From 0b34071bf8e15104ee470daed684ff75521d2c83 Mon Sep 17 00:00:00 2001
From: Julien Fortin <jfortin@nvidia.com>
Date: Thu, 8 Apr 2021 02:07:04 +0200
Subject: [PATCH] addons: address: warn user if L3-SVI is configured with
 "ip-forward off"

Context:
"user accidentally disabled ip4 and ip6 forwarding on the L3-SVI for all VRF's.
we should add a check in ifupdown2 to warn user this is a bad config (symmetric
routing will not work if routing is disabled in this way)."

Signed-off-by: Julien Fortin <jfortin@nvidia.com>
---
 ifupdown2/addons/address.py | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/ifupdown2/addons/address.py b/ifupdown2/addons/address.py
index 7c05c8e..5464c39 100644
--- a/ifupdown2/addons/address.py
+++ b/ifupdown2/addons/address.py
@@ -271,7 +271,24 @@ class address(AddonWithIpBlackList, moduleBase):
                 and self.syntax_check_addr_allowed_on(ifaceobj, True)
                 and self.syntax_check_mtu(ifaceobj, ifaceobj_getfunc)
                 and self.syntax_check_sysctls(ifaceobj)
-                and self.syntax_check_enable_l3_iface_forwardings(ifaceobj, ifaceobj_getfunc, syntax_check=True))
+                and self.syntax_check_enable_l3_iface_forwardings(ifaceobj, ifaceobj_getfunc, syntax_check=True)
+                and self.syntax_check_l3_svi_ip_forward(ifaceobj))
+
+    def syntax_check_l3_svi_ip_forward(self, ifaceobj):
+        if ifaceobj.link_kind & ifaceLinkKind.VLAN and ifaceobj.link_privflags & ifaceLinkPrivFlags.VRF_SLAVE:
+            ip_forward = ifaceobj.get_attr_value_first("ip-forward")
+
+            if ip_forward and not utils.get_boolean_from_string(ip_forward):
+                self.log_error("%s: misconfiguration: disabling ip4 forwarding on an l3-svi is not allowed" % ifaceobj.name, ifaceobj)
+                return False
+
+            ip6_forward = ifaceobj.get_attr_value_first("ip6-forward")
+
+            if ip6_forward and not utils.get_boolean_from_string(ip6_forward):
+                self.log_error("%s: misconfiguration: disabling ip6 forwarding on an l3-svi is not allowed" % ifaceobj.name, ifaceobj)
+                return False
+
+        return True
 
     def syntax_check_enable_l3_iface_forwardings(self, ifaceobj, ifaceobj_getfunc, syntax_check=False):
         if (self.enable_l3_iface_forwarding_checks
@@ -832,6 +849,9 @@ class address(AddonWithIpBlackList, moduleBase):
             return
         if not self.syntax_check_sysctls(ifaceobj):
             return
+        if not self.syntax_check_l3_svi_ip_forward(ifaceobj):
+            return
+
         ipforward = ifaceobj.get_attr_value_first('ip-forward')
         ip6forward = ifaceobj.get_attr_value_first('ip6-forward')
         if ifupdownflags.flags.PERFMODE: