FS#46635 - [systemd] 227 - conflicts with sysctl, conflict not documented, race condition

Attached to Project: Arch Linux
Opened by James (thx1138) - Saturday, 10 October 2015, 01:05 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 15 October 2015, 18:12 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Thomas Bächler (brain0)
Dave Reisner (falconindy)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

systemd 227

The new "IPv6AcceptRouterAdvertisements=" option WILL BREAK existing sysctl settings if any of the "net.ipv6.conf.<interface>.accept_ra" have been set in any /etc/sysctl.d/*.

More importantly, the resulting state of "net.ipv6.conf.<interface>.accept_ra" will be unpredictable, depending upon a race between systemd-sysctl.service and systemd-networkd.service if there is no "IPv6AcceptRouterAdvertisements=" set in the corresponding .network file. The only way to avoid this is to make sure that _both_ the .network file _and_ the sysctl file set accept_ra in the same way.

The systemd.network man page description for "IPv6AcceptRouterAdvertisements=" is pretty much meaningless. It is much simpler to say that setting "IPv6AcceptRouterAdvertisements=" to "yes" will make networkd set the corresponding accept_ra to "2".

Thus far, there is no "IPv6AcceptRouterAdvertisements=kernel" setting to disable the neworkd override. Setting IPForward=kernel will have no effect upon disabling networkd interference with sysctl.

Sigh... Of course, I'd like see this get "fixed" in systemd.networkd, but ...

Perhaps there should be some BIG FAT warning when the released systemd-227 package is installed.
This task depends upon

Closed by  Dave Reisner (falconindy)
Thursday, 15 October 2015, 18:12 GMT
Reason for closing:  Upstream
Additional comments about closing:  Nothing for Arch to do here
Comment by Dave Reisner (falconindy) - Saturday, 10 October 2015, 14:34 GMT
Please report such things upstream...
Comment by James (thx1138) - Saturday, 10 October 2015, 16:34 GMT
Yes, of course, Issue 1519. But I assume that there will be no fix before the Arch package release. And this issue _will_break_ any network configuration that requires setting "net.ipv6.conf.<interface>.accept_ra" to "2". So a warning note at package install seems appropriate. Or no?
Comment by James (thx1138) - Monday, 12 October 2015, 14:20 GMT
A consequence of losing accept_ra=2 with forwarding is that without seeing the router advertisement, no prefix length info is seen, no prefix route is generated by the kernel, and the ipv6 network becomes unreachable on that interface, not immediately, but possibly after a re-boot or a daemon-reexec.
Comment by James (thx1138) - Thursday, 15 October 2015, 16:14 GMT
Lennart has closed Issue 1519, without comment addressing the race condition when "net.ipv6.conf.<interface>.accept_ra = 2" and the corresponding .network file has no "IPv6AcceptRouterAdvertisements=yes", which otherwise defaults to "IPv6AcceptRouterAdvertisements=no". Also, apparently there will be no "IPv6AcceptRouterAdvertisements=kernel" setting, to echo the "IPForward=kernel" setting, so this new networkd override cannot be disabled.

Only a few people have actually complained at https://github.com/systemd/systemd/issues/ about Lennart imposing his personal policies on the traditional sysctl configuration, whether because they really don't care, or because they don't run routers, or because they don't run IPv6. I feel strongly that systemd-networkd should default to not interfering with sysctl when these "IPForward=" and "IPv6AcceptRouterAdvertisements=" options are not set. And clearly, the systemd-networkd developers intend to override additional sysctl network settings, where Lennart has said "networkd should take precedence. If you don't want networkd to manage your interfaces, then don't tell it to. If you do want it to manage your interface, then it should do that comprehensive[l]y." Of course, I don't agree with this "black or white" policy.

Dave and Thomas, you are own your own. ;) Maybe Arch could patch systemd-networkd to change the default override when the .network options are not used. Or maybe there is just some discussion added to the Arch systemd-networkd wiki about these options. I suppose you can go ahead and close this task.

Loading...