From 4031791b4ec27e60b1e13bb32b0bdea897aacbc9 Mon Sep 17 00:00:00 2001 From: Petro Bratash <68950226+bratashX@users.noreply.github.com> Date: Sat, 7 Nov 2020 20:30:41 +0200 Subject: [PATCH] [lldp]: Add verification IPv4 address on LLDP conf Jinja2 Template (#5699) Fix #5812 LLDP conf Jinja2 Template does not verify IPv4 address and can use IPv6 version. This issue does not effect control LLDP daemon. Issue can be reproduced via `test_snmp_lldp` test. LLDP conf Jinja2 Template selects first item from the list of mgmt interfaces. TESTBED_1 LLDP conf ``` configure ports eth0 lldp portidsubtype local eth0 configure system ip management pattern FC00:3::32 configure system hostname dut-1 ``` TESTBED_2 LLDP conf ``` configure ports eth0 lldp portidsubtype local eth0 configure system ip management pattern 10.22.24.61 configure system hostname dut-2 ``` TESTBED_1 MGMT_INTERFACE ``` $ redis-cli -n 4 keys "*" | grep MGMT_INTERFACE MGMT_INTERFACE|eth0|10.22.24.53/23 MGMT_INTERFACE|eth0|FC00:3::32/64 ``` TESTBED_2 MGMT_INTERFACE ``` $ redis-cli -n 4 keys "*" | grep MGMT_INTERFACE MGMT_INTERFACE|eth0|FC00:3::32/64 MGMT_INTERFACE|eth0|10.22.24.61/23 ``` Signed-off-by: Petro Bratash --- dockers/docker-lldp-sv2/lldpd.conf.j2 | 23 ++++++++++++------- .../tests/data/lldp/mgmt_iface_ipv4.json | 12 ++++++++++ .../data/lldp/mgmt_iface_ipv4_and_ipv6.json | 15 ++++++++++++ .../tests/data/lldp/mgmt_iface_ipv6.json | 12 ++++++++++ .../{lldpd.conf => lldpd-ipv4-iface.conf} | 0 .../tests/sample_output/lldpd-ipv6-iface.conf | 2 ++ src/sonic-config-engine/tests/test_j2files.py | 23 +++++++++++++++++-- 7 files changed, 77 insertions(+), 10 deletions(-) create mode 100644 src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv4.json create mode 100644 src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv4_and_ipv6.json create mode 100644 src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv6.json rename src/sonic-config-engine/tests/sample_output/{lldpd.conf => lldpd-ipv4-iface.conf} (100%) create mode 100644 src/sonic-config-engine/tests/sample_output/lldpd-ipv6-iface.conf diff --git a/dockers/docker-lldp-sv2/lldpd.conf.j2 b/dockers/docker-lldp-sv2/lldpd.conf.j2 index 62891fe126..904784ef67 100644 --- a/dockers/docker-lldp-sv2/lldpd.conf.j2 +++ b/dockers/docker-lldp-sv2/lldpd.conf.j2 @@ -1,13 +1,20 @@ +{% set mgmt_if = {} %} {% if MGMT_INTERFACE %} -{# If MGMT port alias is available, use it for port ID subtype, otherwise use port name #} -{% set mgmt_port_name = MGMT_INTERFACE.keys()[0][0] %} -{% set ipv4 = MGMT_INTERFACE.keys()[0][1].split('/')[0] %} -{% if MGMT_PORT and MGMT_PORT[mgmt_port_name] and MGMT_PORT[mgmt_port_name].alias %} -configure ports eth0 lldp portidsubtype local {{ MGMT_PORT[mgmt_port_name].alias }} -{% else %} -configure ports eth0 lldp portidsubtype local {{ mgmt_port_name }} +{% for (mgmt_name, mgmt_prefix) in MGMT_INTERFACE|pfx_filter %} +{% if mgmt_prefix|ipv4 %} +{% if mgmt_if.update({'port_name' : mgmt_name}) %} {% endif %} +{% if mgmt_if.update({'ipv4' : mgmt_prefix|ip}) %} {% endif %} {% endif %} -configure system ip management pattern {{ ipv4 }} +{% endfor %} +{% endif %} +{% if mgmt_if %} +{# If MGMT port alias is available, use it for port ID subtype, otherwise use port name #} +{% if MGMT_PORT and MGMT_PORT[mgmt_if.port_name] and MGMT_PORT[mgmt_if.port_name].alias %} +configure ports eth0 lldp portidsubtype local {{ MGMT_PORT[mgmt_if.port_name].alias }} +{% else %} +configure ports eth0 lldp portidsubtype local {{ mgmt_if.port_name }} +{% endif %} +configure system ip management pattern {{ mgmt_if.ipv4 }} {% endif %} configure system hostname {{ DEVICE_METADATA['localhost']['hostname'] }} {# pause lldpd operations until all interfaces are well configured, resume command will run in lldpmgrd #} diff --git a/src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv4.json b/src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv4.json new file mode 100644 index 0000000000..c38b677aad --- /dev/null +++ b/src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv4.json @@ -0,0 +1,12 @@ +{ + "DEVICE_METADATA": { + "localhost": { + "hostname": "switch-t0" + } + }, + "MGMT_INTERFACE": { + "eth0|10.0.0.100/24": { + "gwaddr": "10.0.0.100" + } + } +} diff --git a/src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv4_and_ipv6.json b/src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv4_and_ipv6.json new file mode 100644 index 0000000000..87f887fb87 --- /dev/null +++ b/src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv4_and_ipv6.json @@ -0,0 +1,15 @@ +{ + "DEVICE_METADATA": { + "localhost": { + "hostname": "switch-t0" + } + }, + "MGMT_INTERFACE": { + "eth0|10.0.0.100/24": { + "gwaddr": "10.0.0.100" + }, + "eth0|2603:10e2:0:2902::8/64": { + "gwaddr": "2603:10e2:0:2902::8" + } + } +} diff --git a/src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv6.json b/src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv6.json new file mode 100644 index 0000000000..c1dd4964c6 --- /dev/null +++ b/src/sonic-config-engine/tests/data/lldp/mgmt_iface_ipv6.json @@ -0,0 +1,12 @@ +{ + "DEVICE_METADATA": { + "localhost": { + "hostname": "switch-t0" + } + }, + "MGMT_INTERFACE": { + "eth0|2603:10e2:0:2902::8/64": { + "gwaddr": "2603:10e2:0:2902::8" + } + } +} diff --git a/src/sonic-config-engine/tests/sample_output/lldpd.conf b/src/sonic-config-engine/tests/sample_output/lldpd-ipv4-iface.conf similarity index 100% rename from src/sonic-config-engine/tests/sample_output/lldpd.conf rename to src/sonic-config-engine/tests/sample_output/lldpd-ipv4-iface.conf diff --git a/src/sonic-config-engine/tests/sample_output/lldpd-ipv6-iface.conf b/src/sonic-config-engine/tests/sample_output/lldpd-ipv6-iface.conf new file mode 100644 index 0000000000..f5727556fd --- /dev/null +++ b/src/sonic-config-engine/tests/sample_output/lldpd-ipv6-iface.conf @@ -0,0 +1,2 @@ +configure system hostname switch-t0 +pause diff --git a/src/sonic-config-engine/tests/test_j2files.py b/src/sonic-config-engine/tests/test_j2files.py index 1eccdd94ee..c70fc84823 100644 --- a/src/sonic-config-engine/tests/test_j2files.py +++ b/src/sonic-config-engine/tests/test_j2files.py @@ -61,9 +61,28 @@ class TestJ2Files(TestCase): def test_lldp(self): lldpd_conf_template = os.path.join(self.test_dir, '..', '..', '..', 'dockers', 'docker-lldp-sv2', 'lldpd.conf.j2') - argument = '-m ' + self.t0_minigraph + ' -p ' + self.t0_port_config + ' -t ' + lldpd_conf_template + ' > ' + self.output_file + + expected_mgmt_ipv4 = os.path.join(self.test_dir, 'sample_output', 'lldpd-ipv4-iface.conf') + expected_mgmt_ipv6 = os.path.join(self.test_dir, 'sample_output', 'lldpd-ipv6-iface.conf') + expected_mgmt_ipv4_and_ipv6 = expected_mgmt_ipv4 + + # Test generation of lldpd.conf if IPv4 and IPv6 management interfaces exist + mgmt_iface_ipv4_and_ipv6_json = os.path.join(self.test_dir, "data", "lldp", "mgmt_iface_ipv4_and_ipv6.json") + argument = '-j {} -t {} > {}'.format(mgmt_iface_ipv4_and_ipv6_json, lldpd_conf_template, self.output_file) self.run_script(argument) - self.assertTrue(filecmp.cmp(os.path.join(self.test_dir, 'sample_output', 'lldpd.conf'), self.output_file)) + self.assertTrue(filecmp.cmp(expected_mgmt_ipv4_and_ipv6, self.output_file)) + + # Test generation of lldpd.conf if management interface IPv4 only exist + mgmt_iface_ipv4_json = os.path.join(self.test_dir, "data", "lldp", "mgmt_iface_ipv4.json") + argument = '-j {} -t {} > {}'.format(mgmt_iface_ipv4_json, lldpd_conf_template, self.output_file) + self.run_script(argument) + self.assertTrue(filecmp.cmp(expected_mgmt_ipv4, self.output_file)) + + # Test generation of lldpd.conf if Management interface IPv6 only exist + mgmt_iface_ipv6_json = os.path.join(self.test_dir, "data", "lldp", "mgmt_iface_ipv6.json") + argument = '-j {} -t {} > {}'.format(mgmt_iface_ipv6_json, lldpd_conf_template, self.output_file) + self.run_script(argument) + self.assertTrue(filecmp.cmp(expected_mgmt_ipv6, self.output_file)) def test_bgpd_quagga(self): conf_template = os.path.join(self.test_dir, '..', '..', '..', 'dockers', 'docker-fpm-quagga', 'bgpd.conf.j2')