Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 555814 - sys-apps/systemd-222 - systemd-netwokd.socket should be disabled by default
Summary: sys-apps/systemd-222 - systemd-netwokd.socket should be disabled by default
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo systemd Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-24 18:54 UTC by Alexander Tsoy
Modified: 2015-09-07 18:53 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Tsoy 2015-07-24 18:54:30 UTC 
networkd from systemd-222 (don't know about older versions) breaks NAT-ed libvirt networking. Tested with libvirt-1.2.15-r1 and libvirt-1.2.17. When libvirtd is started, systemd-networkd brings *all* interfaces up (even those interfaces that normally are down: ip6tnl0, sit0, tunl0, virbr*-nic, etc) and somehow breaks packet forwarding. I spent some time investigating this issue, but didn't find how it breaks forwarding. All sysctl values are fine, iptables rules are fine, etc, etc. And everything works fine if systemd-networkd.socket is disabled. Note that network on this host is managed by NetworkManager.

$ qlist systemd | grep '/etc.*networkd'
/etc/systemd/system/sockets.target.wants/systemd-networkd.socket


Comparison of "ip a l" output without and with systemd-netword.socket enabled:

@@ -4,12 +4,16 @@
        valid_lft forever preferred_lft forever
     inet6 ::1/128 scope host 
        valid_lft forever preferred_lft forever
-2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default 
+2: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default 
     link/ipip 0.0.0.0 brd 0.0.0.0
-3: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default 
+3: sit0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default 
     link/sit 0.0.0.0 brd 0.0.0.0
-4: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default 
+    inet6 ::127.0.0.1/96 scope host 
+       valid_lft forever preferred_lft forever
+4: ip6tnl0@NONE: <NOARP,UP,LOWER_UP> mtu 1452 qdisc noqueue state UNKNOWN group default 
     link/tunnel6 :: brd ::
+    inet6 fe80::3c74:5fff:feae:fc91/64 scope link 
+       valid_lft forever preferred_lft forever
 5: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
     link/ether 00:25:90:7f:5e:06 brd ff:ff:ff:ff:ff:ff
     inet 192.168.1.5/24 brd 192.168.1.255 scope global enp3s0
@@ -17,7 +21,7 @@
     inet6 fdf9:805:1b68::a57/128 scope global 
        valid_lft forever preferred_lft forever
     inet6 fdf9:805:1b68:0:225:90ff:fe7f:5e06/64 scope global noprefixroute dynamic 
-       valid_lft 7161sec preferred_lft 1761sec
+       valid_lft 7095sec preferred_lft 1695sec
     inet6 fe80::225:90ff:fe7f:5e06/64 scope link 
        valid_lft forever preferred_lft forever
 6: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
@@ -26,11 +30,11 @@
     link/ether 52:54:00:dd:79:ef brd ff:ff:ff:ff:ff:ff
     inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
        valid_lft forever preferred_lft forever
-8: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 500
+8: virbr0-nic: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 500
     link/ether 52:54:00:dd:79:ef brd ff:ff:ff:ff:ff:ff
 9: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
     link/ether 52:54:00:7e:12:3a brd ff:ff:ff:ff:ff:ff
     inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr1
        valid_lft forever preferred_lft forever
-10: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr1 state DOWN group default qlen 500
+10: virbr1-nic: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel master virbr1 state DOWN group default qlen 500
     link/ether 52:54:00:7e:12:3a brd ff:ff:ff:ff:ff:ff
Comment 1 Mike Gilbert gentoo-dev 2015-07-24 19:01:18 UTC 
I really don't want to just go and disable this by default because I'm not sure what else that will break.
Comment 2 Mike Gilbert gentoo-dev 2015-07-24 19:12:21 UTC 
Actually, I see that systemd-networkd.service now has this:

[Install]
WantedBy=multi-user.target
Also=systemd-networkd.socket

So, I guess removing the /etc/systemd/system/sockets.target.wants/systemd-networkd.socket symlink should be fine. I guess I might need to add a postinst message telling people to run systemctl reenable systemd-networkd.
Comment 3 Alexander Tsoy 2015-07-24 19:16:03 UTC 
BTW, systemd-networkd.service is socket-activated now, so the following line from ebuild is useless:

rm "${D}"/etc/systemd/system/multi-user.target.wants/systemd-networkd.service || die
Comment 4 Alexander Tsoy 2015-07-24 19:17:25 UTC 
I mean: you either need to remove both service and socket, or leave them as is.
Comment 5 Alexander Tsoy 2015-07-24 19:24:57 UTC 
Heh.. From systemd-220 changelog:

        * Note that systemd-networkd manages the sysctl variable
          /proc/sys/net/ipv[46]/conf/*/forwarding for each interface
          it is configured for since v219. The variable controls IP
          forwarding, and is a per-interface alternative to the global
          /proc/sys/net/ipv[46]/ip_forward. This setting is
          configurable in the IPForward= option, which defaults to
          "no". This means if networkd is used for an interface it is
          no longer sufficient to set the global sysctl option to turn
          on IP forwarding! Instead, the .network file option
          IPForward= needs to be turned on! Note that the
          implementation of this behaviour was broken in v219 and has
          been fixed in v220.

If I recall correctly I already tried to change these values. I'll try again.
Comment 6 Mike Gilbert gentoo-dev 2015-07-24 20:14:49 UTC 
+  24 Jul 2015; Mike Gilbert <floppym@gentoo.org> systemd-9999.ebuild:
+  Remove /etc/systemd/systemd/sockets.target.wants, bug 555814.

systemd-223 is due soon, so I will wait for that instead of revbumping.
Comment 7 Alexander Tsoy 2015-07-24 21:45:10 UTC 
I figured out my original problem. All network interfaces was managed by systemd-networkd which disabled forwarding for them:

$ sudo networkctl --all
IDX LINK             TYPE               OPERATIONAL SETUP     
  1 lo               loopback           carrier     configured
  2 tunl0            tunnel             carrier     configured
  3 sit0             sit                routable    configured
  4 ip6tnl0          tunnel6            degraded    configured
  5 enp3s0           ether              routable    configured
  6 enp4s0           ether              no-carrier  configured
  7 virbr1           ether              no-carrier  configured
  8 virbr1-nic       ether              no-carrier  configured
  9 virbr0           ether              no-carrier  configured
 10 virbr0-nic       ether              no-carrier  configured

10 links listed.


And this was caused by a commented out network config (!). I renamed it and this fixed the problem:

$ cat /etc/systemd/network/enp3s0.network.disable 
#[Match]
#Name=enp3s0

#[Network]
#Address=192.168.1.5/24
#Gateway=192.168.1.1
#DNS=192.168.1.1

$ sudo networkctl --all
Пароль: 
IDX LINK             TYPE               OPERATIONAL SETUP     
  1 lo               loopback           carrier     unmanaged 
  2 tunl0            tunnel             off         unmanaged 
  3 sit0             sit                off         unmanaged 
  4 ip6tnl0          tunnel6            off         unmanaged 
  5 enp3s0           ether              routable    unmanaged 
  6 enp4s0           ether              no-carrier  unmanaged 
  7 virbr0           ether              no-carrier  unmanaged 
  8 virbr0-nic       ether              off         unmanaged 
  9 virbr1           ether              no-carrier  unmanaged 
 10 virbr1-nic       ether              off         unmanaged 

10 links listed.


I'll report this upstream.
Comment 8 Pacho Ramos gentoo-dev 2015-09-07 18:53:55 UTC 
(In reply to Mike Gilbert from comment #6)
> +  24 Jul 2015; Mike Gilbert <floppym@gentoo.org> systemd-9999.ebuild:
> +  Remove /etc/systemd/systemd/sockets.target.wants, bug 555814.
> 
> systemd-223 is due soon, so I will wait for that instead of revbumping.

This is done in 225 finally