127.0.0.1/::1 removed from loopback interface if you configure extra IPs on lo (r104 regression/behaviour change)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
netplan.io (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Focal |
Invalid
|
Undecided
|
Unassigned | ||
Jammy |
Invalid
|
Undecided
|
Unassigned | ||
systemd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Users who wish to configure additional addresses on lo may inadvertently remove the 127.0.0.1/8 address from the interface. And, because this only happens on the second invocation of `netplan apply`, it can create confusing breakages for users. Although this is not a recommended configuration, it was previously supported and the current behavior is a regression.
[Test Plan]
* Configure additional addresses on the lo interface. I am testing in a LXD container, so I added the following to /etc/netplan/
lo:
addresses: ["10.10.
* Apply the config, and then inspect the lo interface's addresses:
$ netplan apply
$ ip addr show dev lo
* Observe that the 127.0.0.1/8 address is still present. Now, run the same commands again:
$ netplan apply
$ ip addr show dev lo
* On an affected system, observe that the 127.0.0.1/8 address is now gone. On a patched system, the address should still be present.
[Where problems could occur]
The patch removes cases where systemd-networkd will drop foreign addresses from a managed link. If problems were to occur, it would be related to the addresses configured on a managed link.
[Original Description]
If you configure the loopback interface using netplan without listing the standard loopback addresses (127.0.0.1 / ::1) that are auto-configured on boot then they are removed by netplan in r104+ but were not in r103.
Confusingly this only happens the second time "netplan apply" is invoked and not the first time.
There is some argument this is not a valid configuration, however
- It worked on r103 and broke in the r104 SRU for 20.04 and breaks on upgrade
- Since it only occurs on the second "netplan apply" it is likely people will accidentally create a configuration that on first verification works but breaks later
- Adding addresses to a loopback or dummy interface is a common need
- There is no dummy interface support in Netplan
- Removing the loopback IP doesn't immediately cause obvious breakage in an SSH session but causes all sorts of hard to diagnose issues with applications
Thus I consider this a high priority regression because of the multiple ways this can break a system at an unexpected/
As a workaround you can add 127.0.0.1/::1 to the file and this seems to generally work and product almost the same configuration with the exception that "brd 127.255.255.255" is added to the "ip addr" output compared to the auto-created configuration. All of the different routing tables seem otherwise the tame.
= Test Case =
(1) Add IP configuration for lo to /etc/netplan/
lo:
match:
name: lo
addresses:
- 10.10.10.17/24
- 10.10.10.19/24
(2) Run "netplan apply" and observe the "ip addr show dev lo" output. Expected: 127.0.0.1/::1 are still there.
(3) Run "netplan apply" a second time and observe the "ip addr show dev lo" output. Expected: 127.0.0.1/::1 are now removed.
(4) Repeat the same test under netplan r103. Expected: 127.0.0.1/::1 are still there in both cases.
= Observations =
I found this change of behaviour happens only in r104. It is suspected but not clear that this is due to the configuraiton diffing behaviour introduced in r104. It's not clear to me why it doesn't happen on the first "netplan apply".
I also found a recent upstream systemd commit to prevent networkd removing 127.0.0.1/::1 which solves this issue on r104 as well. It's possible this is a better fix to backport to solve this:
https:/
Reverting to r103 *or* running a newer systemd with that patch resolves the issue on 20.04 and 22.04 in my testing.
Related branches
- git-ubuntu import: Pending requested
-
Diff: 11294 lines (+10313/-0) (has conflicts)134 files modifieddebian/changelog (+489/-0)
debian/extra/dhclient-enter-resolved-hook (+12/-0)
debian/extra/initramfs-tools/hooks/udev (+6/-0)
debian/extra/rules-ubuntu/40-vm-hotadd.rules (+7/-0)
debian/patches/CVE-2020-13529.patch (+36/-0)
debian/patches/CVE-2021-33910.patch (+61/-0)
debian/patches/CVE-2021-3997-1.patch (+62/-0)
debian/patches/CVE-2021-3997-2.patch (+98/-0)
debian/patches/CVE-2021-3997-3.patch (+262/-0)
debian/patches/debian/UBUNTU-Fix-timezone-setting-on-read-only-etc.patch (+28/-0)
debian/patches/debian/timedatectl-lp1650688.patch (+53/-0)
debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch (+26/-0)
debian/patches/hwdb-Mask-rfkill-event-from-intel-hid-on-HP-platforms.patch (+27/-0)
debian/patches/lp1664844/0001-network-add-ActivationPolicy-configuration-parameter.patch (+344/-0)
debian/patches/lp1664844/0002-test-add-ActivationPolicy-unit-tests.patch (+121/-0)
debian/patches/lp1664844/0003-save-link-activation-policy-to-state-file-and-displa.patch (+110/-0)
debian/patches/lp1785383-resolved-address-DVE-2018-0001.patch (+161/-0)
debian/patches/lp1838329/0001-blockdev-propagate-one-more-unexpected-error.patch (+28/-0)
debian/patches/lp1838329/0002-makefs-log-about-OOM-condition.patch (+33/-0)
debian/patches/lp1838329/0003-dissect-use-log_debug_errno-where-appropriate.patch (+33/-0)
debian/patches/lp1838329/0004-blockdev-add-helper-for-locking-whole-block-device.patch (+67/-0)
debian/patches/lp1838329/0005-makefs-lock-device-while-we-operate.patch (+57/-0)
debian/patches/lp1838329/0006-makefs-normalize-logging-a-bit.patch (+39/-0)
debian/patches/lp1838329/0007-cryptsetup-generator-use-systemd-makefs-for-implemen.patch (+45/-0)
debian/patches/lp1858210/0001-time-simplify-get_timezones.patch (+104/-0)
debian/patches/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch (+102/-0)
debian/patches/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch (+90/-0)
debian/patches/lp1860926-network-Change-IgnoreCarrierLoss-default-to-value-of.patch (+75/-0)
debian/patches/lp1861941-dont-generate-disk-byuuid-for-bcache-uuid.patch (+54/-0)
debian/patches/lp1867375/0001-network-add-a-flag-to-ignore-gateway-provided-by-DHC.patch (+97/-0)
debian/patches/lp1867375/0002-test-network-add-a-test-case-for-DHCPv4.UseGateway-n.patch (+56/-0)
debian/patches/lp1867375/0003-network-change-UseGateway-default-to-UseRoutes-setti.patch (+77/-0)
debian/patches/lp1867375/0004-test-modify-add-tests-for-UseRoutes-and-UseGateway-c.patch (+187/-0)
debian/patches/lp1867375/0005-network-honor-SetDNSRoutes-even-if-UseGateway-False.patch (+162/-0)
debian/patches/lp1867375/0006-test-verify-RoutesToDNS-is-independent-of-UseGateway.patch (+74/-0)
debian/patches/lp1873607/0001-core-some-minor-clean-ups-modernizations.patch (+56/-0)
debian/patches/lp1873607/0002-core-make-sure-to-restore-the-control-command-id-too.patch (+33/-0)
debian/patches/lp1875708/journald-Increase-stdout-buffer-size-sooner-when-almost-f.patch (+28/-0)
debian/patches/lp1875708/journald-rework-end-of-line-marker-handling-to-use-a-fiel.patch (+73/-0)
debian/patches/lp1875708/journald-rework-pid-change-handling.patch (+218/-0)
debian/patches/lp1875708/journald-use-log_warning_errno-where-appropriate.patch (+37/-0)
debian/patches/lp1875708/journald-use-the-fact-that-client_context_release-returns.patch (+23/-0)
debian/patches/lp1875708/man-document-the-new-_LINE_BREAK-type.patch (+39/-0)
debian/patches/lp1875708/socket-util-introduce-type-safe-dereferencing-wrapper-CMS.patch (+198/-0)
debian/patches/lp1875708/test-Add-a-test-case-for-15654.patch (+28/-0)
debian/patches/lp1878969-meson-initialize-time-epoch-to-reproducible-builds-compat.patch (+61/-0)
debian/patches/lp1882596-man-fix-some-manvolnum.patch (+267/-0)
debian/patches/lp1887744-basic-unit-file-when-loading-linked-unit-files-use-l.patch (+92/-0)
debian/patches/lp1890448-hwdb-Add-EliteBook-to-use-micmute-hotkey.patch (+32/-0)
debian/patches/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch (+184/-0)
debian/patches/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch (+46/-0)
debian/patches/lp1891215/0003-fs-util-rename-conservative_rename-conservative_rena.patch (+104/-0)
debian/patches/lp1891215/0004-fs-util-make-sure-conservative_renameat-properly-det.patch (+62/-0)
debian/patches/lp1891810-seccomp-util-add-new-syscalls-from-kernel-5.6-to-sys.patch (+31/-0)
debian/patches/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch (+54/-0)
debian/patches/lp1895418-correct-resolved-conf-cache-default.patch (+18/-0)
debian/patches/lp1897744-resolve-enable-RES_TRUSTAD-towards-the-127.0.0.53-st.patch (+36/-0)
debian/patches/lp1902236-nss-systemd-don-t-synthesize-root-nobody-when-iterat.patch (+39/-0)
debian/patches/lp1902891-core-mount-mount-command-may-fail-after-adding-the-c.patch (+32/-0)
debian/patches/lp1902960-udev-re-assign-ID_NET_DRIVER-ID_NET_LINK_FILE-ID_NET.patch (+84/-0)
debian/patches/lp1903300/0001-network-VXLan-fix-adding-Group-address.patch (+34/-0)
debian/patches/lp1903300/0002-network-VXLan-Add-support-for-remote-address.patch (+44/-0)
debian/patches/lp1903300/0003-networkctl-Add-support-to-display-VXLan-remote-addre.patch (+32/-0)
debian/patches/lp1905044-test-use-cap_last_cap-for-max-supported-cap-number-n.patch (+123/-0)
debian/patches/lp1905245/0001-basic-cap-list-parse-print-numerical-capabilities.patch (+92/-0)
debian/patches/lp1905245/0002-basic-capability-util-let-cap_last_cap-return-unsign.patch (+212/-0)
debian/patches/lp1905245/0003-basic-cap-list-reduce-scope-of-variables.patch (+68/-0)
debian/patches/lp1907306/0001-sd-dhcp-client-don-t-log-timeouts-if-already-expired.patch (+60/-0)
debian/patches/lp1907306/0002-sd-dhcp-client-track-dhcp4-t1-t2-expire-times.patch (+153/-0)
debian/patches/lp1907306/0003-sd-dhcp-client-add-RFC2131-retransmission-details.patch (+63/-0)
debian/patches/lp1907306/0004-sd-dhcp-client-simplify-dhcp4-t1-t2-parsing.patch (+126/-0)
debian/patches/lp1907306/0005-sd-dhcp-client-correct-dhcpv4-renew-rebind-retransmi.patch (+75/-0)
debian/patches/lp1907306/0006-sd-dhcp-client-correct-retransmission-timeout-to-mat.patch (+48/-0)
debian/patches/lp1907306/0007-test-network-increase-wait_online-timeout-to-handle-.patch (+35/-0)
debian/patches/lp1907306/0008-sd-dhcp-client-fix-renew-rebind-timeout-calculation-.patch (+27/-0)
debian/patches/lp1911187-systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch (+43/-0)
debian/patches/lp1913189-test-accept-that-char-device-0-0-can-now-be-created-.patch (+61/-0)
debian/patches/lp1913423-hashmap-make-sure-to-initialize-shared-hash-key-atom.patch (+70/-0)
debian/patches/lp1913763-udev-rules-add-rule-to-create-dev-ptp_hyperv.patch (+22/-0)
debian/patches/lp1914740-network-enable-DHCP-broadcast-flag-if-required-by-in.patch (+148/-0)
debian/patches/lp1915887-Downgrade-a-couple-of-warnings-to-debug.patch (+60/-0)
debian/patches/lp1916485-Newer-Glibc-use-faccessat2-to-implement-faccessat.patch (+24/-0)
debian/patches/lp1918696-shared-seccomp-util-address-family-filtering-is-brok.patch (+71/-0)
debian/patches/lp1921696/0001-rfkill-improve-error-logging.patch (+121/-0)
debian/patches/lp1921696/0002-rfkill-use-short-writes-and-accept-long-reads.patch (+123/-0)
debian/patches/lp1926547-hwdb-60-keyboard-Update-Dell-Privacy-Micmute-Hotkey-.patch (+35/-0)
debian/patches/lp1928200/0001-shared-add-common-helper-for-unregistering-all-binfm.patch (+82/-0)
debian/patches/lp1928200/0002-shutdown-unregister-all-binfmt_misc-entries-before-e.patch (+36/-0)
debian/patches/lp1928200/0003-binfmt-modernize-code-a-bit.patch (+47/-0)
debian/patches/lp1928200/0004-binfmt-also-unregister-binfmt-entries-from-unit.patch (+120/-0)
debian/patches/lp1928200/0005-man-document-binfmt-s-new-unregister-switch.patch (+34/-0)
debian/patches/lp1929122-network-check-that-received-ifindex-is-valid.patch (+23/-0)
debian/patches/lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch (+169/-0)
debian/patches/lp1930910-hwdb-Add-ProBook-to-use-micmute-hotkey.patch (+29/-0)
debian/patches/lp1931578/0001-network-default-RequiredForOnline-false-if-Activacti.patch (+108/-0)
debian/patches/lp1931578/0002-networkctl-add-field-Required-For-Online.patch (+30/-0)
debian/patches/lp1931578/0003-test-add-test-to-verify-RequiredForOnline-setting-wi.patch (+99/-0)
debian/patches/lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch (+25/-0)
debian/patches/lp1933402-udev-Fix-SIGSEGV-in-AlternativeNamesPolicy-handling.patch (+26/-0)
debian/patches/lp1934147/0001-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch (+63/-0)
debian/patches/lp1934147/0002-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch (+56/-0)
debian/patches/lp1934221-resolved-disable-event-sources-before-unreffing-them.patch (+172/-0)
debian/patches/lp1934981-correct-suspend-then-sleep-string.patch (+19/-0)
debian/patches/lp1935051-shared-unit-file-make-sure-the-old-hashmaps-and-sets.patch (+153/-0)
debian/patches/lp1937117/0001-revert-lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch (+151/-0)
debian/patches/lp1937117/0002-avoid-changing-interface-master-if-interface-already-up.patch (+21/-0)
debian/patches/lp1937238-util-return-the-correct-correct-wd-from-inotify-help.patch (+54/-0)
debian/patches/lp1943561-dell-clamshell-accel-location-base-with-sku.patch (+29/-0)
debian/patches/lp1944711-login-filenames-in-run-systemd-users-are-uids.patch (+51/-0)
debian/patches/lp1946388-sd-journal-don-t-check-namespaces-if-we-have-no-name.patch (+29/-0)
debian/patches/lp1948476-pid1-target-units-can-fail-through-dependencies.patch (+51/-0)
debian/patches/lp1952599/0001-virt-Support-detection-for-ARM64-Hyper-V-guests.patch (+24/-0)
debian/patches/lp1952599/0002-virt-Fix-the-detection-for-Hyper-V-VMs.patch (+35/-0)
debian/patches/lp1952733-hwdb-60-keyboard-Update-Dell-Privacy-Micmute-Hotkey-Map.patch (+23/-0)
debian/patches/lp1952735-keymap-Add-microphone-mute-keymap-for-Dell-Machine.patch (+19/-0)
debian/patches/lp1955997-add-a-allowlist-to-unblock-intel-hid-on-HP-mach.patch (+30/-0)
debian/patches/lp1958284-core-move-reset_arguments-to-the-end-of-main-s-finish.patch (+48/-0)
debian/patches/lp1959475-core-make-sure-we-don-t-get-confused-when-setting-TERM-fo.patch (+34/-0)
debian/patches/lp1966179-add-more-hp-dmi-to-unblock-intel-hid-event.patch (+64/-0)
debian/patches/lp1966800-shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch (+95/-0)
debian/patches/lp1978079-efi-pstore-not-cleared-on-boot.patch (+48/-0)
debian/patches/lp1979951-network-do-not-remove-localhost-address.patch (+69/-0)
debian/patches/lp1982462-units-remove-the-restart-limit-on-the-modprobe-.service.patch (+33/-0)
debian/patches/pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-dbus-da.patch (+91/-0)
debian/patches/rm-rf-optionally-fsync-after-removing-directory-tree.patch (+33/-0)
debian/patches/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch (+315/-0)
debian/patches/series (+134/-0)
debian/patches/test-make-test-execute-pass-on-Linux-5.15.patch (+40/-0)
debian/tests/boot-and-services (+19/-0)
debian/tests/boot-smoke (+27/-0)
debian/tests/control (+4/-0)
debian/tests/root-unittests (+11/-0)
debian/tests/systemd-fsckd (+306/-0)
debian/udev.postinst (+6/-0)
- Lukas Märdian: Approve
-
Diff: 136 lines (+83/-3)4 files modifieddebian/changelog (+4/-1)
debian/patches/lp1978079-efi-pstore-not-cleared-on-boot.patch (+9/-2)
debian/patches/lp1979951-network-do-not-remove-localhost-address.patch (+69/-0)
debian/patches/series (+1/-0)
- Lukas Märdian: Approve
-
Diff: 328 lines (+268/-2)7 files modifieddebian/changelog (+21/-0)
debian/patches/lp1975667-Ensure-dns_search_domain_unlink_marked-removes-all-marked.patch (+24/-0)
debian/patches/lp1978079-efi-pstore-not-cleared-on-boot.patch (+10/-2)
debian/patches/lp1979951-network-do-not-remove-localhost-address.patch (+66/-0)
debian/patches/lp1981042-core-firstboot-workaround-timezone-issues-caused-by-Ubunt.patch (+110/-0)
debian/patches/lp1982462-units-remove-the-restart-limit-on-the-modprobe-.service.patch (+33/-0)
debian/patches/series (+4/-0)
tags: | added: fr-2514 |
description: | updated |
tags: | added: foundations-todo |
tags: | removed: foundations-todo |
Changed in netplan.io (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in netplan.io (Ubuntu Focal): | |
status: | New → Invalid |
Changed in netplan.io (Ubuntu Jammy): | |
status: | New → Invalid |
This is probably a side-effect of netplan switching over to using "networkctl reload/reconfigure" in 0.104 (it was introduced in 0.103 already, but reverted for various reasons. Re-appeared in 0.104). Should probably be fixed in systemd-networkd.