[Bug 1716964] [NEW] VLAN network script if-up.d/ip limits rp_filter value to 0 or 1
Launchpad Bug Tracker
1716964 at bugs.launchpad.net
Wed Sep 20 16:20:36 UTC 2017
You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):
[impact]
Using ifupdown, an interface's rp-filter value cannot be set to 2.
[test case]
On any system using ifupdown to manage interfaces, add to an interface's
config:
if-rp-filter 2
When the interface is brought up, its
/proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1 instead
of 2. With the fixed vlan package, its value will correctly be set to
2.
[regression potential]
problems with this change could affect the value of an interface's
rp_filter value.
[other]
the upstream debian bug for this has been open for 3 years without
change, so it is unlikely debian will fix this.
[original description]
When configuring a VLAN interface on /etc/network/interfaces, setting
the ip-rp-filter value to 2 (loose mode reverse filtering) gets
overridden by the /etc/network/if-up.d/ip script, which only allows for
values 0 and 1.
This is the relevant configuration in /etc/network/interfaces
# The primary network interface
auto eno1
iface eno1 inet static
address 10.1.2.36
netmask 255.255.0.0
gateway 10.1.1.2
dns-search xxx.yy
dns-nameservers 10.1.2.22 10.1.2.24
# The administrative network
auto eno1.2
iface eno1.2 inet static
address 172.16.1.8
netmask 255.255.0.0
ip-rp-filter 2
vlan-raw-device eno1
But it does not get correctly set
~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
1
And this is the script overriding the configuration
~# cat /etc/network/if-up.d/ip
#!/bin/sh
# This should probably go into ifupdown
# But usually only those with lots of interfaces (vlans) need these
if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
then
if [ -n "$IF_IP_PROXY_ARP" ]; then
if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
else
echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
fi
fi
if [ -n "$IF_IP_RP_FILTER" ]; then
if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
else
echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
fi
fi
fi
It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
as 1, so it never allows to set is to 2 (loose mode).
** Affects: vlan (Ubuntu)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Affects: vlan (Ubuntu Trusty)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Affects: vlan (Ubuntu Xenial)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Affects: vlan (Ubuntu Zesty)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Affects: vlan (Ubuntu Artful)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Affects: vlan (Debian)
Importance: Unknown
Status: New
** Tags: patch
--
VLAN network script if-up.d/ip limits rp_filter value to 0 or 1
https://bugs.launchpad.net/bugs/1716964
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list