[pkg-dhcp-devel] Bug#684009: isc-dhcp-client: dhclient must not assume a IPv6 prefix length of 64 when setting an address
Ralf Schlatterbeck
ralf at zoo.priv.at
Tue Jan 14 12:21:14 UTC 2014
Note that dhclient does not itself configures the interface but instead
calls the shellscript /sbin/dhclient-script to do the work. So a quick
workaround is to patch that script to use a fixed netmask of /128
(patch attached).
The real fix is to hand a fixed /128 netmask to the dhclient-script from
the daemon. This patches C-code in dhclient (patch attached).
Note that the dhcpv6 protocol doesn't have an option for a netmask. So
it is always /128 and routing is left to icmpv6 router advertisements.
That also means that the option "accept_ra" of the dhcp method for the
INET6 address family in /etc/network/interfaces (see interfaces(5) man
page) probably should be on by default or completely removed. In
addition maybe a fixed netmask should be configurable (see excerpts from
RFC5942 below).
Just some more facts regarding this issue:
RFC 5942 is very clear about a DHCP client "inventing" a prefix:
RFC5942, p.7 under "Host Rules":
"""
1. The assignment of an IPv6 address -- whether through IPv6
stateless address autoconfiguration [RFC4862], DHCPv6 [RFC3315],
or manual configuration -- MUST NOT implicitly cause a prefix
derived from that address to be treated as on-link and added to
the Prefix List. ...
"""
and on p.8 under the heading "Observed Incorrect Implementation Behavior":
"""
... An address
could be acquired through the DHCPv6 identity association for non-
temporary addresses (IA_NA) option from [RFC3315] (which does not
include a prefix length), or through manual configuration (if no
prefix length is specified). The host incorrectly assumes an
invented prefix is on-link. This invented prefix typically is a /64
that was written by the developer of the operating system network
module API to any IPv6 application as a "default" prefix length when
a length isn't specified...
"""
I sincerely hope this gets fixed in the next release of dhcpd. Note that
I've also filed an upstream report with issue number #35178 (before I
knew about this debian report) and I'm surprised the currently scheduled
4.3.0a1 release doesn't yet have the fix.
Ralf
--
Ralf Schlatterbeck email: ralf at zoo.priv.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhclient-script.patch
Type: text/x-diff
Size: 520 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-dhcp-devel/attachments/20140114/1424d75a/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhc6.patch
Type: text/x-diff
Size: 522 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-dhcp-devel/attachments/20140114/1424d75a/attachment-0001.patch>
More information about the pkg-dhcp-devel
mailing list