Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1457242 - manually added IPv6 route is removed when NM is running
manually added IPv6 route is removed when NM is running
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity medium
: rc
: ---
Assigned To: Thomas Haller
Desktop QE
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-31 08:06 EDT by Jan Tluka
Modified: 2017-08-01 05:28 EDT (History)
10 users (show)

See Also:
Fixed In Version: NetworkManager-1.8.0-6.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 05:28:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
NM log (138.69 KB, text/plain)
2017-05-31 08:06 EDT, Jan Tluka
no flags Details
reproducer (1.50 KB, application/x-shellscript)
2017-05-31 08:09 EDT, Jan Tluka
no flags Details
[patch] device: mark device as sys-iface-state=external when assuming connection (2.14 KB, patch)
2017-06-01 16:12 EDT, Thomas Haller
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2299 normal SHIPPED_LIVE Moderate: NetworkManager and libnl3 security, bug fix and enhancement update 2017-08-01 08:40:28 EDT

  None (edit)
Description Jan Tluka 2017-05-31 08:06:30 EDT
Created attachment 1283745 [details]
NM log

Description of problem:

I attached a network interface to virtual guest running RHEL 7.4 and configure IPv6 address on the interface. When I add an IPv6 route that uses a host from the address's subnet it appears in the routing table for a while and after a second it's removed. I was able to create a simple reproducer that uses virtual guest (attached). When I disable NetworkManager the route stays in the routing table.

I see this after I updated NM from NetworkManager-1.8.0-0.4.rc3.el7 to NetworkManager-1.8.0-3.el7

I attached level=TRACE logs as well.


Version-Release number of selected component (if applicable):
NetworkManager-1.8.0-3.el7.x86_64
kernel-3.10.0-671.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. run attached reproducer on a host with 7.4 guest
2.
3.

Actual results:
IPv6 route disappears after a while

Expected results:
IPv6 route does not disappear

Additional info:
Comment 2 Jan Tluka 2017-05-31 08:09 EDT
Created attachment 1283746 [details]
reproducer

The attached reproducer provides 3 tests but only test #2 is relevant to this bug, the rest of tests is commented out.
Comment 3 Jan Tluka 2017-05-31 08:24:10 EDT
Tested with RHEL-7.3 version of NM NetworkManager-1.4.0-12.el7 where I could not reproduce the issue. I'm keeping the Regression keyword.
Comment 4 Thomas Haller 2017-06-01 16:11:27 EDT
The eth1 device appears to NetworkManager like a regular ethernet. That means, the device is managed (by default), and NM does what it always does:

  - disable address generation of IPv6 link-local address
  - set the device IFF_UP
  - reset sysctls. This involves toggeling
    /proc/sys/net/ipv6/conf/eth1/disable_ipv6, which would interfere badly with
    doing IP configuration on the interface.

This is inherently racy, and not much that can be done about it.
This however should only happen when the device shows up first (or NM is starting). You have to be fast to hit that race -- and that was not the problem.


Later, once you start configuring IP addresses, NM notices that somebody externally messes with the device, and it creates a in-memory connection to express the state on the interface. From that point on, NM should no longer touch the interface. There is a bug there, that needs fixing.
Comment 5 Thomas Haller 2017-06-01 16:12 EDT
Created attachment 1284242 [details]
[patch] device: mark device as sys-iface-state=external when assuming connection

This should fix it...
Comment 6 Thomas Haller 2017-06-01 16:44:45 EDT
Jan, any chance to re-test with scratch-build https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=13326781
Comment 7 Beniamino Galvani 2017-06-05 10:56:05 EDT
(In reply to Thomas Haller from comment #5)
> Created attachment 1284242 [details]
> [patch] device: mark device as sys-iface-state=external when assuming
> connection

Looks good to me.
Comment 10 Jan Tluka 2017-06-06 11:04:55 EDT
I tested on the same setup with fixed NetworkManager-1.8.0-6.el7 and I cannot reproduce this anymore.

I also ran the tests that were blocked by this issue and the bug is gone there as well: https://beaker.engineering.redhat.com/recipes/3916966#task56673909

Note that one of the failures in beaker job is a known issue.
Comment 11 errata-xmlrpc 2017-08-01 05:28:57 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2299

Note You need to log in before you can comment on or make changes to this bug.