[Dnsmasq-discuss] dnsmasq can be tricked to send invalid RAs
Simon Kelley
simon at thekelleys.org.uk
Sun Jan 5 17:39:03 GMT 2020
On 05/01/2020 13:25, Michal Zatloukal wrote:
> Hello.
> I recently decided to move my dnsmasq+6in4 tunnel setup from Raspbian
> to the latest Ubuntu. To keep a long story short, after some
> (mis)configuration I ended up with an interface with an IPv6 GUA, but
> with no LLA [0] (a bug/oversight in netplan, I guess [1]). dnsmasq
> does not protest this and will send RAs sourced with GUA, which will
> fail validation according to RFC 4861, section 6.1.2.
> Not really a problem for my case (AFAIK, an interface should never
> lose/stay without its LLA) , just thought you should know.
>
> Cheers,
> MZ
>
> [0] Should be reproducible by:
> ip addr add dev <device> 2001:db8::1/64
> ip -6 addr flush dev <device> scope link
> Then for dnsmasq config, use
> dhcp-range=::,constructor:<device>,ra-names
> [1] https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/1810971
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
I don't seem to be able to reproduce this easily, the
ip -6 addr flush ....
either doesn't delete the LL address, or it gets added back in very
short order.
Nevertheless,
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=378fa56888767ff58762a338c3425647b98bf59e
should fix the problem is and when it occurs.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list