Bug 33986 - not possible to add multiple IPv6 addresses in same subnet to an interface
not possible to add multiple IPv6 addresses in same subnet to an interface
Product: UCS
Classification: Unclassified
Component: Network
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-2-errata
Assigned To: Janek Walkenhorst
Philipp Hahn
Depends on:
  Show dependency treegraph
Reported: 2014-01-24 10:13 CET by Philipp Hahn
Modified: 2015-06-17 18:15 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): IPv6
Max CVSS v3 score:
hahn: Patch_Available+

Fix duplicate IPv6 detection (1.75 KB, patch)
2014-01-24 10:13 CET, Philipp Hahn
Details | Diff
Fix duplicate IPv6 detection, add prefix for multiple IPv6 (2.60 KB, patch)
2014-02-14 19:27 CET, Philipp Hahn
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2014-01-24 10:13:24 CET
Created attachment 5748 [details]
Fix duplicate IPv6 detection

UMC → Basic Settings → Network → IP Network Interfaces
2001:4dd0:ff00:8c42:ff17:5254:008a:19d0 80 default
2001:4dd0:ff00:8c42:ff17:5254:008a:19d1 80 second

$ tail /etc/network/interfaces
# ERROR: duplicate IPv6 address in interfaces/eth0/ipv6/second/*
iface eth0 inet6 static
# default
  address 2001:4dd0:ff00:8c42:ff17:5254:008a:19d0
  netmask 80

Patch description for base/univention-base-files/conffiles/etc/network/interfaces.d/10-default:

1. Use the IPv6Address and not the IPv6Network for duplicate checking (similar bug was Bug #33258 in USS)

2. ipv6_interfaces only returned the already validated addresses, that is an incomplete address (address/prefix missing or invalid) is never returned, so the message never shows. Use all_interfaces instead, which returns all interfaces.
Comment 1 Moritz Bunkus 2014-02-14 17:21:22 CET
Unfortunately this fix is not enough. The second address will be added with a netmask of 128 which is obviously wrong. I've applied your patch, `ucr commit`ted, and even rebooted. Here's the result:

root@trinculo:~# ucr dump|grep ipv6
dns/ipv6: yes
interfaces/eth0/ipv6/acceptRA: false
interfaces/eth0/ipv6/default/address: fd01:6f8:13dc:3::8
interfaces/eth0/ipv6/default/prefix: 64
interfaces/eth0/ipv6/ns1/address: fd01:6f8:13dc:3::2
interfaces/eth0/ipv6/ns1/prefix: 64
ipv6/gateway: fd01:6f8:13dc:3::feed:1
root@trinculo:~# ip -6 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fd01:6f8:13dc:3::2/128 scope global tentative dadfailed
       valid_lft forever preferred_lft forever
    inet6 fd01:6f8:13dc:3::8/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe21:a0bf/64 scope link
       valid_lft forever preferred_lft forever

That second address (fd01:6f8:13dc:3::2) will never amount to something useful.
Comment 2 Moritz Bunkus 2014-02-14 17:23:33 CET
…and the reason is easy to see. /etc/univention/templates/files/etc/network/interfaces.d/10-default does not write the prefix into /etc/network/interfaces. And »ip address add $ipv6 dev $device« defaults to a prefix of 128 if it isn't given.
Comment 3 Moritz Bunkus 2014-02-14 17:42:57 CET
Meh, sorry for the noise. It does work with /128 as the prefixlen (or no prefixlen given at all); I just failed to see my own SNAFU of the failed DAD detection.
Comment 4 Philipp Hahn univentionstaff 2014-02-14 19:27:40 CET
Created attachment 5797 [details]
Fix duplicate IPv6 detection, add prefix for multiple IPv6

(In reply to Moritz Bunkus from comment #2)
> …and the reason is easy to see.
> /etc/univention/templates/files/etc/network/interfaces.d/10-default does not
> write the prefix into /etc/network/interfaces. And »ip address add $ipv6 dev
> $device« defaults to a prefix of 128 if it isn't given.

Thank you for your replay; the patch is indeed incomplete, as your problem is actually a different problem.

Fix additional fix looks quiet simple: Just remove the ".ip" from "addr.ip" in both line 108/109 of /etc/univention/templates/files/etc/network/interfaces.d/10-default where the lines "ip -6 addr {add,del} %s dev %s" are printed. After that "ucr commit /etc/network/interfaces" to re-generate that file and to restart the network.

I've attached a new patch, which I have only testes briefly. Your feedback is appreciated, either when it works or still doesn't.
Comment 5 Janek Walkenhorst univentionstaff 2015-05-08 12:34:51 CEST
The patch works to resolve the duplicate detection issue.
Code review: OK
Comment 6 Janek Walkenhorst univentionstaff 2015-05-13 18:51:37 CEST
Patch applied.
Advisory: 2015-05-13-univention-base-files.yaml
Comment 7 Philipp Hahn univentionstaff 2015-05-22 10:19:04 CEST
OK: 2015-05-13-univention-base-files.yaml
OK: r60679
OK: aptitude install '?source-package(univention-base-files)~i'
OK: diff /etc/network/interfaces
IGNORED: Bug #35694 by also updating "univention-config"
Comment 8 Janek Walkenhorst univentionstaff 2015-06-17 18:15:59 CEST