[Bug 1716964] [NEW] VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

Launchpad Bug Tracker 1716964 at bugs.launchpad.net
Wed Sep 20 16:20:36 UTC 2017 

You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):

[impact]

Using ifupdown, an interface's rp-filter value cannot be set to 2.

[test case]

On any system using ifupdown to manage interfaces, add to an interface's
config:

if-rp-filter 2

When the interface is brought up, its
/proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1 instead
of 2.  With the fixed vlan package, its value will correctly be set to
2.

[regression potential]

problems with this change could affect the value of an interface's
rp_filter value.

[other]

the upstream debian bug for this has been open for 3 years without
change, so it is unlikely debian will fix this.

[original description]

When configuring a VLAN interface on /etc/network/interfaces, setting
the ip-rp-filter value to 2 (loose mode reverse filtering) gets
overridden by the /etc/network/if-up.d/ip script, which only allows for
values 0 and 1.

This is the relevant configuration in /etc/network/interfaces

# The primary network interface
auto eno1
iface eno1 inet static
 address 10.1.2.36
 netmask 255.255.0.0
 gateway 10.1.1.2
 dns-search xxx.yy
 dns-nameservers 10.1.2.22 10.1.2.24

# The administrative network
auto eno1.2
iface eno1.2 inet static
 address 172.16.1.8
 netmask 255.255.0.0
 ip-rp-filter 2
 vlan-raw-device eno1

But it does not get correctly set

~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
1

And this is the script overriding the configuration

~# cat /etc/network/if-up.d/ip
#!/bin/sh
# This should probably go into ifupdown
# But usually only those with lots of interfaces (vlans) need these
if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
then
 if [ -n "$IF_IP_PROXY_ARP" ]; then
  if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
   echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
  else
   echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
  fi
 fi
 if [ -n "$IF_IP_RP_FILTER" ]; then
  if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
   echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
  else
   echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
  fi
 fi
fi

It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
as 1, so it never allows to set is to 2 (loose mode).

** Affects: vlan (Ubuntu)
     Importance: Medium
     Assignee: Dan Streetman (ddstreet)
         Status: In Progress

** Affects: vlan (Ubuntu Trusty)
     Importance: Medium
     Assignee: Dan Streetman (ddstreet)
         Status: In Progress

** Affects: vlan (Ubuntu Xenial)
     Importance: Medium
     Assignee: Dan Streetman (ddstreet)
         Status: In Progress

** Affects: vlan (Ubuntu Zesty)
     Importance: Medium
     Assignee: Dan Streetman (ddstreet)
         Status: In Progress

** Affects: vlan (Ubuntu Artful)
     Importance: Medium
     Assignee: Dan Streetman (ddstreet)
         Status: In Progress

** Affects: vlan (Debian)
     Importance: Unknown
         Status: New


** Tags: patch
-- 
VLAN network script if-up.d/ip limits rp_filter value to 0 or 1
https://bugs.launchpad.net/bugs/1716964
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list