Page MenuHomeVyOS Platform

ipaddrcheck unaware of /31 host addresses - can no longer assign /31 mask to interface addresses
Closed, ResolvedPublicBUG

Description

vyos@vyos# set interfaces dummy dum0 address 192.0.2.8/31

  Invalid value
  Value validation failed
  Set failed
vyos@vyos# set interfaces dummy dum0 address 192.0.2.9/31

This happened to be an issue before (fixed in T1425, and reintroduced by fixing T2548)

The root cause is that ipaddrcheck is not properly aware of the /31 mask

$ ipaddrcheck --is-ipv4-host 192.0.2.9/31
$ echo $?
0

$ ipaddrcheck --is-ipv4-host 192.0.2.8/31
$ echo $?
1

Why /31? https://tools.ietf.org/html/rfc3021

Details

Difficulty level
Normal (likely a few hours)
Version
1.3-rolling-202006090117
Why the issue appeared?
Implementation mistake
Is it a breaking change?
Stricter validation
Issue type
Bug (incorrect behavior)

Event Timeline

c-po triaged this task as Unbreak Now! priority.Jun 10 2020, 6:22 AM
c-po created this task.
c-po changed Why the issue appeared? from Will be filled on close to Design mistake.

Proposed validator for host https://github.com/vyos/vyos-1x/blob/current/src/validators/ipv4-host

#!/bin/sh

if [ `echo $1 | grep "/31" | wc -l` -eq "1" ]; then
    ipaddrcheck --is-any-cidr $1
else
    ipaddrcheck --is-ipv4-host $1
fi

i'm wondering if this is the right approach.
This works as a workaround, but this needs to be added to the ipaddrcheck validator as an allowed host-address and not be done in a shell script

Clearly a workaround is the fastest way to "fix" VyOS, but the backend code should be fixed, too. This is either ipaddrcheck https://github.com/vyos/ipaddrcheck or libcidr.

The mentioned PR can't be accepted (see GitHub discussion) as it will break IPv6.

I'm pretty sure it's my failure to correctly handle an edge case. I'll look into it today, should be simple enough.

dmbaturin renamed this task from ipaddrchecl unaware of /31 host addresses - can no longer assign /31 mask to interface addresses to ipaddrcheck unaware of /31 host addresses - can no longer assign /31 mask to interface addresses.Jun 10 2020, 9:35 AM
dmbaturin changed Why the issue appeared? from Design mistake to Implementation mistake.
c-po changed the task status from Open to Needs testing.Jun 11 2020, 12:57 PM
erkin set Issue type to Bug (incorrect behavior).Mon, Aug 30, 5:39 AM
erkin removed a subscriber: Active contributors.