[Bug 1771704] Re: support for ipv4 link-local addressing

Steve Langasek steve.langasek at canonical.com
Thu Nov 8 17:05:31 UTC 2018 

** Changed in: netplan.io (Ubuntu Bionic)
       Status: Fix Released => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to netplan.io in Ubuntu.
Matching subscriptions: foundations-bugs
https://bugs.launchpad.net/bugs/1771704

Title:
  support for ipv4 link-local addressing

Status in netplan:
  Fix Released
Status in netplan.io package in Ubuntu:
  Fix Released
Status in netplan.io source package in Bionic:
  Fix Committed

Bug description:
  [Impact]
  Ubuntu users who make use of IPv4 link-local addresses.

  [Test case]
  1) Add 'link-local: [ ipv4 ]' to the netplan configuration.
  2) Run 'sudo netplan apply'

  [Regression Potential]
  Enabling link local means additional addresses are available on the system, usually in the form "169.254.XXX.XXX". This is, in effect, a potential security issue if it is enabled on untrusted networks (it gives systems a fairly well known, discoverable IP address as attack surface). This is not considered a regression from previous releases of Ubuntu given that avahi has been available on desktop, with the same potential issue. The availability of extra addresses might however mean that the system is considered online or reachable via the additonal addresses earlier than previously possible, which may lead to confusion for the user.

  ---

  Per https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1717983,
  link-local address support was previously handled via integration
  between avahi-autoipd and dhclient.  systemd-networkd does not invoke
  dhclient.  It also has direct support for configuring link-local ipv4
  addresses.  But this support is not enabled by default.

  It should be possible for a system configured via netplan to make use
  of link-local ipv4 addresses, without needing to configure systemd-
  networkd directly.

  Historically we do not turn on link-local ipv4 support automatically
  on servers (avahi-autoipd not installed by default), and we use link-
  local addresses only as a fallback when dhcp gives no response.  So
  this should likely not be enabled by default, but instead be exposed
  as an additional configuration option in netplan yaml.

To manage notifications about this bug go to:
https://bugs.launchpad.net/netplan/+bug/1771704/+subscriptions

More information about the foundations-bugs mailing list