Bug 1959223 - CNO: invalid Netflow port causes ovnkube pods CrashLoopBackOff
Summary: CNO: invalid Netflow port causes ovnkube pods CrashLoopBackOff
Keywords:
Status: CLOSED DUPLICATE of bug 1960101
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.8
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.8.0
Assignee: Ben Pickard
QA Contact: Anurag saxena
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-11 02:57 UTC by Ross Brattain
Modified: 2021-05-20 20:15 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-05-20 20:15:23 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Ross Brattain 2021-05-11 02:57:24 UTC 
Description of problem:

CNO doesn't validate Port argument for exportNetworkFlows.  In this case a parseInt overflow.


Version-Release number of selected component (if applicable):

4.8.0-0.nightly-2021-05-08-132247

How reproducible:

always


Steps to Reproduce:
1. oc apply the following YAML

apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  name: cluster
spec:
  exportNetworkFlows:
    netFlow:
      collectors:
        - 10.131.0.9:20561244234


Actual results:

We fail in ovnkube strconv.ParseInt due to overflow.   The openAPIV3Schema doesn't reject this because we don't limit the length of the port string in the regex  `:[0-9]+$`

F0511 02:31:18.414329  312944 ovnkube.go:130] netflow targets invalid: collector port 20561244234 is not a valid port: strconv.ParseInt: parsing "20561244234": value out of range



Expected results:

Invalid inputs are rejected, ideally no CrashLoopBackoffs.


Additional info:
Comment 1 Ben Pickard 2021-05-20 20:15:23 UTC 

*** This bug has been marked as a duplicate of bug 1960101 ***
Note You need to log in before you can comment on or make changes to this bug.