667211 – sysctl calls fail with VLANs (mostly breaking IPv6)

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 667211 - sysctl calls fail with VLANs (mostly breaking IPv6)

Summary: sysctl calls fail with VLANs (mostly breaking IPv6)

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	initscripts
Sub Component:
Version:	6.0
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	initscripts Maintenance Team
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Depends On:	665601 1139560
Blocks:
TreeView+	depends on / blocked

Reported:	2011-01-04 20:00 UTC by Bill Nottingham
Modified:	2014-09-09 08:12 UTC (History)
CC List:	6 users (show)
Fixed In Version:	initscripts-9.03.18-1.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:	665601
Environment:
Last Closed:	2011-05-19 13:51:52 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
patch for this for RHEL 6 (4.01 KB, patch) 2011-01-04 20:15 UTC, Bill Nottingham	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:0647	0	normal	SHIPPED_LIVE	initscripts bug fix and enhancement update	2011-05-19 09:37:27 UTC

Description Bill Nottingham 2011-01-04 20:00:21 UTC

+++ This bug was initially created as a clone of Bug #665601 +++

I'm amazed this bug has gone unnoticed for so long, but here goes...

sysctl uses "." as the path delimiter. VLAN uses "." as the id delimiter. initscripts does absolutely nothing to resolve this conflict. The end result is that all sysctl calls on VLAN if:s will just fail (silently for extra bonus as the scripts pipe to /dev/null).

With legacy IP this isn't a big deal as the sysctl use is very sparse. For IPv6 however, the shit really hits the fan as you can't even disable address autoconfiguration without sysctl.

Encountered this issue on RHEL 5, but it should still be present in RHEL 6 as I can see that my local F14 machine has the bug.

Attached patch fixes most of the calls. Are still a few left that required a bit more effort to handle.

Please prioritise this bug as it is causing a lot of head ache doing IPv6 rollout with RHEL.

--- Additional comment from ossman on 2010-12-27 04:02:02 EST ---

Created attachment 470819 [details]
initscripts-sysctl-vlan.patch

Hmm.. patch got lost somewhere...

--- Additional comment from notting on 2011-01-03 11:56:35 EST ---

Given that the /proc/sys entries properly contain the '.', and this could happen in other places, I'm inclined to say 'fix /sbin/sysctl'.

--- Additional comment from ossman on 2011-01-03 12:11:25 EST ---

The problem for /sbin/sysctl is the ambiguity between "." as a delimiter and "." as a part of a component name. Do we really want it guessing? I'd rather stuff fail than pick the wrong entry because of a naming conflict.

--- Additional comment from notting on 2011-01-03 12:20:28 EST ---

I just find the idea of a first pass that converts certain '.' to '/' when calling sysctl, just so sysctl can then run a two-pass sed that changes '.' to '/' and '/' to '.'  rather cumbersome.

Seems simpler to just skip sysctl entirely.

--- Additional comment from ossman on 2011-01-04 03:42:20 EST ---

No objection to that. I don't know the motivation for using sysctl rather than /proc in the first place.

So change the component back to initscripts?

--- Additional comment from notting on 2011-01-04 11:16:24 EST ---

Well, I can still change initscripts; but it would be good if /sbin/sysctl was fixed. The upstream man page says:

       variable
              The  name  of  a key to read from.  An example is kernel.ostype.  The '/'
              separator is also accepted in place of a '.'.

... which implies that it *should* work without the substitution.

--- Additional comment from ossman on 2011-01-04 11:27:31 EST ---

I don't see any way of just "fixing" sysctl. It's the interface that's crap, not the implementation. So any good fixes to sysctl would require changes to initscripts as well.

One variant is to change initscripts to not use "." but rather "/" as the delimiter. That would solve my use case. Not sure if a stray "/" can occur in any component name though...

--- Additional comment from notting on 2011-01-04 14:59:23 EST ---

Yeah, I suppose the docs should be updated for sysctl to not imply that it actually works. In any case, can change initscripts in the mean time.

For existing RHEL releases, will probably do the sysctl device substitution as above... would want to investigate in Fedora whether we can get away with direct echos, etc. (For example, in some policy settings, sysctl might be a specific restricted security context that the script isn't.)

Comment 1 Bill Nottingham 2011-01-04 20:15:22 UTC

Created attachment 471740 [details]
patch for this for RHEL 6

Comment 2 Bill Nottingham 2011-01-04 21:03:04 UTC

Will also need 4ac5634 from git master.

Comment 5 errata-xmlrpc 2011-05-19 13:51:52 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0647.html

Note You need to log in before you can comment on or make changes to this bug.