Bug#844246: ignores Route Preference in received router advertisements

Marc Haber mh+debian-packages at zugschlus.de
Sun Nov 13 18:20:05 GMT 2016 

Package: systemd
Version: 232-3
Severity: important

Hi,

the systemd IPv6 code ignores the Route Preference that is in an
incoming router advertisement.

Here is what tshark -V says about the packet:

Frame 53: 294 bytes on wire (2352 bits), 294 bytes captured (2352 bits) on interface 0
    Interface id: 0 (wlp3s0)
    Encapsulation type: Ethernet (1)
    Arrival Time: Nov 13, 2016 19:14:05.830790406 CET
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1479060845.830790406 seconds
    [Time delta from previous captured frame: 0.044608796 seconds]
    [Time delta from previous displayed frame: 0.044608796 seconds]
    [Time since reference or first frame: 3.084251040 seconds]
    Frame Number: 53
    Frame Length: 294 bytes (2352 bits)
    Capture Length: 294 bytes (2352 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ipv6:icmpv6]
Ethernet II, Src: 7e:79:61:31:55:28 (7e:79:61:31:55:28), Dst: IPv6mcast_01 (33:33:00:00:00:01)
    Destination: IPv6mcast_01 (33:33:00:00:00:01)
        Address: IPv6mcast_01 (33:33:00:00:00:01)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: 7e:79:61:31:55:28 (7e:79:61:31:55:28)
        Address: 7e:79:61:31:55:28 (7e:79:61:31:55:28)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: fe80::1, Dst: ff02::1
    0110 .... = Version: 6
    .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00 (DSCP: CS0, ECN: Not-ECT)
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
        .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    .... .... .... 1000 1110 0101 0001 0001 = Flow label: 0x8e511
    Payload length: 240
    Next header: ICMPv6 (58)
    Hop limit: 255
    Source: fe80::1
    Destination: ff02::1
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x67f3 [correct]
    [Checksum Status: Good]
    Cur hop limit: 64
    Flags: 0x00
        0... .... = Managed address configuration: Not set
        .0.. .... = Other configuration: Not set
        ..0. .... = Home Agent: Not set
        ...0 0... = Prf (Default Router Preference): Medium (0)
        .... .0.. = Proxy: Not set
        .... ..0. = Reserved: 0
    Router lifetime (s): 1800
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Prefix information : 2a01:238:4071:3282::/64)
        Type: Prefix information (3)
        Length: 4 (32 bytes)
        Prefix Length: 64
        Flag: 0xc0
            1... .... = On-link flag(L): Set
            .1.. .... = Autonomous address-configuration flag(A): Set
            ..0. .... = Router address flag(R): Not set
            ...0 0000 = Reserved: 0
        Valid Lifetime: 86400
        Preferred Lifetime: 14400
        Reserved
        Prefix: 2a01:238:4071:3282::
    ICMPv6 Option (Route Information : High ::/0)
        Type: Route Information (24)
        Length: 3 (24 bytes)
        Prefix Length: 0
        Flag: 0x08
            ...0 1... = Route Preference: High (1)
            000. .000 = Reserved: 0
        Route Lifetime: 1800
        Prefix: ::
    ICMPv6 Option (Route Information : Low 2000::/3)
        Type: Route Information (24)
        Length: 3 (24 bytes)
        Prefix Length: 3
        Flag: 0x18
            ...1 1... = Route Preference: Low (3)
            000. .000 = Reserved: 0
        Route Lifetime: 1800
        Prefix: 2000::
    ICMPv6 Option (Route Information : High 2a01:238:4071:3280::/59)
        Type: Route Information (24)
        Length: 3 (24 bytes)
        Prefix Length: 59
        Flag: 0x08
            ...0 1... = Route Preference: High (1)
            000. .000 = Reserved: 0
        Route Lifetime: 1800
        Prefix: 2a01:238:4071:3280::
    ICMPv6 Option (Route Information : High 2a01:238:4071:32b0::/60)
        Type: Route Information (24)
        Length: 3 (24 bytes)
        Prefix Length: 60
        Flag: 0x08
            ...0 1... = Route Preference: High (1)
            000. .000 = Reserved: 0
        Route Lifetime: 1800
        Prefix: 2a01:238:4071:32b0::
    ICMPv6 Option (Recursive DNS Server 2a01:238:4071:3281::35:100 2a01:238:4071:328e::35:100)
        Type: Recursive DNS Server (25)
        Length: 5 (40 bytes)
        Reserved
        Lifetime: 600
        Recursive DNS Servers: 2a01:238:4071:3281::35:100
        Recursive DNS Servers: 2a01:238:4071:328e::35:100
    ICMPv6 Option (DNS Search List Option zugschlus.de ka51.zugschlus.de)
        Type: DNS Search List Option (31)
        Length: 6 (48 bytes)
        Reserved
        Lifetime: 600
        Domain Names: zugschlus.de
        Domain Names: ka51.zugschlus.de
        Padding
    ICMPv6 Option (Source link-layer address : 7e:79:61:31:55:28)
        Type: Source link-layer address (1)
        Length: 1 (8 bytes)
        Link-layer address: 7e:79:61:31:55:28 (7e:79:61:31:55:28)

Please note the line
    ICMPv6 Option (Route Information : Low 2000::/3)
which explictly tells the client to coinfigure the router for 2000::/3
with a low preference so that it doesn't accidentally overwrite the
same route that might be pointing into a VPN tunnel.

In fact, the route is established with "medium" preference:
| 2000::/3 via fe80::1 dev wlp3s0 proto ra metric 600  pref medium
| 2000::/3 dev tun0 metric 1024  pref medium
which of course severely cripples the client's connectivity.

I think that systemd should either leave IPv6 negotiation to the
kernel, or do it correctly.

I am, however, not sure whether the IPv6 user space handling code is
currently enabled or not. If the code is disabled, then I'd better
report this issue agains the kernel. Please advise.

Greetings
Marc

-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.7-zgws1 (SMP w/4 CPU cores)
Locale: LANG=en_DK.utf8, LC_CTYPE=en_DK.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  adduser         3.115
ii  libacl1         2.2.52-3
ii  libapparmor1    2.10.95-6
ii  libaudit1       1:2.6.7-1
ii  libblkid1       2.29-1
ii  libc6           2.24-5
ii  libcap2         1:2.25-1
ii  libcryptsetup4  2:1.7.3-2
ii  libgcrypt20     1.7.3-2
ii  libgpg-error0   1.24-2
ii  libidn11        1.33-1
ii  libip4tc0       1.6.0-4
ii  libkmod2        23-1
ii  liblzma5        5.2.2-1.2
ii  libmount1       2.29-1
ii  libpam0g        1.1.8-3.3
ii  libseccomp2     2.3.1-2
ii  libselinux1     2.6-3
ii  libsystemd0     232-3
ii  mount           2.29-1
ii  util-linux      2.29-1

Versions of packages systemd recommends:
ii  dbus            1.10.12-1
ii  libpam-systemd  232-3

Versions of packages systemd suggests:
ii  policykit-1        0.105-17
pn  systemd-container  <none>
pn  systemd-ui         <none>

Versions of packages systemd is related to:
pn  dracut           <none>
ii  initramfs-tools  0.125
ii  udev             232-3

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list