Bug 711874

Summary: chrony answers ipv6 requests with wrong address
Product: [Fedora] Fedora Reporter: Wolfgang Rupprecht <wolfgang.rupprecht>
Component: chronyAssignee: Miroslav Lichvar <mlichvar>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: mlichvar
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: chrony-1.26-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-23 02:00:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Wolfgang Rupprecht 2011-06-08 20:27:53 UTC 
Description of problem:
ntp requests are supposed to copy the incoming destination address to the outgoing source address.  Chrony will incorrectly use the address of the outgoing interface thereby sending a packet from an address that the requesting host wasn't expecting.  The requesting host will then correctly drop that reply.

Version-Release number of selected component (if applicable):
chrony.x86_64                        1.25-2.fc15 

How reproducible:
always

Steps to Reproduce:
1. configure an ipv6 host with two ethernets
2. send a ntp request (ntpdate -d <ipv6-far-interface>)
3. notice that ntpdate gets no usable replies back.
4. run tcpdump and watch the reply come from the ip of the near interface     instead of the far interface it was sent to.
  
Actual results:
the ipv6 source address of the reply is different than the ipv6 address the request was sent to.

Expected results:
the ipv6 address in the reply should be the same as the ipv6 address in the request.

Additional info:

13:10:11.252751 IP6 2001:5a8:4:912::123.19124 > 2001:5a8:4:7d0::1.ntp: NTPv4, Client, length 48
13:10:11.252896 IP6 2001:5a8:4:7d1::1.ntp > 2001:5a8:4:912::123.19124: NTPv3, Server, length 48
13:10:11.285320 IP6 2001:5a8:4:912::123 > 2001:5a8:4:7d1::1: ICMP6, destination unreachable, unreachable port, 2001:5a8:4:912::123 udp port 19124, length 104

Notice that the request when to 2001:5a8:4:7d0::1.  The reply came back from 2001:5a8:4:7d1::1
Comment 1 Miroslav Lichvar 2011-06-09 10:51:37 UTC 
This should be fixed in upstream git.

Here is a scratch build if you would like to test it.
http://koji.fedoraproject.org/koji/taskinfo?taskID=3121373
Comment 2 Fedora Update System 2011-07-13 15:16:45 UTC 
chrony-1.26-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/chrony-1.26-1.fc15
Comment 3 Fedora Update System 2011-07-13 19:26:49 UTC 
Package chrony-1.26-1.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing chrony-1.26-1.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/chrony-1.26-1.fc15
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2011-07-23 02:00:26 UTC 
chrony-1.26-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.