Summary:
When changing the VLAN tag of a VM network interface that has link_down=1,the interface becomes active despite the link_down flag remaining set.
Steps to Reproduce:
1. Bring a net interface down with command: pvesh set /nodes/pve1/qemu/101/config --net0 e1000=BC:24:11:1C:17:17,bridge=vmbr7,link_down=1,tag=10
2. Verify interface is DOWN in guest OS
3. Change VLAN tag in GUI(web interface) of Proxmox for VM 101 (in my case I switch to VLAN from 10 to 20)
4. Check interface state in guest OS
note: as you can see, I bring the network down by CLI as I need to do it in a script. Then I change VLAN tag in GUI as it is expected this action is made by the hypervisor operator in graphical environment.
Expected Behavior:
- Interface should remain DOWN
- link_down=1 flag should keep interface disabled
Actual Behavior:
- Interface becomes UP/active
- link_down=1 flag is still present in config but ignored
- Inconsistent state: config says DOWN but interface is UP
Environment:
- Proxmox VE version: 8.4.2 (I cannot upgrade till end of year because of no-shutdown allowed time window)
- Kernel version: 6.8.8-3-pve
- ifupdown2 version: 3.2.0-1+pmx9
Impact:
- Security: disabled interfaces can become active unexpectedly
- Network isolation: VMs might gain unexpected network access
- Automation: scripts relying on link_down fail (flag is set but can be invalidated by manual vlan tag change)
Workaround:
Manually re-apply link_down flag after VLAN change:
qm set VMID -net0 ...,link_down=0
qm set VMID -net0 ...,link_down=1
(Or the equivalent "Disconnect" flag removed, applied and restored in GUI/WEB environment).
Is this a known bug or am I missing something?
I didn't test this with other kind of interface (example: virtio) and parameters, but it can be present also in this cases.
Also my version is a bit old but I need to keep it until EOY, maybe it's already fixed but I found nothing googling about this....
When changing the VLAN tag of a VM network interface that has link_down=1,the interface becomes active despite the link_down flag remaining set.
Steps to Reproduce:
1. Bring a net interface down with command: pvesh set /nodes/pve1/qemu/101/config --net0 e1000=BC:24:11:1C:17:17,bridge=vmbr7,link_down=1,tag=10
2. Verify interface is DOWN in guest OS
3. Change VLAN tag in GUI(web interface) of Proxmox for VM 101 (in my case I switch to VLAN from 10 to 20)
4. Check interface state in guest OS
note: as you can see, I bring the network down by CLI as I need to do it in a script. Then I change VLAN tag in GUI as it is expected this action is made by the hypervisor operator in graphical environment.
Expected Behavior:
- Interface should remain DOWN
- link_down=1 flag should keep interface disabled
Actual Behavior:
- Interface becomes UP/active
- link_down=1 flag is still present in config but ignored
- Inconsistent state: config says DOWN but interface is UP
Environment:
- Proxmox VE version: 8.4.2 (I cannot upgrade till end of year because of no-shutdown allowed time window)
- Kernel version: 6.8.8-3-pve
- ifupdown2 version: 3.2.0-1+pmx9
Impact:
- Security: disabled interfaces can become active unexpectedly
- Network isolation: VMs might gain unexpected network access
- Automation: scripts relying on link_down fail (flag is set but can be invalidated by manual vlan tag change)
Workaround:
Manually re-apply link_down flag after VLAN change:
qm set VMID -net0 ...,link_down=0
qm set VMID -net0 ...,link_down=1
(Or the equivalent "Disconnect" flag removed, applied and restored in GUI/WEB environment).
Is this a known bug or am I missing something?
I didn't test this with other kind of interface (example: virtio) and parameters, but it can be present also in this cases.
Also my version is a bit old but I need to keep it until EOY, maybe it's already fixed but I found nothing googling about this....
)!