Page MenuHomeVyOS Platform
Create Task
Maniphest T3193

DHCPv6 PD verification issues
Closed, ResolvedPublicBUG
Actions

Description

In the vyos-1x Git current and equuleus branches, verify_dhcpv6() in python/vyos/configverify.py raises a ConfigError when there is more than one VLAN interface configured to receive a DHCPv6 PD prefix. Specifically, on line 196, sla_id is assigned None because dict_search() splits on the VLAN interface period; the duplicate check then catches the multiple None values.

To reproduce, boot vyos-1.3-rolling-202101061750-amd64.iso and configure as follows:

set interfaces ethernet eth0 vif 10
set interfaces ethernet eth0 vif 11
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth0.10 sla-id 0
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth0.11 sla-id 1
commit

Results:

Site-Level Aggregation Identifier (SLA-ID) must be unique per prefix-delegation!
[[interfaces ethernet eth0]] failed
Commit failed

verify_dhcpv6() raises a ConfigError when more than one interface is auto-assigned an SLA-ID. data/templates/dhcp-client/ipv6.tmpl handles the auto-assigning of SLA-IDs on lines 39, 46, and 52.

To reproduce, boot vyos-1.3-rolling-202101061750-amd64.iso and configure as follows:

set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth2
commit

Results:

Site-Level Aggregation Identifier (SLA-ID) must be unique per prefix-delegation!
[[interfaces ethernet eth0]] failed
Commit failed

verify_dhcpv6() fails to raise a ConfigError when one interface is auto-assigned an SLA-ID and another is configured with the same SLA-ID.

To reproduce, boot vyos-1.3-rolling-202101061750-amd64.iso and configure as follows:

set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth2 sla-id 0
commit
cat /run/dhcp6c/dhcp6c.eth0.conf

Results:

### Autogenerated by interface.py ###

# man https://www.unix.com/man-page/debian/5/dhcp6c.conf/
interface eth0 {
    send ia-pd 0; # prefix delegation #0
};


id-assoc pd 0 {
    prefix ::/64 infinity;
    prefix-interface eth1 {
        sla-len 0;
        sla-id 0;
    };
    prefix-interface eth2 {
        sla-len 0;
        sla-id 0;
    };
};

Note the duplicate sla-id.

Fixes are already written; I will comment with a GitHub PR shortly.

Details

Difficulty level
Normal (likely a few hours)
Version
1.3-rolling-202101061750
Why the issue appeared?
Implementation mistake
Is it a breaking change?
Stricter validation
Issue type
Bug (incorrect behavior)

Event Timeline

stepler created this task.Jan 7 2021, 4:40 AM
stepler added a comment.Jan 7 2021, 4:56 AM

PR https://github.com/vyos/vyos-1x/pull/671

c-po changed the task status from Open to Needs testing.Jan 7 2021, 7:33 AM
c-po assigned this task to stepler.
c-po triaged this task as Normal priority.
c-po changed Why the issue appeared? from Will be filled on close to Implementation mistake.
c-po changed Is it a breaking change? from Perfectly compatible to Stricter validation.
pasik added a subscriber: pasik.Jan 7 2021, 4:18 PM
stepler closed this task as Resolved.Jan 11 2021, 8:28 PM

Looks good on 1.3-beta-202101111823:

vyos@vyos:~$ configure
WARNING: You are currently configuring a live-ISO environment, changes will not persist until installed
[edit]
vyos@vyos# set interfaces ethernet eth0 vif 10
[edit]
vyos@vyos# set interfaces ethernet eth0 vif 11
[edit]
vyos@vyos# set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth0.10 sla-id 0
[edit]
vyos@vyos# set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth0.11 sla-id 1
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# delete interfaces ethernet eth0 dhcpv6-options
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1
[edit]
vyos@vyos# set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth2
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# delete interfaces ethernet eth0 dhcpv6-options
[edit]
vyos@vyos# commit
[edit]
vyos@vyos# set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1
[edit]
vyos@vyos# set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth2 sla-id 0
[edit]
vyos@vyos# commit
Site-Level Aggregation Identifier (SLA-ID) must be unique per prefix-delegation!
[[interfaces ethernet eth0]] failed
Commit failed
[edit]
vyos@vyos# exit discard
exit
vyos@vyos:~$ show version

Version:          VyOS 1.3-beta-202101111823
Release Train:    equuleus

Built by:         [email protected]
Built on:         Mon 11 Jan 2021 18:23 UTC
Build UUID:       ab5de081-2555-4eb8-9afa-47bc5b46faa4
Build Commit ID:  d04e31c9e56088

Architecture:     x86_64
Boot via:         livecd
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    a43bb9c6-e595-4bca-af7a-70598e3719bb

Copyright:        VyOS maintainers and contributors
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Mar 18 2021, 4:28 PM
SrividyaA set Issue type to Bug (incorrect behavior).Aug 30 2021, 2:47 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:26 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.