networkd doesn't re-enable ipv6 unless mtu is set

Bug #1859862 reported by Dan Streetman on 2020-01-15
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Undecided
Unassigned
Bionic
Medium
Dan Streetman
Disco
Undecided
Unassigned
Eoan
Medium
Dan Streetman

Bug Description

[impact]

if the 'disable_ipv6' procfs setting is disabled, and networkd is configured with ipv6 networking, networkd will not enable ipv6 via the procfs setting unless the interface mtu is also set to a custom value, that doesn't match the current interface mtu.

[test case]

create networkd config similar to:

[Match]
MACAddress=52:54:00:0c:09:77
Name=ens3

[Network]
DHCP=ipv4
LinkLocalAddressing=ipv6
Address=2001:db8::100/64

manually disable ipv6 for the interface:

ubuntu@lp1859862-b:~$ echo 1 | sudo tee /proc/sys/net/ipv6/conf/ens3/disable_ipv6
1

the interface should not contain any ipv6 addresses:

ubuntu@lp1859862-b:~$ ip -6 a show ens3
ubuntu@lp1859862-b:~$

restart networkd; it should enable ipv6 as ipv6 addresses are configured, but it does not:

ubuntu@lp1859862-b:~$ sudo systemctl restart systemd-networkd
ubuntu@lp1859862-b:~$ ip -6 a show ens3
ubuntu@lp1859862-b:~$

Note that with the mtu set, it will successfully re-enable ipv6; modify the networkd config to set the mtu by adding this:

[Link]
MTUBytes=1400

(be sure to set the MTU config to something other than its current mtu)

verify ipv6 is still disabled and has no addresses, then restart and check again:

ubuntu@lp1859862-b:~$ cat /proc/sys/net/ipv6/conf/ens3/disable_ipv6
1
ubuntu@lp1859862-b:~$ ip -6 a show ens3
ubuntu@lp1859862-b:~$ sudo systemctl restart systemd-networkd
ubuntu@lp1859862-b:~$ cat /proc/sys/net/ipv6/conf/ens3/disable_ipv6
0
ubuntu@lp1859862-b:~$ ip -6 a show ens3
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 state UP qlen 1000
    inet6 2001:db8::100/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe0c:977/64 scope link
       valid_lft forever preferred_lft forever

That should be the behavior even if MTUBytes is not set.

[regression potential]

as this adjusts when the procfs 'disable_ipv6' setting is changed, the regression potential could cause failure to properly set/create ipv6 addresses, or to leave ipv6 disabled entirely.

[scope]

This is needed in Bionic and Eoan.

the commit to fix this is 482efedc081b0c4bf2e77a3dee6b979d9c9a5765 which is included starting in v243, so it is included already in Focal.

Ignoring Disco, as it is EOL next week.

This problem was introduced by commit 44b598a1c9d11c23420a5ef45ff11bcb0ed195eb, which was included starting in v239, but also backported to Bionic in bug 1850704.

[other info]

for Eoan, this bug has always existed since release, but for Bionic, this is a regression introduced by bug 1850704. However, manual disabling of ipv6 is very unusual, so this bug is unlikely to have an impact to many systems.

Dan Streetman (ddstreet) on 2020-01-15
Changed in systemd (Ubuntu Disco):
status: New → Won't Fix
Changed in systemd (Ubuntu Eoan):
status: New → In Progress
Changed in systemd (Ubuntu Bionic):
status: New → In Progress
Changed in systemd (Ubuntu):
status: New → Fix Released
Changed in systemd (Ubuntu Eoan):
importance: Undecided → Medium
Changed in systemd (Ubuntu Bionic):
importance: Undecided → Medium
Changed in systemd (Ubuntu Eoan):
assignee: nobody → Dan Streetman (ddstreet)
Changed in systemd (Ubuntu Bionic):
assignee: nobody → Dan Streetman (ddstreet)
Dan Streetman (ddstreet) on 2020-01-15
description: updated
description: updated
description: updated

Hello Dan, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.34 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic

All autopkgtests for the newly accepted systemd (237-3ubuntu10.34) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

php7.2/7.2.24-0ubuntu0.18.04.2 (armhf)
openssh/1:7.6p1-4ubuntu0.3 (arm64, armhf, ppc64el, amd64, s390x, i386)
dovecot/1:2.2.33.2-1ubuntu4.5 (armhf)
gvfs/1.36.1-0ubuntu1.3.3 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Changed in systemd (Ubuntu Bionic):
status: Fix Committed → In Progress

Hello Dan, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.39 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Bionic):
status: In Progress → Fix Committed

All autopkgtests for the newly accepted systemd (237-3ubuntu10.39) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

php7.2/7.2.24-0ubuntu0.18.04.2 (armhf)
gvfs/1.36.1-0ubuntu1.3.3 (ppc64el)
lxc/3.0.3-0ubuntu1~18.04.1 (amd64)
systemd/237-3ubuntu10.39 (i386)
netplan.io/0.98-0ubuntu1~18.04.1 (i386, amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Dan Streetman (ddstreet) on 2020-02-16
description: updated
Dan Streetman (ddstreet) wrote :

bionic verification:

root@lp1859862-b:~# dpkg -l systemd|grep ii
ii systemd 237-3ubuntu10.39 amd64 system and service manager
root@lp1859862-b:~# cat /proc/sys/net/ipv6/conf/ens3/disable_ipv6
1
root@lp1859862-b:~# ip -6 a show dev ens3
root@lp1859862-b:~# systemctl restart systemd-networkd
root@lp1859862-b:~# ip -6 a show dev ens3
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:db8::100/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe0c:977/64 scope link
       valid_lft forever preferred_lft forever
root@lp1859862-b:~# cat /proc/sys/net/ipv6/conf/ens3/disable_ipv6
0

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic

The verification of the Stable Release Update for systemd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 237-3ubuntu10.39

---------------
systemd (237-3ubuntu10.39) bionic; urgency=medium

  [ Dariusz Gadomski ]
  * d/p/lp1762391/0001-Call-getgroups-to-know-size-of-supplementary-groups-.patch,
    d/p/lp1762391/0002-user-util-tweak-to-in_gid.patch,
    d/p/lp1762391/0003-user-util-Add-helper-functions-for-gid-lists-operati.patch,
    d/p/lp1762391/0004-execute-Restore-call-to-pam_setcred.patch,
    d/p/lp1762391/0005-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch,
    d/p/lp1762391/0006-test-Add-tests-for-gid-list-ops.patch,
    d/p/lp1762391/0007-execute-add-const-to-array-parameters-where-possible.patch,
    d/p/lp1762391/0008-execute-allow-pam_setcred-to-fail-ignore-errors.patch:
    - Restore call to pam_setcred (LP: #1762391)

  [ Ioanna Alifieraki ]
  * d/p/lp1860548/0001-Revert-Replace-use-of-snprintf-with-xsprintf.patch,
    d/p/lp1860548/0002-job-truncate-unit-description.patch:
    - use snprintf instead of xsprintf (LP: #1860548)

  [ Dan Streetman ]
  * d/p/lp1833193-network-update-address-when-static-address-was-alrea.patch:
    - Update lft when static addr was cfg by dhcp (LP: #1833193)
  * d/p/lp1849261/0001-core-when-we-can-t-enqueue-OnFailure-job-show-full-e.patch,
    d/p/lp1849261/0002-core-don-t-trigger-OnFailure-deps-when-a-unit-is-goi.patch:
    - Only trigger OnFailure= if Restart= is not in effect (LP: #1849261)
  * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch:
    - set ipv6 mtu at correct time (LP: #1671951)
  * d/p/lp1845909/0001-networkd-honour-LinkLocalAddressing.patch,
    d/p/lp1845909/0002-networkd-fix-link_up-12505.patch,
    d/p/lp1845909/0003-network-do-not-send-ipv6-token-to-kernel.patch,
    d/p/lp1845909/0004-network-rename-linux_configure_after_setting_mtu-to-linux.patch,
    d/p/lp1845909/0005-network-add-link-setting_genmode-flag.patch,
    d/p/lp1845909/0006-network-if-ipv6ll-is-disabled-enumerate-tentative-ipv6-ad.patch,
    d/p/lp1845909/0007-network-drop-foreign-config-after-addr_gen_mode-has-been-.patch,
    d/p/lp1845909/0008-network-drop-IPv6LL-address-when-LinkLocalAddressing.patch:
    - if LinkLocalAddressing=no prevent creation of ipv6ll (LP: #1845909)
  * d/p/lp1859862-network-Do-not-disable-IPv6-by-writing-to-sysctl.patch:
    - enable ipv6 when needed (LP: #1859862)
  * d/p/lp1836695-networkd-Add-back-static-routes-after-DHCPv4-lease-e.patch:
    - (re)add static routes after getting dhcp4 addr (LP: #1836695)
  * d/t/storage:
    - fix buggy test (LP: #1831459)
    - without scsi_debug, skip test (LP: #1847816)

 -- Dan Streetman <email address hidden> Thu, 06 Feb 2020 10:00:49 -0500

Changed in systemd (Ubuntu Bionic):
status: Fix Committed → Fix Released

Hello Dan, or anyone else affected,

Accepted systemd into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/242-7ubuntu3.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Eoan):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-eoan
removed: verification-done

All autopkgtests for the newly accepted systemd (242-7ubuntu3.8) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:

systemd/242-7ubuntu3.8 (ppc64el)
prometheus-postgres-exporter/unknown (armhf)
gnome-desktop3/3.34.2-2ubuntu1~19.10.1 (armhf)
openssh/1:8.0p1-6build1 (s390x, i386, ppc64el, arm64, armhf, amd64)
snapd/2.42.1+19.10 (i386)
udisks2/unknown (armhf)
umockdev/0.13.2-1 (armhf)
sks/unknown (armhf)
network-manager/1.20.4-2ubuntu2.2 (ppc64el, arm64)
asterisk/unknown (armhf)
logrotate/unknown (armhf)
lxc/3.0.4-0ubuntu1 (i386)
netplan.io/0.98-0ubuntu1 (amd64)
dbus/unknown (armhf)
gvfs/1.42.1-1ubuntu1 (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/eoan/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Dan Streetman (ddstreet) wrote :

verified networkd does not *disable* ipv6 for an interface when not configured with ipv6. An additional patch for bug 1877271 is needed to completely update networkd to re-enable ipv6 for an interface when configured with ipv6, but marking this bug as verified.

tags: added: verification-done verification-done-eoan
removed: verification-needed verification-needed-eoan
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 242-7ubuntu3.8

---------------
systemd (242-7ubuntu3.8) eoan; urgency=medium

  * d/t/logind: skip if nonexistent /sys/power/state (LP: #1862657)
  * d/p/lp1859862-network-Do-not-disable-IPv6-by-writing-to-sysctl.patch:
    - enable ipv6 when needed (LP: #1859862)
  * d/p/lp1858412-journalctl-allow-running-vacuum-on-remote-journals-t.patch:
    - allow vacuuming journal 'root' dir (LP: #1858412)
  * d/rules: use meson --print-errorlogs instead of cat testlog
    - (LP: #1870811)
  * d/p/lp1776654-test-Synchronize-journal-before-reading-from-it.patch:
    - sync journal before reading from it (LP: #1776654)
  * d/p/lp1837914-journal-do-not-trigger-assertion-when-journal_file_c.patch:
    - do not crash if NULL passted to journal destructor (LP: #1837914)
  * d/e/initramfs-tools/hooks/udev:
    - Follow symlinks when finding link files to copy into initramfs
      (LP: #1868892)

 -- Dan Streetman <email address hidden> Mon, 20 Apr 2020 09:44:51 -0400

Changed in systemd (Ubuntu Eoan):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers