dnsmasq failed to send packet: Network is unreachable

Bug #1916462 reported by Nigel Hathaway on 2021-02-22
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dnsmasq (Ubuntu)
Undecided
Ubuntu Security Team

Bug Description

the log shows this:

Feb 22 09:37:53 myserver dnsmasq[2259]: failed to send packet: Network is unreachable

repeatedly and frequently.

This is a known bug in dnsmasq and has been fixed upstream (according to the thread quoted below). Apparently it is IPv6 related and triggered by Windows and Mac clients. An extensive thread on the subject is here on the OpenWRT forum:

https://forum.openwrt.org/t/security-advisory-2021-01-19-1-dnsmasq-multiple-vulnerabilities/85903/123

I think this has been reported in the fallout of the quoted security vulnerabilities. I don't think it is a security vulnerability in itself.

dnsmasq version: 2.80-1.1ubuntu1.2

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: dnsmasq 2.80-1.1ubuntu1.2
Uname: Linux 5.4.98-219 armv7l
ApportVersion: 2.20.11-0ubuntu27.16
Architecture: armhf
CasperMD5CheckResult: skip
Date: Mon Feb 22 09:34:12 2021
PackageArchitecture: all
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: dnsmasq
UpgradeStatus: Upgraded to focal on 2020-11-15 (98 days ago)
modified.conffile..etc.default.dnsmasq: [modified]
mtime.conffile..etc.default.dnsmasq: 2018-06-27T16:10:40.086905

Nigel Hathaway (nhathaway) wrote :
Nigel Hathaway (nhathaway) wrote :
Download full text (3.5 KiB)

The (redacted) output of ip addr show is:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether ...my mac... brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 ...internet ipv6 addr.../64 scope global
       valid_lft forever preferred_lft forever
    inet6 ...internet ipv6 addr.../64 scope global
       valid_lft forever preferred_lft forever
    inet6 ...internet ipv6 addr.../64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::21e:6ff:fe32:613b/64 scope link
       valid_lft forever preferred_lft forever
3: vlan4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ...my mac... brd ff:ff:ff:ff:ff:ff
    inet ...internet ipv4.../24 brd ...internet ipv4....255 scope global dynamic vlan4
       valid_lft 351763sec preferred_lft 351763sec
    inet6 fe80::21e:6ff:fe32:613b/64 scope link
       valid_lft forever preferred_lft forever
4: vlan5@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ...my mac... brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.2.255 scope global vlan5
       valid_lft forever preferred_lft forever
    inet6 fd17:6e78:d6ba:c144::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::21e:6ff:fe32:613b/64 scope link
       valid_lft forever preferred_lft forever
5: vlan6@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ...my mac... brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.1/24 brd 192.168.3.255 scope global vlan6
       valid_lft forever preferred_lft forever
    inet6 fd17:6e78:d6ba:c145::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::21e:6ff:fe32:613b/64 scope link
       valid_lft forever preferred_lft forever
6: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/sit 0.0.0.0 brd 0.0.0.0
7: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
    link/sit ...internet ipv4... peer ...internet ipv4...
    inet6 ...internet ipv6 addr.../64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::5ce9:ca14/64 scope link
       valid_lft forever preferred_lft forever
8: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
9: ipv4-tunnel@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ipip ...internet ipv4... peer ...internet ipv4...
    inet ...internet ipv4.../32 scope global ipv4-tunnel
       valid_lft forever preferred_lft forever
    inet6 fe80::200:5efe:5ce9:ca14/64 scope li...

Read more...

Nigel Hathaway (nhathaway) wrote :

(redacted) dnsmasq conf fields are:

bind-dynamic
domain=my.domain.co.uk
dhcp-authoritative
domain-needed
stop-dns-rebind
rebind-localhost-ok
no-hosts
dhcp-broadcast=tag:needs-broadcast
no-poll
enable-ra
bogus-priv
bogus-nxdomain=...ipv4 addr...

dhcp-boot=grubnetx64.efi.signed
dhcp-boot=net:abcde,my.img
enable-tftp
tftp-root=/srv/tftp/
dhcp-option=42,0.0.0.0
dhcp-option=19,0
dhcp-option=44,0.0.0.0
dhcp-option=45,0.0.0.0
dhcp-option=46,8
dhcp-option=vendor:MSFT,2,1i

dhcp-option=option6:dns-server,[::]
dhcp-option=option6:domain-search,my.domain.co.uk
dhcp-option=option6:ntp-server,[::]

dhcp-range=eth0,192.168.1.10,192.168.1.200,255.255.255.0,12h
dhcp-range=eth0,...ipv6 suffix...::100,...ipv6 suffix...:ffff:ffff:ffff:0,slaac,ra-names,64,12h
dhcp-range=vlan5,192.168.2.10,192.168.2.200,255.255.255.0,12h
dhcp-range=vlan5,fd17:6e78:d6ba:c144::2,fd17:6e78:d6ba:c144:ffff:ffff:ffff:ffff,slaac,ra-names,64,12h
dhcp-range=vlan6,192.168.3.10,192.168.3.200,255.255.255.0,12h
dhcp-range=vlan6,fd17:6e78:d6ba:c145::2,fd17:6e78:d6ba:c145:ffff:ffff:ffff:ffff,slaac,ra-names,64,12h

...plus several dhcp-host and address fields

tags: added: regression-update

I've yesterday pinged the security Team as FYI on this.

In the meanwhile by tracking the upstream list this seems to be the follow up fix:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=141a26f979b4bc959d8e866a295e24f8cf456920
With the following being related
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=305cb79c5754d5554729b18a2c06fe7ce699687a

It will fix the immediate issue, but compared to the past the SP will stay the same now, see this discussion.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014735.html

@Marc/Security - are you going to follow on on those CVE pushes with that fix or do we need a different plan of action?

Changed in dnsmasq (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Marc Deslauriers (mdeslaur) wrote :

So it looks like there are two different issues here:

Bug in handling multiple queries (openwrt bug):

Move fd into frec_src, fixes 15b60ddf935a531269bb8c68198de012a4967156
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=04490bf622ac84891aad6f2dd2edf83725decdee

Fix to 75e2f0aec33e58ef5b8d4d107d821c215a52827c
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=12af2b171de0d678d98583e2190789e544440e02

Fix for 12af2b171de0d678d98583e2190789e544440e02
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3f535da79e7a42104543ef5c7b5fa2bed819a78b

Bug with DNS retries (post from mailing list):

Fix problem with DNS retries in 2.83/2.84.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=141a26f979b4bc959d8e866a295e24f8cf456920

Simplify preceding fix.
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=305cb79c5754d5554729b18a2c06fe7ce699687a

I'll prepare updated packages with these fixes.

Marc Deslauriers (mdeslaur) wrote :

I have backported the patches and have some packages to test in the security team PPA here:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

Could you please see if they solve the issue for you? Once you've tried them, I will release them as a security regression fix.

Thanks!

Nigel Hathaway (nhathaway) wrote :

Initial indications are that it has, but I will leave it running overnight and look at the logs in the morning.

Nigel Hathaway (nhathaway) wrote :

Confirmed: with the updated package, the reported problem no longer exists. Please make that release.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dnsmasq - 2.82-1ubuntu1.2

---------------
dnsmasq (2.82-1ubuntu1.2) groovy-security; urgency=medium

  * SECURITY REGRESSION: issue with multiple queries and issue with retries
    (LP: #1916462)
    - backport multiple upstream commits to fix regressions
      + 04490bf622ac84891aad6f2dd2edf83725decdee
      + 12af2b171de0d678d98583e2190789e544440e02
      + 3f535da79e7a42104543ef5c7b5fa2bed819a78b
      + 25e63f1e56f5acdcf91893a1b92ad1e0f2f552d8
      + 141a26f979b4bc959d8e866a295e24f8cf456920
      + 305cb79c5754d5554729b18a2c06fe7ce699687a

 -- Marc Deslauriers <email address hidden> Tue, 23 Feb 2021 07:52:53 -0500

Changed in dnsmasq (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers