Page MenuHomeVyOS Platform

Prevent deletion of bridge member interfaces
In progress, Requires assessmentPublicBUG

Description

Interfaces assigned to a bridge should not be allowed to be deleted. If an interface is deleted from the config, the subsequent boot will fail with a configuration error as one of the bridge interfaces is mirring.

This is true for the following interfaces:

  • bonding
  • dummy
  • geneve
  • l2tpv3
  • openvpn
  • pseudo-ethernet
  • tunnel -> @thomas-mangin please add this as I do not understand that code
  • vti (to be done on interface rewrite)
  • vxlan
  • wireguard -> not fully supported by current wireguard implementation (deleting all wireguard interfaces does not trigger the check) Fixed in T2244
  • wireless
  • wirelessmodem

Details

Difficulty level
Easy (less than an hour)
Version
1.3-rolling-20200405
Why the issue appeared?
Design mistake
Is it a breaking change?
Stricter validation

Event Timeline

c-po claimed this task.Apr 5 2020, 7:24 PM
c-po created this task.
c-po changed Why the issue appeared? from Will be filled on close to Design mistake.
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Stricter validation.
c-po renamed this task from l2tpv3 interface can be deleted while it is still assigned to a bridge to Prevent deletion of bridge member interfaces.Apr 7 2020, 6:45 PM
c-po changed the task status from Open to In progress.
c-po updated the task description. (Show Details)
c-po updated the task description. (Show Details)Apr 7 2020, 7:32 PM
c-po updated the task description. (Show Details)Apr 7 2020, 7:42 PM
c-po updated the task description. (Show Details)Apr 7 2020, 7:54 PM
c-po updated the task description. (Show Details)
c-po added a subscriber: thomas-mangin.
c-po updated the task description. (Show Details)Apr 7 2020, 8:03 PM
pasik added a subscriber: pasik.Apr 8 2020, 10:18 AM

@cpo AFAIU the patches are not right as the code making use of Config() in the verify() section and AFAIU this is against the separation between get_config()

c-po added a comment.Apr 8 2020, 7:34 PM

Yes - there are some parts which make use of this bad practice (mostly introduced by me), cleanup required.

THos parts can be read in get_config() and evaluated in verify() instead. Let us coordinate on Slack.

c-po reassigned this task from c-po to thomas-mangin.Apr 19 2020, 10:03 AM
c-po updated the task description. (Show Details)