From: Lukas Sichert <l.sichert@proxmox.com>
To: pve-devel@lists.proxmox.com
Cc: Lukas Sichert <l.sichert@proxmox.com>
Subject: [PATCH network] SNAT: handle interface lookup failures gracefully
Date: Mon, 20 Apr 2026 16:35:28 +0200 [thread overview]
Message-ID: <20260420143530.91158-1-l.sichert@proxmox.com> (raw)
When an IPv6 subnet is created in a Simple or EVPN zone, the setup code
runs `ip route get 2001:4860:4860::8888` to determine the outgoing
interface. If the host has no IPv6 address configured, this command
fails and aborts the loop that iterates over the plugin's subnets.
Since the error is only handled at a higher layer, any subnets that
would be processed later in the loop are skipped.
Wrap the function that performs the route lookup in an eval block. If
the lookup fails, write the error to the system log and continue
processing the remaining subnets in the loop.
Signed-off-by: Lukas Sichert <l.sichert@proxmox.com>
---
src/PVE/Network/SDN/Zones/EvpnPlugin.pm | 12 ++++++++++--
src/PVE/Network/SDN/Zones/SimplePlugin.pm | 12 ++++++++++--
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
index 8e7ddfd..a12922b 100644
--- a/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -11,6 +11,7 @@ use PVE::INotify;
use PVE::Cluster;
use PVE::Tools;
use Net::IP;
+use PVE::SafeSyslog;
use PVE::Network::SDN::Controllers::EvpnPlugin;
@@ -252,8 +253,15 @@ sub generate_sdn_config {
if ($subnet->{snat}) {
#find outgoing interface
- my ($outip, $outiface) =
- PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+ my ($outip, $outiface);
+ eval {
+ ($outip, $outiface) =
+ PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+ };
+ if ($@) {
+ syslog("warn", "interface for SNAT could not be resolved: $@");
+ next;
+ }
if ($outip && $outiface && $is_evpn_gateway) {
#use snat, faster than masquerade
push @iface_config,
diff --git a/src/PVE/Network/SDN/Zones/SimplePlugin.pm b/src/PVE/Network/SDN/Zones/SimplePlugin.pm
index f5cd18e..8ae7630 100644
--- a/src/PVE/Network/SDN/Zones/SimplePlugin.pm
+++ b/src/PVE/Network/SDN/Zones/SimplePlugin.pm
@@ -7,6 +7,7 @@ use PVE::Network::SDN::Dhcp;
use PVE::Exception qw(raise raise_param_exc);
use PVE::Cluster;
use PVE::Tools;
+use PVE::SafeSyslog;
use base('PVE::Network::SDN::Zones::Plugin');
@@ -112,8 +113,15 @@ sub generate_sdn_config {
push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32 && $ipversion == 4;
if ($subnet->{snat}) {
#find outgoing interface
- my ($outip, $outiface) =
- PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+ my ($outip, $outiface);
+ eval {
+ ($outip, $outiface) =
+ PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
+ };
+ if ($@) {
+ syslog("warn", "interface for SNAT could not be resolved: $@");
+ next;
+ }
if ($outip && $outiface) {
#use snat, faster than masquerade
push @iface_config,
--
2.47.3
reply other threads:[~2026-04-20 14:35 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260420143530.91158-1-l.sichert@proxmox.com \
--to=l.sichert@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox