From 53651ec918d69d4c0ef83777753c2a3a20feb362 Mon Sep 17 00:00:00 2001 From: liorghub Date: Sun, 18 Feb 2024 14:34:44 +0200 Subject: [PATCH 1/3] Skip EVPN routes with invalid VNI or router mac field --- orchagent/routeorch.cpp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/orchagent/routeorch.cpp b/orchagent/routeorch.cpp index 041a988d5c..dea3d10262 100644 --- a/orchagent/routeorch.cpp +++ b/orchagent/routeorch.cpp @@ -807,6 +807,18 @@ void RouteOrch::doTask(Consumer& consumer) } else { + if(ipv.size() != rmacv.size()){ + SWSS_LOG_ERROR("Skip route %s, it has an invalid router mac field %s", key.c_str(), remote_macs.c_str()); + it = consumer.m_toSync.erase(it); + continue; + } + + if(ipv.size() != vni_labelv.size()){ + SWSS_LOG_ERROR("Skip route %s, it has an invalid vni label field %s", key.c_str(), vni_labels.c_str()); + it = consumer.m_toSync.erase(it); + continue; + } + for (uint32_t i = 0; i < ipv.size(); i++) { if (i) nhg_str += NHG_DELIMITER; From 4b02e68173fb6aac219f488dc216d06c993753ed Mon Sep 17 00:00:00 2001 From: liorghub Date: Thu, 29 Feb 2024 12:02:16 +0200 Subject: [PATCH 2/3] Add unittest for invalid EVPN route check --- tests/mock_tests/routeorch_ut.cpp | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/tests/mock_tests/routeorch_ut.cpp b/tests/mock_tests/routeorch_ut.cpp index 0bfe5ad073..c4cdf387f9 100644 --- a/tests/mock_tests/routeorch_ut.cpp +++ b/tests/mock_tests/routeorch_ut.cpp @@ -197,6 +197,10 @@ namespace routeorch_test ASSERT_EQ(gVrfOrch, nullptr); gVrfOrch = new VRFOrch(m_app_db.get(), APP_VRF_TABLE_NAME, m_state_db.get(), STATE_VRF_OBJECT_TABLE_NAME); + gDirectory.set(gVrfOrch); + + EvpnNvoOrch *evpn_orch = new EvpnNvoOrch(m_app_db.get(), APP_VXLAN_EVPN_NVO_TABLE_NAME); + gDirectory.set(evpn_orch); ASSERT_EQ(gIntfsOrch, nullptr); gIntfsOrch = new IntfsOrch(m_app_db.get(), APP_INTF_TABLE_NAME, gVrfOrch, m_chassis_app_db.get()); @@ -505,5 +509,32 @@ namespace routeorch_test static_cast(gRouteOrch)->doTask(); gMockResponsePublisher.reset(); + + TEST_F(RouteOrchTest, RouteOrchTestInvalidEvpnRoute) + { + std::deque entries; + entries.push_back({"Vrf1", "SET", { {"vni", "500100"}, {"v4", "true"}}}); + auto consumer = dynamic_cast(gVrfOrch->getExecutor(APP_VRF_TABLE_NAME)); + consumer->addToSync(entries); + static_cast(gVrfOrch)->doTask(); + + entries.clear(); + entries.push_back({"Vrf1:1.1.1.0/24", "SET", { {"ifname", "Ethernet0,Ethernet0"}, + {"nexthop", "10.0.0.2,10.0.0.3"}, + {"vni_label", "500100"}, + {"router_mac", "7e:f0:c0:e4:b2:5a,7e:f0:c0:e4:b2:5b"}}}); + entries.push_back({"Vrf1:2.1.1.0/24", "SET", { {"ifname", "Ethernet0,Ethernet0"}, + {"nexthop", "10.0.0.2,10.0.0.3"}, + {"vni_label", "500100,500100"}, + {"router_mac", "7e:f0:c0:e4:b2:5b"}}}); + consumer = dynamic_cast(gRouteOrch->getExecutor(APP_ROUTE_TABLE_NAME)); + consumer->addToSync(entries); + + auto current_create_count = create_route_count; + auto current_set_count = set_route_count; + + static_cast(gRouteOrch)->doTask(); + ASSERT_EQ(current_create_count, create_route_count); + ASSERT_EQ(current_set_count, set_route_count); } } From fc513b41b0850ffb62b1e72d87ccf3afd1f3b9fe Mon Sep 17 00:00:00 2001 From: liorghub Date: Mon, 4 Mar 2024 18:24:24 +0200 Subject: [PATCH 3/3] Added missing brackets in unittest --- tests/mock_tests/routeorch_ut.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/mock_tests/routeorch_ut.cpp b/tests/mock_tests/routeorch_ut.cpp index c4cdf387f9..d27b095046 100644 --- a/tests/mock_tests/routeorch_ut.cpp +++ b/tests/mock_tests/routeorch_ut.cpp @@ -509,6 +509,7 @@ namespace routeorch_test static_cast(gRouteOrch)->doTask(); gMockResponsePublisher.reset(); + } TEST_F(RouteOrchTest, RouteOrchTestInvalidEvpnRoute) {