[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Launchpad Bug Tracker]

This bug was fixed in the package vlan - 1.9-3.2ubuntu2.17.04.3

---
vlan (1.9-3.2ubuntu2.17.04.3) zesty; urgency=medium

  * Allow ip-rp-filter to be 0, 1, or 2 instead of only 0 or 1
(LP: #1716964)

 -- Dan Streetman   Wed, 20 Sep 2017
09:30:21 -0400

** Changed in: vlan (Ubuntu Zesty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Launchpad Bug Tracker]

This bug was fixed in the package vlan - 1.9-3ubuntu10.5

---
vlan (1.9-3ubuntu10.5) trusty; urgency=medium

  * Allow ip-rp-filter to be 0, 1, or 2 instead of only 0 or 1
(LP: #1716964)

 -- Dan Streetman   Wed, 20 Sep 2017
09:30:21 -0400

** Changed in: vlan (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Launchpad Bug Tracker]

This bug was fixed in the package vlan - 1.9-3.2ubuntu1.16.04.4

---
vlan (1.9-3.2ubuntu1.16.04.4) xenial; urgency=medium

  * Allow ip-rp-filter to be 0, 1, or 2 instead of only 0 or 1
(LP: #1716964)

 -- Dan Streetman   Wed, 20 Sep 2017
09:30:21 -0400

** Changed in: vlan (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

xenial:

root@vlan-xenial:~# cat /etc/network/interfaces.d/50-cloud-init.cfg 
# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
  ip-rp-filter 2

root@vlan-xenial:~# dpkg -l | grep vlan
ii  vlan 1.9-3.2ubuntu1.16.04.3 
amd64user mode programs to enable VLANs on your ethernet devices
root@vlan-xenial:~# systemctl restart networking
root@vlan-xenial:~# grep . /proc/sys/net/ipv4/conf/*/rp_filter
/proc/sys/net/ipv4/conf/all/rp_filter:1
/proc/sys/net/ipv4/conf/default/rp_filter:1
/proc/sys/net/ipv4/conf/eth0/rp_filter:1
/proc/sys/net/ipv4/conf/lo/rp_filter:1


after upgrade:

root@vlan-xenial:~# dpkg -l | grep vlan
ii  vlan 1.9-3.2ubuntu1.16.04.4 
amd64user mode programs to enable VLANs on your ethernet devices
root@vlan-xenial:~# systemctl restart networking
root@vlan-xenial:~# grep . /proc/sys/net/ipv4/conf/*/rp_filter
/proc/sys/net/ipv4/conf/all/rp_filter:1
/proc/sys/net/ipv4/conf/default/rp_filter:1
/proc/sys/net/ipv4/conf/eth0/rp_filter:2
/proc/sys/net/ipv4/conf/lo/rp_filter:1


** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

trusty:

root@vlan-trusty:~# cat /etc/network/interfaces.d/eth0.cfg 
# The primary network interface
auto eth0
iface eth0 inet dhcp
  ip-rp-filter 2

root@vlan-trusty:~# dpkg -l | grep vlan
ii  vlan 1.9-3ubuntu10.4
amd64user mode programs to enable VLANs on your ethernet devices
root@vlan-trusty:~# ifdown eth0
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth0/00:16:3e:f7:82:fa
Sending on   LPF/eth0/00:16:3e:f7:82:fa
Sending on   Socket/fallback
DHCPRELEASE on eth0 to 10.1.255.1 port 67 (xid=0x1bed540d)
root@vlan-trusty:~# ifup eth0
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth0/00:16:3e:f7:82:fa
Sending on   LPF/eth0/00:16:3e:f7:82:fa
Sending on   Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0xf32ce957)
DHCPREQUEST of 10.1.255.79 on eth0 to 255.255.255.255 port 67 (xid=0x57e92cf3)
DHCPOFFER of 10.1.255.79 from 10.1.255.1
DHCPACK of 10.1.255.79 from 10.1.255.1
bound to 10.1.255.79 -- renewal in 1747 seconds.
root@vlan-trusty:~# grep . /proc/sys/net/ipv4/conf/*/rp_filter
/proc/sys/net/ipv4/conf/all/rp_filter:1
/proc/sys/net/ipv4/conf/default/rp_filter:1
/proc/sys/net/ipv4/conf/eth0/rp_filter:1
/proc/sys/net/ipv4/conf/lo/rp_filter:1



upgrade vlan to -proposed pkg:

root@vlan-trusty:~# dpkg -l | grep vlan
ii  vlan 1.9-3ubuntu10.5
amd64user mode programs to enable VLANs on your ethernet devices
root@vlan-trusty:~# ifdown eth0
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth0/00:16:3e:f7:82:fa
Sending on   LPF/eth0/00:16:3e:f7:82:fa
Sending on   Socket/fallback
DHCPRELEASE on eth0 to 10.1.255.1 port 67 (xid=0x22e79e9b)
root@vlan-trusty:~# ifup eth0
Internet Systems Consortium DHCP Client 4.2.4
Copyright 2004-2012 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth0/00:16:3e:f7:82:fa
Sending on   LPF/eth0/00:16:3e:f7:82:fa
Sending on   Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0x39089e72)
DHCPREQUEST of 10.1.255.79 on eth0 to 255.255.255.255 port 67 (xid=0x729e0839)
DHCPOFFER of 10.1.255.79 from 10.1.255.1
DHCPACK of 10.1.255.79 from 10.1.255.1
bound to 10.1.255.79 -- renewal in 1710 seconds.
root@vlan-trusty:~# grep . /proc/sys/net/ipv4/conf/*/rp_filter
/proc/sys/net/ipv4/conf/all/rp_filter:1
/proc/sys/net/ipv4/conf/default/rp_filter:1
/proc/sys/net/ipv4/conf/eth0/rp_filter:2
/proc/sys/net/ipv4/conf/lo/rp_filter:1


** Tags removed: verification-needed-trusty
** Tags added: verification-done-trusty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

zesty:

root@vlan-zesty:~# cat /etc/network/interfaces.d/50-cloud-init.cfg 
# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
  ip-rp-filter 2

root@vlan-zesty:~# dpkg -l | grep vlan
ii  vlan   1.9-3.2ubuntu2.17.04.2   
 amd64user mode programs to enable VLANs on your ethernet 
devices
root@vlan-zesty:~# systemctl restart networking
root@vlan-zesty:~# grep . /proc/sys/net/ipv4/conf/*/rp_filter
/proc/sys/net/ipv4/conf/all/rp_filter:1
/proc/sys/net/ipv4/conf/default/rp_filter:1
/proc/sys/net/ipv4/conf/eth0/rp_filter:1
/proc/sys/net/ipv4/conf/lo/rp_filter:1


after upgrade:

root@vlan-zesty:~# dpkg -l | grep vlan
ii  vlan   1.9-3.2ubuntu2.17.04.3   
 amd64user mode programs to enable VLANs on your ethernet 
devices
root@vlan-zesty:~# systemctl restart networking
root@vlan-zesty:~# grep . /proc/sys/net/ipv4/conf/*/rp_filter
/proc/sys/net/ipv4/conf/all/rp_filter:1
/proc/sys/net/ipv4/conf/default/rp_filter:1
/proc/sys/net/ipv4/conf/eth0/rp_filter:2
/proc/sys/net/ipv4/conf/lo/rp_filter:1


** Tags removed: verification-needed verification-needed-zesty
** Tags added: verification-done verification-done-zesty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Brian Murray]

Hello Juan, or anyone else affected,

Accepted vlan into zesty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/vlan/1.9-3.2ubuntu2.17.04.3 in a
few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-zesty to verification-done-zesty. If it does not fix
the bug for you, please add a comment stating that, and change the tag
to verification-failed-zesty. In either case, details of your testing
will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: vlan (Ubuntu Zesty)
   Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-zesty

** Changed in: vlan (Ubuntu Xenial)
   Status: In Progress => Fix Committed

** Tags added: verification-needed-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[ChristianEhrhardt]

BTW it has to do with vlan (example [1][2] - just not dependent as it
has use cases without vlan, never the less this shouldn't be the place
where it should have been implemented in the first place. But for now
this is bugfixing and not a rewrite of hwo things should be.

I have slightly improved your SRU Template, if the SRU Team has further
needs they can ask you.

BTW Lintian floods me with version (and other) warnings, but you are
just spinning forward the versioning style it has which is ok and all
others are due to the package being rather old.

I checked the diffs once more and think in the term of the SRU fixing of
this issue they are correct, so sponsoring for T/X/Z.


[1]: https://serverfault.com/questions/369947/linux-vlan-routing
[2]: 
https://serverfault.com/questions/816393/disabling-rp-filter-on-one-interface

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[ChristianEhrhardt]

** Description changed:

  [impact]
  
- Using ifupdown, an interface's rp-filter value cannot be set to 2.
+ Using ifupdown, vlan supported setting an interface's rp-filter value,
+ but that can only set 0 or 1, but it cannot be set to 2.
  
  [test case]
  
  On any system using ifupdown to manage interfaces, add to an interface's
  config:
  
  if-rp-filter 2
  
  When the interface is brought up, its
  /proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1 instead
  of 2.  With the fixed vlan package, its value will correctly be set to
  2.
  
  [regression potential]
  
  problems with this change could affect the value of an interface's
  rp_filter value.
  
  [other]
  
  the upstream debian bug for this has been open for 3 years without
  change, so it is unlikely debian will fix this.
+ 
+ As outlined in c#4 and c#13 this setting is vlan not generally required
+ for vlans (but often used with them). So it in question if eventually it
+ should be added elsewhere and removed here, but for the SRU the bug is
+ where it is (in the vlan package) and there it has to be fixed.
+ 
+ ---
  
  [original description]
  
  When configuring a VLAN interface on /etc/network/interfaces, setting
  the ip-rp-filter value to 2 (loose mode reverse filtering) gets
  overridden by the /etc/network/if-up.d/ip script, which only allows for
  values 0 and 1.
  
  This is the relevant configuration in /etc/network/interfaces
  
  # The primary network interface
  auto eno1
  iface eno1 inet static
   address 10.1.2.36
   netmask 255.255.0.0
   gateway 10.1.1.2
   dns-search xxx.yy
   dns-nameservers 10.1.2.22 10.1.2.24
  
  # The administrative network
  auto eno1.2
  iface eno1.2 inet static
   address 172.16.1.8
   netmask 255.255.0.0
   ip-rp-filter 2
   vlan-raw-device eno1
  
  But it does not get correctly set
  
  ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
  1
  
  And this is the script overriding the configuration
  
  ~# cat /etc/network/if-up.d/ip
  #!/bin/sh
  # This should probably go into ifupdown
  # But usually only those with lots of interfaces (vlans) need these
  if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
  then
   if [ -n "$IF_IP_PROXY_ARP" ]; then
    if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    else
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    fi
   fi
   if [ -n "$IF_IP_RP_FILTER" ]; then
    if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    else
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    fi
   fi
  fi
  
  It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
  as 1, so it never allows to set is to 2 (loose mode).

** Description changed:

  [impact]
  
  Using ifupdown, vlan supported setting an interface's rp-filter value,
  but that can only set 0 or 1, but it cannot be set to 2.
  
  [test case]
  
  On any system using ifupdown to manage interfaces, add to an interface's
  config:
  
  if-rp-filter 2
  
- When the interface is brought up, its
- /proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1 instead
- of 2.  With the fixed vlan package, its value will correctly be set to
- 2.
+ When the interface is brought up, its 
/proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1 instead of 2.  
With the fixed vlan package, its value will correctly be set to 2.
+ See also c#9 for a test example
  
  [regression potential]
  
  problems with this change could affect the value of an interface's
  rp_filter value.
  
  [other]
  
  the upstream debian bug for this has been open for 3 years without
  change, so it is unlikely debian will fix this.
  
  As outlined in c#4 and c#13 this setting is vlan not generally required
  for vlans (but often used with them). So it in question if eventually it
  should be added elsewhere and removed here, but for the SRU the bug is
  where it is (in the vlan package) and there it has to be fixed.
  
  ---
  
  [original description]
  
  When configuring a VLAN interface on /etc/network/interfaces, setting
  the ip-rp-filter value to 2 (loose mode reverse filtering) gets
  overridden by the /etc/network/if-up.d/ip script, which only allows for
  values 0 and 1.
  
  This is the relevant configuration in /etc/network/interfaces
  
  # The primary network interface
  auto eno1
  iface eno1 inet static
   address 10.1.2.36
   netmask 255.255.0.0
   gateway 10.1.1.2
   dns-search xxx.yy
   dns-nameservers 10.1.2.22 10.1.2.24
  
  # The administrative network
  auto eno1.2
  iface eno1.2 inet static
   address 172.16.1.8
   netmask 255.255.0.0
   ip-rp-filter 2
   vlan-raw-device eno1
  
  But it does not get correctly set
  
  ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
  1
  
  And this is the script overriding the configuration
  
  ~# cat /etc/network/if-up.d/ip
  #!/bin/sh
  # This should probably go into ifupdown
  # But usually only those with lots of interfaces (vlans) 

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Launchpad Bug Tracker]

This bug was fixed in the package vlan - 1.9-3.2ubuntu5

---
vlan (1.9-3.2ubuntu5) artful; urgency=medium

  * Allow ip-rp-filter to be 0, 1, or 2 instead of only 0 or 1
(LP: #1716964)

 -- Dan Streetman   Wed, 20 Sep 2017
09:30:21 -0400

** Changed in: vlan (Ubuntu Artful)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Ubuntu Foundations Team Bug Bot]

The attachment "lp1716964-artful.debdiff" seems to be a debdiff.  The
ubuntu-sponsors team has been subscribed to the bug report so that they
can review and hopefully sponsor the debdiff.  If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe
the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[ChristianEhrhardt]

After IRC discussion the answer to the non ifupdown world is that this
should never have been in vlan and the fix is more to be correct on the
SRU path than on the future - thanks for explaining ddstreet.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

@paelzer re: ifupdown, the vlan package is only used by ifupdown.  How
other nw management allows changing an interface's rp_filter is up to
that tool, e.g. netplan or networkd, and this particular bug does apply
(they may do it wrong also, but it has nothing to do with the vlan
package).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[ChristianEhrhardt]

Well it needs ifupdown for it to work (with and without your fix).
For the fix at hand it is that is ok - no need to block this or the SRUs on 
that.
But add it to the steps to reproduce.

I was able to confirm on the ppa that it works then.


But @ddstreet: you should think about how this will continue to work in a no 
ifupdown world - spawn a new bug for yourself if you want. Until it is gone a 
dependency to ifupdown would be correct. I assume lacking one atm makes this 
being not seen by the people that work on netplan and co.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[ChristianEhrhardt]

Sponsored the Artful upload [1], please as mentioned look into the post
ifupdown world case and consider fixing vlan for that as well.

Ping me if all migrated in artful and SRU templates are ready to sponsor
those as well.

[1]: https://launchpad.net/ubuntu/+source/vlan/1.9-3.2ubuntu5

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

test ppa: https://launchpad.net/~ddstreet/+archive/ubuntu/lp1716964


root@vlan-artful:~# dpkg -l | grep vlan
ii  vlan   1.9-3.2ubuntu4   
amd64user mode programs to enable VLANs on your ethernet 
devices

root@vlan-artful:~# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto eth0
iface eth0 inet dhcp
  ip-rp-filter 2

root@vlan-artful:~# systemctl restart networking
root@vlan-artful:~# cat /proc/sys/net/ipv4/conf/eth0/rp_filter 
1

root@vlan-artful:~# apt install vlan
...
root@vlan-artful:~# dpkg -l | grep vlan
ii  vlan   1.9-3.2ubuntu5   
amd64user mode programs to enable VLANs on your ethernet 
devices
root@vlan-artful:~# systemctl restart networking
root@vlan-artful:~# cat /proc/sys/net/ipv4/conf/eth0/rp_filter 
2

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[ChristianEhrhardt]

** Also affects: vlan (Ubuntu Artful)
   Importance: Medium
 Assignee: Dan Streetman (ddstreet)
   Status: In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

** Patch added: "lp1716964-zesty.debdiff"
   
https://bugs.launchpad.net/debian/+source/vlan/+bug/1716964/+attachment/4953628/+files/lp1716964-zesty.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

** Patch added: "lp1716964-xenial.debdiff"
   
https://bugs.launchpad.net/debian/+source/vlan/+bug/1716964/+attachment/4953629/+files/lp1716964-xenial.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

** Patch added: "lp1716964-artful.debdiff"
   
https://bugs.launchpad.net/debian/+source/vlan/+bug/1716964/+attachment/4953627/+files/lp1716964-artful.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

** Patch added: "lp1716964-trusty.debdiff"
   
https://bugs.launchpad.net/debian/+source/vlan/+bug/1716964/+attachment/4953630/+files/lp1716964-trusty.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Bug Watch Updater]

** Changed in: vlan (Debian)
   Status: Unknown => New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

** Description changed:

+ [impact]
+ 
+ Using ifupdown, an interface's rp-filter value cannot be set to 2.
+ 
+ [test case]
+ 
+ On any system using ifupdown to manage interfaces, add to an interface's
+ config:
+ 
+ if-rp-filter 2
+ 
+ When the interface is brought up, its
+ /proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1 instead
+ of 2.  With the fixed vlan package, its value will correctly be set to
+ 2.
+ 
+ [regression potential]
+ 
+ problems with this change could affect the value of an interface's
+ rp_filter value.
+ 
+ [other]
+ 
+ the upstream debian bug for this has been open for 3 years without
+ change, so it is unlikely debian will fix this.
+ 
+ [original description]
+ 
  When configuring a VLAN interface on /etc/network/interfaces, setting
  the ip-rp-filter value to 2 (loose mode reverse filtering) gets
  overridden by the /etc/network/if-up.d/ip script, which only allows for
  values 0 and 1.
  
  This is the relevant configuration in /etc/network/interfaces
  
  # The primary network interface
  auto eno1
  iface eno1 inet static
   address 10.1.2.36
   netmask 255.255.0.0
   gateway 10.1.1.2
   dns-search xxx.yy
   dns-nameservers 10.1.2.22 10.1.2.24
  
  # The administrative network
  auto eno1.2
  iface eno1.2 inet static
   address 172.16.1.8
   netmask 255.255.0.0
-  ip-rp-filter 2
+  ip-rp-filter 2
   vlan-raw-device eno1
- 
  
  But it does not get correctly set
  
  ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
  1
  
  And this is the script overriding the configuration
  
  ~# cat /etc/network/if-up.d/ip
  #!/bin/sh
  # This should probably go into ifupdown
  # But usually only those with lots of interfaces (vlans) need these
  if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
  then
   if [ -n "$IF_IP_PROXY_ARP" ]; then
    if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    else
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    fi
   fi
   if [ -n "$IF_IP_RP_FILTER" ]; then
    if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    else
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    fi
   fi
  fi
  
  It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
  as 1, so it never allows to set is to 2 (loose mode).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

** Changed in: vlan (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

As the comment says in the vlan if-up script, this setting has nothing
to do with vlans and really should go into ifupdown itself; it makes no
sense for the setting to only work if the 'vlan' package is installed
(and it will work for vlan and non-vlan interfaces as long as 'vlan' is
installed).

However, since this is 'how it has always worked' with ifupdown and
nobody has complained, and ifupdown is riding into the sunset, it makes
no sense to do more than the minimum to fix this.  I'll make the tweak
to the vlan if-up script and leave it at that.

** Bug watch added: Debian Bug tracker #736207
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736207

** Also affects: vlan (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736207
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Dan Streetman]

** Changed in: vlan (Ubuntu Trusty)
   Status: New => In Progress

** Changed in: vlan (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: vlan (Ubuntu Zesty)
   Status: New => In Progress

** Changed in: vlan (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: vlan (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: vlan (Ubuntu Zesty)
   Importance: Undecided => Medium

** Changed in: vlan (Ubuntu Zesty)
 Assignee: (unassigned) => Dan Streetman (ddstreet)

** Changed in: vlan (Ubuntu Xenial)
 Assignee: (unassigned) => Dan Streetman (ddstreet)

** Changed in: vlan (Ubuntu Trusty)
 Assignee: (unassigned) => Dan Streetman (ddstreet)

** Changed in: vlan (Ubuntu)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[ChristianEhrhardt]

@Dan - IIRC you look currently for work that is sponsored for your uploader 
application. This looks like a great case and more than that you did the last 6 
uploads to this package so you likely have some sort of test environment 
already.
Would you mind picking that up?

And while on that this issue as well as the former one applies to Debian as 
well. So
@Juan - would you mind reporting that to Debian as well so that at some day we 
can drop the Delta?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[ChristianEhrhardt]

Related doc ont he parameter:
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

There is not more than 0,1,2.

I agree to the suggested solution in general.
The issue applies to current dev back to trusty.

I'm not sure if in Artful with netplan and potential impacts on these
hooks this needs an extra change.

** Changed in: vlan (Ubuntu)
   Status: New => Confirmed

** Also affects: vlan (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: vlan (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Also affects: vlan (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: vlan (Ubuntu)
 Assignee: (unassigned) => Dan Streetman (ddstreet)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Juan Fernandez]

The following modification on /etc/network/if-up.d/ip makes it work.

*** 13,18 
--- 13,20 
if [ -n "$IF_IP_RP_FILTER" ]; then
if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
+   elif [ "$IF_IP_RP_FILTER" -eq "2" ]; then
+   echo 2 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
else
echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
fi

** Description changed:

  When configuring a VLAN interface on /etc/network/interfaces, setting
  the ip-rp-filter value to 2 (loose mode reverse filtering) gets
  overridden by the /etc/network/if-up.d/ip script, which only allows for
  values 0 and 1.
  
  This is the relevant configuration in /etc/network/interfaces
  
  # The primary network interface
  auto eno1
  iface eno1 inet static
-   address 10.1.2.36
-   netmask 255.255.0.0
-   gateway 10.1.1.2
-   dns-search xxx.yy
-   dns-nameservers 10.1.2.22 10.1.2.24
+  address 10.1.2.36
+  netmask 255.255.0.0
+  gateway 10.1.1.2
+  dns-search xxx.yy
+  dns-nameservers 10.1.2.22 10.1.2.24
  
  # The administrative network
  auto eno1.2
  iface eno1.2 inet static
-   address 172.16.1.8
-   netmask 255.255.0.0
-   gateway 172.16.0.1
-   dns-search adm.xxx.yy
-   vlan-raw-device eno1
-   ip-rp-filter 2
+  address 172.16.1.8
+  netmask 255.255.0.0
+  ip-rp-filter 2
+  vlan-raw-device eno1
+ 
  
  But it does not get correctly set
  
- ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter 
+ ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
  1
- 
  
  And this is the script overriding the configuration
  
- ~# cat /etc/network/if-up.d/ip 
+ ~# cat /etc/network/if-up.d/ip
  #!/bin/sh
  # This should probably go into ifupdown
  # But usually only those with lots of interfaces (vlans) need these
  if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
  then
-   if [ -n "$IF_IP_PROXY_ARP" ]; then
-   if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
-   echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
-   else
-   echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
-   fi
-   fi
-   if [ -n "$IF_IP_RP_FILTER" ]; then
-   if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
-   echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
-   else
-   echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
-   fi
-   fi
+  if [ -n "$IF_IP_PROXY_ARP" ]; then
+   if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
+    echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
+   else
+    echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
+   fi
+  fi
+  if [ -n "$IF_IP_RP_FILTER" ]; then
+   if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
+    echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
+   else
+    echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
+   fi
+  fi
  fi
  
- 
- It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it as 1, 
so it never allows to set is to 2 (loose mode).
+ It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
+ as 1, so it never allows to set is to 2 (loose mode).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs