yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2036877] Re: radvd seems to crash when ipv4 addresses are supplied as nameservers to ipv6 subnets

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <2036877@xxxxxxxxxxxxxxxxxx>
Date: Fri, 08 Dec 2023 09:23:17 -0000
Reply-to: Bug 2036877 <2036877@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/c/openstack/neutron/+/900240
Committed: https://opendev.org/openstack/neutron/commit/2f91d330dae0127be1adb98f3d6d1fd49745f25d
Submitter: "Zuul (22348)"
Branch:    master

commit 2f91d330dae0127be1adb98f3d6d1fd49745f25d
Author: Brian Haley <haleyb.dev@xxxxxxxxx>
Date:   Mon Nov 6 15:03:50 2023 -0500

    Correctly validate subnet arguments when using a subnetpool
    
    When creating a subnet using a subnetpool, we were
    failing to validate all the passed API arguments in
    the dictionary, leading to a case where you could
    specify an invalid DNS nameserver. For example,
    using an IPv4 nameserver on an IPv6 subnet. This
    could cause daemons the l3-agent starts, like radvd,
    to fail to start correctly, leading to a loss of
    connectivity.
    
    Specifying a subnet by cidr without a subnetpool
    did already correctly fail with an IP version
    mismatch error, this is just an edge case that
    was never tested.
    
    Since _validate_subnet() was called in so many places
    it was moved to a common location and is only not
    called for IPv6 prefix-delegation subnets.
    
    Closes-bug: #2036877
    Change-Id: I6302e9a373cf93e706cec10f87c3beaf632a0391


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2036877

Title:
  radvd seems to crash when ipv4 addresses are supplied as nameservers
  to ipv6 subnets

Status in neutron:
  Fix Released

Bug description:
  I'll copy from this report, please notice that I'm NOT the original
  reporter!:

  https://bugs.launchpad.net/kolla-ansible/+bug/2033980/comments/8

  Before cleaning the PID file, I did take a look at the config of
  radvd:

  ```
  $ cat /var/lib/neutron/ra/aee91f41-1945-40b4-b72f-8be2eb369b44.radvd.conf
  interface qr-caa16d7e-26
  {
     AdvSendAdvert on;
     MinRtrAdvInterval 30;
     MaxRtrAdvInterval 100;
     AdvLinkMTU 1450;

     RDNSS 2a02:74a0:x:0::53 10.40.3.53 2a02:74a0:x:0::54 {};

     prefix 2a02:74a0:x:y::/64
     {
          AdvOnLink on;
          AdvAutonomous on;
     };

     route fe80::a9fe:a9fe/128 {
     };
  };
  ```

  We've been configuring the router with terraform, assigning the ipv4
  resolvers to the IPv4 subnet and the IPv6 resolvers to the IPv6
  subnet.

  After deleting the router, adjusting the subnets (no resolvers on v4,
  only ipv6 resolvers on ipv6), and recreating the router, radvd is now
  active and everything's fine.

  It seems that due to misconfiguration (and incomplete template
  parsing), IPv4 nameservers ended up in the config of radvd, which
  failed to start. Neutron was then unable to clean up the pidfile, thus
  failing to start radvd again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2036877/+subscriptions

References

[Bug 2036877] [NEW] radvd seems to crash when ipv4 addresses are supplied as nameservers to ipv6 subnets
From: Sven Kieske, 2023-09-21