Page MenuHomeVyOS Platform
Create Task
Maniphest T6933

system option performance overwrites sysctl parameters defined in firewall
Open, NormalPublicBUG
Actions

Description

sysctl values written by firewall global-options are overwritten when using system option performance configuration:

How to reproduce:

vyos@vyos# sudo sysctl -a | grep net.ipv4.conf.all.send_redirects
net.ipv4.conf.all.send_redirects = 1
[edit]
vyos@vyos# 
[edit]
vyos@vyos# set firewall global-options send-redirects disable 
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# sudo sysctl -a | grep net.ipv4.conf.all.send_redirects
net.ipv4.conf.all.send_redirects = 0
[edit]
vyos@vyos# set system option performance network-throughput 
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# sudo sysctl -a | grep net.ipv4.conf.all.send_redirects
net.ipv4.conf.all.send_redirects = 1
[edit]
vyos@vyos#

Details

Version
1.5-rolling-202411270007
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

n.fort created this task.Dec 3 2024, 12:56 PM
Viacheslav triaged this task as Normal priority.Dec 3 2024, 1:11 PM
Viacheslav added a project: VyOS Rolling.
pasik subscribed.Dec 3 2024, 2:48 PM
mwheeler subscribed.Jan 3 2025, 10:25 PM

Given that firewall global-options sets sysctl manually and system option performance [throughput|latency] uses pre-built tuned profiles, there isn't a good way to handle this. We should probably cross-check to see if the user is trying to apply both of these options and display a message saying that configuring both options at the same time may lead to inadvertent squashing of their desired settings.