[Dnsmasq-discuss] v2.83 failed to send packet: Network is unreachable
Simon Kelley
simon at thekelleys.org.uk
Fri Jan 22 18:30:19 UTC 2021
Update: I missed a case.
Simon.
thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=12af2b171de0d678d98583e2190789e544440e02
On 22/01/2021 17:47, Simon Kelley wrote:
> On 22/01/2021 16:08, Hannu Nyman wrote:
>> I bisected the dnsmasq commits, and looks like it is caused by this:
>>
>> 15b60ddf935a531269bb8c68198de012a4967156 FAIL
>> 824461192ca5098043f9ca4ddeba7df1f65b30ba Ok ?
>>
>> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=15b60ddf935a531269bb8c68198de012a4967156
>>
>>
>> "Handle multiple identical near simultaneous DNS queries better."'
>>
>> Dnsmasq built from earlier commits seem to avoid the error/warning
>> messages, while builds after 15b60ddf cause log spam.
>>
>>
>> This bug is seen by lots of OpenWrt users, based on OpenWrt forum
>> discussion. E.g. onward from
>> https://forum.openwrt.org/t/security-advisory-2021-01-19-1-dnsmasq-multiple-vulnerabilities/85903/22
>>
>>
>> One observation in the forum discussion is that this is only/mainly seen
>> when then are Windows PCs or Macs active in LAN. IPv6 RA/DHCPv6 may also
>> play a role.
>>
>>
>
> I think this is the solution.
>
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=04490bf622ac84891aad6f2dd2edf83725decdee
>
>
> You've found the right commit, and it looks like if two queries are
> combined (because they ask the same question) then dnsmasq can get
> confused when it comes to return the answer, the reply to the second
> query can be sent via the socket that the first one arrived on. That's
> normally OK, but if the first query arrives via IPv4 and the second via
> IPv6, for instance, then the bug is triggered. Hence the mentions of
> IPv6 in this thread.
>
> This is an example of the risk of doing security fixes in secret before
> public disclosure, I'm sure a beta release would have found this.
>
> Thanks for the effort taken chasing this. Please apply the patch above
> and see if it fixes it.
>
>
> Cheers,
>
> Simon.
>
>
>
>
>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list