Your message dated Tue, 18 Jan 2022 19:06:52 +0000
with message-id <e1n9toi-000c7h...@fasolo.debian.org>
and subject line Bug#1003955: fixed in systemd 250.3-1
has caused the Debian Bug report #1003955,
regarding systemd: systemd-networkd: wireguard AllowedIPs is inserted into
routing table
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1003955: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003955
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: systemd
Version: 250.2-3
Severity: critical
Justification: completely breaks network connectivity in certain setups
X-Debbugs-Cc: none, Tollef Fog Heen <tfh...@err.no>
(Feel free to downgrade, but this completely broke network on my testing
system, which weren't it my laptop and sat in front of me, it'd be
really hard to debug.)
It seems like systemd-networkd between 249.7-1 and 250.2-3 started
adding IPs specified in AllowedIPs in WireGuardPeer stanzas in netdev
units to the routing table.
The documentation in systemd.netdev states:
Note that this only affects routing inside the network interface
itself, i.e. the
packets that pass through the tunnel itself. To cause packets to be
sent via the
tunnel in the first place, an appropriate route needs to be added as
well — either in
the "[Routes]" section on the ".network" matching the wireguard
interface, or
externally to systemd-networkd.
This is the historic behaviour, and this behaviour can be had by using
RouteTable=off in the WireGuardPeer section.
The reason it broke is I have a multi-peer wireguard setup where I
direct traffic to the different peers a machine can talk to using BGP
and bird, and therefore has AllowedIPs=0.0.0.0/0 for the netdevs. After
the upgrade, systemd-networkd proceeded to make my default route point
at the tunnels (which are not suitable as default routes) in addition to
my regular default route, causing most of the traffic to end up on the
floor.
It might be possible to detect this in a postinst, but it's probably
brittle, so I'd consider changing the default RouteTable setting to off.
-- System Information:
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii adduser 3.118
ii libacl1 2.3.1-1
ii libapparmor1 3.0.3-6
ii libaudit1 1:3.0.6-1+b1
ii libblkid1 2.37.2-6
ii libc6 2.33-2
ii libcap2 1:2.44-1
ii libcrypt1 1:4.4.27-1
ii libcryptsetup12 2:2.4.3-1
ii libfdisk1 2.37.2-6
ii libgcrypt20 1.9.4-5
ii libgnutls30 3.7.2-5
ii libgpg-error0 1.43-1
ii libip4tc2 1.8.7-1
ii libkmod2 29-1
ii liblz4-1 1.9.3-2
ii liblzma5 5.2.5-2
ii libmount1 2.37.2-6
ii libpam0g 1.4.0-11
ii libseccomp2 2.5.3-2
ii libselinux1 3.3-1+b1
ii libsystemd0 250.2-3
ii libzstd1 1.4.8+dfsg-3
ii mount 2.37.2-6
ii util-linux 2.37.2-6
Versions of packages systemd recommends:
ii dbus [default-dbus-system-bus] 1.12.20-3
ii ntp [time-daemon] 1:4.2.8p15+dfsg-1
Versions of packages systemd suggests:
ii libfido2-1 1.9.0-1
ii libtss2-esys-3.0.2-0 3.1.0-3
ii libtss2-mu0 3.1.0-3
ii libtss2-rc0 3.1.0-3
ii policykit-1 0.105-31
ii systemd-container 250.2-3
Versions of packages systemd is related to:
pn dracut <none>
ii initramfs-tools 0.140
ii libnss-systemd 250.2-3
ii libpam-systemd 250.2-3
ii udev 250.2-3
-- no debconf information
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
--- End Message ---
--- Begin Message ---
Source: systemd
Source-Version: 250.3-1
Done: Michael Biebl <bi...@debian.org>
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1003...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <bi...@debian.org> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 18 Jan 2022 18:52:45 +0100
Source: systemd
Architecture: source
Version: 250.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian systemd Maintainers
<pkg-systemd-maintain...@lists.alioth.debian.org>
Changed-By: Michael Biebl <bi...@debian.org>
Closes: 1003879 1003955
Changes:
systemd (250.3-1) unstable; urgency=medium
.
[ Luca Boccassi ]
* Update d/copyright listing for debian/*
Fixes Lintian warning: update-debian-copyright
* d/copyright: remove unused GPL-2 stanza
* d/watch: bump to version 4
* d/control: drop redundant Section/Priority fields.
Fixes Lintian warning: installable-field-mirrors-source
* d/control: extend descriptions of libudev and libsystemd
* systemd-oomd: add dependency on adduser.
Needed by postinst script.
* systemd-oomd: fix description-synopsis-starts-with-article Lintian warning
* systemd-standalone-*: copy manpages too
* Lintian: ignore very-long-line-length-in-source-file.
It's not a useful check, and it flags test data and such.
* Lintian: ignore source-contains-data-from-ieee-data-oui-db.
Data formats are not compatible, this is for hwdb.
* Lintian: ignore systemd-service-file-missing-install-key.
If we don't add [Install], it's because we don't want it and the units are
events-driven or enabled statically.
* Lintian: ignore spare-manual-page.
Lintian is not really good at associating manpages to package contents,
so just ignore this, as we have and will keep adding docs related
to unit types and so on.
* Lintian: ignore package-supports-alternative-init-but-no-init.d-script.
Well, duh!
* Lintian: ignore package-contains-documentation-outside-usr-share-doc.
False positives on test data and a web page.
* Lintian: ignore current set of package-contains-empty-directory.
These are shipped to provide a skeleton installation.
* Update Lintian override for
systemd-service-file-refers-to-unusual-wantedby-target
* Lintian: ignore systemd: shared-library-lacks-prerequisites false positive
on EFI binary
* Lintian: ignore maintainer-script-calls-systemctl in more packages
* Lintian: ignore executable-not-elf-or-script false positives for EFI
binaries
* Lintian: ignore spellcheck false positives
* Lintian: ignore hardening-no-fortify-functions for test binaries
* Ignore blhc false positives.
blhc hits false positives due to EFI PE-COFF binaries,
c++ fuzzing binaries and meson flags listings, ignore them.
* Add d/gitlab-ci.yml.
Disable unit tests, as some are failing due to the build environment.
.
[ Michael Biebl ]
* New upstream version 250.3
- network: wireguard: do not add routes to AllowedIPs= by default.
(Closes: #1003955)
* Add Recommends: libdw1 to systemd-coredump.
Starting with v250, systemd-coredump will use libdw/libelf via dlopen()
rather than directly linking against it. It is not a hard dependency but
we want to have it installed by default.
While hard-coding the library name is not ideal, we currently don't have
better means to derive this information automatically. (Closes: #1003879)
Checksums-Sha1:
3b0c949642a524fa1d2078ccb068d3bbfaf15467 5661 systemd_250.3-1.dsc
6a061bdba90dad2d1d696ac1685743cb7e6df192 11125151 systemd_250.3.orig.tar.gz
2b53df89f9b000997136b98fad3797dd4e4e7212 161916 systemd_250.3-1.debian.tar.xz
0975bd1c6dfbe7ba033d2f6d573a3fbab646d583 10299 systemd_250.3-1_source.buildinfo
Checksums-Sha256:
0cda17083c40ec35bfb4b3df4de2f793cc0a06044ce98b12746cbc43bceda8cd 5661
systemd_250.3-1.dsc
87b0eee7b6e5aaab2ab56d158f9536daa6bfd5de011f2a5fc6ccdd81ee1e7a24 11125151
systemd_250.3.orig.tar.gz
02c64c998208d0f12cd2f536c74fb7680a33ba1127f39f439f7940141c5c92e8 161916
systemd_250.3-1.debian.tar.xz
a6741d75cfc8978a2b23c896a7c369aa8f4b60ed81b52bd72102d503a5342234 10299
systemd_250.3-1_source.buildinfo
Files:
964464169bdc522323c9010109cb5a67 5661 admin optional systemd_250.3-1.dsc
e4af37e9e8a52c1f279d9e054b25c06f 11125151 admin optional
systemd_250.3.orig.tar.gz
a0e8c7b4c273c945893f78bc5eed8b96 161916 admin optional
systemd_250.3-1.debian.tar.xz
d76470ae8e36d6a599155cd8a007b56a 10299 admin optional
systemd_250.3-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmHnDBsACgkQauHfDWCP
ItxipRAAkDPWZ+R4Y5gERYPZO8ZckO2nUaWrqHrit+DEnYLGb2xSRf4vssVSmwiF
MT7jYXzRSFbPCXxe2mNIQHf0amuMaBsAw17Nf+cA6tMydtkHgwHqYXUcONdEjfyS
cBWTPaZ3jw2O/fdbVr8l3UZca5uker/VShkbL+ZpLE8rxNRVj+Cv6A2/uO2L/Fys
bS9tfRodyHPzb+OE9psg89e8j4eaVjci+43idWgKMXhwBnUgj8z9jt/5UuQpfobu
KoKgQosJk6dpynbMcmuzkE6i/Ri5k9qgc5vohM+8iqSU8um9XpY/u8GmwAWlfI2+
VIJ+edBFSlCj5VMoh8lgjCf4ivM3D0IWN9I5PAPEaLnfJm8yn2TVwX+cXDzyiMdh
E+l3cLlE9hYQpKAKBgqw+IbXDmlwVOVF6KXTB6rFfHA9keVPU04VyKfTbUwXN/0G
mlwmjxqX4Wcldnu1+9M21rIkC6rtlImOF/OglrUvC0krU1EjvwJ1HHaRkMLpzB9k
45JZLIamGBc11osQVsQa8B65eTVZoS34174VXzGwnoAm2ftO6/pEXcFyV3trDZ36
11uttmk7Rbm+NMh2Ru8S0AFFUIQJH0DazrpMY1sL34tUablRb1LFVVx//LPeRq2A
1sdbPrlQiqQzr30IVXn5PNPPZjq4JnNglZAAUmuZiTiqN6ty/II=
=yJFI
-----END PGP SIGNATURE-----
--- End Message ---
