[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1
ChristianEhrhardt
1716964 at bugs.launchpad.net
Thu Sep 21 06:22:33 UTC 2017
BTW it has to do with vlan (example [1][2] - just not dependent as it
has use cases without vlan, never the less this shouldn't be the place
where it should have been implemented in the first place. But for now
this is bugfixing and not a rewrite of hwo things should be.
I have slightly improved your SRU Template, if the SRU Team has further
needs they can ask you.
BTW Lintian floods me with version (and other) warnings, but you are
just spinning forward the versioning style it has which is ok and all
others are due to the package being rather old.
I checked the diffs once more and think in the term of the SRU fixing of
this issue they are correct, so sponsoring for T/X/Z.
[1]: https://serverfault.com/questions/369947/linux-vlan-routing
[2]: https://serverfault.com/questions/816393/disabling-rp-filter-on-one-interface
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1716964
Title:
VLAN network script if-up.d/ip limits rp_filter value to 0 or 1
Status in vlan package in Ubuntu:
Fix Released
Status in vlan source package in Trusty:
In Progress
Status in vlan source package in Xenial:
In Progress
Status in vlan source package in Zesty:
In Progress
Status in vlan source package in Artful:
Fix Released
Status in vlan package in Debian:
New
Bug description:
[impact]
Using ifupdown, vlan supported setting an interface's rp-filter value,
but that can only set 0 or 1, but it cannot be set to 2.
[test case]
On any system using ifupdown to manage interfaces, add to an
interface's config:
if-rp-filter 2
When the interface is brought up, its /proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1 instead of 2. With the fixed vlan package, its value will correctly be set to 2.
See also c#9 for a test example
[regression potential]
problems with this change could affect the value of an interface's
rp_filter value.
[other]
the upstream debian bug for this has been open for 3 years without
change, so it is unlikely debian will fix this.
As outlined in c#4 and c#13 this setting is vlan not generally
required for vlans (but often used with them). So it in question if
eventually it should be added elsewhere and removed here, but for the
SRU the bug is where it is (in the vlan package) and there it has to
be fixed.
---
[original description]
When configuring a VLAN interface on /etc/network/interfaces, setting
the ip-rp-filter value to 2 (loose mode reverse filtering) gets
overridden by the /etc/network/if-up.d/ip script, which only allows
for values 0 and 1.
This is the relevant configuration in /etc/network/interfaces
# The primary network interface
auto eno1
iface eno1 inet static
address 10.1.2.36
netmask 255.255.0.0
gateway 10.1.1.2
dns-search xxx.yy
dns-nameservers 10.1.2.22 10.1.2.24
# The administrative network
auto eno1.2
iface eno1.2 inet static
address 172.16.1.8
netmask 255.255.0.0
ip-rp-filter 2
vlan-raw-device eno1
But it does not get correctly set
~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
1
And this is the script overriding the configuration
~# cat /etc/network/if-up.d/ip
#!/bin/sh
# This should probably go into ifupdown
# But usually only those with lots of interfaces (vlans) need these
if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
then
if [ -n "$IF_IP_PROXY_ARP" ]; then
if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
else
echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
fi
fi
if [ -n "$IF_IP_RP_FILTER" ]; then
if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
else
echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
fi
fi
fi
It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
as 1, so it never allows to set is to 2 (loose mode).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions
More information about the Ubuntu-sponsors
mailing list