2154782 – failed to change route rules with ip filter

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2154782 - failed to change route rules with ip filter

Summary: failed to change route rules with ip filter

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	nmstate
Sub Component:
Version:	9.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Gris Ge
QA Contact:	Mingyu Shi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2144442
TreeView+	depends on / blocked

Reported:	2022-12-19 08:54 UTC by Mingyu Shi
Modified:	2023-05-09 08:22 UTC (History)
CC List:	6 users (show)
Fixed In Version:	nmstate-2.2.4-1.el9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-05-09 07:31:53 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	nmstate nmstate pull 2191	None	Merged	route and route rule: Treat empty IP string as None	2023-01-18 13:06:32 UTC
Red Hat Issue Tracker	NMT-206	None	None	None	2023-01-29 03:01:12 UTC
Red Hat Issue Tracker	RHELPLAN-142867	None	None	None	2022-12-19 09:07:21 UTC
Red Hat Product Errata	RHBA-2023:2190	None	None	None	2023-05-09 07:32:04 UTC

Description Mingyu Shi 2022-12-19 08:54:39 UTC

Description of problem:
Failed to change route rules with ip filter, which works well on rhel 8.8.

Version-Release number of selected component (if applicable):
nmstate-2.2.2-2.el9.x86_64
NetworkManager-1.41.6-1.el9.x86_64
Linux kvm-04-guest30.hv2.lab.eng.bos.redhat.com 5.14.0-212.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Dec 13 17:09:01 EST 2022 x86_64 x86_64 x86_64 GNU/Linux
DISTRO=RHEL-9.2.0-20221215.0

How reproducible:
100%

Steps to Reproduce:
cat << EOF > rules.yaml
interfaces:
  - name: veth0
    type: veth
    state: up
    veth:
      peer: veth0_p
    ipv6:
      address:
      - ip: 100::1
        prefix-length: 64
      enabled: true
    ipv4:
      address:
      - ip: 192.0.2.251
        prefix-length: 24
      enabled: true
  - name: veth1
    type: veth
    state: up
    veth:
      peer: veth1_p
    ipv6:
      address:
      - ip: 1::1
        prefix-length: 64
      enabled: true
    ipv4:
      address:
      - ip: 198.51.100.251
        prefix-length: 24
      enabled: true
route-rules:
  config:
  - ip-to: 192.0.2.0/24
    priority: 1000
    route-table: 50
  - ip-from: 192.0.2.1/24
    priority: 1001
    route-table: 50
  - ip-to: 198.51.100.99/24
    priority: 1002
    route-table: 51
  - ip-from: 198.51.100.255/24
    priority: 1003
    route-table: 51
  - ip-to: 100::/64
    priority: 1000
    route-table: 50
  - ip-from: 100::/64
    priority: 1001
    route-table: 50
  - ip-to: 1::/64
    priority: 1002
    route-table: 51
  - ip-from: 1::/64
    priority: 1003
    route-table: 51
  - ip-to: 192.0.2.0/24
    ip-from: 192.0.2.1/24
    priority: 20000
    route-table: 50
  - ip-to: 100::/64
    priority: 20000
    route-table: 50
    ip-from: 100::/64
routes:
  config:
  - destination: 0.0.0.0/0
    metric: 150
    next-hop-address: 192.0.2.1
    next-hop-interface: veth0
    table-id: 50
  - destination: ::/0
    metric: 100
    next-hop-address: 100::254
    next-hop-interface: veth0
    table-id: 50
  - destination: 0.0.0.0/0
    metric: 151
    next-hop-address: 198.51.100.1
    next-hop-interface: veth1
    table-id: 51
  - destination: ::/0
    metric: 1
    next-hop-address: 1::254
    next-hop-interface: veth1
    table-id: 51
EOF

cat << EOF > rules_absent.yaml
route-rules:
  config:
  - priority: 1001
    state: absent
  - route-table: 51
    state: absent
  - ip-to: 192.0.2.0/24
    state: absent
  - ip-to: 100::/64
    ip-from: ''
    state: absent
EOF

nmstatectl apply rules.yaml
nmstatectl apply rules_absent.yaml

Actual results:
NmstateError: InvalidArgument: Invalid IP network: invalid IP address syntax

Expected results:
(On rhel 8.8)
8.8-[16:50:50@dell-per740-79 ~/repo-nmstate/libnmstate]0# ip rule
0:      from all lookup local
1000:   from all lookup [l3mdev-table]
32766:  from all lookup main
32767:  from all lookup default
8.8-[16:50:52@dell-per740-79 ~/repo-nmstate/libnmstate]0# ip -6 rule
0:      from all lookup local
1000:   from all lookup [l3mdev-table]
20000:  from 100::/64 to 100::/64 lookup 50 proto static
32766:  from all lookup main

Additional info:

Comment 1 Gris Ge 2023-01-12 05:38:08 UTC

PR sent to upstream: https://github.com/nmstate/nmstate/pull/2191

Comment 4 Mingyu Shi 2023-01-29 02:58:13 UTC

Verified with:
nmstate-2.2.5-1.el9.x86_64
nispor-1.2.9-1.el9.x86_64
NetworkManager-1.41.90-1.el9.x86_64
DISTRO=RHEL-9.2.0-20230127.12

Comment 6 errata-xmlrpc 2023-05-09 07:31:53 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nmstate bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2190

Note You need to log in before you can comment on or make changes to this bug.