cli/serviceability: validate CYOA/DIA and link bandwidth invariants#3778
Merged
Conversation
elitegreg
approved these changes
May 27, 2026
Contributor
|
Hey Juan, small thing on DZX: side Z's interface only gets set when contributor Z runs |
Reject CYOA/DIA device interfaces with --bandwidth=0 in device interface create and device interface update, and reject link wan-create / link dzx-create when interface bandwidth is less than the link's bandwidth (DZX checks side A only; side Z is external). These are client-side validations that fail before submitting a transaction; matching onchain enforcement lands in a follow-up commit so the same invariants hold regardless of the client used.
…width onchain Mirror the CLI-side bandwidth validations in the program so the invariants hold regardless of the client. - process_create_device_interface rejects CYOA/DIA with bandwidth == 0. - process_update_device_interface applies the same rule, but only when the transaction is changing CYOA, DIA, or bandwidth, so legacy zero-bandwidth CYOA/DIA interfaces already onchain can still receive unrelated updates without first being repaired. - process_create_link rejects when side_a_iface.bandwidth < link.bandwidth, and same for side_z_iface when present (WAN). DZX side Z is external and unchecked. All rejections reuse DoubleZeroError::InvalidBandwidth (Custom(31)). Tests: - New tests/bandwidth_validation_test.rs covers each new rejection path end-to-end via the program-test bank. - Existing link and topology integration tests that built interfaces with bandwidth=0 alongside non-zero link bandwidth now use 100 Gbps interfaces, matching the new invariant.
…ink >= interface rule The shared LedgerHelper::create_interface in the telemetry integration tests built interfaces with bandwidth=0 while the same tests created links at 10 Gbps. After the new onchain check that link.bandwidth must be <= side_a/side_z interface bandwidth, every telemetry test that exercised create_link via this helper began failing with DoubleZeroError::InvalidBandwidth (Custom(31)) during setup. Raise the helper's interface bandwidth to 100 Gbps, matching the serviceability test fixtures already updated in 0c14b62 (link_onchain_allocation_test, link_wan_test, topology_test). The interface is created with interface_cyoa/interface_dia = None, so this does not interact with the CYOA/DIA bandwidth==0 rejection; it only satisfies the link <= interface invariant.
juan-malbeclabs
force-pushed
the
jo/interface_bandwidth_checks
branch
from
4b2d054 to
55d5617
Compare
Contributor
Author
|
@thijsvanemmerik Good catch. I added the same validation in |
Mirror the existing wan-create / dzx-create bandwidth checks in `doublezero link accept`. Side Z is validated against `link.bandwidth` when it is first bound, and side A is re-validated in case it was lowered via `device interface update` between create and accept. Both checks run before submitting the transaction so misconfigured commands fail fast with the same human-readable message style as the other link create verbs; matching onchain enforcement lands in a follow-up commit so the invariant holds regardless of the client.
Mirror the create-time `iface.bandwidth >= link.bandwidth` invariant in `process_accept_link` so the same rule holds at the activation boundary regardless of the client. - Side Z is checked for the first time (DZX side Z is unknown at create). - Side A is re-checked because a contributor can lower an interface's bandwidth via `process_update_device_interface` between link create and accept (the update only enforces the CYOA/DIA non-zero rule). Both rejections reuse `DoubleZeroError::InvalidBandwidth` (Custom(31)), matching the create-time error code. Tests: new `test_link_accept_rejects_insufficient_side_z_bandwidth` and `test_link_accept_rejects_insufficient_side_a_bandwidth` in `tests/bandwidth_validation_test.rs` exercise both paths end-to-end via the program-test bank.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Reject misconfigured device interfaces and links by enforcing two new bandwidth invariants in both the CLI (immediate, fee-free feedback) and the on-chain serviceability program (source-of-truth so the invariants hold regardless of the client):
--bandwidthatdevice interface createanddevice interface update. On update the check fires only when the transaction is changing CYOA, DIA, or bandwidth, so legacy zero-bandwidth CYOA/DIA interfaces already onchain can still be updated for unrelated fields without first being repaired.interface[a|z].bandwidth >= link.bandwidthatlink wan-createandlink dzx-create(DZX only checks side A; side Z is external).All on-chain rejections surface as
DoubleZeroError::InvalidBandwidth(Custom(31)); CLI rejections surface as targetedeyreerrors before submitting a transaction.Base branch
Targets
tve/cli-bandwidth-default-valuebecause the CLI changes build on top of--bandwidthbeing optional again (default0bps). When that branch lands on main, this branch can be retargeted with no replay required.Testing Verification
cargo test -p doublezero_cli --lib— 21 targeted tests pass.tests/bandwidth_validation_test.rsexercises each rejection end-to-end through the program-test bank (4 tests, all assertCustom(31)). Pre-existinglink_onchain_allocation_test.rs,link_wan_test.rs, andtopology_test.rsupdated where they built physical interfaces withbandwidth=0next to non-zero link bandwidth.make rust-fmtandmake rust-lintclean on the full workspace; fullcargo test -p doublezero-serviceability --testsgreen.Notes for reviewers
processors/device/interface/update.rs:Interfaceto inspect). This mirrors the existing CYOA/MTU treatment for DZX.