fix(lib): write drop-in configs to active network file directory

mjnowen · mjnowen · commit 6bd02b37db27 · 2026-03-30T16:57:20.000+01:00
When another network config generator (e.g. netplan, cloud-init) creates
a .network file with a lower numerical prefix than the 70- prefix used
by amazon-ec2-net-utils, systemd-networkd selects that file as the
active config for the interface. Drop-in files written under
70-&lt;iface&gt;.network.d/ are then silently ignored because they belong to
an inactive network file.

This causes secondary IPv4 addresses (ec2net_alias.conf) and policy
routing rules (ec2net_policy_*.conf) to never be applied, even though
they are correctly fetched from IMDS and written to disk.

Add _get_active_dropin_dir() which queries the systemd-networkd runtime
state to discover the actual active NETWORK_FILE for an interface, then
returns that file's drop-in directory. Falls back to the original
70-&lt;iface&gt;.network.d path when detection is unavailable (e.g. during
early boot before networkd has initialised the interface).

Use _get_active_dropin_dir() in create_ipv4_aliases() and
create_rules() instead of the hardcoded 70- path.
diff --git a/lib/lib.sh b/lib/lib.sh
@@ -230,13 +230,27 @@ _install_and_reload() {
     fi
 }
 
+_get_active_dropin_dir() {
+    local iface=$1
+    local default_dir="${unitdir}/70-${iface}.network.d"
+    local ifindex network_file
+    ifindex=$(cat "/sys/class/net/${iface}/ifindex" 2> /dev/null) || { echo "$default_dir"; return; }
+    network_file=$(sed -n 's/^NETWORK_FILE=//p' "/run/systemd/netif/links/${ifindex}" 2> /dev/null) || { echo "$default_dir"; return; }
+    if [ -n "$network_file" ]; then
+        echo "${network_file}.d"
+    else
+        echo "$default_dir"
+    fi
+}
+
 create_ipv4_aliases() {
     local iface=$1
     local mac=$2
     local addresses
     subnet_supports_ipv4 "$iface" || return 0
     addresses=$(get_iface_imds $mac local-ipv4s | tail -n +2 | sort)
-    local drop_in_dir="${unitdir}/70-${iface}.network.d"
+    local drop_in_dir
+    drop_in_dir=$(_get_active_dropin_dir "$iface")
     mkdir -p "$drop_in_dir"
     local file="$drop_in_dir/ec2net_alias.conf"
     local work="${file}.new"
@@ -295,7 +309,8 @@ create_rules() {
     local family=$4
     local addrs prefixes
     local local_addr_key subnet_pd_key
-    local drop_in_dir="${unitdir}/70-${iface}.network.d"
+    local drop_in_dir
+    drop_in_dir=$(_get_active_dropin_dir "$iface")
     mkdir -p "$drop_in_dir"
 
     local -i ruleid=$((device_number+rule_base+100*network_card))
