Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Interfaces: Other Types: VXLAN needs additional constraints to prevent user error #6893

Closed
2 tasks done
Monviech opened this issue Sep 29, 2023 · 2 comments
Closed
2 tasks done

Interfaces: Other Types: VXLAN needs additional constraints to prevent user error #6893

Monviech opened this issue Sep 29, 2023 · 2 comments

Comments

@Monviech
Copy link
Sponsor Member

Monviech commented Sep 29, 2023
edited

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

Describe the bug

In the GUI in Interfaces: Other Types: VXLAN in the mask Edit VxLan the fields Remote address, Multicast group and Device can all be populated, even though that prevents the operating system from creating a working vxlan interface.

If you populate Remote address and Device (other than none) at the same time, dmesg shows this:
vxlan2: cannot initialize interface: can only specify interface with a group address

If you populate Remote address andMulticast group and Device at the same time, the vxlan interface comes up, but it's in multicast mode, ignoring the "Remote address" parameter:
vxlan vni 42 local 172.16.0.254:4789 group 239.0.0.1:4789

To Reproduce

  1. Go to "Interfaces: Other Types: VXLAN" in "Edit VxLan"
  • VNI: 42
  • Source address: 172.16.0.254 (IP address of a firewall bound interface)
  • Remote address: 172.16.0.186
  • Multicast group: empty
  • Device: LAN
  1. Go to "Interfaces: Other Types: VXLAN" in "Edit VxLan"
  • VNI: 43
  • Source address: 172.16.0.254 (IP address of a firewall bound interface)
  • Remote address: 172.16.0.186
  • Multicast group: 239.0.0.1
  • Device: LAN

Expected behavior

  • When a Multicast group is set, it should be required to have Remote address empty, and the Device has to be NOT none
  • When a Remote address is set, it should be required to have Multicast group empty, and the Device has to be none

Additional context

Heres the precise troubleshooting of my user error:

https://forum.opnsense.org/index.php?topic=36205.0

It was pretty hard to troubleshoot, so I think the additional constraints could be a valid addition.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 23.7.4-amd64
FreeBSD 13.2-RELEASE-p3
OpenSSL 1.1.1v 1 Aug 2023
@AdSchellevis
Copy link
Member

The number of validations are quite limited indeed, if you want to take a shot at this one, just let me know. For inspiration, the vip model (https://github.com/opnsense/core/blob/master/src/opnsense/mvc/app/models/OPNsense/Interfaces/Vip.php) contains quite some of them which are hard to catch with standard field validations (https://docs.opnsense.org/development/frontend/models_fieldtypes.html), custom ones (https://docs.opnsense.org/development/frontend/models_customfields.html) and/or constraints (https://docs.opnsense.org/development/frontend/models_constraints.html).

@Monviech
Copy link
Sponsor Member Author

Sure I'll give it a try. Thank you for the examples, I will look at them.

@Monviech Monviech mentioned this issue Sep 30, 2023
Merged
@Monviech Monviech closed this as completed Oct 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AdSchellevis @Monviech