sonic-utilities icon indicating copy to clipboard operation
sonic-utilities copied to clipboard

Published 20 hours ago verified publisher icon sonic-net

[config] Add more IP address validation checks

Open shikenghua opened this issue 6 years ago • 2 comments

- What I did The below two cases will cause swss crash:

  1. Config /32(IPv4) or /128(IPv6) address on non-loopback interfaces
  2. Add the same IP subnet to two different interfaces

This is because duplicated route is added to SAI and it returns fail and cause swss raises exception.

Two checks are added when config IP on interface:

  1. /32(IPv4) and /128(IPv6) networks are only allowed on Loopback interfaces
  2. Newly added IP address shouldn't overlap with existing subnet

- How I did it Perform validation checks in CLI configuration functions. Throw error if check fail.

- How to verify it Use "config interface ip add/remove" commands to test. Config with invalid IP address should see error and vice versa.

- Previous command output (if the output of a command-line utility has changed)

  1. Config /32(IPv4) or /128(IPv6) address: admin@sonic:$sudo config interface ip add Ethernet0 1.1.1.1/32 swss crash and error messages logged in /var/log/syslog: Nov 5 18:31:33.082312 sonic ERR swss#orchagent: :- addIp2MeRoute: Failed to create IP2me route ip:4.4.4.4, rv:-6 Nov 5 18:31:33.082440 sonic INFO swss#supervisord: orchagent terminate called after throwing an instance of 'std::runtime_error'

  2. Config overlapped subnets: admin@sonic:$ sudo config interface ip add Ethernet0 10.1.1.1/24 admin@sonic:$ sudo config interface ip add Ethernet1 10.1.1.2/24 swss crash and error messages logged in /var/log/syslog: Nov 5 19:31:52.459171 sonic ERR swss#orchagent: :- addSubnetRoute: Failed to create subnet route to 10.1.1.2/24 from Ethernet4, rv:-6 Nov 5 19:31:52.459855 sonic INFO swss#supervisord: orchagent terminate called after throwing an instance of 'std::runtime_error'

- New command output (if the output of a command-line utility has changed)

  1. Config /32(IPv4) or /128(IPv6) address: admin@sonic:$sudo config interface ip add Ethernet0 1.1.1.1/32 Usage: config interface ip add [OPTIONS] <interface_name> <ip_addr> Error: Bad mask /32 for IP address 1.1.1.1/32 admin@sonic:$sudo config interface ip add Ethernet0 2019::1/128 Usage: config interface ip add [OPTIONS] <interface_name> <ip_addr> Error: Bad mask /128 for IP address 2019::1/128

  2. Config overlapped subnets: admin@sonic:$ sudo config interface ip add Ethernet0 10.1.1.1/24 admin@sonic:$ sudo config interface ip add Ethernet1 10.1.1.2/24 Usage: config interface ip add [OPTIONS] <interface_name> <ip_addr> Error: IP address 10.1.1.2/24 overlaps with existing subnet

-->

shikenghua avatar Aug 30 '19 10:08 shikenghua

Retest this please

jleveque avatar Sep 09 '19 16:09 jleveque

Id like to see this added. its a nice safety check

ITJamie avatar Apr 19 '22 16:04 ITJamie