The command "set system ipv6 disable" doesn't work as expected.
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	Unknown Object (User)
	Mar 24 2022, 9:33 PM

Description

If you want to disable ipv6 by using a global command "set system ipv6 disable" it doesn't work well.

For example, after executing the command "set system ipv6 disable" you can't change MTU on bridge interfaces less than 1280 because the error appears:

vyos@hh-vpn# set system ipv6 disable
[edit]
vyos@hh-vpn# commit
Changing IPv6 disable parameter will only take affect
when the system is rebooted.
[edit]
vyos@hh-vpn# save
Saving configuration to '/config/config.boot'...
Done
[edit]
vyos@hh-vpn# exit
exit
vyos@hh-vpn:~$ reboot
Are you sure you want to reboot this system? [y/N] y

vyos@hh-vpn# set interfaces bridge br1 mtu 1000
[edit]
vyos@hh-vpn# commit
[ interfaces bridge br1 ]
VyOS had an issue completing a command.
We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription:
https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at:
https://vyos.net/get/
- Consult the community forum to see how to handle this issue:
https://forum.vyos.io
- Join us on Slack where our users exchange help and advice:
https://vyos.slack.com
When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your 
business policy requires it)
- and include all the information presented below
Report time:      2022-03-23 06:37:59
Image version:    VyOS 1.3.1
Release train:    equuleus
Built by:         Sentrium S.L.
Built on:         Sat 19 Mar 2022 17:46 UTC
Build UUID:       ***
Build commit ID:  ***
Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest
Hardware vendor:  ***
Hardware model:   ***
Hardware S/N:     ***
Hardware UUID:    ***
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-bridge.py", line 171, in <module>
  apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-bridge.py", line 162, in apply
  br.update(bridge)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/bridge.py", line 374, in update
  super().update(config)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1394, in update
  self.add_ipv6_eui64_address('fe80::/64')
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 687, in add_ipv6_eui64_address
  self.add_addr(f'{eui64}/{prefixlen}')
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 998, in add_addr
  self._cmd(f'ip addr add "{addr}" '
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd
  return cmd(command, self.debug)
File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
  raise OSError(code, feedback)
FileNotFoundError: [Errno 2] failed to run command: ip addr add 
"fe80::526b:8dff:feb0:6381/64" dev "br1"
returned: 
exit code: 2
noteworthy:
cmd 'ip addr add "fe80::526b:8dff:feb0:6381/64" dev "br1"'
returned (out):
returned (err):
RTNETLINK answers: Invalid argument
[[interfaces bridge br1]] failed
Commit failed
[edit]

To solve this issue you need also to use this command on each bridge interface "set interfaces bridge brX ipv6 address no-default-link-local".

It's unusual behavior the command "set system ipv6 disable".

Details

Version: VyOS 1.3.1
Is it a breaking change?: Perfectly compatible
Issue type: Bug (incorrect behavior)

Related Objects

Mentioned In: 1.3.2
1.3.2
rVYOSONEXe3626da307d6: vyos.util: T4319: add is_ipv6_enabled() helper function
rVYOSONEX138d8ecd528e: vrf: T4319: do not add IPv6 localhost address if IPv6 is disabled
rVYOSONEX24ffc55877ac: vyos.ifconfig: T4319: add_addr() should not add IPv6 address if it's disabled
rVYOSONEX9da1b20e40b9: smoketest: T4319: verify correct assignment of loopback IP addresses
rVYOSONEX8ab73ce0f84e: vyos.ifconfig: T4330: bugfix changing MTU when IPv6 is disabled
rVYOSONEX155aa912a59f: Merge pull request #1261 from c-po/t4319-disable-ipv6-equuleus
rVYOSONEX53e20097d227: vyos.ifconfig: T4330: bugfix changing MTU when IPv6 is disabled
rVYOSONEXdf0fbfeedce0: vyos.util: T4319: add is_ipv6_enabled() helper function
rVYOSONEXc33a96f6f0f0: vrf: T4319: do not add IPv6 localhost address if IPv6 is disabled
rVYOSONEX60f009defadb: vyos.ifconfig: T4319: add_addr() should not add IPv6 address if it's disabled
rVYOSONEXa33b737b7538: smoketest: T4319: verify correct assignment of loopback IP addresses
rVYOSONEX86168af4b95c: Merge pull request #1258 from c-po/t4319-disable-ipv6
rVYOSONEX059095962f0a: T4319: do not try to add ::1/128 to lo when IPv6 is disabled
rVYOSONEXadda3d86080b: Merge pull request #1257 from dmbaturin/T4319-lo
rVYOSONEXc82db71fa2ce: T4319: do not try to add ::1/128 to lo if IPv6 is disabled
rVYOSONEX4187f0102636: vyos.util: T4319: rename sysctl() -> sysctl_write()
rVYOSONEX3510201ea685: system: T4319: align ipv6 settings with ipv4 by using get_config_dict()
rVYOSONEXb12b4d512bd0: ipv6: T4319: do not configure IPv6 related settings if it's disabled
rVYOSONEXa053b48316b3: vyos.util: T4319: provide generic sysctl_read() helper
rVYOSONEXd2ad75c59f2e: xml: T4319: use common building block for table-size CLI option
rVYOSONEXae72c771677b: T4319: "system ip(v6)" must run before any interface operation
rVYOSONEX364009e4317f: vyos.util: T4319: rename sysctl() -> sysctl_write()
rVYOSONEXf8b3d8999cbe: ipv6: T4319: do not configure IPv6 related settings if it's disabled
rVYOSONEX1b16a4eab926: system: T4319: align ipv6 settings with ipv4 by using get_config_dict()
rVYOSONEX52cb6185a4a5: vyos.util: T4319: provide generic sysctl_read() helper
rVYOSONEXeaf4b60c9e7f: xml: T4319: use common building block for table-size CLI option
rVYOSONEX87ccafd06b89: T4319: "system ip(v6)" must run before any interface operation

Event Timeline

Unknown Object (User) created this task.Mar 24 2022, 9:33 PM

Unknown Object (User) updated the task description. (Show Details)Mar 24 2022, 9:37 PM

pasik subscribed.Mar 25 2022, 12:57 PM

c-po changed the task status from Open to In progress.Mar 25 2022, 5:41 PM

c-po claimed this task.

c-po triaged this task as Normal priority.

c-po edited projects, added VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.

c-po edited a custom field.

c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.

c-po changed Issue type from Unspecified (please specify) to Bug (incorrect behavior).

The root cause is that we no longer load IPv6 as a kernel module - It's now compiled in. This means that we need to disable IPv6 in a different way and not pass some options when loading the module.

c-po mentioned this in rVYOSONEX87ccafd06b89: T4319: "system ip(v6)" must run before any interface operation.Mar 25 2022, 6:10 PM

c-po mentioned this in rVYOSONEXeaf4b60c9e7f: xml: T4319: use common building block for table-size CLI option.

c-po mentioned this in rVYOSONEX52cb6185a4a5: vyos.util: T4319: provide generic sysctl_read() helper.

c-po mentioned this in rVYOSONEX1b16a4eab926: system: T4319: align ipv6 settings with ipv4 by using get_config_dict().

c-po mentioned this in rVYOSONEXf8b3d8999cbe: ipv6: T4319: do not configure IPv6 related settings if it's disabled.

c-po mentioned this in rVYOSONEX364009e4317f: vyos.util: T4319: rename sysctl() -> sysctl_write().

c-po moved this task from Open to Finished on the VyOS 1.4 Sagitta board.Mar 25 2022, 6:10 PM

c-po mentioned this in rVYOSONEXae72c771677b: T4319: "system ip(v6)" must run before any interface operation.Mar 25 2022, 6:18 PM

c-po mentioned this in rVYOSONEXd2ad75c59f2e: xml: T4319: use common building block for table-size CLI option.

c-po mentioned this in rVYOSONEXa053b48316b3: vyos.util: T4319: provide generic sysctl_read() helper.

c-po mentioned this in rVYOSONEXb12b4d512bd0: ipv6: T4319: do not configure IPv6 related settings if it's disabled.

c-po mentioned this in rVYOSONEX3510201ea685: system: T4319: align ipv6 settings with ipv4 by using get_config_dict().

c-po mentioned this in rVYOSONEX4187f0102636: vyos.util: T4319: rename sysctl() -> sysctl_write().

c-po closed this task as Resolved.Mar 25 2022, 7:47 PM

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.2) board.

Issue found.
On freh 1.3.1-S1 intallation:

vyos@vyos:~$ conf
[edit]
vyos@vyos# del interfaces loopback
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# set system ipv6 dis
disable             disable-forwarding
[edit]
vyos@vyos# set system ipv6 disable
[edit]
vyos@vyos# commit
Changing IPv6 disable parameter will only take affect
when the system is rebooted.
[edit]
vyos@vyos# set int loopback lo
[edit]
vyos@vyos# commit
[ interfaces loopback lo ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription:
  https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at:
  https://vyos.net/get/
- Consult the community forum to see how to handle this issue:
  https://forum.vyos.io
- Join us on Slack where our users exchange help and advice:
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report time:      2022-03-30 13:04:02
Image version:    VyOS 1.3.1-S1
Release train:    equuleus

Built by:         Sentrium S.L.
Built on:         Mon 28 Mar 2022 17:02 UTC
Build UUID:       b89ffc4c-3c7e-4d89-91de-bd89e584c532
Build commit ID:  bfd58ad202462f

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest   

Hardware vendor:  Bochs
Hardware model:   Bochs
Hardware S/N:
Hardware UUID:    98215cde-00ae-4c77-bbe0-a02646df61f7

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-loopback.py", line 61, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces-loopback.py", line 52, in apply
    l.update(loopback)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/loopback.py", line 70, in update
    super().update(config)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1300, in update
    self.add_addr(addr)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 999, in add_addr
    self._cmd(f'ip addr add "{addr}" '
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd
    return cmd(command, self.debug)
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
    raise OSError(code, feedback)
FileNotFoundError: [Errno 2] failed to run command: ip addr add "::1/128" dev "lo"
returned:
exit code: 2

noteworthy:
cmd 'ip addr add "::1/128" dev "lo"'
returned (out):

returned (err):
RTNETLINK answers: Permission denied

[[interfaces loopback lo]] failed
Commit failed
[edit]

Other way to reproduce:

Delete lo interface
commit
Load configuration file which has "set interface loopback lo" and "set system ipv6 disable"

vyos@vyos# load /config/config-lo_present-ipv6_disable.boot
Loading configuration from '/config/config-lo_present-ipv6_disable.boot'
Load complete. Use 'commit' to make changes effective.
[edit]
vyos@vyos# compare
[edit interfaces]
+loopback lo {
+}
[edit system]
+ipv6 {
+    disable
+}
[edit]
vyos@vyos# commit
Changing IPv6 disable parameter will only take affect
when the system is rebooted.  
[ interfaces loopback lo ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):

...
# Same eror message

n.fort reopened this task as Open.Mar 30 2022, 1:09 PM

dmbaturin mentioned this in rVYOSONEXc82db71fa2ce: T4319: do not try to add ::1/128 to lo if IPv6 is disabled.Mar 30 2022, 1:17 PM

Restricted Repository Identity mentioned this in rVYOSONEXadda3d86080b: Merge pull request #1257 from dmbaturin/T4319-lo.Mar 30 2022, 3:52 PM

dmbaturin mentioned this in rVYOSONEX059095962f0a: T4319: do not try to add ::1/128 to lo when IPv6 is disabled.Mar 30 2022, 3:52 PM

Restricted Repository Identity mentioned this in rVYOSONEX86168af4b95c: Merge pull request #1258 from c-po/t4319-disable-ipv6.Mar 31 2022, 7:21 PM

c-po mentioned this in rVYOSONEXa33b737b7538: smoketest: T4319: verify correct assignment of loopback IP addresses.Mar 31 2022, 7:21 PM

c-po mentioned this in rVYOSONEX60f009defadb: vyos.ifconfig: T4319: add_addr() should not add IPv6 address if it's disabled.

c-po mentioned this in rVYOSONEXc33a96f6f0f0: vrf: T4319: do not add IPv6 localhost address if IPv6 is disabled.

c-po mentioned this in rVYOSONEXdf0fbfeedce0: vyos.util: T4319: add is_ipv6_enabled() helper function.

c-po mentioned this in rVYOSONEX53e20097d227: vyos.ifconfig: T4330: bugfix changing MTU when IPv6 is disabled.Mar 31 2022, 7:40 PM

Restricted Repository Identity mentioned this in rVYOSONEX155aa912a59f: Merge pull request #1261 from c-po/t4319-disable-ipv6-equuleus.Apr 7 2022, 2:19 PM

c-po mentioned this in rVYOSONEX8ab73ce0f84e: vyos.ifconfig: T4330: bugfix changing MTU when IPv6 is disabled.Apr 7 2022, 2:19 PM