Bug #9710
closed
IPv6 RA: prefix option does not contain router address in spite of "R" flag being set
100%
Description
When setting router mode to "unmanaged" and not specifying any prefix, pfSense does not send the advertising interface's address in the RA's prefix option even though the "R" flag is being set. Instead it only announces the prefix, with all host bits set to zero. This is in violation of RFC 6275, which states on page 65 regarding the "R" flag: "When set, indicates that the Prefix field contains a complete IP address assigned to the sending router."
The cause of the issue seems to be /var/etc/radvd.conf, which contains the improper configuration of said RA messages.
Files
Updated by Viktor Gurov over 4 years ago
I also found that 'AdvRouterAddr on' is used everywhere in radvd.conf, but this is incorrect (radvd.conf(5)):
When set, indicates that the address of interface is sent instead of network prefix, as is required by Mobile IPv6. When set, minimum limits specified by Mobile IPv6 are used for MinRtrAdvInterval and MaxRtrAdvInterval.
or is it some kind of workaround?
Updated by Renato Botelho over 4 years ago
- Status changed from New to Pull Request Review
- Assignee set to Renato Botelho
- Target version set to 2.5.0
Updated by Renato Botelho over 4 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Rick Coats about 4 years ago
Feedback: This has been implemented incorrectly.
Tested on:
2.5.0-DEVELOPMENT (amd64)
built on Thu Sep 10 13:02:00 EDT 2020
FreeBSD 12.2-PRERELEASE
This change in https://github.com/pfsense/pfsense/pull/4199 sets the 'AdvRouterAddr' on for unmanaged networks.
The 'AdvRouterAddr' flag should only be set if the router implements ipv6 mobility. As far as I can tell pfSense does not implement ipv6 mobility or if it does it provides no facility to configure it. If it did provide this facility it is not related to whether it is "Unmanaged" or any of the other radvd settings.
Correct implementation would have been to remove the 'AdvRouterAddr' and set the prefix to all zeros in the right portion.
i.e.
This is what is generated for the prefix:
prefix fd04:6ddc:fe8e:e010::1:1/64 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
};This is what should have been generated:
prefix fd04:6ddc:fe8e:e010::/64 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
};
Updated by Rick Coats about 4 years ago
I think this would be dependent on Feature 6827, Add Proxy Mobile IPv6 (PMIPv6)
Updated by Viktor Gurov about 4 years ago
Right, https://tools.ietf.org/html/rfc6275#page-65:
Mobile IPv6 extends Neighbor Discovery to allow a router to advertise its global address, by the addition of a single flag bit in the format of a Prefix Information option for use in Router Advertisement messages.
Updated by Jim Pingle about 4 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho about 4 years ago
- Status changed from Pull Request Review to Feedback
PR has been merged. Thanks!
Updated by Rick Coats about 4 years ago
Feedback:
Tested on:
2.5.0-DEVELOPMENT (amd64)
built on Mon Sep 21 07:00:38 EDT 2020
FreeBSD 12.2-PRERELEASE
Results of radvd.conf are as expected now.
# Automatically Generated, do not edit
# Generated for DHCPv6 Server lan
interface hn1 {
AdvSendAdvert on;
MinRtrAdvInterval 5;
MaxRtrAdvInterval 20;
AdvLinkMTU 1500;
AdvDefaultPreference medium;
prefix fd04:6ddc:fe8e:e010::/64 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
};
route ::/0 {
AdvRoutePreference medium;
RemoveRoute on;
};
RDNSS fd04:6ddc:fe8e:e010::1:1 { };
DNSSL localdomain { };
};
Updated by Jim Pingle about 4 years ago
- Status changed from Feedback to Resolved