp packages
 isc-dhcp-dbg - ISC DHCP server for automatic IP address assignment (debuging 
sym
 isc-dhcp-dev - API for accessing and modifying the DHCP server and client state
 isc-dhcp-relay - ISC DHCP relay daemon
 isc-dhcp-server - ISC DHCP server for automatic IP address assignment
 isc-dhcp-server-ldap - DHCP server that uses LDAP as its backend
Closes: 592539 684009
Changes:
 isc-dhcp (4.3.3-6) experimental; urgency=medium
 .
   * Fix missing build flags from the last upload.
   * Support IPv6 in the server init script (closes: #592539).
     - Thanks to Florent Fourcot and Ron Murray.
   * Don't assume an IPv6 prefix length of 64 (closes: #684009).
     - Thanks to Arne Nordmark.
Checksums-Sha1:
 07d021fc5d8e69509c9261320a2dcebf8c6be6e9 3294 isc-dhcp_4.3.3-6.dsc
 ff78fe9644d1e2bb63de1bee13774a7f586527ba 81896 isc-dhcp_4.3.3-6.debian.tar.xz
Checksums-Sha256:
 ac8e03f46ee811ebf99b8b0cde4ef2e342d077099b302d2806eed6b3e73f65b8 3294 
isc-dhcp_4.3.3-6.dsc
 3422490b0bf74d1be87fe5a9596f1bc01420fe5f2fe217cab20d095a3a5cf6cc 81896 
isc-dhcp_4.3.3-6.debian.tar.xz
Files:
 1048b22bebfb55310a4b59ee30d1ea2e 3294 net important isc-dhcp_4.3.3-6.dsc
 ab48c331e0c003e0463d1ad3c90c1ff9 81896 net important 
isc-dhcp_4.3.3-6.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJWLIVLAAoJELjWss0C1vRz3FYf/RESaCWCu40MDur8C/25fS82
aSblkbZ45/iHQpMSU1fwEaTYy7SDFyVI/8Ju4hqGG30rQRMfbv8n1BoFtPsspPxy
EmNvNMvSWF2Pbv19GP9SCKoKODxlVRN3KsdY6+nfpbs0ESJhoLjdkELWkS72P3x1
pqWL/y+IbyWej7U28I8pSUIp9n0oTVxr9EhtOL7ZnPDjRl7taqlXzMqBFONk+Y/v
vseA53aw1VA7h+y6ysFxAe1NyV9ASCTVIEZtKDc+fvXawp5zVB4s6BncWZbV9dHu
Nh9qdaHyegwDUGy/dqUyaFagv6sHnOXQtpOxwKZxdr5UAQ2N1uhekdZPmdzIewAd
BPMTjUIlesqMUKRusuAwghXZP3RLfK0mAFTNxYSMwmCEZ0DC2l+nWvQ1lWqRAnXJ
sbw0uVeo+/bRzSODcDbljGWbferKcYo3uPg9BQCA6elSDMzUpYhQfYxfuz+reE3J
h0eXg/dTGSm2nTQ2TH38P796DtmCajYSCEyR4Bcbj5KBCi59VPhdSq1yDAudQW7s
9EQ0O6h3SPIjrN2oNR1Fu12FqY2wZWGOAIBXY88OIf4v2yAFISCJ0UFBVsVbPmkX
+wOY8FDiQP8zn1af19V8M5QeDyCSnIZDA8PqZkMq5jJeizjnFXcPuNrIyJ1pK9py
08AlDA2+pWjv9F9Bg/BcVp3rjn3PboHhzR9ISxozBSutFEfNyDhuc8HIKcdnP4x/
b2vqBVSHpPVMWAGi4GKVNDl6gdXkkDb/ZEWiXM+tttYcZss9M5qMYANLNnV7ahim
x/duDOjTHro/vviUfiypfHsOb8MBTfEJ1pE0zjEKq+dJzo9PwjV2njHnli1SfhHt
jigSdwRsVW/0FNZZa0K0rlQReTYQRH9MyLLnnPku6OXUnAteZOromCe+Cm++XikM
KV6pskpbYlgG1SXSljx8HnrScPNlmYfL8wiFNvpzyPLsFQ40u+Kyw2HF781Cqilp
X7yxNj084qHQVZFvmbhIc/flFTKl9MZWiIu1HhEDh9+4jH5NE4w1SKe8C2+VaI3k
HCZLQqEgwAdXW42hBtyjLhCer7gFRcyvCqaMkI2HiW4X00d5pKbBrvHFk2wtE8pN
WTa4GNyHBvab310Bu1G2eQUD23bY/1mJzmaVlMITZLkT6HR0iJglEV2gEDL9VxDK
Qhw3m0QV8MtWc2Fc9jBq2HNBdnpwQoha/jCL/6bSJogy4Hz07LUsYxX2k8WRtglw
+yThKKjvjXllqSdmSRA7iU1LKFaLqyLq9IgFjuQvaYmgabylANM2nJy4vmcyvVNa
vGb/Zitp18hy0ljl1tS6FU+Nxxyh8RqOP4TlPTN7KC0xl79Dyg4ie+adRqVXcHE=
=bH0A
-----END PGP SIGNATURE-----

--- End Message ---