1531100 – ifdown-routes drops non-alias rules for alias interface

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1531100 - ifdown-routes drops non-alias rules for alias interface

Summary: ifdown-routes drops non-alias rules for alias interface

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	initscripts
Sub Component:
Version:	7.5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Lukáš Nykrýn
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Depends On:	1203377
Blocks:	1549689
TreeView+	depends on / blocked

Reported:	2018-01-04 15:09 UTC by David Kaspar // Dee'Kej
Modified:	2021-06-10 14:05 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1203377
Environment:
Last Closed:	2020-11-11 21:56:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description David Kaspar // Dee'Kej 2018-01-04 15:09:51 UTC

+++ This bug was initially created as a clone of Bug #1203377 +++

Description of problem:

ifup-routes and ifdown-routes scripts have unwanted side-effects when applied to an alias interface for which a PBR rules-<ifname> entry exists for the parent interface.

This is similar, but not identical, to the effects on IPv6 interfaces described in BZ 870271.


Version-Release number of selected component (if applicable):

initscripts-9.03.40-2.el6.centos.x86_64

How reproducible:

Always

Steps to Reproduce:

Create a non-empty set of Policy Based Routing rules and routes in rule-eth0 and route-eth0 respectively.

Create an ifcfg-eth0 for the primary interface on a Host and bring eth0 Up.

Create an ifcfg-eth0:0 alias interface with no associated rule-eth0:0 or route-eth0:0


Fire up eth0:0 manually 

     ifup eth0:0

Shutdown eth0:0 manually

     ifdown eth0:0


Actual results:

When eth0:0 is brought up manually, ifup-routes attempts to bring up the same routes already brought up by eth0 because the script attempts to parse BOTH route-eth0 AND route-eth0:0 when invoked for eth0:0.

This results in error messages like "RTNETLINK answers: File exists" as the kernel rejects the attempt to create the duplicate routes.

Similarly, ifup-routes adds the same rules already brought up by eth0 because the script attempts to parse BOTH rule-eth0 AND rule-eth0:0 when invoked for eth0:0.

This results in duplicate rules showing up in "ip rules list".

When eth0:0 is brought down, the duplicate rules which were added by ifup eth0:0 are removed, leaving only the originals added by ifup eth0. However, the routes added from route-eth0 are completely removed, which potentially destroys important routing policy for traffic on that interface.
 

The problem only arises where an alias interface is shutdown independently of the primary interface, AND the primary interface ALSO has some interface-specific Policy Based Routing configuration.



Expected results:

The actions of ifup eth0:0 and ifdown eth0:0 should be unaffected the contents of rule-eth0 and route-eth0. They should only parse routing policy from the specific files rule-eth0:0 and route-eth0:0



Additional info:

A suggested fix is to change the clause in ifup-routes which deduces which FILES to use to ONLY use the specific interface entry for an alias interface.

i.e. replace this:

...
FILES="/etc/sysconfig/network-scripts/route-$1 /etc/sysconfig/network-scripts/route6-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
    FILES="$FILES /etc/sysconfig/network-scripts/route-$2 /etc/sysconfig/network-scripts/route6-$2"
fi
....
# Routing rules
FILES="/etc/sysconfig/network-scripts/rule-$1 /etc/sysconfig/network-scripts/rule6-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
    FILES="$FILES /etc/sysconfig/network-scripts/rule-$2 /etc/sysconfig/network-scripts/rule6-$2"
fi
....


with:

...
FILES="/etc/sysconfig/network-scripts/route-$1 /etc/sysconfig/network-scripts/route6-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
    FILES="/etc/sysconfig/network-scripts/route-$2 /etc/sysconfig/network-scripts/route6-$2"
fi
....
# Routing rules
FILES="/etc/sysconfig/network-scripts/rule-$1 /etc/sysconfig/network-scripts/rule6-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
    FILES="/etc/sysconfig/network-scripts/rule-$2 /etc/sysconfig/network-scripts/rule6-$2"
fi
....

--- Additional comment from João Avelino Bellomo Filho on 2015-10-08 22:43:23 CEST ---

I suggest to change the 'ifdown-post' script, instead the ifdown-routes scripts, and deal with the device alias as a real device.

The call to 'ifdown-routes' script is done with two arguments: REALDEVICE and DEVNAME:
...
 17 [ -z "$REALDEVICE" ] && REALDEVICE=$DEVICE
 18 
 19 /etc/sysconfig/network-scripts/ifdown-routes ${REALDEVICE} ${DEVNAME}
 20 
...

If the DEVNAME is as alias the REALDEVICE could be changed to the same name:

[ "${DEVNAME}" != "${DEVNAME%:[0-9]*}" ] && REALDEVICE=${DEVNAME}

--- Additional comment from Ted Rule on 2015-10-09 11:34:22 CEST ---

Expanding from Joao's suggestion, perhaps it would be be more orthogonal to apply an equivalent change to both ifup-post and ifdown-post, as in:

ifup-post:

BEFORE:

....
/etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME}
....


AFTER:

....
[ "$ISALIAS" = yes ] && REALDEVICE=${DEVNAME}
/etc/sysconfig/network-scripts/ifup-routes ${REALDEVICE} ${DEVNAME}
....


ifdown-post:

BEFORE:

....
/etc/sysconfig/network-scripts/ifdown-routes ${REALDEVICE} ${DEVNAME}
....

AFTER:

....
[ "$ISALIAS" = yes ] && REALDEVICE=${DEVNAME}
/etc/sysconfig/network-scripts/ifdown-routes ${REALDEVICE} ${DEVNAME}
....


This would allow for the slightly odd condition of routes associated with an alias interface which could be taken up and down indepdendently of the real interface. However, for completeness, it would need ifdown-routes to explicitly handle taking down routes ( as well as "rules" ) which are explicitly tied to the alias interface.


FWIW, I don't quite see what conditions would lead to either ifup-post or ifdown-post being called where REALDEVICE != DEVNAME and ISALIAS=no. If no such conditions exist, then there seems to be no point passing two parameters to either of the "routes" scripts.

Comment 4 Chris Williams 2020-11-11 21:56:39 UTC

Red Hat Enterprise Linux 7 shipped it's final minor release on September 29th, 2020. 7.9 was the last minor releases scheduled for RHEL 7.
From intial triage it does not appear the remaining Bugzillas meet the inclusion criteria for Maintenance Phase 2 and will now be closed. 

From the RHEL life cycle page:
https://access.redhat.com/support/policy/updates/errata#Maintenance_Support_2_Phase
"During Maintenance Support 2 Phase for Red Hat Enterprise Linux version 7,Red Hat defined Critical and Important impact Security Advisories (RHSAs) and selected (at Red Hat discretion) Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available."

If this BZ was closed in error and meets the above criteria please re-open it flag for 7.9.z, provide suitable business and technical justifications, and follow the process for Accelerated Fixes:
https://source.redhat.com/groups/public/pnt-cxno/pnt_customer_experience_and_operations_wiki/support_delivery_accelerated_fix_release_handbook  

Feature Requests can re-opened and moved to RHEL 8 if the desired functionality is not already present in the product. 

Please reach out to the applicable Product Experience Engineer[0] if you have any questions or concerns.  

[0] https://bugzilla.redhat.com/page.cgi?id=agile_component_mapping.html&product=Red+Hat+Enterprise+Linux+7

Note You need to log in before you can comment on or make changes to this bug.