<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Sprechblasentext Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.E-MailFormatvorlage17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.SprechblasentextZchn
{mso-style-name:"Sprechblasentext Zchn";
mso-style-priority:99;
mso-style-link:Sprechblasentext;
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks Oskar, this clarifies the situation to me. So far I was under the (wrong) assumption that dhclient always uses dhclient-script, which isn’t
the case when Network Manager is running. I’ve now noticed that Network Manager does run dhclient with nm-dhcp-client.action as its action script. And this also explains why I don’t see the wrong /64 prefix on my Kubuntu 13.04 installation but the /128 prefix
instead, which is okay. So thanks again for explaining the situation!<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">-- Harald<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Von:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Oskar Berggren [mailto:oskar.berggren@gmail.com]
<br>
<b>Gesendet:</b> Montag, 16. September 2013 10:41<br>
<b>An:</b> Albrecht, Harald<br>
<b>Cc:</b> dhcp-hackers@lists.isc.org<br>
<b>Betreff:</b> Re: dhclient -6 and IPv6 prefixes<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Well... the ISC doesn't exactly live in the modern world of public bugtrackers and source code repositories, that we've come to expect from other open source projects.<o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Since some OS use network manager the bug gets reported there. I believe I read somewhere that someone had reported it to a isc dhcp mailing list, but I'm not sure. In the meantime, it's useful to have network
manager simply ignore the flawed data coming from dhclient. Since there is no prefix length information transmitted by DHCPv6, the information from dhclient simply cannot come from the DHCP server anyway, and so therefore it's perfectly valid for network manager
to ignore it, and use its own assumptions.<o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">I _believe_ Network manager uses dhclient to handle the DHCP protocol, but then configures the system itself, without the dhclient-script.<br>
<br>
So yes, if you don't use network manager, any other mechanism you use to apply the configuration to your system must deal with this to. In my understanding it would be perfectly valid for that mechanism to simply ignore the prefix from dhclient6 (and probably
use a prefix length of 128).<o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">But then, dhclient6 shouldn't emit a prefix length that is clearly wrong - it should probably not emit a prefix length at all, so IMHO there is still a bug there.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">2013/9/16 Albrecht, Harald <<a href="mailto:harald.albrecht@siemens.com" target="_blank">harald.albrecht@siemens.com</a>><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks for the pointers and confirming my suspicion. There is something in the big picture
that I yet don’t understand, so please bear with me asking again:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">1. You refer to bug reports related to Network Manager. However, isn’t this at least
a bug in dhclient after all? For instance, if Network Manager isn’t present on a system, the usual dhclient-script runs and also causes prefixes to be added which shouldn’t . Is there a bug report for dhclient? I wasn’t able to find one, but I may have searched
not thoroughly enough.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">2. I’m not exactly clear of what happens when dhclient is used on a system where the
Network Manager is installed: does dhclient-script still get called? Or is there a different mechanism used? How do dhclient and Network Manager communicate with each other?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thank you for any light you can shed on this topic!</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">-- Harald</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">Von:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Oskar Berggren [mailto:<a href="mailto:oskar.berggren@gmail.com" target="_blank">oskar.berggren@gmail.com</a>]
<br>
<b>Gesendet:</b> Montag, 2. September 2013 20:23<br>
<b>An:</b> Albrecht, Harald<br>
<b>Cc:</b> <a href="mailto:dhcp-hackers@lists.isc.org" target="_blank">dhcp-hackers@lists.isc.org</a><br>
<b>Betreff:</b> Re: dhclient -6 and IPv6 prefixes</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Myself and others also think this is a bug:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><br>
Bug report in Debian against Network Manager trusting the false prefix from DHCP6 client:<br>
<a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661885" target="_blank">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661885</a><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt">Upstream bug report for Network Manager, which have since worked around it by ignoring the prefix length from dhclient:<br>
<a href="https://bugzilla.gnome.org/show_bug.cgi?id=656610" target="_blank">https://bugzilla.gnome.org/show_bug.cgi?id=656610</a><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt">/Oskar<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">2013/9/2 Albrecht, Harald <<a href="mailto:harald.albrecht@siemens.com" target="_blank">harald.albrecht@siemens.com</a>><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Hi,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I’ve stumbled across some code in dhcp-4.2.5-P1 in client/dhc6.c related to IPv6 addresses and prefixes. I would
like to clarify whether I’m totally wrong here or whether there is something not exactly 100% right with the current implementation of dhclient when run in IPv6 mode “-6”?</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">My understanding according to RFC 5942 (IPv6 Subnet Model) is that leasing an IPv6 address via DHCPv6 MUST NOT
automatically constitute a corresponding on-link prefix. In order to make use of such a leased IPv6 address a default router on the same link as the node that leased the IPv6 address must be setup in such a way that it advertises a suitable on-link prefix
(or even a suitable prefix which is not on-link but where the router is willing to route within this link for this not-on-link prefix).</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Looking at client/dhc6.c, lines 3907 and following, there’s a note saying: “Current practice is that all subnets
are /64’s, but some suspect this may not be permanent.” The code then goes on to establish a dhclient-script environment variable named “ipv6_prefixlen”. The dhclient-script, for instance, for Linux, then picks up the prefix length when it adds a leased IPv6
address using “ip -f inet6 addr add ${new_ip6_address}/${new_ip6_prefixlen} …”</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">This causes Linux not only to add the IPv6 address but also create a new route for an on-link prefix derived from
the leased IPv6 address. However, RFC 5942 in section 5, Observed Incorrect Implementation Behavior explicitly marks this behavior as incorrect.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">On another note, /64 prefixes are currently only required if (stateless) automatic address autoconfiguration is
desired. There is nothing that denies using longer prefixes for special purposes where (SL)AAC is not required and smaller subnets than 64bits interface identifiers are desired. In fact, there are several RFCs detailing the advantages and disadvantages of
operation when going for longer prefixes than /64.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">So back to my original question: could it be that the current dhclient implementation isn’t exactly conforming
to the RFCs? If yes, is there any intention to fix this behavior in collision with in particular RFC 5942?</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">With best regards,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Harald</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Siemens AG<br>
Industry Sector<br>
Industry Automation Division<br>
Industrial Automation Systems<br>
I IA AS CTO DH 1<br>
Gleiwitzer Str. 555<br>
90475 Nürnberg, Deutschland<br>
<br>
</span><span style="font-size:8.0pt;font-family:"Arial","sans-serif"">Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Gerhard Cromme; Vorstand: Joe Kaeser, Vorsitzender; Roland Busch, Brigitte Ederer, Klaus Helmrich, Barbara Kux, Hermann Requardt,
Siegfried Russwurm, Peter Y. Solmssen, Michael Süß; Sitz der Gesellschaft: Berlin und München, Deutschland; Registergericht: Berlin Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr. DE 23691322
</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
_______________________________________________<br>
dhcp-hackers mailing list<br>
<a href="mailto:dhcp-hackers@lists.isc.org" target="_blank">dhcp-hackers@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-hackers" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-hackers</a><o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</body>
</html>