** Description changed: - Tools such as vpnc try to flush routes when run inside network - namespaces by writing 1 into /proc/sys/net/ipv4/route/flush. This - currently does not work because flush is not enabled in non-initial - network namespaces. - Since routes are per network namespace it is safe to enable + SRU Justification + + Impact: Tools such as vpnc try to flush routes when run inside network namespaces by writing 1 into /proc/sys/net/ipv4/route/flush. This + currently does not work because flush is not enabled in non-initial network namespaces. Users have complained about this at various times (cf. Link: https://github.com/lxc/lxd/issues/4257). + + Fix: Enable /proc/sys/net/ipv4/route/flush inside non-initial network + namespaces. + + Regression Potential: None, since this didn't use to work before. Since + routes are per network namespace it is safe to enable /proc/sys/net/ipv4/route/flush in there. - This has been reported against LXD a few times before + Test Case: Tested with LXD on a kernel with the patch applied and by + running vpnc successfully. - Link: https://github.com/lxc/lxd/issues/4257 + Target Kernels: All LTS kernels starting from 4.15. Kernel 5.3 has the + patchset upstream. - Please backport this to our LTS kernels. :) + Patches: + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5cdda5f1d6adde02da591ca2196f20289977dc56
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces Status in linux package in Ubuntu: Confirmed Bug description: SRU Justification Impact: Tools such as vpnc try to flush routes when run inside network namespaces by writing 1 into /proc/sys/net/ipv4/route/flush. This currently does not work because flush is not enabled in non-initial network namespaces. Users have complained about this at various times (cf. Link: https://github.com/lxc/lxd/issues/4257). Fix: Enable /proc/sys/net/ipv4/route/flush inside non-initial network namespaces. Regression Potential: None, since this didn't use to work before. Since routes are per network namespace it is safe to enable /proc/sys/net/ipv4/route/flush in there. Test Case: Tested with LXD on a kernel with the patch applied and by running vpnc successfully. Target Kernels: All LTS kernels starting from 4.15. Kernel 5.3 has the patchset upstream. Patches: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5cdda5f1d6adde02da591ca2196f20289977dc56 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
