[Pkg-utopia-maintainers] Bug#686328: Bug#686328: network-manager: creates static IPv6 routes for every cached route (=remote system)

Michael Biebl biebl at debian.org
Fri Aug 31 08:20:24 UTC 2012


On 31.08.2012 10:09, Bernhard Schmidt wrote:
> Package: network-manager
> Version: 0.9.4.0-5
> Severity: important
> Tags: patch upstream ipv6
> 
> Excuse me for filing this bug so late, I thought there was already one in Debian for this
> issue. But it seems I was only following the upstream discussion.
> 
> The Linux kernel adds a route cache entry for every destination the system is trying to reach,
> to track things like MTU and RTT. You can usually see them using "ip -6 route show cache". 
> 
> When network-manager is in ipv6-mode != ignore, it listens to netlink for routing table changes
> and wrongly adds a static route for every cached entry that appears.
> 
> This is reported to slow down systems with many peers (i.e. bittorrent) and has security 
> issues as well, since this would make traffic go ways you don't expect. For example, when you
> fire up LAN, send a packet to some host and then build a VPN connection with a net including 
> that host, the traffic is still sent unencrypted. It also breaks Chromium in some cases
> 
> This bug has been reported upstream 
> https://bugzilla.gnome.org/show_bug.cgi?id=671767
> and in Ubuntu
> https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1038541
> 
> Both have fixed it. Upstream has commited two patches last night that (apart from some fuzz)
> apply to the Debian package. I'm just building a test and will attach the patch asap.
> 
> IME this would be an important fix for Wheezy.

Agreed and thanks for bringing this up. I think Phil was also bitten by
this bug and was very interested in getting a fix for that in wheezy.
As I don't have a setup where I can test the patch, it would be great if
either of you could give this patch a try and report back.

Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20120831/920b0bdd/attachment.pgp>


More information about the Pkg-utopia-maintainers mailing list