Ubuntu
oidentd package

ip route parsing fails with multipath routing

Bug #1920755 reported by Fabrizio Lungo
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
oidentd (Ubuntu)
New
Undecided
Unassigned

Bug Description

The systemd unit provided in the Ubuntu package attempts to parse the output of `ip route show to exact 0/0` in order to automatically populate with the `-P` flags for each next hop. Unfortunately this parsing is not robust and breaks on a host with multipath routing.

This is the current value of ExecStart from the systemd unit:

ExecStart=/bin/sh -c "exec /usr/sbin/oidentd -S ${OIDENT_OPTIONS} -u \"${OIDENT_USER}\" -g \"${OIDENT_GROUP}\" \
 `[ \"${OIDENT_BEHIND_PROXY}\" = \"yes\" ] && ip route show to exact 0/0 | awk '{print \"-P \" $3}'`"

This is what output of `ip route ...` on a host with multipath routing (in this case with BGP unnumbered next hops) looks like for reference:

$ ip route show to exact 0/0
default proto bgp metric 20
 nexthop via 169.254.0.1 dev ens2f1np1 weight 1 onlink
 nexthop via 169.254.0.1 dev eno34np1 weight 1 onlink
 nexthop via 169.254.0.1 dev ens2f0np0 weight 1 onlink
 nexthop via 169.254.0.1 dev eno33np0 weight 1 onlink

Currently, `-P bgp -P 169.254.0.1 -P 169.254.0.1 -P 169.254.0.1 -P 169.254.0.1` is added to the command however this results in the following error:

Fatal: Unknown host: "bgp"

To fix the parsing of this output so that it works regardless of whether there is one or more than one next hop (and provide all next hops as arguments), the ExecStart can be changed to the following which matches just the lines in the output which have "via" as the second field in the output:

ExecStart=/bin/sh -c "exec /usr/sbin/oidentd -S ${OIDENT_OPTIONS} -u \"${OIDENT_USER}\" -g \"${OIDENT_GROUP}\" \
 `[ \"${OIDENT_BEHIND_PROXY}\" = \"yes\" ] && ip route show to exact 0/0 | awk '$2 == \"via\" {print \"-P \" $3}'`"

It may be additionally desirable to pipe that output into `sort -u`.

A simple workaround for other users running into this issue is to disable (set to "no") the OIDENT_BEHIND_PROXY variable in /etc/default/oidentd assuming that the host is not behind a proxy.

Since the default for the package is for this to be enabled, if the host is using multipath when the package is installed, starting the service fails causing the package install/update to fail so I think it would be ideal to make the parsing more robust (as suggested).

Environment:

- Ubuntu Focal 20.04
- Version: 2.4.0

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.