1315018 – RHEL6: network initscript touches wrong or inexistent interfaces when tunnel interface is present

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1315018 - RHEL6: network initscript touches wrong or inexistent interfaces when tunnel interface is present

Summary: RHEL6: network initscript touches wrong or inexistent interfaces when tunnel ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	initscripts
Sub Component:
Version:	6.8
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	David Kaspar // Dee'Kej
QA Contact:	Jan Ščotka
Docs Contact:	Clayton Spicer
URL:
Whiteboard:
Depends On:
Blocks:	1356056 1398679
TreeView+	depends on / blocked

Reported:	2016-03-05 18:32 UTC by Rodrigo A B Freire
Modified:	2018-04-05 09:06 UTC (History)
CC List:	4 users (show)
Fixed In Version:	initscripts-9.03.55-1
Doc Type:	Release Note
Doc Text:	The "service network stop" command no longer attempts to stop services which are already stopped Previously, when a tunnel interface was present, the "service network stop" command incorrectly attempted to stop services which had been stopped already, displaying an error message. With this update, this bug is fixed, and the "service network stop" command now only stops running services.
Clone Of:
Clones:	1398679 (view as bug list)
Environment:
Last Closed:	2017-03-21 11:53:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Script misbehaviour (11.77 KB, text/plain) 2016-03-05 18:39 UTC, Rodrigo A B Freire	no flags	Details
Script working correctly (8.48 KB, text/plain) 2016-03-05 18:39 UTC, Rodrigo A B Freire	no flags	Details
Patch: initscripts: Fixes interface enumeration on shutdown test (377 bytes, patch) 2016-03-05 18:41 UTC, Rodrigo A B Freire	no flags	Details \| Diff
[PATCH] network: Fixes ifdown var leak, add tunnel treatment (3.11 KB, patch) 2016-03-07 15:47 UTC, Rodrigo A B Freire	no flags	Details \| Diff
[PATCH] network: Fixes ifdown var leak, add tunnel treatment (3.15 KB, patch) 2016-03-07 16:36 UTC, Rodrigo A B Freire	no flags	Details \| Diff
Show Obsolete (2) View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:0786	0	normal	SHIPPED_LIVE	initscripts bug fix update	2017-03-21 12:49:53 UTC

Description Rodrigo A B Freire 2016-03-05 18:32:35 UTC

Description of problem:
* A "# service network stop" tries to stop already stopped interfaces when a 'tunnel' interface is present.

Version-Release number of selected component (if applicable):
* initscripts-9.03.49-1.el6_7.4.x86_64

How reproducible:
* Always

Steps to Reproduce:
0. Test this reproducer in a system with several eth interfaces defined in /etc/sysconfig/network-scripts. Even if your system has just a single ethernet attached to it.
1. Start your network;
2. Start a tunnel interface (defined by /etc/sysconfig/network-scripts/ifcfg-tunnel(x)
3. Set a verbose bash -x output in your /etc/init.d/network
4. Stop the network

Actual results:
* The function check_device_down will use tunnel0 as a reference interface (which is up) and the network script will try to stop every interface in the system, regardless if it actually exists or is up.

Expected results:
* check_device_down should check the correct interface and down/skip accordingly.

Additional info:
See bad-output.txt line 177 - 188. It uses tunnel0 as reference to stop eth0.
Going further, see lines 224 - 237, trying to shutdown a non-existent interface.

Fixed script: See good-output.txt.

Comment 1 Rodrigo A B Freire 2016-03-05 18:39:18 UTC

Created attachment 1133382 [details]
Script misbehaviour

Comment 2 Rodrigo A B Freire 2016-03-05 18:39:41 UTC

Created attachment 1133383 [details]
Script working correctly

Comment 3 Rodrigo A B Freire 2016-03-05 18:41:45 UTC

Created attachment 1133384 [details]
Patch: initscripts: Fixes interface enumeration on shutdown test

Comment 4 Rodrigo A B Freire 2016-03-05 20:58:59 UTC

Post: 
https://lists.fedorahosted.org/archives/list/initscripts-devel@lists.fedorahosted.org/thread/4Q5HHDJOJNO42HOCVA7LFVJLS5UNKWAF/

Comment 5 Lukáš Nykrýn 2016-03-07 07:41:39 UTC

Thanks for those patches, I will review them as soon as possible.

(I keep post status for the bugs that are already committed in upstream git)

Comment 6 Rodrigo A B Freire 2016-03-07 15:47:12 UTC

Created attachment 1133824 [details]
[PATCH] network: Fixes ifdown var leak, add tunnel treatment

Lukáš Nykrýn píše v Po 07. 03. 2016 v 12:35 +0100: 
> Hello,
> 
> I don't think this patch is correct. I can have for example vlan 
> eth0.10 and in configuration in file ifcfg-myvlan, with this patch 
> the device would not be pulled down.
>
> This is totally untested guess, but I think that correct fix would be:
> 
> diff --git a/rc.d/init.d/network b/rc.d/init.d/network
> index cbb9ddf..8cf851d 100755
> --- a/rc.d/init.d/network
> +++ b/rc.d/init.d/network
> @@ -204,6 +204,7 @@ case "$1" in
>         done
>         
>         for i in $xdslinterfaces $bridgeinterfaces $vlaninterfaces
> $remaining; do
> +               unset DEVICE
>                 (. ./ifcfg-$i
>                 if [ -z "$DEVICE" ] ; then DEVICE="$i"; fi

You are right. Very well spotted, Lukas. I rewrote the patch containing your suggestion and it now works accordingly, even with the scenario that you described.

[root@rf network-scripts]# service network start
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  Active connection state: activated
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/6
                                                           [  OK  ]
Bringing up interface myvlan:  Determining if ip address 192.168.2.1 is already in use for device eth0.1...
                                                           [  OK  ]
[root@rf network-scripts]# 
[root@rf network-scripts]# 
[root@rf network-scripts]# ifup tunnel0
[root@rf network-scripts]# 
[root@rf network-scripts]# 
[root@rf network-scripts]# service network stop
Shutting down interface tunnel0:                           [  OK  ]
Shutting down interface myvlan:                            [  OK  ]
Shutting down interface eth0:  Device state: 3 (disconnected)
                                                           [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]

Comment 7 Rodrigo A B Freire 2016-03-07 16:36:39 UTC

Created attachment 1133835 [details]
[PATCH] network: Fixes ifdown var leak, add tunnel treatment

Renamed %s/tunnelinterface/vpninterface/g.

Comment 8 Lukáš Nykrýn 2016-03-08 14:55:51 UTC

Devel_Ack for mentioned patch for 6.9.

Comment 9 David Kaspar // Dee'Kej 2016-10-28 11:59:52 UTC

The changes proposed by Rodrigo Freire have been commited ~8 months ago:
https://github.com/fedora-sysv/initscripts/commit/82c97b4ac121269ecb829

Comment 17 errata-xmlrpc 2017-03-21 11:53:03 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0786.html

Note You need to log in before you can comment on or make changes to this bug.