[PATCH network v2] snat: handle interface lookup failures gracefully

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [PATCH network v2] snat: handle interface lookup failures gracefully
@ 2026-06-01 12:42 Lukas Sichert
  2026-06-11 15:20 ` Gabriel Goller
  0 siblings, 1 reply; 2+ messages in thread
From: Lukas Sichert @ 2026-06-01 12:42 UTC (permalink / raw)
  To: pve-devel; +Cc: Lukas Sichert

'When an IPv6 subnet is created in a Simple or EVPN zone, the setup code
runs 'ip route get 2001:4860:4860::8888' to determine the outgoing
interface. If the host has no IPv6 address configured, this command
fails and aborts the loop that iterates over the plugin's subnets. This
means that the current and subsequent bridges required for the VNETs are
not instantiated, even though they still appear in the GUI. Starting a
VM connected to such a VNET then fails with: 'TASK ERROR: bridge
'<vnet>' does not exist'.

Wrap the function that performs the route lookup in an eval block. If
the lookup fails, use 'log_warn' to write the error to the system log
and to the GUI and continue processing the remaining subnets in the
loop.

Signed-off-by: Lukas Sichert <l.sichert@proxmox.com>
---

Notes:
    changes from v1 to v2:
    -use log_warn instead of syslog to display the warning in the GUI as
    well
    -change the commit subject to better fit proxmox style

 src/PVE/Network/SDN/Zones/EvpnPlugin.pm   | 13 +++++++++++--
 src/PVE/Network/SDN/Zones/SimplePlugin.pm | 13 +++++++++++--
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
index dfbd7e9..0e79707 100644
--- a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -11,6 +11,7 @@ use PVE::INotify;
 use PVE::Cluster;
 use PVE::Tools;
 use Net::IP;
+use PVE::RESTEnvironment qw(log_warn);
 
 use PVE::Network::SDN::Controllers::EvpnPlugin;
 
@@ -269,8 +270,16 @@ sub generate_sdn_config {
         if ($subnet->{snat}) {
 
             #find outgoing interface
-            my ($outip, $outiface) =
-                PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+            my ($outip, $outiface);
+            eval {
+                ($outip, $outiface) =
+                    PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+            };
+            if ($@) {
+                my $msg = "interface for SNAT could not be resolved: $@";
+                log_warn($msg);
+                next;
+            }
             if ($outip && $outiface && $is_evpn_gateway) {
                 #use snat, faster than masquerade
                 push @iface_config,
diff --git a/src/PVE/Network/SDN/Zones/SimplePlugin.pm b/src/PVE/Network/SDN/Zones/SimplePlugin.pm
index f5cd18e..347eee9 100644
--- a/src/PVE/Network/SDN/Zones/SimplePlugin.pm
+++ b/src/PVE/Network/SDN/Zones/SimplePlugin.pm
@@ -7,6 +7,7 @@ use PVE::Network::SDN::Dhcp;
 use PVE::Exception qw(raise raise_param_exc);
 use PVE::Cluster;
 use PVE::Tools;
+use PVE::RESTEnvironment qw(log_warn);
 
 use base('PVE::Network::SDN::Zones::Plugin');
 
@@ -112,8 +113,16 @@ sub generate_sdn_config {
         push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32 && $ipversion == 4;
         if ($subnet->{snat}) {
             #find outgoing interface
-            my ($outip, $outiface) =
-                PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+            my ($outip, $outiface);
+            eval {
+                ($outip, $outiface) =
+                    PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+            };
+            if ($@) {
+                my $msg = "interface for SNAT could not be resolved: $@";
+                log_warn($msg);
+                next;
+            }
             if ($outip && $outiface) {
                 #use snat, faster than masquerade
                 push @iface_config,
-- 
2.47.3





^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH network v2] snat: handle interface lookup failures gracefully
  2026-06-01 12:42 [PATCH network v2] snat: handle interface lookup failures gracefully Lukas Sichert
@ 2026-06-11 15:20 ` Gabriel Goller
  0 siblings, 0 replies; 2+ messages in thread
From: Gabriel Goller @ 2026-06-11 15:20 UTC (permalink / raw)
  To: Lukas Sichert; +Cc: pve-devel

> 'When an IPv6 subnet is created in a Simple or EVPN zone, the setup code
> runs 'ip route get 2001:4860:4860::8888' to determine the outgoing
> interface. If the host has no IPv6 address configured, this command
> fails and aborts the loop that iterates over the plugin's subnets. This
> means that the current and subsequent bridges required for the VNETs are
> not instantiated, even though they still appear in the GUI. Starting a
> VM connected to such a VNET then fails with: 'TASK ERROR: bridge
> '<vnet>' does not exist'.
> 
> Wrap the function that performs the route lookup in an eval block. If
> the lookup fails, use 'log_warn' to write the error to the system log
> and to the GUI and continue processing the remaining subnets in the
> loop.
> 
> Signed-off-by: Lukas Sichert <l.sichert@proxmox.com>

LGTM

Reviewed-by: Gabriel Goller <g.goller@proxmox.com>
Tested-by: Gabriel Goller <g.goller@proxmox.com>

-- 
Gabriel Goller <g.goller@proxmox.com>




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-06-11 15:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-01 12:42 [PATCH network v2] snat: handle interface lookup failures gracefully Lukas Sichert
2026-06-11 15:20 ` Gabriel Goller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal