[Pkg-utopia-maintainers] Bug#849392: network-manager: Network manager ignores accept_ra_rt_info_max_plen setting for IPv6

Marcin Kucharczyk marcin at kucharczyk.im
Mon Dec 26 15:51:35 UTC 2016 

Package: network-manager
Version: 1.4.4-1
Severity: normal
Tags: ipv6

Dear Maintainer,

When I checked my IPv6 routes I've noticed that route to my local subnet
has next hop same as my router. In deed local gateway sends IPv6 RA with
this information:

IP6 (hlim 255, next-header ICMPv6 (58) payload length: 128) fe80::5667:51ff:fee7:7cf > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 128
        hop limit 64, Flags [other stateful], pref high, router lifetime 180s, reachable time 0s, retrans time 0s
      prefix info option (3), length 32 (4): <prefix>::/64, Flags [onlink, auto], valid time 1138201s, pref. time 533401s
      route info option (24), length 24 (3):  <prefix>::/64, pref=medium, lifetime=1143629s
      rdnss option (25), length 40 (5):  lifetime 360s, addr: <dns1> addr: <dns2>
      mtu option (5), length 8 (1):  1500
      source link-address option (1), length 8 (1): 54:67:51:e7:07:cf


$ ip -6 r
<prefix>::/64 via fe80::5667:51ff:fee7:7cf dev eth0 proto ra metric 100  pref medium
fe80::5667:51ff:fee7:7cf dev eth0 proto static metric 100  pref medium
fe80::/64 dev eth0 proto kernel metric 256  pref medium
default via fe80::5667:51ff:fee7:7cf dev eth0 proto static metric 100  pref medium

But with settings:
net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.default.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.wlan0.accept_ra_rt_info_max_plen = 0

I would expect to have NM to ignore this NH and just configure kernel route for local subnet. 
This has some security implications and as it forwards all local-LAN traffic via
host who send the route despite kernel settings.



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages network-manager depends on:
ii  adduser                3.115
ii  dbus                   1.10.14-1
ii  init-system-helpers    1.46
ii  libaudit1              1:2.6.7-1
ii  libbluetooth3          5.43-1
ii  libc6                  2.24-8
ii  libglib2.0-0           2.50.2-2
ii  libgnutls30            3.5.7-2
ii  libgudev-1.0-0         230-3
ii  libmm-glib0            1.6.4-1
ii  libndp0                1.6-1
ii  libnewt0.52            0.52.19-1
ii  libnl-3-200            3.2.27-1
ii  libnm0                 1.4.4-1
ii  libpam-systemd         232-8
ii  libpolkit-agent-1-0    0.105-17
ii  libpolkit-gobject-1-0  0.105-17
ii  libreadline7           7.0-1
ii  libselinux1            2.6-3
ii  libsoup2.4-1           2.56.0-1
ii  libsystemd0            232-8
ii  libteamdctl0           1.26-1
ii  libuuid1               2.29-1
ii  lsb-base               9.20161125
ii  policykit-1            0.105-17
ii  udev                   232-8
ii  wpasupplicant          2.5-2+v2.4-3+b1

Versions of packages network-manager recommends:
ii  crda             3.13-1+b2
ii  dnsmasq-base     2.76-5
ii  iptables         1.6.0+snapshot20161117-4
ii  iputils-arping   3:20161105-1
ii  isc-dhcp-client  4.3.5-1
ii  modemmanager     1.6.4-1
ii  ppp              2.4.7-1+4

Versions of packages network-manager suggests:
pn  libteam-utils  <none>

-- no debconf information

More information about the Pkg-utopia-maintainers mailing list