Package: network-manager Version: 1.4.4-1 Severity: normal Tags: ipv6 Dear Maintainer,
When I checked my IPv6 routes I've noticed that route to my local subnet has next hop same as my router. In deed local gateway sends IPv6 RA with this information: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 128) fe80::5667:51ff:fee7:7cf > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 128 hop limit 64, Flags [other stateful], pref high, router lifetime 180s, reachable time 0s, retrans time 0s prefix info option (3), length 32 (4): <prefix>::/64, Flags [onlink, auto], valid time 1138201s, pref. time 533401s route info option (24), length 24 (3): <prefix>::/64, pref=medium, lifetime=1143629s rdnss option (25), length 40 (5): lifetime 360s, addr: <dns1> addr: <dns2> mtu option (5), length 8 (1): 1500 source link-address option (1), length 8 (1): 54:67:51:e7:07:cf $ ip -6 r <prefix>::/64 via fe80::5667:51ff:fee7:7cf dev eth0 proto ra metric 100 pref medium fe80::5667:51ff:fee7:7cf dev eth0 proto static metric 100 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default via fe80::5667:51ff:fee7:7cf dev eth0 proto static metric 100 pref medium But with settings: net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.default.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.wlan0.accept_ra_rt_info_max_plen = 0 I would expect to have NM to ignore this NH and just configure kernel route for local subnet. This has some security implications and as it forwards all local-LAN traffic via host who send the route despite kernel settings. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages network-manager depends on: ii adduser 3.115 ii dbus 1.10.14-1 ii init-system-helpers 1.46 ii libaudit1 1:2.6.7-1 ii libbluetooth3 5.43-1 ii libc6 2.24-8 ii libglib2.0-0 2.50.2-2 ii libgnutls30 3.5.7-2 ii libgudev-1.0-0 230-3 ii libmm-glib0 1.6.4-1 ii libndp0 1.6-1 ii libnewt0.52 0.52.19-1 ii libnl-3-200 3.2.27-1 ii libnm0 1.4.4-1 ii libpam-systemd 232-8 ii libpolkit-agent-1-0 0.105-17 ii libpolkit-gobject-1-0 0.105-17 ii libreadline7 7.0-1 ii libselinux1 2.6-3 ii libsoup2.4-1 2.56.0-1 ii libsystemd0 232-8 ii libteamdctl0 1.26-1 ii libuuid1 2.29-1 ii lsb-base 9.20161125 ii policykit-1 0.105-17 ii udev 232-8 ii wpasupplicant 2.5-2+v2.4-3+b1 Versions of packages network-manager recommends: ii crda 3.13-1+b2 ii dnsmasq-base 2.76-5 ii iptables 1.6.0+snapshot20161117-4 ii iputils-arping 3:20161105-1 ii isc-dhcp-client 4.3.5-1 ii modemmanager 1.6.4-1 ii ppp 2.4.7-1+4 Versions of packages network-manager suggests: pn libteam-utils <none> -- no debconf information