group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: ChristianEhrhardt <1716964@xxxxxxxxxxxxxxxxxx>
Date: Wed, 20 Sep 2017 14:31:57 -0000
Reply-to: Bug 1716964 <1716964@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: vlan (Ubuntu Artful)
   Importance: Medium
     Assignee: Dan Streetman (ddstreet)
       Status: In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

Status in vlan package in Ubuntu:
  In Progress
Status in vlan source package in Trusty:
  In Progress
Status in vlan source package in Xenial:
  In Progress
Status in vlan source package in Zesty:
  In Progress
Status in vlan source package in Artful:
  In Progress
Status in vlan package in Debian:
  New

Bug description:
  [impact]

  Using ifupdown, an interface's rp-filter value cannot be set to 2.

  [test case]

  On any system using ifupdown to manage interfaces, add to an
  interface's config:

  if-rp-filter 2

  When the interface is brought up, its
  /proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1
  instead of 2.  With the fixed vlan package, its value will correctly
  be set to 2.

  [regression potential]

  problems with this change could affect the value of an interface's
  rp_filter value.

  [other]

  the upstream debian bug for this has been open for 3 years without
  change, so it is unlikely debian will fix this.

  [original description]

  When configuring a VLAN interface on /etc/network/interfaces, setting
  the ip-rp-filter value to 2 (loose mode reverse filtering) gets
  overridden by the /etc/network/if-up.d/ip script, which only allows
  for values 0 and 1.

  This is the relevant configuration in /etc/network/interfaces

  # The primary network interface
  auto eno1
  iface eno1 inet static
   address 10.1.2.36
   netmask 255.255.0.0
   gateway 10.1.1.2
   dns-search xxx.yy
   dns-nameservers 10.1.2.22 10.1.2.24

  # The administrative network
  auto eno1.2
  iface eno1.2 inet static
   address 172.16.1.8
   netmask 255.255.0.0
   ip-rp-filter 2
   vlan-raw-device eno1

  But it does not get correctly set

  ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
  1

  And this is the script overriding the configuration

  ~# cat /etc/network/if-up.d/ip
  #!/bin/sh
  # This should probably go into ifupdown
  # But usually only those with lots of interfaces (vlans) need these
  if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
  then
   if [ -n "$IF_IP_PROXY_ARP" ]; then
    if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    else
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    fi
   fi
   if [ -n "$IF_IP_RP_FILTER" ]; then
    if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    else
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    fi
   fi
  fi

  It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
  as 1, so it never allows to set is to 2 (loose mode).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions