"ip addr add" permits illegal labels
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
iproute2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Won't Fix
|
Low
|
Christian Ehrhardt |
Bug Description
[Impact]
* The filter on label names does not match the intention
by upstream nor the description in the man page
* Fix by backporting upstream fix that strengthens the check
[Test Plan]
Bad case:
root@b:~# ip addr add 1.1.1.1 label test1 dev eth0
"dev" (eth0) must match "label" (test1).
root@b:~# ip addr add 1.1.1.1 label eth0-test dev eth0
root@b:~# ip addr show dev eth0 | grep test
inet 1.1.1.1/32 scope global eth0-test
With the fix it should look like:
root@i:~# ip addr add 1.1.1.1 label test1 dev eth0
"label" (test1) must match "dev" (eth0) or be prefixed by "dev" with a colon.
root@i:~# ip addr add 1.1.1.1 label eth0-test dev eth0
"label" (eth0-test) must match "dev" (eth0) or be prefixed by "dev" with a colon.
root@i:~# ip addr show dev eth0 | grep test
[Where problems could occur]
* While the fix indeed "corrects" behavior I must say that if someone
relied on the non-intended behavior it would now break e.g. his
scripting or automation.
[Other Info]
* It was too easy to fix and too long dormant to ignore it further,
but if the SRU team says this is too much regression risk relative to
the gain we will mark it Won't Fix based on that decision.
---
ip-address(8) manpage states:
label NAME
Each address may be tagged with a label string. In order to preserve compatibility with Linux-2.0 net aliases, this string must coincide with the name of the device or must be prefixed with the device name followed by colon.
But you can omit the colon, "ip addr add" is ONLY checking the label is prefixed with the device:
# ip addr add 1.1.1.1 label test1 dev eth0
"dev" (eth0) must match "label" (test1).
# ip addr add 1.1.1.2 label eth0-test2 dev eth0
# ip addr add 1.1.1.3 label eth0:test3 dev eth0
Now ifconfig becomes confused about eth0-test2:
# ifconfig eth0-test2
eth0-test2: error fetching interface information: Device not found
# ifconfig eth0:test3
eth0:test3 Link encap:Ethernet HWaddr b0:d5:cc:fe:1d:7c
inet addr:1.1.1.3 Bcast:0.0.0.0 Mask:255.
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
And daemons like ntpd also log errors about the interface with the illegal label:
ntpd[7570]: eth0-test3: getting interface flags: No such device
## => many of this error per minute until:
ntpd[7570]: Too many errors. Shutting up.
So, I think ip addr show disallow adding address with illegal (as stated by his own documentation) labels, it must also check for the colon following the dev name.
Version: 4.3.0-1ubuntu3
Changed in iproute2 (Ubuntu): | |
status: | New → Triaged |
Hi,
I come by trying to clear out a few old bugs that might still need to be resolved (or can be closed by now).
Even though this one seems to be forgotten by everyone so far it has been fixed.
Bionic (affected)
root@b:~# ip addr add 1.1.1.1 label test1 dev eth0
"dev" (eth0) must match "label" (test1).
root@b:~# ip addr add 1.1.1.1 label eth0-test dev eth0
root@b:~# ip addr show dev eth0 | grep test
inet 1.1.1.1/32 scope global eth0-test
Impish (fixed)
root@i:~# ip addr add 1.1.1.1 label test1 dev eth0
"label" (test1) must match "dev" (eth0) or be prefixed by "dev" with a colon.
root@i:~# ip addr add 1.1.1.1 label eth0-test dev eth0
"label" (eth0-test) must match "dev" (eth0) or be prefixed by "dev" with a colon.
root@i:~# ip addr show dev eth0 | grep test
This was effectively fixed by /git.kernel. org/pub/ scm/network/ iproute2/ iproute2. git/commit/ ?id=cad73425d88 13
https:/
Which is in since v4.18.0
That version is in >=20.04 as well as in 18.04-backports.
iproute2 | 3.12.0-2 | trusty | source, amd64, arm64, armhf, i386, powerpc, ppc64el 16.04.5 | xenial-updates | source, amd64, arm64, armhf, i386, powerpc, ppc64el, s390x 1ubuntu2~ ubuntu18. 04.1 | bionic-backports | source, amd64, arm64, armhf, i386, ppc64el, s390x
iproute2 | 3.12.0-2ubuntu1.2 | trusty-updates | source, amd64, arm64, armhf, i386, powerpc, ppc64el
iproute2 | 4.3.0-1ubuntu3 | xenial | source, amd64, arm64, armhf, i386, powerpc, ppc64el, s390x
iproute2 | 4.3.0-1ubuntu3.
iproute2 | 4.15.0-2ubuntu1 | bionic | source, amd64, arm64, armhf, i386, ppc64el, s390x
iproute2 | 4.15.0-2ubuntu1.1 | bionic-security | source, amd64, arm64, armhf, i386, ppc64el, s390x
iproute2 | 4.15.0-2ubuntu1.3 | bionic-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
iproute2 | 4.18.0-
iproute2 | 5.5.0-1ubuntu1 | focal | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
iproute2 | 5.10.0-4ubuntu1 | hirsute | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
iproute2 | 5.10.0-4ubuntu1 | impish | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
Thereby the active release that still is affected is Bionic (unless you use bionic-backports which already have 4.18).
I think to fix this in bionic is only prio-low since it is mostly a cosmetic.
Since it is fixed in newer releases there isn't more work to be done to drive this to conclusion for future releases.
@Nahuel - I can only beg your pardon that this was dormant for so long :-/