Bug#864341: systemd-sysctl: failed to apply sysctl config at bootup

Wed, 07 Jun 2017 04:51:45 -0700 

On 07/06/17 12:57, Michael Biebl wrote:

How do you load the conntrack kernel module?
Moritz brought this up on IRC already and from what we could conclude
this is an ordering issue / race between the kernel module being loaded
and the sysfs entries being available and the sysctl settings being applied.

Moritz, did your investigations find something?

Afair you might have to apply the settings via a udev rule.
I don't think there is anything we can do about that in
systemd-sysctl.service.


Thanks for your quick reply.
This machine works as a firewall, so I think the modules are loaded by nftables when the ruleset is loaded at boot time , before network interfaces start becoming up: 

[...]
[lun jun  5 14:06:47 2017] Netfilter messages via NETLINK v0.30.
[lun jun 5 14:06:47 2017] nf_tables: (c) 2007-2009 Patrick McHardy <ka...@trash.net> [lun jun 5 14:06:47 2017] nf_conntrack version 0.5.0 (16384 buckets, 65536 max) [lun jun 5 14:06:47 2017] IPv6: ADDRCONF(NETDEV_UP): eth3: link is not ready [lun jun 5 14:06:47 2017] e1000: eth3 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX [lun jun 5 14:06:47 2017] IPv6: ADDRCONF(NETDEV_CHANGE): eth3: link becomes ready [lun jun 5 14:06:47 2017] Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) 
[lun jun  5 14:06:47 2017] bond0: Setting xmit hash policy to layer3+4 (1)
[lun jun  5 14:06:47 2017] bond0: Setting MII monitoring interval to 100
[...]
What you said make sense. How would you order sysctl/nftables/network services to prevent this issue? A quick and dirty workaround is to call sysctl in the nftables.service file after loading the ruleset, 
but I'm looking for something more robust/elegant.

What about running systemd-sysctl the last in the boot order chain?

--
Arturo Borrero Gonzalez
Departamento de Seguridad Informatica (n...@cica.es)
Centro Informatico Científico de Andalucia (CICA)
Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain)
Tfno.: +34 955 130 384
Consejería de Economia y Conocimiento
Junta de Andalucia

_______________________________________________
Pkg-systemd-maintainers mailing list
Pkg-systemd-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers

Reply via email to