Page MenuHomeVyOS Platform
Create Task
Maniphest T6602

interfaces: verify supplied VRF name on all interface types
Closed, ResolvedPublicBUG
Actions

Description

Only some (e.g. ethernet or wireguard) interfaces validate if the supplied VRF actually exists. If this is not validated, one can pass an invalid VRF to the system which generates an OSError exception

To reproduce

set interfaces vxlan vxlan1 vni 1000
set interfaces vxlan vxlan1 remote 1.2.3.4
set interfaces vxlan vxlan1 vrf smoketest

results in

Report time:      2024-07-23 09:14:17
Image version:    VyOS 1.5-rolling-202407230021
Release train:    current

Built by:         [email protected]
Built on:         Tue 23 Jul 2024 00:22 UTC
Build UUID:       413a7534-617a-4e00-957f-f805c6b7fa23
Build commit ID:  67f8d13fc99e39

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    423379fe-7364-2d62-d562-ab995a3ed96d

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces_vxlan.py", line 254, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces_vxlan.py", line 245, in apply
    v.update(vxlan)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/vxlan.py", line 201, in update
    super().update(config)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1611, in update
    self.set_vrf(config.get('vrf', ''))
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 614, in set_vrf
    self.set_interface('vrf', vrf)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 195, in set_interface
    return self._set_command(self.config, name, value)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 122, in _set_command
    return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd))
                                                              ^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 64, in _cmd
    return cmd(command, self.debug)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/process.py", line 155, in cmd
    raise OSError(code, feedback)
OSError: [Errno 255] failed to run command: ip link set dev vxlan1 master smoketest_mgmt
returned:
exit code: 255

TODO

  • Extend base_interface smoketests to always check if interface can be assigned to an invalid VRF - this must be handled by all interface verify() stages

Details

Difficulty level
Easy (less than an hour)
Version
1.5-rolling-202407230021
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

c-po created this task.Jul 23 2024, 7:16 AM
c-po claimed this task.
pasik subscribed.Jul 23 2024, 7:29 AM
c-po updated the task description. (Show Details)Jul 23 2024, 7:38 AM
c-po updated the task description. (Show Details)
c-po renamed this task from vxlan: verify VRF exists to interfaces: verify supplied VRF name on all interface types.Jul 23 2024, 5:06 PM
c-po updated the task description. (Show Details)
c-po added a comment.Jul 23 2024, 5:10 PM

https://github.com/vyos/vyos-1x/pull/3856

c-po changed the task status from Open to In progress.Jul 23 2024, 5:11 PM
syncer triaged this task as Normal priority.Jul 24 2024, 5:27 AM
c-po closed this task as Resolved.Jul 25 2024, 11:56 AM
c-po moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.1) board.