Package: isc-dhcp-client
Version: 4.4.3-P1-5
Severity: normal
Tags: ipv6
X-Debbugs-Cc: deb...@gibson.dropbear.id.au
Dear Maintainer,
dhclient provides a --dad-wait-time option which suggests that the
dhclient-script should not return immediately after configuring a new
address, but should wait for Duplicate Address Detection (DAD) to
complete. The upstream example dhclient-script does so [0], as does
the Fedora version based on it. The Debian version, however does not
[1].
This means that dhclient -6 can easily return with the discovered
address in tentative state, and therefore unusable. This can be
reproduced easily using the "pasta" tool (in 'passt' package) which
will create a network namespace and includes a built-in DHCPv6 server:
Note that the manual ifup and sleep here is to work around a different
bug [3].
$ pasta -I exampleif -- sh -c "ip link set exampleif up; sleep 2; dhclient -6
exampleif; ip -6 a show dev exampleif -dynamic scope global"
Multiple default IPv6 routes, picked first
2: exampleif: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state
UNKNOWN group default qlen 1000
inet6 2001:4479:e300:7200:222:4dff:fea6:88f3/128 scope global tentative
valid_lft forever preferred_lft forever
Note that the assigned address is tentative (and therefore not
usable). If we add an additional sleep to wait for DAD to complete:
$ pasta -I exampleif -- sh -c "ip link set exampleif up; sleep 2; dhclient -6
exampleif; sleep 2; ip -6 a show dev exampleif -dynamic scope global"
Multiple default IPv6 routes, picked first
2: exampleif: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state
UNKNOWN group default qlen 1000
inet6 2001:4479:e300:7200:222:4dff:fea6:88f3/128 scope global
valid_lft forever preferred_lft forever
.. the address becomes non-tentative.
[0]
https://github.com/isc-projects/dhcp/blob/572032cb0e514606559de3784e3f7ca8e1539d17/client/scripts/linux#L183
[1]
https://salsa.debian.org/debian/isc-dhcp/-/blob/master/debian/dhclient-script.linux?ref_type=heads#L398
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085229
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.11.2-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages isc-dhcp-client depends on:
ii debianutils 5.20
ii iproute2 6.11.0-1
ii libc6 2.40-3
Versions of packages isc-dhcp-client recommends:
ii isc-dhcp-common 4.4.3-P1-5
Versions of packages isc-dhcp-client suggests:
pn avahi-autoipd <none>
pn isc-dhcp-client-ddns <none>
pn resolvconf <none>
-- no debconf information
