Bug 33132 – Support of VLAN, Bonding, Bridges: TUN/TAP not filtered out

Bug 33132 - Support of VLAN, Bonding, Bridges: TUN/TAP not filtered out


Summary:	Support of VLAN, Bonding, Bridges: TUN/TAP not filtered out

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UMC - Basic settings
Version:	UCS 4.1
Hardware:	All Linux

Importance:	P4 minor (vote)
Target Milestone:	UCS 4.2-1-errata
Assigned To:	Johannes Keiser
QA Contact:	Florian Best

URL:
Keywords:

Depends on:	30816
Blocks:
	Show dependency tree / graph

Reported:	2013-11-05 16:13 CET by Philipp Hahn
Modified:	2017-07-26 14:39 CEST (History)
CC List:	8 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.091
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Flags:	best: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Hahn

2013-11-05 16:13:56 CET

+++ This bug was initially created as a clone of Bug #30816 +++
+++ This bug was initially created as a clone of Bug #28389 +++

On a VM server the TUN/TAP interfaces are not filtered out:
$ umc-command -U Administrator -P univention setup/net/interfaces
...
  RESULT   : ['vnet0', 'vnet2', 'vnet1', 'eth0', 'eth1']

# cd /sys/class/net;diff -ur -x device -x subsystem -x power -x queues -x statistics eth0/ vnet0/ | grep -v ^diff
diff: eth0//brport/flush: Keine Berechtigung
diff: vnet0//brport/flush: Keine Berechtigung
--- eth0//addr_assign_type      2013-11-05 15:52:57.663721325 +0100
+++ vnet0//addr_assign_type     2013-11-05 15:52:57.667721381 +0100
@@ -1 +1 @@
-0
+3
--- eth0//address       2013-11-05 09:32:45.425664331 +0100
+++ vnet0//address      2013-11-05 11:10:19.032518091 +0100
@@ -1 +1 @@
-bc:ae:c5:07:cc:5c
+fe:54:00:0e:2c:7a
--- eth0//brport/designated_port        2013-11-05 15:15:22.824131805 +0100
+++ vnet0//brport/designated_port       2013-11-05 15:54:34.473113929 +0100
@@ -1 +1 @@
-32769
+32770
--- eth0//brport/path_cost      2013-11-05 15:15:22.824131805 +0100
+++ vnet0//brport/path_cost     2013-11-05 15:54:34.473113929 +0100
@@ -1 +1 @@
-4
+100
--- eth0//brport/port_id        2013-11-05 15:15:22.824131805 +0100
+++ vnet0//brport/port_id       2013-11-05 15:54:34.473113929 +0100
@@ -1 +1 @@
-0x8001
+0x8002
--- eth0//brport/port_no        2013-11-05 15:15:22.824131805 +0100
+++ vnet0//brport/port_no       2013-11-05 15:54:34.473113929 +0100
@@ -1 +1 @@
-0x1
+0x2
Nur in vnet0/: group.
--- eth0//ifindex       2013-11-05 09:33:17.472007247 +0100
+++ vnet0//ifindex      2013-11-05 11:10:19.032518091 +0100
@@ -1 +1 @@
-2
+6
--- eth0//iflink        2013-11-05 15:52:57.663721325 +0100
+++ vnet0//iflink       2013-11-05 15:52:57.667721381 +0100
@@ -1 +1 @@
-2
+6
--- eth0//operstate     2013-11-05 15:52:57.663721325 +0100
+++ vnet0//operstate    2013-11-05 15:52:57.667721381 +0100
@@ -1 +1 @@
-up
+unknown
Nur in vnet0/: owner.
--- eth0//speed 2013-11-05 15:52:57.663721325 +0100
+++ vnet0//speed        2013-11-05 15:52:57.667721381 +0100
@@ -1 +1 @@
-1000
+10
Nur in vnet0/: tun_flags.
--- eth0//tx_queue_len  2013-11-05 15:52:57.663721325 +0100
+++ vnet0//tx_queue_len 2013-11-05 15:52:57.667721381 +0100
@@ -1 +1 @@
-1000
+500
--- eth0//uevent        2013-11-05 09:32:35.552000257 +0100
+++ vnet0//uevent       2013-11-05 11:10:19.028518034 +0100
@@ -1,2 +1,2 @@
-INTERFACE=eth0
-IFINDEX=2
+INTERFACE=vnet0
+IFINDEX=6

As tun/tap files are highly dynamic and thus not configurable through the static "/etc/network/interfaces", I would filter out those interfaces having "/sys/class/net/$IFACE/tun_flags".

index 81e54a5..64075bd 100644
--- ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py
+++ ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py
@@ -489,8 +489,8 @@ def detect_interfaces():
 		# filter out lo, etc. interfaces
 		if open(os.path.join(pathname, 'type'), 'r').read().strip() not in ('1', '2', '3', '4', '5', '6', '7', '8', '15', '19'):
 			continue
-		# filter out bridge, bond devices
-		if any(os.path.exists(os.path.join(pathname, path)) for path in ('bridge', 'bonding')):
+		# filter out bridge, bond, tun/tap interfaces
+		if any(os.path.exists(os.path.join(pathname, path)) for path in ('bridge', 'bonding', 'tun_flags')):
 			continue
 		# filter out vlan devices
 		if '.' in dirname:

Comment 1 Johannes Keiser

2017-07-06 15:11:18 CEST

(In reply to Philipp Hahn from comment #0)
> index 81e54a5..64075bd 100644
> --- ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py
> +++ ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py
> @@ -489,8 +489,8 @@ def detect_interfaces():
>  		# filter out lo, etc. interfaces
>  		if open(os.path.join(pathname, 'type'), 'r').read().strip() not in ('1',
> '2', '3', '4', '5', '6', '7', '8', '15', '19'):
>  			continue
> -		# filter out bridge, bond devices
> -		if any(os.path.exists(os.path.join(pathname, path)) for path in
> ('bridge', 'bonding')):
> +		# filter out bridge, bond, tun/tap interfaces
> +		if any(os.path.exists(os.path.join(pathname, path)) for path in
> ('bridge', 'bonding', 'tun_flags')):
>  			continue
>  		# filter out vlan devices
>  		if '.' in dirname:

Applied rebased patch:

r 80921
univention-system-setup (10.0.10-25) 
* Bug #33132: Applied patch from Philipp Hahn - Filter out tun/tap
interfaces

YAML: r 80922

Comment 2 Florian Best

2017-07-06 15:32:27 CEST

OK: tunnel interfaces are filtered out.
OK: YAML (adjusted in r80927)

Comment 3 Erik Damrose

2017-07-26 14:39:13 CEST

<http://errata.software-univention.de/ucs/4.2/109.html>