| 2012-08-19 01:05:44 |
Ben Jencks |
bug |
|
|
added bug |
| 2012-08-19 01:08:00 |
Ben Jencks |
attachment added |
|
nm-ipv6-route-cache.patch https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1038541/+attachment/3267247/+files/nm-ipv6-route-cache.patch |
|
| 2012-08-19 04:22:40 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
| 2012-08-19 04:22:47 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
| 2012-08-24 14:56:06 |
Launchpad Janitor |
network-manager (Ubuntu): status |
New |
Confirmed |
|
| 2012-08-24 15:08:48 |
ooze |
bug watch added |
|
https://bugzilla.gnome.org/show_bug.cgi?id=682616 |
|
| 2012-08-24 15:08:48 |
ooze |
bug task added |
|
network-manager |
|
| 2012-08-24 15:35:59 |
Bug Watch Updater |
network-manager: status |
Unknown |
New |
|
| 2012-08-24 15:35:59 |
Bug Watch Updater |
network-manager: importance |
Unknown |
Medium |
|
| 2012-08-29 16:34:50 |
Mantas Mikulėnas |
bug |
|
|
added subscriber Mantas Mikulėnas |
| 2012-08-29 17:49:33 |
Bug Watch Updater |
network-manager: status |
New |
Invalid |
|
| 2012-08-29 18:07:07 |
Mantas Mikulėnas |
bug watch added |
|
https://bugzilla.gnome.org/show_bug.cgi?id=671767 |
|
| 2012-08-29 18:07:07 |
Mantas Mikulėnas |
network-manager: importance |
Medium |
Unknown |
|
| 2012-08-29 18:07:07 |
Mantas Mikulėnas |
network-manager: status |
Invalid |
Unknown |
|
| 2012-08-29 18:07:07 |
Mantas Mikulėnas |
network-manager: remote watch |
GNOME Bug Tracker #682616 |
GNOME Bug Tracker #671767 |
|
| 2012-08-29 18:38:30 |
Bug Watch Updater |
network-manager: status |
Unknown |
In Progress |
|
| 2012-08-29 18:38:30 |
Bug Watch Updater |
network-manager: importance |
Unknown |
Medium |
|
| 2012-08-29 19:20:33 |
Mathieu Trudel-Lapierre |
network-manager (Ubuntu): status |
Confirmed |
Triaged |
|
| 2012-08-29 19:20:35 |
Mathieu Trudel-Lapierre |
network-manager (Ubuntu): importance |
Undecided |
High |
|
| 2012-08-29 19:20:37 |
Mathieu Trudel-Lapierre |
network-manager (Ubuntu): assignee |
|
Mathieu Trudel-Lapierre (mathieu-tl) |
|
| 2012-08-29 19:20:43 |
Mathieu Trudel-Lapierre |
nominated for series |
|
Ubuntu Precise |
|
| 2012-08-29 19:20:43 |
Mathieu Trudel-Lapierre |
bug task added |
|
network-manager (Ubuntu Precise) |
|
| 2012-08-29 19:20:51 |
Mathieu Trudel-Lapierre |
network-manager (Ubuntu Precise): status |
New |
Triaged |
|
| 2012-08-29 19:20:53 |
Mathieu Trudel-Lapierre |
network-manager (Ubuntu Precise): importance |
Undecided |
High |
|
| 2012-08-29 19:20:55 |
Mathieu Trudel-Lapierre |
network-manager (Ubuntu Precise): assignee |
|
Mathieu Trudel-Lapierre (mathieu-tl) |
|
| 2012-08-29 21:19:56 |
Mathieu Trudel-Lapierre |
removed subscriber Ubuntu Review Team |
|
|
|
| 2012-08-29 21:35:12 |
Launchpad Janitor |
network-manager (Ubuntu): status |
Triaged |
Fix Released |
|
| 2012-08-30 00:28:03 |
Launchpad Janitor |
branch linked |
|
lp:~network-manager/network-manager/ubuntu |
|
| 2012-08-31 19:10:40 |
Bug Watch Updater |
network-manager: status |
In Progress |
Fix Released |
|
| 2012-09-05 13:15:40 |
Mathieu Trudel-Lapierre |
network-manager (Ubuntu Precise): status |
Triaged |
In Progress |
|
| 2012-09-05 14:56:21 |
Gabriel Ebner |
bug |
|
|
added subscriber Gabriel Ebner |
| 2012-09-06 19:16:21 |
Mathieu Trudel-Lapierre |
description |
Any time an IPv6 route lookup happens, the kernel generates a new routing cache entry and notifies userspace using a netlink "new route" message with the RTM_F_CLONED flag set on the route.
Network Manager doesn't check for this flag, so it accepts it as a new real route and adds it to its internal route cache. Then, because the event triggers an interface update, it synchronizes its route cache with the kernel table, putting the cache entry in as a real host route.
I think NM might also overwrite the next hop of the route based on its internal idea of the default route, but I'm not sure.
This causes problems if you have interfaces not managed by NetworkManager, such as manually configured VPNs, since these host routes override the route entries that send traffic down those interfaces rather than to the default router.
To reproduce:
Ensure "Ignore automatically obtained routes" is unchecked in Edit Connection -> IPv6 -> Routes, because this blocks the last stage (copying the spurious route back to the kernel).
Connect to an IPv6 network.
run `ip -6 route` and observe no extra routes
run `ip -6 route get 2600::`
run `ip -6 route` again and observe the new static route to 2600:: via your default gateway
Expected behavior:
No changes to routing table due to a route lookup. |
[Impact]
This tends to break network connectivity to specific hosts if such hosts were accessed before a change in network topology.
Specifically:
- User pings a system;
- User tries to connect to that system with SSH, it fails and the user realises they are not connected to a VPN required to reach that device.
- User connects to the VPN
- System is still unreachable because it is listed as reachable via the original network device rather than the new VPN-created network device.
Or; the user changes from wired to wifi and loses connectivity to some systems because they were initially accessed over wired and the IPv6 route remains via the old device.
[Test Case]
Requires a valid IPv6-enabled network.
1) Connect to an IPv6 network.
2) Ping Google via ipv6: 'ping6 ipv6.google.com'
3) Observe whether 2607:f8b0:400c:c03::6a gets added to the IPv6 routing table:
'ip -6 route'
Without the patch, any host that gets packets sent to it will be added to the routing table; with the patch, such hosts are not listed in the routing table with the 'ip -6 route' command.
[Regression Potential]
Risk is minimal; the messages processed are not meant to be received by NetworkManager. A possible regression scenario would be if valid netlink messages for new routes would be generated by the kernel with the RTM_F_CLONED message when they indicate new network routes required due to a topology change, rather than new temporary cache routes for accessing a particular host; and would cause the new route to not be added (causing limited network unreachability).
---
Any time an IPv6 route lookup happens, the kernel generates a new routing cache entry and notifies userspace using a netlink "new route" message with the RTM_F_CLONED flag set on the route.
Network Manager doesn't check for this flag, so it accepts it as a new real route and adds it to its internal route cache. Then, because the event triggers an interface update, it synchronizes its route cache with the kernel table, putting the cache entry in as a real host route.
I think NM might also overwrite the next hop of the route based on its internal idea of the default route, but I'm not sure.
This causes problems if you have interfaces not managed by NetworkManager, such as manually configured VPNs, since these host routes override the route entries that send traffic down those interfaces rather than to the default router.
To reproduce:
Ensure "Ignore automatically obtained routes" is unchecked in Edit Connection -> IPv6 -> Routes, because this blocks the last stage (copying the spurious route back to the kernel).
Connect to an IPv6 network.
run `ip -6 route` and observe no extra routes
run `ip -6 route get 2600::`
run `ip -6 route` again and observe the new static route to 2600:: via your default gateway
Expected behavior:
No changes to routing table due to a route lookup. |
|
| 2012-09-06 19:16:30 |
Mathieu Trudel-Lapierre |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2012-09-06 20:38:19 |
Launchpad Janitor |
branch linked |
|
lp:~mathieu-tl/network-manager/precise-proposed-4.2 |
|
| 2012-09-12 13:22:54 |
Belfry |
bug |
|
|
added subscriber Belfry |
| 2012-09-12 17:02:41 |
Mark Russell |
bug |
|
|
added subscriber Mark Russell |
| 2012-09-13 19:08:58 |
up-whatever |
bug |
|
|
added subscriber up-whatever |
| 2012-09-15 17:47:13 |
Florian Echtler |
bug |
|
|
added subscriber Florian Echtler |
| 2012-10-16 22:43:14 |
Chris Halse Rogers |
network-manager (Ubuntu Precise): status |
In Progress |
Fix Committed |
|
| 2012-10-16 22:43:18 |
Chris Halse Rogers |
bug |
|
|
added subscriber SRU Verification |
| 2012-10-16 22:43:21 |
Chris Halse Rogers |
tags |
patch |
patch verification-needed |
|
| 2012-10-17 02:05:21 |
Ben Jencks |
tags |
patch verification-needed |
patch verification-done |
|
| 2013-01-14 12:04:24 |
Colin Watson |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2013-01-14 12:05:14 |
Launchpad Janitor |
network-manager (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
| 2013-01-14 14:45:06 |
Mantas Mikulėnas |
removed subscriber Mantas Mikulėnas |
|
|
|
| 2013-05-06 20:30:57 |
Launchpad Janitor |
branch linked |
|
lp:~network-manager/network-manager/ubuntu.precise |
|
