Skip to content

Invalid config is hanging around after not being validated #18782

New issue
New issue
Closed
Closed
Invalid config is hanging around after not being validated#18782
Assignees
choppsv1
Labels
triageNeeds further investigation
@donaldsharp

Description

@donaldsharp
donaldsharp
opened on May 9, 2025

Description

sharpd@eva ~/frr3 (eigrp_comment_wrong)> more failure.conf
int lo
  ip address 0.0.0.5/32
sharpd@eva ~/frr3 (eigrp_comment_wrong)> vi success.conf
sharpd@eva ~/frr3 (eigrp_comment_wrong)> more success.conf
int enp13s0
  ip address 4.5.6.7/32
sharpd@eva ~/frr3 (eigrp_comment_wrong)> vtysh -f failure.conf
[1322576|mgmtd] sending configuration
[1322577|zebra] sending configuration
[1322577|zebra] done
% Configuration failed.

invalid address 0.0.0.5/32
[1322576|mgmtd] Configuration file[/etc/frr/frr.conf] processing failure: 13
Waiting for children to finish applying config...
sharpd@eva ~/frr3 (eigrp_comment_wrong) [13]> 
sharpd@eva ~/frr3 (eigrp_comment_wrong) [13]> 
sharpd@eva ~/frr3 (eigrp_comment_wrong) [13]> vtysh -f success.conf
[1322635|mgmtd] sending configuration
[1322636|zebra] sending configuration
[1322636|zebra] done
% Configuration failed.

invalid address 0.0.0.5/32
[1322635|mgmtd] Configuration file[/etc/frr/frr.conf] processing failure: 13
Waiting for children to finish applying config...
sharpd@eva ~/frr3 (eigrp_comment_wrong) [13]>

I have made this change to zebra:

diff --git a/zebra/zebra_nb_config.c b/zebra/zebra_nb_config.c
index 6361b88859..36a311020d 100644
--- a/zebra/zebra_nb_config.c
+++ b/zebra/zebra_nb_config.c
@@ -867,11 +867,13 @@ int lib_interface_zebra_ipv4_addrs_create(struct nb_cb_create_args *args)
 
        switch (args->event) {
        case NB_EV_VALIDATE:
+               zlog_debug("Validating: %pFX", &p);
                if (ipv4_martian(&p.u.prefix4)) {
                        snprintfrr(args->errmsg, args->errmsg_len,
                                   "invalid address %pFX", &p);
                        return NB_ERR_VALIDATION;
                }
+               zlog_debug("Validated");
                break;
        case NB_EV_PREPARE:
        case NB_EV_ABORT:

The zebra output is:

sharpd@eva:~/frr3/doc$ sudo /usr/lib/frr/zebra --log stdout --log-level debug
2025/05/09 10:41:59 ZEBRA: [T83RR-8SM5G] zebra 10.4-dev starting: vty@2601
2025/05/09 10:41:59 ZEBRA: [K55SV-YMF8X] Sweeping the RIB for stale routes...
2025/05/09 10:42:14 ZEBRA: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2025/05/09 10:42:14 ZEBRA: [G6NKK-8C6DV] end_config: VTY:0x55bd6e30ae50, pending SET-CFG: 0
2025/05/09 10:42:14 ZEBRA: [N706T-AY2CK] Validating: 0.0.0.5/32
2025/05/09 10:42:14 ZEBRA: [MHYBZ-5A04C][EC 100663334] error processing configuration change: error [validation] event [validate] operation [create] xpath [/frr-interface:lib/interface[name='lo']/frr-zebra:zebra/ipv4-addrs[ip='0.0.0.5'][prefix-length='32']] message: invalid address 0.0.0.5/32
2025/05/09 10:42:14 ZEBRA: [H68KZ-12QEF][EC 100663340] nb_candidate_commit_prepare: failed to validate candidate configuration
2025/05/09 10:42:14 ZEBRA: [KFEJ3-7JXVF] BE-CLIENT: mgmt_be_txn_cfg_prepare: ERROR: Failed to validate configs txn-id: 2 1 batches, err: 'invalid address 0.0.0.5/32'
2025/05/09 10:43:19 ZEBRA: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2025/05/09 10:43:19 ZEBRA: [G6NKK-8C6DV] end_config: VTY:0x55bd6e3924d0, pending SET-CFG: 0
2025/05/09 10:43:19 ZEBRA: [N706T-AY2CK] Validating: 0.0.0.5/32
2025/05/09 10:43:19 ZEBRA: [MHYBZ-5A04C][EC 100663334] error processing configuration change: error [validation] event [validate] operation [create] xpath [/frr-interface:lib/interface[name='lo']/frr-zebra:zebra/ipv4-addrs[ip='0.0.0.5'][prefix-length='32']] message: invalid address 0.0.0.5/32
2025/05/09 10:43:19 ZEBRA: [H68KZ-12QEF][EC 100663340] nb_candidate_commit_prepare: failed to validate candidate configuration
2025/05/09 10:43:19 ZEBRA: [KFEJ3-7JXVF] BE-CLIENT: mgmt_be_txn_cfg_prepare: ERROR: Failed to validate configs txn-id: 3 1 batches, err: 'invalid address 0.0.0.5/32'
2025/05/09 10:43:24 ZEBRA: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2025/05/09 10:43:24 ZEBRA: [G6NKK-8C6DV] end_config: VTY:0x55bd6e3924d0, pending SET-CFG: 0
2025/05/09 10:43:24 ZEBRA: [N706T-AY2CK] Validating: 0.0.0.5/32
2025/05/09 10:43:24 ZEBRA: [MHYBZ-5A04C][EC 100663334] error processing configuration change: error [validation] event [validate] operation [create] xpath [/frr-interface:lib/interface[name='lo']/frr-zebra:zebra/ipv4-addrs[ip='0.0.0.5'][prefix-length='32']] message: invalid address 0.0.0.5/32
2025/05/09 10:43:24 ZEBRA: [H68KZ-12QEF][EC 100663340] nb_candidate_commit_prepare: failed to validate candidate configuration
2025/05/09 10:43:24 ZEBRA: [KFEJ3-7JXVF] BE-CLIENT: mgmt_be_txn_cfg_prepare: ERROR: Failed to validate configs txn-id: 4 1 batches, err: 'invalid address 0.0.0.5/32'

mgmtd log is:

2025/05/09 10:41:49 MGMTD: [T83RR-8SM5G] mgmtd 10.4-dev starting: vty@2623
2025/05/09 10:41:49 MGMTD: [ZP80B-GRJR7] mgmtd: reading config file: /etc/frr//zebra.conf
2025/05/09 10:41:49 MGMTD: [RQT05-4D0H5][EC 100663319] vty_open_config: failed to open configuration file /etc/frr//ripd.conf: No such file or directory, checking backup
2025/05/09 10:41:49 MGMTD: [VDWX6-W8CNF][EC 100663304] vty_open_config: can't open configuration file [/etc/frr//ripd.conf]
2025/05/09 10:41:49 MGMTD: [RQT05-4D0H5][EC 100663319] vty_open_config: failed to open configuration file /etc/frr//ripngd.conf: No such file or directory, checking backup
2025/05/09 10:41:49 MGMTD: [VDWX6-W8CNF][EC 100663304] vty_open_config: can't open configuration file [/etc/frr//ripngd.conf]
2025/05/09 10:41:49 MGMTD: [ZP80B-GRJR7] mgmtd: reading config file: /etc/frr//staticd.conf
2025/05/09 10:41:49 MGMTD: [RQT05-4D0H5][EC 100663319] vty_open_config: failed to open configuration file /etc/frr//mgmtd.conf: No such file or directory, checking backup
2025/05/09 10:41:49 MGMTD: [VDWX6-W8CNF][EC 100663304] vty_open_config: can't open configuration file [/etc/frr//mgmtd.conf]
2025/05/09 10:41:49 MGMTD: [XSARQ-CBJX8] mgmtd: finished reading config files
2025/05/09 10:42:14 MGMTD: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2025/05/09 10:42:14 MGMTD: [G6NKK-8C6DV] end_config: VTY:0x55b027e401a0, pending SET-CFG: 2
2025/05/09 10:42:14 MGMTD: [KF39R-NRP86] mgmt_txn_notify_be_cfgdata_reply: ERROR: CFGDATA_CREATE_REQ sent to 'zebra' failed txn-id: 2 err: invalid address 0.0.0.5/32
2025/05/09 10:42:14 MGMTD: [SG2F2-M78GE] COMMIT_CONFIG request for client 0x2 failed, Error: 'invalid address 0.0.0.5/32'
2025/05/09 10:43:19 MGMTD: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2025/05/09 10:43:19 MGMTD: [G6NKK-8C6DV] end_config: VTY:0x55b027e401a0, pending SET-CFG: 2
2025/05/09 10:43:19 MGMTD: [KF39R-NRP86] mgmt_txn_notify_be_cfgdata_reply: ERROR: CFGDATA_CREATE_REQ sent to 'zebra' failed txn-id: 3 err: invalid address 0.0.0.5/32
2025/05/09 10:43:19 MGMTD: [SG2F2-M78GE] COMMIT_CONFIG request for client 0x4 failed, Error: 'invalid address 0.0.0.5/32'
2025/05/09 10:43:24 MGMTD: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
2025/05/09 10:43:24 MGMTD: [G6NKK-8C6DV] end_config: VTY:0x55b027e401a0, pending SET-CFG: 2
2025/05/09 10:43:24 MGMTD: [KF39R-NRP86] mgmt_txn_notify_be_cfgdata_reply: ERROR: CFGDATA_CREATE_REQ sent to 'zebra' failed txn-id: 4 err: invalid address 0.0.0.5/32
2025/05/09 10:43:24 MGMTD: [SG2F2-M78GE] COMMIT_CONFIG request for client 0x5 failed, Error: 'invalid address 0.0.0.5/32'

Version

master

How to reproduce

outlined above

Expected behavior

non-validated config should be dropped

Actual behavior

non-validated data is being kept around

Additional context

Cat's are better than llamas most of the time

Checklist

  • I have searched the open issues for this bug.
  • I have not included sensitive information in this report.

Metadata

Metadata

Assignees

Labels

triageNeeds further investigation

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions