From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 0241A1FF17C for ; Wed, 17 Sep 2025 20:11:05 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 16D08BE21; Wed, 17 Sep 2025 20:11:18 +0200 (CEST) Date: Wed, 17 Sep 2025 20:03:25 +0200 To: "Fiona Ebner" , "Proxmox VE development discussion" In-Reply-To: <25ea7224-3d59-453c-8ecb-bf354b62b73f@proxmox.com> References: <20250730212614.1264010-1-trygvis@inamo.no> <25ea7224-3d59-453c-8ecb-bf354b62b73f@proxmox.com> MIME-Version: 1.0 Message-ID: List-Id: Proxmox VE development discussion List-Post: From: =?utf-8?q?Trygve_Laugst=C3=B8l_via_pve-devel?= Precedence: list Cc: =?UTF-8?Q?Trygve_Laugst=C3=B8l?= X-Mailman-Version: 2.1.29 X-BeenThere: pve-devel@lists.proxmox.com List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Proxmox VE development discussion List-Help: Subject: Re: [pve-devel] [PATCH pve-network 1/1] fix #6569: ipam: netbox: better prefix lookup Content-Type: multipart/mixed; boundary="===============1182220323943709157==" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" --===============1182220323943709157== Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: pve-devel@lists.proxmox.com Delivered-To: pve-devel@lists.proxmox.com Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 12999D1F58 for ; Wed, 17 Sep 2025 20:11:16 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E6123BD97 for ; Wed, 17 Sep 2025 20:11:15 +0200 (CEST) Received: from fhigh-a2-smtp.messagingengine.com (fhigh-a2-smtp.messagingengine.com [103.168.172.153]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 17 Sep 2025 20:11:13 +0200 (CEST) Received: from phl-compute-12.internal (phl-compute-12.internal [10.202.2.52]) by mailfhigh.phl.internal (Postfix) with ESMTP id 474A314000B0; Wed, 17 Sep 2025 14:03:46 -0400 (EDT) Received: from phl-imap-16 ([10.202.2.88]) by phl-compute-12.internal (MEProxy); Wed, 17 Sep 2025 14:03:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inamo.no; h=cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1758132226; x=1758218626; bh=C635gR3KrZozbnA6ahio74Vs2Y36v1CbPleBnvDfhHc=; b= GWQyVfkVqPSSlH53EUlxE9eTPcFKISJ+rzUx6wjiwIHi85xenAxfnmbgOsahKNU5 OWTgWffbd2BG4/4cBXTJTN3/vLYS2iQhlD/OhfIUJv8Be8JRgK3PYbJ9Npsc46rx 0fu/UQ8BX/jJfya1i+BQ3JWn5fnS5/gKqCB206/+TbwDO6DW+0n7ISQ/tvtFUdTi +zWAZFxVuBNGHf6JfbM8WMWo/khjTRBD9hlHdL07e1xNxColu5y14fyGp1XaP8LL e90Yz7905CkPd7LQTnjvTgiYJ1zWBPOq5fEofIqz/xH6NbZ7l4TFNktO7OC/hcy5 xR/fi4miRrPLubenqaixFQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1758132226; x=1758218626; bh=C 635gR3KrZozbnA6ahio74Vs2Y36v1CbPleBnvDfhHc=; b=ZETFWXKpkcFu5rndX C6whXEGVbbdbIJLpDqmdOot4QUR1u8flfLStzBTRXjASEctEt7d3pTvqn5SH46V2 l7HpA3sd85/Xu64gazo+RF3/SAJ8558l6CJrk5/vMogF4HLclXvsm0qUbyG2D6Lq F8cHEum5zIBUWCip0J7MV+Vn93LnR19THg/r18decK7GiTLqzkDLm3Z67HYwJO7u TO5w1zPewg67ltbe5XP2hK/FrVnFEGo1BuRYGD+JPSvkCs+mA3BB7WomhKmIo4+U t4NwwWJfOYrJsOtSEJVPZLm4tWj5udEiOEt+bchqyIs4FT4qfv8pLhLM1LicOVAf 5VFoA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggdeggeduudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefoggffhffvkfgjfhfutgfgsehtqhertdertdejnecuhfhrohhmpefvrhihghhvvgcu nfgruhhgshhtpphluceothhrhihgvhhishesihhnrghmohdrnhhoqeenucggtffrrghtth gvrhhnpeduffevudeltdfhudeiudekudegudetuedtkeefueegkedttefgfeefieffgfet geenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehtrh ihghhvihhssehinhgrmhhordhnohdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhht phhouhhtpdhrtghpthhtohepphhvvgdquggvvhgvlheslhhishhtshdrphhrohigmhhogi drtghomhdprhgtphhtthhopehfrdgvsghnvghrsehprhhogihmohigrdgtohhm X-ME-Proxy: Feedback-ID: i6cf1495c:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id 6899D2CC0083; Wed, 17 Sep 2025 14:03:45 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface MIME-Version: 1.0 X-ThreadId: AFQFB75sqUKN Date: Wed, 17 Sep 2025 20:03:25 +0200 From: =?UTF-8?Q?Trygve_Laugst=C3=B8l?= To: "Fiona Ebner" , "Proxmox VE development discussion" Message-Id: In-Reply-To: <25ea7224-3d59-453c-8ecb-bf354b62b73f@proxmox.com> References: <20250730212614.1264010-1-trygvis@inamo.no> <25ea7224-3d59-453c-8ecb-bf354b62b73f@proxmox.com> Subject: Re: [pve-devel] [PATCH pve-network 1/1] fix #6569: ipam: netbox: better prefix lookup Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy JMQ_SPF_NEUTRAL 0.5 SPF set to ?all KAM_MAILER 2 Automated Mailer Tag Left in Email RCVD_IN_DNSWL_LOW -0.7 Sender listed at https://www.dnswl.org/, low trust RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [messagingengine.com,netboxplugin.pm,inamo.no] On Wed, Sep 17, 2025, at 15:15, Fiona Ebner wrote: > Sorry about the very late response and thank you for the contribution! > > Am 30.07.25 um 11:36 PM schrieb Trygve Laugst=C3=B8l via pve-devel: >> The problem description in #6569 is correct, but instead of depending= on the >> freetext query parameter "q", this uses the "prefix" parameter for an= explicit >> lookup. >>=20 >> This also checks if there are multiple prefixes that matched. This wi= ll happen >> if the same prefix is registered in multiple VRFs. >>=20 >> Signed-off-by: Trygve Laugst=C3=B8l >> --- >> src/PVE/Network/SDN/Ipams/NetboxPlugin.pm | 21 ++++++++++++++------- >> 1 file changed, 14 insertions(+), 7 deletions(-) >>=20 >> diff --git a/src/PVE/Network/SDN/Ipams/NetboxPlugin.pm b/src/PVE/Netw= ork/SDN/Ipams/NetboxPlugin.pm >> index e118d03..3799e47 100644 >> --- a/src/PVE/Network/SDN/Ipams/NetboxPlugin.pm >> +++ b/src/PVE/Network/SDN/Ipams/NetboxPlugin.pm >> @@ -423,18 +423,25 @@ sub on_update_hook { >> sub get_prefix_id { >> my ($config, $cidr, $noerr) =3D @_; >> =20 >> - # we need to supply any IP inside the prefix, without supplying = the mask, so >> - # just take the one from the cidr >> - my ($ip, undef) =3D split(/\//, $cidr); >> - >> - my $result =3D eval { netbox_api_request($config, "GET", "/ipam/= prefixes/?q=3D$ip") }; >> + # look up the prefix by matching the prefix exactly. >> + my $result =3D eval { netbox_api_request($config, "GET", "/ipam/= prefixes/?prefix=3D$cidr") }; >> if ($@) { >> return if $noerr; >> die "could not obtain ID for prefix $cidr: $@"; >> } >> =20 >> - my $data =3D @{ $result->{results} }[0]; >> - return $data->{id}; >> + # we can get multiple prefixes returned if the netbox configurat= ion allows >> + # it, or if the prefix is registered in different VRFs. >> + my $count =3D $result->{count} || 0; >> + if ($count > 1) { >> + die "ambiguous prefix lookup for $cidr: found $count matches= "; > > Can't this break existing setups where there are multiple prefixes? > Because the old code would just pick the first, but the new code would > die rather than also picking the first. > > If we really want this, it should honor the $noerr parameter and return > instead of die if $noerr is set. The current one would pick the first, but also a random, inconsistent on= e. A better solution here would be to somehow include the VRF as a part = of the lookup, but that requires a bigger expansion of the Netbox suppor= t than I'm prepared to do. Also, the code doesn't handle missing prefixes well so if the prefix is = removed on the Netbox side the current code will just not allow you to r= emove the subnet at all. But I guess that is another issue. --=20 Trygve >> + } >> + >> + if ($count =3D=3D 0) { >> + return; >> + } >> + >> + return $result->{results}[0]{id}; >> } >> =20 >> sub get_iprange_id { >> --=20 >> 2.47.2 >>=20 >> --===============1182220323943709157== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel --===============1182220323943709157==--