Page MenuHomeVyOS Platform

container network interface and policy fails to apply after reboot
Open, LowPublicBUG

Description

Hello!

There is a bug when using the podman bridge interface in a policy.

Example:

set container name busybox image 'busybox'
set container name busybox network NET01
set container network NET01 prefix '10.0.0.0/24'

set policy route testing interface pod-NET01
set policy route testing rule 1 source address 10.0.0.2
set policy route testing rule 1 set table 100

This work fine after commit, but it fails to apply on reboot, probably because the policy is being applied before the podman network/interface pod-NET01 exists.

After reboot:

$ configure
WARNING: There was a config error on boot: saving the configuration now could overwrite data.
You may want to check and reload the boot config
[edit]

# load
Loading configuration from 'config.boot'
Load complete. Use 'commit' to make changes effective.
[edit]
# compare
[policy route]
+ testing {
+     interface "pod-NET01"
+     rule 1 {
+         set {
+             table "100"
+         }
+         source {
+             address "10.0.0.2"
+         }
+     }
+ }
[edit]

Running load/commit makes everything work again.

Details

Version
20240103
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

The same issue could be with any dynamic interface like PPP that could be don't exists during the boot process/ISP issues

If you need it, I'd recommend using policy local-route
But yes, it is some kind of bug.

The current priorities:

vyos@r4:~$ /opt/vyatta/sbin/priority.pl | match "policy|container"
200 policy
201 policy/route
201 policy/route6
450 container
500 policy/local-route
500 policy/local-route6
vyos@r4:~$
Viacheslav changed the subtype of this task from "Task" to "Bug".

OK, local-route actually worked!
Thanks!

Can we let local-route support group options both in destination and source ?

set policy local-route rule 10 destination
Possible completions:
+  address              IPv4 address or prefix
   port                 Port number used by connection
set policy local-route rule 10 source
Possible completions:
+  address              IPv4 address or prefix
   port                 Port number used by connection