[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1
Launchpad Bug Tracker
1716964 at bugs.launchpad.net
Wed Sep 20 18:58:29 UTC 2017
This bug was fixed in the package vlan - 1.9-3.2ubuntu5
---------------
vlan (1.9-3.2ubuntu5) artful; urgency=medium
* Allow ip-rp-filter to be 0, 1, or 2 instead of only 0 or 1
(LP: #1716964)
-- Dan Streetman <dan.streetman at canonical.com> Wed, 20 Sep 2017
09:30:21 -0400
** Changed in: vlan (Ubuntu Artful)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1716964
Title:
VLAN network script if-up.d/ip limits rp_filter value to 0 or 1
Status in vlan package in Ubuntu:
Fix Released
Status in vlan source package in Trusty:
In Progress
Status in vlan source package in Xenial:
In Progress
Status in vlan source package in Zesty:
In Progress
Status in vlan source package in Artful:
Fix Released
Status in vlan package in Debian:
New
Bug description:
[impact]
Using ifupdown, an interface's rp-filter value cannot be set to 2.
[test case]
On any system using ifupdown to manage interfaces, add to an
interface's config:
if-rp-filter 2
When the interface is brought up, its
/proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1
instead of 2. With the fixed vlan package, its value will correctly
be set to 2.
[regression potential]
problems with this change could affect the value of an interface's
rp_filter value.
[other]
the upstream debian bug for this has been open for 3 years without
change, so it is unlikely debian will fix this.
[original description]
When configuring a VLAN interface on /etc/network/interfaces, setting
the ip-rp-filter value to 2 (loose mode reverse filtering) gets
overridden by the /etc/network/if-up.d/ip script, which only allows
for values 0 and 1.
This is the relevant configuration in /etc/network/interfaces
# The primary network interface
auto eno1
iface eno1 inet static
address 10.1.2.36
netmask 255.255.0.0
gateway 10.1.1.2
dns-search xxx.yy
dns-nameservers 10.1.2.22 10.1.2.24
# The administrative network
auto eno1.2
iface eno1.2 inet static
address 172.16.1.8
netmask 255.255.0.0
ip-rp-filter 2
vlan-raw-device eno1
But it does not get correctly set
~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
1
And this is the script overriding the configuration
~# cat /etc/network/if-up.d/ip
#!/bin/sh
# This should probably go into ifupdown
# But usually only those with lots of interfaces (vlans) need these
if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
then
if [ -n "$IF_IP_PROXY_ARP" ]; then
if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
else
echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
fi
fi
if [ -n "$IF_IP_RP_FILTER" ]; then
if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
else
echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
fi
fi
fi
It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
as 1, so it never allows to set is to 2 (loose mode).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions
More information about the Ubuntu-sponsors
mailing list