Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add support for ipv6 slaac #259

Open
wants to merge 33 commits into
base: master
Choose a base branch
from

Conversation

aderumier
Copy link
Contributor

@aderumier aderumier commented Apr 28, 2023

Hi
This patch series add support for 'inet6 auto" method,
add support for accept_ra && autoconf on "inet6 static" interfaces (previously if was only working for inet6 dhcp)

This fix
#249
#122
#178

example:

iface eno3 inet6 auto
# ifup eno3 -d
debug: eno3: pre-up : running module auto
info: executing /sbin/sysctl net.ipv6.conf.eno3.accept_ra=2
info: executing /sbin/sysctl net.ipv6.conf.eno3.autoconf=1

up again (accept_ra,autoconf are in cache, so no need to reapply them again)

# ifup eno3 -d
debug: eno3: pre-up : running module auto

switch to static ((accept_ra && autoconf are reset to 0)

iface eno3
        address 2001:db8:a0b:12f0::1/64
#ifup eno3 -d
debug: eno3: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.eno3.input=0
info: executing /sbin/sysctl net.ipv6.conf.eno3.accept_ra=0
info: executing /sbin/sysctl net.ipv6.conf.eno3.autoconf=0
info: reading '/proc/sys/net/ipv6/conf/eno3/disable_ipv6'
info: eno3: netlink: ip addr add 2001:db8:a0b:12f0::1/64 dev eno3

up again (accept_ra,autoconf are in cache, so no need to reapply them again)

#ifup eno3 -d
debug: eno3: pre-up : running module address

add accept_ra=1/autoconf=1 on eno3

iface eno3
        address 2001:db8:a0b:12f0::1/64
        accept_ra 1
        autoconf 1
#ifup eno3 -d
debug: eno3: pre-up : running module auto
debug: eno3: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.eno3.input=0
info: executing /sbin/sysctl net.ipv6.conf.eno3.accept_ra=1
info: executing /sbin/sysctl net.ipv6.conf.eno3.autoconf=1
debug: eno3: up : running module dhcp

remove ip from interface (here we can't purge ip as slaac is still enable, and we can't known which ip is coming from slaac)

iface eno3
        accept_ra 1
        autoconf 1
debug: eno3: pre-up : running module auto
debug: eno3: pre-up : running module address
warning: eno3: interface has ipv6 slaac enabled, skip purging existing ipv6 addresses
debug: eno3: up : running module dhcp

testing dhcp + accept_ra/autoconf

iface eno3 inet6 dhcp
        accept_ra 1
        autoconf 1
ifdown eno3 && ifup eno3 -d

debug: eno3: pre-up : running module auto
debug: eno3: pre-up : running module address
info: executing /sbin/sysctl net.mpls.conf.eno3.input=0
info: executing /sbin/sysctl net.ipv6.conf.eno3.accept_ra=1
info: executing /sbin/sysctl net.ipv6.conf.eno3.autoconf=1
debug: eno3: up : running module dhcp
info: eno3: enabling syslog for dhcp configuration
info: executing /sbin/dhclient -6 -x -pf /run/dhclient6.eno3.pid -lf /var/lib/dhcp/dhclient6.eno3.leases eno3

mixing both auto && static

iface eno3 inet6 auto

iface eno3 inet6 static
        address 2001:db8:a0b:12f0::1/64
debug: eno3: pre-up : running module auto
info: executing /sbin/sysctl net.ipv6.conf.eno3.accept_ra=1
info: executing /sbin/sysctl net.ipv6.conf.eno3.autoconf=1
debug: eno3: pre-up : running module address
info: reading '/proc/sys/net/ipv6/conf/eno3/disable_ipv6'
info: eno3: netlink: ip addr add 2001:db8:a0b:12f0::1/64 dev eno3

Mixing both auto && static, with accept_ra=0 in static (will be skipped as auto need accept_ra=1)

iface eno3 inet6 auto

iface eno3 inet6 static
        address 2001:db8:a0b:12f0::1/64
        accept_ra 0
        autoconf 0
debug: eno3: pre-up : running module auto
info: executing /sbin/sysctl net.ipv6.conf.eno3.accept_ra=1
info: executing /sbin/sysctl net.ipv6.conf.eno3.autoconf=1
debug: eno3: pre-up : running module address
info: reading '/proc/sys/net/ipv6/conf/eno3/disable_ipv6'
info: eno3: netlink: ip addr add 2001:db8:a0b:12f0::1/64 dev eno3

ifquery check is also implemented

auto eno3
iface eno3 inet6 auto                                                        [pass]

auto eno3
iface eno3 inet6 static                                                       [pass]
	accept_ra 1                                                               [pass]
	autoconf 1                                                                 [pass]
	address 2001:db8:a0b:12f0::1/64                             [pass]

@aderumier
Copy link
Contributor Author

ping @julienfortin for review ^_^

@julienfortin
Copy link
Contributor

@aderumier thanks for the ping, i just started some tests, i'll update once i have the results

@julienfortin
Copy link
Contributor

@aderumier when running test i'm seeing the following:

warning: mgmt: interface has ipv6 slaac enabled, skip purging existing ipv6 addresses"
error: 'bool' object is not subscriptable"
warning: vlan1001: interface has ipv6 slaac enabled, skip purging existing ipv6 addresses"
warning: vlan1003: interface has ipv6 slaac enabled, skip purging existing ipv6 addresses"

I don't have the config used for the test only the output right now.

  • error: 'bool' object is not subscriptable" is not seen without your patch
  • I don't think this specific config is intentionally using ipv6 slaac so we shouldn't warn when default values are used and not alter the default path (aka we should purge in that case)

Also i'm not a fan of using auto as a keyword for slaac, that can introduce confusion with the auto $ifname keyword. I suggest renaming it slaac

iface eno3 inet6 slaac

@aderumier
Copy link
Contributor Author

@aderumier when running test i'm seeing the following:

warning: mgmt: interface has ipv6 slaac enabled, skip purging existing ipv6 addresses"
error: 'bool' object is not subscriptable"
warning: vlan1001: interface has ipv6 slaac enabled, skip purging existing ipv6 addresses"
warning: vlan1003: interface has ipv6 slaac enabled, skip purging existing ipv6 addresses"

I don't have the config used for the test only the output right now.

  • error: 'bool' object is not subscriptable" is not seen without your patch
  • I don't think this specific config is intentionally using ipv6 slaac so we shouldn't warn when default values are used and not alter the default path (aka we should purge in that case)

mmm, that's mean with accept_ra/autoconf are enabled in sysctl (they are disabled by default in kernel, and address module set them to 0 by default too when not defined, like on debian ifupdown1). That's strange that it's not intentionnaly enabled...

could be great if you could have the config to reproduce on my side. But I'll look to fix this "bool object" error.

Also i'm not a fan of using auto as a keyword for slaac, that can introduce confusion with the auto $ifname keyword. I suggest renaming it slaac

iface eno3 inet6 slaac

Well, I'm not a big fan too, but this is how debian defined it in ifupdown1, and I have a lot of proxmox users, complain with error on upgrade from ifupdown1 to ifupdown2 when "inet6 auto" is defined in their config. (almost everybody with a clean default install of debian). ifupdown2 can't be restart with "inet6 auto" ,and apt install is dying too with ifupdown2 package install in error state.

I'm currently on holiday, I'll rework on this in 2 weeks.

@aderumier aderumier force-pushed the ipv6auto branch 4 times, most recently from 1a4067c to e56ffd9 Compare May 9, 2023 11:22
@aderumier
Copy link
Contributor Author

@aderumier when running test i'm seeing the following:

warning: mgmt: interface has ipv6 slaac enabled, skip purging existing ipv6 addresses"
error: 'bool' object is not subscriptable"
warning: vlan1001: interface has ipv6 slaac enabled, skip purging existing ipv6 addresses"
warning: vlan1003: interface has ipv6 slaac enabled, skip purging existing ipv6 addresses"

I don't have the config used for the test only the output right now.

  • error: 'bool' object is not subscriptable" is not seen without your patch
  • I don't think this specific config is intentionally using ipv6 slaac so we shouldn't warn when default values are used and not alter the default path (aka we should purge in that case)

ok, I was able to reproduce.
it should be fixed now. It's was a bug, trying to read netlink cache, but as theses interfaces are virtual, they are only created in preup modules (vlan,..) after that the netlink cache is populated.

I have also do a fix for dotted vlan interfaces name for sysctl apply.

Could you give it a try again ?

@aderumier
Copy link
Contributor Author

(Note that I'm still working on it for default accept_ra value. Currently I'm forcing it to 0, this is wrong, it should use the net.ipv6.conf.all.accept_ra value)

@aderumier aderumier force-pushed the ipv6auto branch 3 times, most recently from 825be38 to 2fd8fdb Compare May 9, 2023 17:22
@aderumier
Copy link
Contributor Author

(Note that I'm still working on it for default accept_ra value. Currently I'm forcing it to 0, this is wrong, it should use the net.ipv6.conf.all.accept_ra value)

fixed in
2fd8fdb

@aderumier
Copy link
Contributor Author

improvement:

I check ipv6 attribute flags (permanent 0x80), to known if ip is dynamic (slaac attributed).
Then for purge, skip purge for dynamic ip when autoconf is enabled

(Like this, it's possible to add/remove static ipv6 when autoconf is enabled)

aderumier and others added 5 commits May 11, 2023 11:10
The current code is buggy if an interface only use ipv6.

ipv6 don't have primary and are not ordered, so change can randomly
remove/re-add all ipv6 address

```
auto eno4
iface eno4 inet6 static
        address 2001:db8:a0b:12f0::1/64

info: eno4: netlink: ip addr add 2001:db8:a0b:12f0::1/64 dev eno4

auto eno4
iface eno4 inet6 static
        address 2001:db8:a0b:12f0::1/64
        address 2001:db8:a0b:12f0::2/64

info: eno4: netlink: ip addr add 2001:db8:a0b:12f0::2/64 dev eno4

auto eno4
iface eno4 inet6 static
        address 2001:db8:a0b:12f0::1/64
        address 2001:db8:a0b:12f0::2/64
        address 2001:db8:a0b:12f0::3/64

info: eno4: primary ip changed (from 2001:db8:a0b:12f0::1/64 to 2001:db8:a0b:12f0::2/64) we need to purge all ip addresses and re-add them
info: eno4: netlink: ip addr del 2001:db8:a0b:12f0::2/64 dev eno4
info: eno4: netlink: ip addr del 2001:db8:a0b:12f0::1/64 dev eno4
info: reading '/proc/sys/net/ipv6/conf/eno4/disable_ipv6'
info: eno4: netlink: ip addr add 2001:db8:a0b:12f0::1/64 dev eno4
info: eno4: netlink: ip addr add 2001:db8:a0b:12f0::2/64 dev eno4
info: eno4: netlink: ip addr add 2001:db8:a0b:12f0::3/64 dev eno4
```
only first attributes used in any kernels
we want to get IFA_FLAGS to known if an ip is permanent (0x80),
or dynamic (slaac)
Alexandre Derumier and others added 6 commits May 11, 2023 11:12
simply sysctl accept_ra=1 && autoconf=1
Currently it's only available in dhcp method.

Set 0 by default (if interface was previously method auto).
we manage them in address now
user can defined both static ips && enable accept_ra 1 in as or auto method

exemple1:
----------
iface eth0 inet auto

iface eth0 inet6 static
	address ....

exemple2:
--------
iface eth0 inet6 static
	address ....
	accept_ra 1
	autoconf 1

We need to process configured addresses,
but we won't purge ipv6 on reload
aderumier added 7 commits May 11, 2023 11:12
…pty netlink cache

factorize with adding_get_netlink_cache_accept_ra && _get_netlink_cache_auto
and correctly test if cache exist or not

the netlink cache can have empty value for an interface,
if the interface was not existing when we have populate the cache.
for example, a vlan interface created in pre-up by vlan module.

In this case, we return an empty string
accept_ra is only to get default gw, autoconf is for generate ip

Also skip only dynamic ipv6 (!ipflag permanent 0x80)
@aderumier
Copy link
Contributor Author

@julienfortin

I think it's ok for a second review, the bugs should be fixed.

aderumier and others added 15 commits June 27, 2023 11:46
Replace indexing by variables named start/end and prefix/suffix.
ifquery excluded the last digit of interfaces range given.
ex: eth[1-2] would give only eth1 instead of eth1 + eth2.

This commit fix this behavior by increasing the range in
expand_iface_range.
The commit make the auto_ifaces container pointing to the
allow_classes['auto'] list. (since it's a mutable object, we get
the same instance)
This change goal is to make auto behave like allow-auto.
This commit will also provide the interfaces range capability to any
other allow-class names.
The only real change is the creation of a ifaceobj before testing it's
name. (The ifaceobj will still not be added if deemed invalid)
This commit fix the following by making an understandable error msg:
* the 'allow eth0' would make a IndexError shown to the user.
* the 'allow-' would be valid and use an empty classname.
some nic like mellanox connectx don't work well with
vlan aware bridge && rx-vlan-filter.
(They are limited in number of vlans in hardware filtering,
and break with big number of vlans like bridge-vids 2-4096)

Signed-off-by: Alexandre Derumier <[email protected]>
if a script in /etc/network/ifup.d/ is segfaulting,

on config loading (ifup -a), ifupdown2 is stopping

ifup -a
"
info: executing2 /etc/network/if-up.d/postfix
debug: lo: up : running script /etc/network/if-up.d/resolved
info: executing2 /etc/network/if-up.d/resolved
error: name 'traceback' is not defined
debug: saving state ..
info: exit status 1
"

with this fix:

debug: lo: up : running script /etc/network/if-up.d/resolved
info: executing2 /etc/network/if-up.d/resolved
  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 325, in run_iface_list
    cls.run_iface_graph(ifupdownobj, ifacename, ops, parent,
  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 315, in run_iface_graph
    cls.run_iface_list_ops(ifupdownobj, ifaceobjs, ops)
  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 188, in run_iface_list_ops
    cls.run_iface_op(ifupdownobj, ifaceobj, op,
  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 150, in run_iface_op
    ifupdownobj.log_error('%s: %s %s' % (ifacename, op, str(e)))
  File "/usr/share/ifupdown2/ifupdown/ifupdownmain.py", line 226, in log_error
    raise Exception(str)
error: lo : lo: up cmd '/etc/network/if-up.d/resolved' failed: returned -11
debug: vmbr0: found dependents ['bond0']
debug: bond0: found dependents ['enp65s0d1', 'enp65s0']
info: enp65s0d1: running ops ...
...
...
@aderumier
Copy link
Contributor Author

I just send a fix for bridge interface where accept_ra|autoconf was not applied.

(also resync to last master to master)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants