From 2e86d16d994f793ff9211b966066dfb5c2e9048b Mon Sep 17 00:00:00 2001 From: Renato Westphal Date: Wed, 29 Apr 2020 23:12:22 -0300 Subject: [PATCH] zebra: fix detection of VRF misconfiguration The netlink_vrf_change() function is called both when a VRF device is created in the Linux kernel and when it is activated. This commit changes this function to perform the VRF misconfiguration detection only when the VRF device is created, as doing the check twice would cause a false positive followed by a hard failure (not to mention the double check is unnecessary since the VRF table ID can't change once the device is created). Fixes #6319. Signed-off-by: Renato Westphal --- zebra/if_netlink.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/zebra/if_netlink.c b/zebra/if_netlink.c index 17b6edfed0..429bb968a5 100644 --- a/zebra/if_netlink.c +++ b/zebra/if_netlink.c @@ -310,22 +310,25 @@ static void netlink_vrf_change(struct nlmsghdr *h, struct rtattr *tb, nl_table_id = *(uint32_t *)RTA_DATA(attr[IFLA_VRF_TABLE]); if (h->nlmsg_type == RTM_NEWLINK) { - vrf_id_t exist_id; - if (IS_ZEBRA_DEBUG_KERNEL) zlog_debug("RTM_NEWLINK for VRF %s(%u) table %u", name, ifi->ifi_index, nl_table_id); - exist_id = vrf_lookup_by_table(nl_table_id, ns_id); - if (exist_id != VRF_DEFAULT) { - vrf = vrf_lookup_by_id(exist_id); + if (!vrf_lookup_by_id((vrf_id_t)ifi->ifi_index)) { + vrf_id_t exist_id; - flog_err( - EC_ZEBRA_VRF_MISCONFIGURED, - "VRF %s id %u table id overlaps existing vrf %s, misconfiguration exiting", - name, ifi->ifi_index, vrf->name); - exit(-1); + exist_id = vrf_lookup_by_table(nl_table_id, ns_id); + if (exist_id != VRF_DEFAULT) { + vrf = vrf_lookup_by_id(exist_id); + + flog_err( + EC_ZEBRA_VRF_MISCONFIGURED, + "VRF %s id %u table id overlaps existing vrf %s, misconfiguration exiting", + name, ifi->ifi_index, vrf->name); + exit(-1); + } } + /* * vrf_get is implied creation if it does not exist */ -- 2.39.5