[pve-devel] [PATCH ifupdown2] patch: don't change interface forwarding value if not defined

Mon Feb 24 15:35:50 CET 2020

Seem that my previous patch was forgot in the 2.0
https://github.com/CumulusNetworks/ifupdown2/pull/101

Without this, user with routed setup with sysctl fordwarding enable,
is removed when interface is up

User have reported the bug here:
https://forum.proxmox.com/threads/no-internet-on-all-vms-after-update.64404/#post-296540

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 .../extra/0002-fix-default-forwarding.patch   | 100 ++++++++++++++++++
 debian/patches/series                         |   1 +
 2 files changed, 101 insertions(+)
 create mode 100644 debian/patches/extra/0002-fix-default-forwarding.patch

diff --git a/debian/patches/extra/0002-fix-default-forwarding.patch b/debian/patches/extra/0002-fix-default-forwarding.patch
new file mode 100644
index 0000000..c1a72a3
--- /dev/null
+++ b/debian/patches/extra/0002-fix-default-forwarding.patch
@@ -0,0 +1,100 @@
+From 85a93e870777f774e5901bd4443ddff2e8eaa444 Mon Sep 17 00:00:00 2001
+From: Alexandre Derumier <aderumier at odiso.com>
+Date: Mon, 24 Feb 2020 15:18:56 +0100
+Subject: [PATCH] fix default forwarding
+
+Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
+---
+ ifupdown2/addons/address.py | 70 +++++++++++++++++++++----------------
+ 1 file changed, 40 insertions(+), 30 deletions(-)
+
+diff --git a/ifupdown2/addons/address.py b/ifupdown2/addons/address.py
+index 83974d7..b9a16ee 100644
+--- a/ifupdown2/addons/address.py
++++ b/ifupdown2/addons/address.py
+@@ -821,42 +821,52 @@ class address(Addon, moduleBase):
+                                'bridge port' %ifaceobj.name)
+             return
+         setting_default_value = False
++
++
+         if not ipforward:
+             setting_default_value = True
+-            ipforward = (self.ipforward or
+-                         self.get_mod_subattr('ip-forward', 'default'))
+-        ipforward = int(utils.get_boolean_from_string(ipforward))
+-        running_ipforward = self.cache.get_netconf_forwarding(socket.AF_INET, ifaceobj.name)
+-        if ipforward != running_ipforward:
+-            try:
+-                self.sysctl_set('net.ipv4.conf.%s.forwarding'
+-                                %('/'.join(ifaceobj.name.split("."))),
+-                                ipforward)
+-            except Exception as e:
+-                if not setting_default_value:
+-                    ifaceobj.status = ifaceStatus.ERROR
+-                    self.logger.error('%s: %s' %(ifaceobj.name, str(e)))
++	    ipforward = self.ipforward
++
++        if ipforward:
++
++            ipforward = int(utils.get_boolean_from_string(ipforward))
++            running_ipforward = self.cache.get_netconf_forwarding(socket.AF_INET, ifaceobj.name)
++
++            if ipforward != running_ipforward:
++                try:
++                    self.sysctl_set('net.ipv4.conf.%s.forwarding'
++                                    %('/'.join(ifaceobj.name.split("."))),
++                                    ipforward)
++                except Exception as e:
++                    if not setting_default_value:
++                        ifaceobj.status = ifaceStatus.ERROR
++                        self.logger.error('%s: %s' %(ifaceobj.name, str(e)))
+ 
+         setting_default_value = False
++
++
+         if not ip6forward:
+             setting_default_value = True
+-            ip6forward = (self.ip6forward or
+-                          self.get_mod_subattr('ip6-forward', 'default'))
+-        ip6forward = int(utils.get_boolean_from_string(ip6forward))
+-        running_ip6forward = self.cache.get_netconf_forwarding(socket.AF_INET6, ifaceobj.name)
+-        if ip6forward != running_ip6forward:
+-            try:
+-                self.sysctl_set('net.ipv6.conf.%s.forwarding'
+-                                %('/'.join(ifaceobj.name.split("."))),
+-                                ip6forward)
+-            except Exception as e:
+-                # There is chance of ipv6 being removed because of,
+-                # for example, setting mtu < 1280
+-                # In such cases, log error only if user has configured
+-                # ip6-forward
+-                if not setting_default_value:
+-                    ifaceobj.status = ifaceStatus.ERROR
+-                    self.logger.error('%s: %s' %(ifaceobj.name, str(e)))
++            ip6forward = self.ip6forward
++
++        if ip6forward:
++
++            ip6forward = int(utils.get_boolean_from_string(ip6forward))
++            running_ip6forward = self.cache.get_netconf_forwarding(socket.AF_INET6, ifaceobj.name)
++
++            if ip6forward != running_ip6forward:
++                try:
++                    self.sysctl_set('net.ipv6.conf.%s.forwarding'
++                                    %('/'.join(ifaceobj.name.split("."))),
++                                    ip6forward)
++                except Exception as e:
++                    # There is chance of ipv6 being removed because of,
++                    # for example, setting mtu < 1280
++                    # In such cases, log error only if user has configured
++                    # ip6-forward
++                    if not setting_default_value:
++                        ifaceobj.status = ifaceStatus.ERROR
++                        self.logger.error('%s: %s' %(ifaceobj.name, str(e)))
+ 
+     def process_mtu(self, ifaceobj, ifaceobj_getfunc):
+         mtu_str = ifaceobj.get_attr_value_first('mtu')
+-- 
+2.20.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 6f81e1f..8595980 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,5 @@
 extra/0001-argv-move-nldebug-option-to-common_argparse-to-avoid.patch
+extra/0002-fix-default-forwarding.patch
 pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch
 pve/0002-add-dummy-mtu-bridgevlanport-modules.patch
 pve/0003-allow-vlan-subinterface-in-a-vlan-aware-bridge.patch
-- 
2.20.1


