RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1203377 - ifdown-routes drops non-alias rules for alias interface
Summary: ifdown-routes drops non-alias rules for alias interface
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: initscripts
Version: 6.5
Hardware: All
OS: Linux
high
low
Target Milestone: rc
: ---
Assignee: David Kaspar // Dee'Kej
QA Contact: qe-baseos-daemons
Clayton Spicer
URL:
Whiteboard:
Depends On:
Blocks: 1269194 1356047 1359260 1461138 1492198 1494481 1531100
TreeView+ depends on / blocked
 
Reported: 2015-03-18 17:24 UTC by Ted Rule
Modified: 2021-06-10 10:52 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1531100 (view as bug list)
Environment:
Last Closed: 2018-03-05 10:17:21 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Ted Rule 2015-03-18 17:24:15 UTC 
Description of problem:

ifup-routes and ifdown-routes scripts have unwanted side-effects when applied to an alias interface for which a PBR rules-<ifname> entry exists for the parent interface.

This is similar, but not identical, to the effects on IPv6 interfaces described in BZ 870271.


Version-Release number of selected component (if applicable):

initscripts-9.03.40-2.el6.centos.x86_64

How reproducible:

Always

Steps to Reproduce:

Create a non-empty set of Policy Based Routing rules and routes in rule-eth0 and route-eth0 respectively.

Create an ifcfg-eth0 for the primary interface on a Host and bring eth0 Up.

Create an ifcfg-eth0:0 alias interface with no associated rule-eth0:0 or route-eth0:0


Fire up eth0:0 manually 

     ifup eth0:0

Shutdown eth0:0 manually

     ifdown eth0:0


Actual results:

When eth0:0 is brought up manually, ifup-routes attempts to bring up the same routes already brought up by eth0 because the script attempts to parse BOTH route-eth0 AND route-eth0:0 when invoked for eth0:0.

This results in error messages like "RTNETLINK answers: File exists" as the kernel rejects the attempt to create the duplicate routes.

Similarly, ifup-routes adds the same rules already brought up by eth0 because the script attempts to parse BOTH rule-eth0 AND rule-eth0:0 when invoked for eth0:0.

This results in duplicate rules showing up in "ip rules list".

When eth0:0 is brought down, the duplicate rules which were added by ifup eth0:0 are removed, leaving only the originals added by ifup eth0. However, the routes added from route-eth0 are completely removed, which potentially destroys important routing policy for traffic on that interface.
 

The problem only arises where an alias interface is shutdown independently of the primary interface, AND the primary interface ALSO has some interface-specific Policy Based Routing configuration.



Expected results:

The actions of ifup eth0:0 and ifdown eth0:0 should be unaffected the contents of rule-eth0 and route-eth0. They should only parse routing policy from the specific files rule-eth0:0 and route-eth0:0



Additional info:

A suggested fix is to change the clause in ifup-routes which deduces which FILES to use to ONLY use the specific interface entry for an alias interface.

i.e. replace this:

...
FILES="/etc/sysconfig/network-scripts/route-$1 /etc/sysconfig/network-scripts/route6-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
    FILES="$FILES /etc/sysconfig/network-scripts/route-$2 /etc/sysconfig/network-scripts/route6-$2"
fi
....
# Routing rules
FILES="/etc/sysconfig/network-scripts/rule-$1 /etc/sysconfig/network-scripts/rule6-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
    FILES="$FILES /etc/sysconfig/network-scripts/rule-$2 /etc/sysconfig/network-scripts/rule6-$2"
fi
....


with:

...
FILES="/etc/sysconfig/network-scripts/route-$1 /etc/sysconfig/network-scripts/route6-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
    FILES="/etc/sysconfig/network-scripts/route-$2 /etc/sysconfig/network-scripts/route6-$2"
fi
....
# Routing rules
FILES="/etc/sysconfig/network-scripts/rule-$1 /etc/sysconfig/network-scripts/rule6-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
    FILES="/etc/sysconfig/network-scripts/rule-$2 /etc/sysconfig/network-scripts/rule6-$2"
fi
....
Comment 2 João Avelino Bellomo Filho 2015-10-08 20:43:23 UTC 
I suggest to change the 'ifdown-post' script, instead the ifdown-routes scripts, and deal with the device alias as a real device.

The call to 'ifdown-routes' script is done with two arguments: REALDEVICE and DEVNAME:
...
 17 [ -z "$REALDEVICE" ] && REALDEVICE=$DEVICE
 18 
 19 /etc/sysconfig/network-scripts/ifdown-routes ${REALDEVICE} ${DEVNAME}
 20 
...

If the DEVNAME is as alias the REALDEVICE could be changed to the same name:

[ "${DEVNAME}" != "${DEVNAME%:[0-9]*}" ] && REALDEVICE=${DEVNAME}
Comment 3 Ted Rule 2015-10-09 09:34:22 UTC 
Expanding from Joao's suggestion, perhaps it would be be more orthogonal to apply an equivalent change to both ifup-post and ifdown-post, as in:

ifup-post:

BEFORE:

....
/etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME}
....


AFTER:

....
[ "$ISALIAS" = yes ] && REALDEVICE=${DEVNAME}
/etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME}
....


ifdown-post:

BEFORE:

....
/etc/sysconfig/network-scripts/ifdown-routes ${REALDEVICE} ${DEVNAME}
....

AFTER:

....
[ "$ISALIAS" = yes ] && REALDEVICE=${DEVNAME}
/etc/sysconfig/network-scripts/ifdown-routes ${REALDEVICE} ${DEVNAME}
....


This would allow for the slightly odd condition of routes associated with an alias interface which could be taken up and down indepdendently of the real interface. However, for completeness, it would need ifdown-routes to explicitly handle taking down routes ( as well as "rules" ) which are explicitly tied to the alias interface.


FWIW, I don't quite see what conditions would lead to either ifup-post or ifdown-post being called where REALDEVICE != DEVNAME and ISALIAS=no. If no such conditions exist, then there seems to be no point passing two parameters to either of the "routes" scripts.
Comment 8 Niket Chavan 2016-09-02 03:16:59 UTC 
Hello

I have been doing multiple followups but haven't received any update on the bugzilla since long time.
Can someone take this further and provide details on this ?

- Niket Chavan
Comment 21 David Kaspar // Dee'Kej 2018-03-05 10:17:21 UTC 
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/
Note You need to log in before you can comment on or make changes to this bug.