Project

General

Profile

Actions

Bug #6581

closed

Router Advertisement forces (possibly empty) interface subnet contrary to GUI text, can crash radavd on boot.

Added by Harry Coin about 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
High
Category:
DHCP (IPv6)
Target version:
Start date:
07/06/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

On the "Router Advertisements" page in the GUI we have:
RA Subnets: ... If no subnets are specified here, the Router Advertisement (RA) Daemon will advertise to the subnet to which the router's interface is assigned.

The clear message being if there are subnets specified in the list, the interface's subnets will not be plugged in by default.

However in the services.inc file, the array $dhcpv6ifconf['subnets']['item'] is not checked to determine whether it has any elements in it or not. So, the code creates a prefix <addr>/<bitmas> { }; radvd block using the interface v6 info no matter whether the RA Subnets array has or doesn't have any further requirements.

Indeed when the interface in question is an ovpncX, the code emits 'prefix / { ... };' crashing radvd upon boot even if an interface id is specified in the gui, since for a time it is resent to null/null depending on when in the vpn setup cycle the code happens to query the address.

I suggest either (my preference):

1: The text be changed to read: ' Only if there are no subnets specified here, the Router Advertisement (RA) Daemon automatically will advertise to the subnet to which the router's interface is assigned. ' Then add the test for a non empty specification array, and if non empty do NOT automatically add the interface subnet.

2: The text be changed to read: 'The Router Advertisement (RA) Daemon will advertise to the subnet to which the router's interface is assigned, and any further subnets specified here'.

2 is not my preference because is forces the advertisement of the subnet used in the interface whether that subnet is one the application needs advertised or not, and b: depending on the nature of the interface the address may be (correctly) invalid at the time the gui attempts to pull the address in to the radvd config.

Actions #1

Updated by Harry Coin about 5 years ago

Might have got the version wrong there, this occurs on the latest release.

The patch I put in was:

+if ( ( ! is_array($dhcpv6ifconf['subnets']['item']) ) || (count($dhcpv6ifconf['subnets']['item'])==0) ) {
        $radvdconf .= "\tprefix {$subnetv6}/{$ifcfgsnv6} {\n";
        if ($racarpif == true) {
            $radvdconf .= "\t\tDeprecatePrefix off;\n";
        } else {
            $radvdconf .= "\t\tDeprecatePrefix on;\n";
        }
        switch ($dhcpv6ifconf['ramode']) {
            case "managed":
                $radvdconf .= "\t\tAdvOnLink on;\n";
                $radvdconf .= "\t\tAdvAutonomous off;\n";
                $radvdconf .= "\t\tAdvRouterAddr on;\n";
                break;
            case "router":
                $radvdconf .= "\t\tAdvOnLink off;\n";
                $radvdconf .= "\t\tAdvAutonomous off;\n";
                $radvdconf .= "\t\tAdvRouterAddr on;\n";
                break;
            case "stateless_dhcp":
            case "assist":
                $radvdconf .= "\t\tAdvOnLink on;\n";
                $radvdconf .= "\t\tAdvAutonomous on;\n";
                $radvdconf .= "\t\tAdvRouterAddr on;\n";
                break;
            case "unmanaged":
                $radvdconf .= "\t\tAdvOnLink on;\n";
                $radvdconf .= "\t\tAdvAutonomous on;\n";
                $radvdconf .= "\t\tAdvRouterAddr on;\n";
                break;
        }

        if (is_numericint($dhcpv6ifconf['ravalidlifetime'])) {
          $radvdconf .= "\t\tAdvValidLifetime {$dhcpv6ifconf['ravalidlifetime']};\n";
        } else {
          $radvdconf .= "\t\tAdvValidLifetime 86400;\n";
        }

        if (is_numericint($dhcpv6ifconf['rapreferredlifetime'])) {
          $radvdconf .= "\t\tAdvPreferredLifetime {$dhcpv6ifconf['rapreferredlifetime']};\n";
        } else {
          $radvdconf .= "\t\tAdvPreferredLifetime 14400;\n";
        }

        $radvdconf .= "\t};\n";
+}

Actions #2

Updated by Chris Buechler about 5 years ago

  • Target version changed from 2.3.1-p6 to 2.3.2
Actions #3

Updated by Chris Buechler about 5 years ago

  • Status changed from New to Confirmed
  • Affected Version set to All

Needs to verify it's a valid subnet and prefix before getting into this block, and skip it if it's not.
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/services.inc#L172

Actions #4

Updated by Chris Buechler about 5 years ago

  • Status changed from Confirmed to Feedback
  • Assignee set to Chris Buechler

fix pushed

Actions #5

Updated by Chris Buechler about 5 years ago

  • Status changed from Feedback to Resolved

fixed

Actions

Also available in: Atom PDF