Bugzilla – Bug 1213203
Second "wicked ifup ethX.<vlan>" call changes IPv6 setting of ethX
Last modified: 2024-05-21 21:42:46 UTC
Created attachment 868140 [details] supportconfig of affected machine Configuration: :::::::::::::: /etc/sysconfig/network/ifcfg-eth2 :::::::::::::: # NETSTOR20 configuration BOOTPROTO='static' STARTMODE='auto' :::::::::::::: /etc/sysconfig/network/ifcfg-eth2.1000 :::::::::::::: # NETSTOR21 configuration BOOTPROTO='static' STARTMODE='auto' ETHERDEVICE='eth2' VLAN_ID='1000' Links are down: # ip addr show dev eth2 4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000 link/ether 40:a6:b7:aa:f0:81 brd ff:ff:ff:ff:ff:ff altname enp11s0f1 altname ens2f1 se500hnc5:~ # ip addr show dev eth2.1000 26: eth2.1000@eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 40:a6:b7:aa:f0:81 brd ff:ff:ff:ff:ff:ff se500hnc5:~ # IPV6 for eth2 is OFF: # sysctl net/ipv6/conf/eth2/disable_ipv6 net.ipv6.conf.eth2.disable_ipv6 = 1 Setting link UP for eth2.1000: # wicked ifup eth2.1000 eth2.1000 device-not-running (This was expected) And ipv6 for eth2 is still down (as expected): # sysctl net/ipv6/conf/eth2/disable_ipv6 net.ipv6.conf.eth2.disable_ipv6 = 1 Now repeating ifup for a second tme on eth2.1000: # wicked ifup eth2.1000 eth2.1000 device-not-running (This is still expected) But unexpected and really strange: ipv6 is enabled on eth2): # sysctl net/ipv6/conf/eth2/disable_ipv6 net.ipv6.conf.eth2.disable_ipv6 = 0 Expected: IPV6 state must not change on ohter devices.
How did you set disable_ipv6 on eth2 on the first `ifup`? If you take a look into `wicked show-config eth2` the output is: > <interface origin="compat:suse:/etc/sysconfig/network/ifcfg-eth2"> > <name>eth2</name> > <control> > <mode>boot</mode> > </control> > ... > <ipv6> > <enabled>true</enabled> > ... > </ipv6> > </interface> Which indicate that wicked treat ipv6 as enabled for eth2. Same apply to eth2.100 interface. To disable ipv6 for a specific interface, you need to set it in some sysctl configuration file, e.g. > echo "net.ipv6.conf.eth2.disable_ipv6 = 1" >> /etc/sysctl.conf see also `man ifsysctl`
Thank you for the contribution. I have re-evaluated the situation as follows. The eth2 device is present: # ip a |grep eth2 8: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000 The ifcfg description for eth2 does not exist: # ls /etc/sysconfig/network/ifcfg-eth2 ls: cannot access '/etc/sysconfig/network/ifcfg-eth2': No such file or directory The ifcfg description for eth2.1000 exists: alto1:~ # cat /etc/sysconfig/network/ifcfg-eth2.1000 # NETSTOR10 configuration BOOTPROTO='static' STARTMODE='auto' ETHERDEVICE='eth2' VLAN_ID='1000' So if you start interface eth2.1000 with wicked ifup eth2.1000, ipv6 will be enabled on the already running interface eth2 because of default values? # wicked ifup eth2.1000 wicked: discarding route not matching any interface: ipv4 172.17.40.0/24 via 192.168.138.12 type unicast table main scope universe protocol boot wicked: discarding route not matching any interface: ipv4 172.17.42.0/24 via 192.168.138.12 type unicast table main scope universe protocol boot eth2.1000 device-not-running # sysctl net/ipv6/conf/eth2/disable_ipv6 net.ipv6.conf.eth2.disable_ipv6 = 0 Why is that? We know that ipv6 has been enabled for eth2.1000 after wicked ifup. This is fine and is handled properly. However, this should not affect the ipv6 setting for eth2 itself. eth2 is used for communication between Linux and BS2000 and should not have ipv6 enabled in this situation. The eth2 device, since it already exists, is not created with wicked ifup eth2.1000. Therefore the sysctl configuration files should not apply here (as stated in the first section of man ifsysctl).
The problem is, that wicked create a default config for the parent device eth2 if there is no specific config. And this is needed for the case, when eth2 is down and you call `wicked ifup eth2.1000`. Here wicked need to bring interface eth2 up first, before creating the VLAN device. From `wicked ifup en0.1000` with debug you can see: ``` wicked: en0.1000: resolved shared reference vlan/device to subordinate device en0 wicked: en0.1000 (<orphan xml node>): setting lower device to en0 wicked: en0.1000: generating default config for en0 child wicked: Config device hierarchy structure: wicked: lo [1] wicked: enp1s0 [2] wicked: en0 [3] wicked: en0.1000 wicked: +-- en0 [3] wicked: en0: hiring nanny wicked: generate policy match for en0 (type unknown) wicked: <interface> wicked: <name>en0</name> wicked: <link/> wicked: <ipv4> wicked: <enabled>true</enabled> wicked: <arp-verify>true</arp-verify> wicked: </ipv4> wicked: <ipv6> wicked: <enabled>true</enabled> wicked: </ipv6> wicked: <control> wicked: <mode>boot</mode> wicked: </control> wicked: </interface> ``` But I don't like the inconsistency, that disable_ipv6 isn't touched on the first `ifup` but on the seconds. I will investigate more. Also, if we do not have a configuration ifcfg-eth2, the sysctl (e.g. from /etc/sysctl.conf) isn't considered.
Clemens, do you have any feedback in regards to your investigations ?
With https://github.com/openSUSE/wicked/pull/990 we get a more consistent behavior. The sysctl config is also applied to the generated config of the link device (in this case it is eth2). > cat ifcfg-en0.1000 > BOOTPROTO='static' > STARTMODE='auto' > ETHERDEVICE='en0' > VLAN_ID='1000' > > cat ifcfg-en0 # Does not exists > > cat /etc/sysctl.conf > net.ipv6.conf.en0.disable_ipv6 = 1 > net.ipv6.conf.en0/1000.disable_ipv6 = 0 after calling `wicked ifup en0.1000` twice we still get: > net.ipv6.conf.en0.disable_ipv6 = 1 > net.ipv6.conf.en0/1000.disable_ipv6 = 0 What we still missing, a runtime configuration of sysctl isn't overwritten in the first `ifup` call.