Page MenuHomeVyOS Platform
Create Task
Maniphest T5018

Redirect to IFB removed after change in qos policy
Closed, ResolvedPublicBUG
Actions

Description

When making a change to a qos policy the redirect doesn't work anymore.

Verifying with tc qdisc show before and after a commit the line qdisc ingress ffff: dev eth0 parent ffff:fff1 ---------------- seems to be missing.

Restoring functionality can be done with delete interfaces ethernet eth0 redirect ifb0 and then set interfaces ethernet eth0 redirect ifb0

This bug report seems to be the same: https://vyos.dev/T3782

Commands:

set qos policy shaper ingress bandwidth '350mbit'
set qos policy shaper ingress class 10 bandwidth '5mbit'
set qos policy shaper ingress class 10 description 'ACK'
set qos policy shaper ingress class 10 match ack ip tcp ack
set qos policy shaper ingress class 10 priority '0'
set qos policy shaper ingress class 11 bandwidth '5mbit'
set qos policy shaper ingress class 11 match testing ip destination address '88.198.248.254'
set qos policy shaper ingress class 11 priority '7'
set qos policy shaper ingress default bandwidth '300mbit'
set qos policy shaper ingress default priority '2'
set interfaces ethernet eth0 redirect 'ifb0'
set interfaces input ifb0
set qos interface ifb0 egress 'ingress'

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202302130317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

rayzilt created this task.Feb 18 2023, 9:55 PM
pasik added a subscriber: pasik.Feb 19 2023, 3:52 PM
Viacheslav changed the task status from Open to Confirmed.Feb 27 2023, 11:51 AM
Viacheslav added subscribers: c-po, Viacheslav.EditedFeb 27 2023, 12:06 PM

There is missed the command tc qdisc add dev eth0 handle ffff: ingress

vyos@r14# tc qdisc show dev eth0
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
[edit]
vyos@r14# 
[edit]
vyos@r14# tc filter add dev eth0 parent ffff: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0
Error: Parent Qdisc doesn't exists.
We have an error talking to the kernel
[edit]
vyos@r14#

To get it working

vyos@r14# tc qdisc add dev eth0 handle ffff: ingress
[edit]
vyos@r14# tc filter add dev eth0 parent ffff: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0
[edit]
vyos@r14# 
vyos@r14# tc qdisc show dev eth0
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc ingress ffff: parent ffff:fff1 ---------------- 
[edit]
vyos@r14#

I haven't found where it is in the code yet.
But in debug, it is exists:

DEBUG/IFCONFIG cmd 'tc qdisc del dev eth0 parent ffff: 2>/dev/null'
DEBUG/IFCONFIG cmd 'tc qdisc del dev eth0 parent 1: 2>/dev/null'
DEBUG/IFCONFIG cmd 'tc qdisc add dev eth0 handle ffff: ingress'
DEBUG/IFCONFIG cmd 'tc filter add dev eth0 parent ffff: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0'
DEBUG/IFCONFIG cmd 'ip link set dev eth0 up'

@c-po Any ideas?

c-po claimed this task.Feb 27 2023, 7:30 PM
rayzilt mentioned this in T5075: QoS removes interface mirror/redirect rules.Mar 9 2023, 3:22 PM
sarthurdev changed the task status from Confirmed to In progress.Mar 9 2023, 4:26 PM
sarthurdev claimed this task.
sarthurdev moved this task from Need Triage to In Progress on the VyOS 1.4 Sagitta board.
sarthurdev added a comment.Mar 9 2023, 5:09 PM

PR: https://github.com/vyos/vyos-1x/pull/1881

sarthurdev changed the task status from In progress to Needs testing.Mar 22 2023, 4:18 PM
rayzilt added a comment.Apr 10 2023, 11:49 AM

After applying above rules an a system without any qos configured, it failed to create the redirect, commit was succesfull but tc disk show did not show the redirect. After removing and applying the redirect between commits, the redirect was present.
Changing the max bandwidth to 10mbit and commiting removed the redirect again.

Running version 1.4-rolling-202304070317

It seems the issue is still present.

rayzilt changed the task status from Needs testing to Confirmed.EditedMay 23 2023, 7:27 PM

So after a small test, I've come to the following:

Adding the redirect on eth0.6 to ifb0:

set interfaces ethernet eth0 vif 6 redirect ifb0

And commiting, the redirect is been added:

DEBUG/COMMAND cmd 'tc qdisc del dev eth0.6 parent ffff: 2>/dev/null'
DEBUG/COMMAND cmd 'tc qdisc del dev eth0.6 parent 1: 2>/dev/null'
DEBUG/COMMAND cmd 'tc qdisc add dev eth0.6 handle ffff: ingress'
DEBUG/COMMAND cmd 'tc filter add dev eth0.6 parent ffff: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0'
DEBUG/COMMAND cmd 'ip link set dev eth0.6 up'

Add these two entries and commting shows us that the qdisc on all interfaces are deleted, but the redirect is not re-configured back

set qos policy shaper testpolicy bandwidth 300mbit
set qos policy shaper testpolicy default bandwidth 300mbit
rayzilt@router# commit
DEBUG/COMMAND cmd 'tc qdisc del dev lo parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev lo root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth0 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth0 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth1 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth1 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth3 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth3 root'
DEBUG/COMMAND cmd 'tc qdisc del dev ifb0 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev ifb0 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth3.222 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth3.222 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2.221 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2.221 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth1.220 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth1.220 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth0.6 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth0.6 root'
DEBUG/COMMAND cmd 'tc qdisc del dev pppoe0 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev pppoe0 root'
DEBUG/COMMAND cmd 'tc qdisc del dev wg01 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev wg01 root'
DEBUG/COMMAND cmd 'tc qdisc del dev wg02 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev wg02 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2.221v51v4 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2.221v51v4 root'
DEBUG/COMMAND cmd '/opt/vyatta/sbin/vyatta-save-config.pl /tmp/config.boot.68422'
DEBUG/COMMAND returned (out):
Saving configuration to '/tmp/config.boot.68422'...
Done
DEBUG/COMMAND cmd 'sudo mv /tmp/config.boot.68422 /opt/vyatta/etc/config/archive/config.boot'
DEBUG/COMMAND cmd 'sudo logrotate -f -s /opt/vyatta/etc/config/archive/lr.state /opt/vyatta/etc/config/archive/lr.conf'
DEBUG/COMMAND returned (out):
warning: Potentially dangerous mode on /opt/vyatta/etc/config/archive/lr.conf: 0775
error: Ignoring /opt/vyatta/etc/config/archive/lr.conf because it is writable by group or others.
[edit]
rayzilt@router#

This commit doesn't trigger the interface section to configure the system.

Also adding the policy to the interface doesn't add the redirect back

set qos interface ifb0 egress testpolicy
rayzilt@router# commit
DEBUG/COMMAND cmd 'tc qdisc del dev lo parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev lo root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth0 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth0 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth1 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth1 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth3 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth3 root'
DEBUG/COMMAND cmd 'tc qdisc del dev ifb0 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev ifb0 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth3.222 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth3.222 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2.221 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2.221 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth1.220 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth1.220 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth0.6 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth0.6 root'
DEBUG/COMMAND cmd 'tc qdisc del dev pppoe0 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev pppoe0 root'
DEBUG/COMMAND cmd 'tc qdisc del dev wg01 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev wg01 root'
DEBUG/COMMAND cmd 'tc qdisc del dev wg02 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev wg02 root'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2.221v51v4 parent ffff:'
DEBUG/COMMAND cmd 'tc qdisc del dev eth2.221v51v4 root'
DEBUG/COMMAND cmd 'tc qdisc replace dev ifb0 root handle 1: htb r2q 187 default 1'
DEBUG/COMMAND cmd 'tc class replace dev ifb0 parent 1: classid 1:1 htb rate 300000000'
DEBUG/COMMAND cmd 'tc class replace dev ifb0 parent 1:1 classid 1:1 htb rate 300000000 burst 15k quantum 1514 prio 20'
DEBUG/COMMAND cmd 'tc qdisc replace dev ifb0 parent 1:1 sfq'
DEBUG/COMMAND cmd 'tc filter replace dev ifb0 parent 1: prio 255 protocol all basic action police rate 300000000 burst 15k'
DEBUG/COMMAND cmd '/opt/vyatta/sbin/vyatta-save-config.pl /tmp/config.boot.69064'
DEBUG/COMMAND returned (out):
Saving configuration to '/tmp/config.boot.69064'...
Done
DEBUG/COMMAND cmd 'sudo mv /tmp/config.boot.69064 /opt/vyatta/etc/config/archive/config.boot'
DEBUG/COMMAND cmd 'sudo logrotate -f -s /opt/vyatta/etc/config/archive/lr.state /opt/vyatta/etc/config/archive/lr.conf'
DEBUG/COMMAND returned (out):
warning: Potentially dangerous mode on /opt/vyatta/etc/config/archive/lr.conf: 0775
error: Ignoring /opt/vyatta/etc/config/archive/lr.conf because it is writable by group or others.
[edit]
rayzilt@router#

Should the redirect option be available under the qos section? Or is there a hook missing that the qos section also triggers the interface configure scripts?

Is it necessary to delete the parent ffff: at this stage? Should that not be handled by the interface commit section?

(Version 1.4-rolling-202305130317)

sarthurdev changed the task status from Confirmed to Needs testing.Aug 27 2023, 12:13 AM

Thanks for following up on this issue @rayzilt

PR: https://github.com/vyos/vyos-1x/pull/2174

Viacheslav added a comment.EditedOct 21 2023, 3:03 PM

@rayzilt Could you re-check and close it if solved?

rayzilt added a comment.Oct 27 2023, 6:38 PM

@Viacheslav yes, I already did last month, but there were lots of errors when veryfing the fix.
I figured it came due to the changes performed by task https://vyos.dev/T5048.

I'll re-chechk this soon

rayzilt closed this task as Resolved.Nov 3 2023, 9:31 PM

Tested with 1.5-rolling-202311030022 and working as expected.