Page MenuHomePhabricator

Change Request: Handle non existing listen-address assignments in e.g. TFTP or SNMP
Closed, ResolvedPublicFEATURE REQUEST

Description

Lets assume we have a service where we can configure a listen-address (TFTP/SNMP) and that address is crucial for the service to operate - meaning service won't start if this address is not present on the system. Should we raise ConfigError() in the Python script?

This can be ok - during system runtime - but also it could have the following sideeffect:
Imagine the user de-configures the interface with this listen-address delete interface ethernet eth0 address <x.x.x.x> commits the config (no checks on the TFTP/SNMP service are performed) and then save this config. On the subsequent OS reboot the SNMP/TFTP service will be removed from the running config b/c the verify() stage in the Python scripts see that there is a non-assigned IP address configured. => Users may think of a BUG in VyOS.

Other services like pdns recursor don't have this hard limitation as they can be bound to non-existing IP addresses (imagine VRRP) and make use of them the second the IP address get's really assigned on the host.

Change Request
If a listen address is configured - but not available on the system - bind the service to at least localhost (127.0.0.1, [::1]) to not expose it on all IP addresses on the system as when listen-address has not been specified. On commit we will inform the user about this miss-configuration making everything save (for reboots) and not loose configuration fragments.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
c-po created this task.Sep 16 2018, 6:11 PM
c-po updated the task description. (Show Details)
c-po added a comment.Sep 16 2018, 6:34 PM

Invalid SNMP addresses must be filtered, else the service won't start with this error message:

Sep 16 20:32:58 LR1 snmpd[4848]: Error opening specified endpoint "udp:192.168.1.1:161"
Sep 16 20:32:58 LR1 snmpd[4848]: Server Exiting with code 1
Sep 16 20:32:58 LR1 snmpd[4845]: Starting SNMP services::
Sep 16 20:32:58 LR1 systemd[1]: snmpd.service: control process exited, code=exited status=1
Sep 16 20:32:58 LR1 systemd[1]: Failed to start LSB: SNMP agents.
Sep 16 20:32:58 LR1 systemd[1]: Unit snmpd.service entered failed state.
c-po moved this task from Need Triage to In Progress on the VyOS 1.2.x board.Sep 18 2018, 5:16 PM
syncer triaged this task as Normal priority.Tue, Sep 25, 2:02 PM
c-po added a subscriber: dmbaturin.

Both SNMP and TFTP now print a warning. In a subsequent step we could change this to be an error on commit and introduce a migration script deleting invalid addresses to not kill currently deployed configs!

c-po claimed this task.Sat, Oct 20, 9:38 PM
c-po closed this task as Resolved.