Red Hat Bugzilla – Bug 1203377
ifdown-routes drops non-alias rules for alias interface
Last modified: 2018-03-05 05:17:21 EST
Description of problem: ifup-routes and ifdown-routes scripts have unwanted side-effects when applied to an alias interface for which a PBR rules-<ifname> entry exists for the parent interface. This is similar, but not identical, to the effects on IPv6 interfaces described in BZ 870271. Version-Release number of selected component (if applicable): initscripts-9.03.40-2.el6.centos.x86_64 How reproducible: Always Steps to Reproduce: Create a non-empty set of Policy Based Routing rules and routes in rule-eth0 and route-eth0 respectively. Create an ifcfg-eth0 for the primary interface on a Host and bring eth0 Up. Create an ifcfg-eth0:0 alias interface with no associated rule-eth0:0 or route-eth0:0 Fire up eth0:0 manually ifup eth0:0 Shutdown eth0:0 manually ifdown eth0:0 Actual results: When eth0:0 is brought up manually, ifup-routes attempts to bring up the same routes already brought up by eth0 because the script attempts to parse BOTH route-eth0 AND route-eth0:0 when invoked for eth0:0. This results in error messages like "RTNETLINK answers: File exists" as the kernel rejects the attempt to create the duplicate routes. Similarly, ifup-routes adds the same rules already brought up by eth0 because the script attempts to parse BOTH rule-eth0 AND rule-eth0:0 when invoked for eth0:0. This results in duplicate rules showing up in "ip rules list". When eth0:0 is brought down, the duplicate rules which were added by ifup eth0:0 are removed, leaving only the originals added by ifup eth0. However, the routes added from route-eth0 are completely removed, which potentially destroys important routing policy for traffic on that interface. The problem only arises where an alias interface is shutdown independently of the primary interface, AND the primary interface ALSO has some interface-specific Policy Based Routing configuration. Expected results: The actions of ifup eth0:0 and ifdown eth0:0 should be unaffected the contents of rule-eth0 and route-eth0. They should only parse routing policy from the specific files rule-eth0:0 and route-eth0:0 Additional info: A suggested fix is to change the clause in ifup-routes which deduces which FILES to use to ONLY use the specific interface entry for an alias interface. i.e. replace this: ... FILES="/etc/sysconfig/network-scripts/route-$1 /etc/sysconfig/network-scripts/route6-$1" if [ -n "$2" -a "$2" != "$1" ]; then FILES="$FILES /etc/sysconfig/network-scripts/route-$2 /etc/sysconfig/network-scripts/route6-$2" fi .... # Routing rules FILES="/etc/sysconfig/network-scripts/rule-$1 /etc/sysconfig/network-scripts/rule6-$1" if [ -n "$2" -a "$2" != "$1" ]; then FILES="$FILES /etc/sysconfig/network-scripts/rule-$2 /etc/sysconfig/network-scripts/rule6-$2" fi .... with: ... FILES="/etc/sysconfig/network-scripts/route-$1 /etc/sysconfig/network-scripts/route6-$1" if [ -n "$2" -a "$2" != "$1" ]; then FILES="/etc/sysconfig/network-scripts/route-$2 /etc/sysconfig/network-scripts/route6-$2" fi .... # Routing rules FILES="/etc/sysconfig/network-scripts/rule-$1 /etc/sysconfig/network-scripts/rule6-$1" if [ -n "$2" -a "$2" != "$1" ]; then FILES="/etc/sysconfig/network-scripts/rule-$2 /etc/sysconfig/network-scripts/rule6-$2" fi ....
I suggest to change the 'ifdown-post' script, instead the ifdown-routes scripts, and deal with the device alias as a real device. The call to 'ifdown-routes' script is done with two arguments: REALDEVICE and DEVNAME: ... 17 [ -z "$REALDEVICE" ] && REALDEVICE=$DEVICE 18 19 /etc/sysconfig/network-scripts/ifdown-routes ${REALDEVICE} ${DEVNAME} 20 ... If the DEVNAME is as alias the REALDEVICE could be changed to the same name: [ "${DEVNAME}" != "${DEVNAME%:[0-9]*}" ] && REALDEVICE=${DEVNAME}
Expanding from Joao's suggestion, perhaps it would be be more orthogonal to apply an equivalent change to both ifup-post and ifdown-post, as in: ifup-post: BEFORE: .... /etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME} .... AFTER: .... [ "$ISALIAS" = yes ] && REALDEVICE=${DEVNAME} /etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME} .... ifdown-post: BEFORE: .... /etc/sysconfig/network-scripts/ifdown-routes ${REALDEVICE} ${DEVNAME} .... AFTER: .... [ "$ISALIAS" = yes ] && REALDEVICE=${DEVNAME} /etc/sysconfig/network-scripts/ifdown-routes ${REALDEVICE} ${DEVNAME} .... This would allow for the slightly odd condition of routes associated with an alias interface which could be taken up and down indepdendently of the real interface. However, for completeness, it would need ifdown-routes to explicitly handle taking down routes ( as well as "rules" ) which are explicitly tied to the alias interface. FWIW, I don't quite see what conditions would lead to either ifup-post or ifdown-post being called where REALDEVICE != DEVNAME and ISALIAS=no. If no such conditions exist, then there seems to be no point passing two parameters to either of the "routes" scripts.
Hello I have been doing multiple followups but haven't received any update on the bugzilla since long time. Can someone take this further and provide details on this ? - Niket Chavan
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. The official life cycle policy can be reviewed here: http://redhat.com/rhel/lifecycle This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL: https://access.redhat.com/