diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-08-23 20:14:37 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-08-23 20:18:23 +0200 |
| commit | 005151f77be5cf999689cfd03620bbc39df59018 (patch) | |
| tree | 668e8e28d34efdff983b5df2f41b6a5a2706a6b7 | |
| parent | ec23c669710a1f98fd1bd2095ffb861007374bda (diff) | |
| download | vyos-1x-005151f77be5cf999689cfd03620bbc39df59018.tar.gz vyos-1x-005151f77be5cf999689cfd03620bbc39df59018.zip | |
vrf: T5428: stop DHCP processes on VRf removal
This is a workaround for the priority inversion from T5492 ("CLI node priority
is not inversed on node deletion"). As this is a corner case bug that's only
triggered if an interface is removed from a VRF and also the VRF is removed in
one commit, priorities are not honored.
Thus we implement this workaround which stop the DHCP(v6) client processes on
the VRF associated interfaces to get out the DHCP RELEASE message before
interfaces are shut down.
| -rwxr-xr-x | src/conf_mode/vrf.py | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 6ac79b9fa..37625142c 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -28,6 +28,7 @@ from vyos.template import render from vyos.template import render_to_string from vyos.utils.dict import dict_search from vyos.utils.network import get_interface_config +from vyos.utils.network import get_vrf_members from vyos.utils.network import interface_exists from vyos.utils.process import call from vyos.utils.process import cmd @@ -196,12 +197,23 @@ def apply(vrf): sysctl_write('net.ipv4.udp_l3mdev_accept', bind_all) for tmp in (dict_search('vrf_remove', vrf) or []): - if os.path.isdir(f'/sys/class/net/{tmp}'): - call(f'ip link delete dev {tmp}') + if interface_exists(tmp): + # T5492: deleting a VRF instance may leafe processes running + # (e.g. dhclient) as there is a depedency ordering issue in the CLI. + # We need to ensure that we stop the dhclient processes first so + # a proper DHCLP RELEASE message is sent + for interface in get_vrf_members(tmp): + vrf_iface = Interface(interface) + vrf_iface.set_dhcp(False) + vrf_iface.set_dhcpv6(False) + # Remove nftables conntrack zone map item nft_del_element = f'delete element inet vrf_zones ct_iface_map {{ "{tmp}" }}' cmd(f'nft {nft_del_element}') + # Delete the VRF Kernel interface + call(f'ip link delete dev {tmp}') + if 'name' in vrf: # Separate VRFs in conntrack table # check if table already exists |