IP Route: subnet's host_houtes attribute and router's routes accept the invalidate subnets.

Thank you for your bug report.

I managed to reproduce the problem with:

neutron master @ dd14501c12243a8e5fb4086ba461482e54ac75bc and more importantly
neutron-lib master @ 1e6a07c5fc8275b11044091cfbd0b580d3a0ebd3.

This is the first error message I see in the l3-agent log.

# journalctl -u devstack@neutron-l3
dec 03 11:32:13 devstack0 neutron-l3-agent[24589]: DEBUG neutron.agent.linux.utils [-] Running command (rootwrap daemon): ['ip', 'netns', 'exec', 'qrouter-64e58dbe-21ed-4a5d-a9ac-32236b627f3a', 'ip', 'route', 'replace', 'to', '10.10.10.1/
24', 'via', '10.10.10.17'] {{(pid=24589) execute_rootwrap_daemon /opt/stack/neutron/neutron/agent/linux/utils.py:103}}
dec 03 11:32:13 devstack0 neutron-l3-agent[24589]: ERROR neutron.agent.linux.utils [-] Exit code: 2; Stdin: ; Stdout: ; Stderr: Error: Invalid prefix for given prefix length.

I'm setting the importance to 'low', because it looks like to me there's no regression introduced here.

Looking at the code (starting here https://github.com/openstack/neutron-lib/blob/master/neutron_lib/api/validators/__init__.py#L1086) I'm wondering if we should consider this bug to have its root cause in validate_subnet() instead of in validate_hostroutes() because that's what validate_hostroutes calls.

As a first attempt I'd suggest improving the subnet validation by rejecting subnet definitions in the format 'IP/prefix' instead of the conventional 'network address/prefix' format. Technically that seems easy with netaddr:

>>> import netaddr
>>> n = netaddr.IPNetwork('1.2.3.4/24')
>>> if n.ip != n.network:
>>> ... the expected error message

Then tests and reviewers could tell if narrowing what we consider valid subnet input works out or we have to think about an alternative. I'm assuming you're working on a patch since you assinged the bug to yourself.

a new infomation:
    scenario 2: router's routes

    when I run the command " openstack router set --router destination=10.10.10.1/24,gateway=10.10.10.17 TestRouter ", the debug informations is: "Stderr: RTNETLINK answers: Invalid argument".

Thanks, The solution we are going to commit is similar to yours.

Fix proposed to branch: master
Review: https://review.openstack.org/623415

Related fix proposed to branch: master
Review: https://review.openstack.org/623420

Reviewed: https://review.openstack.org/623415
Committed: https://git.openstack.org/cgit/openstack/neutron-lib/commit/?id=7da36840989c29d27903283785fdc7b8723b5ecc
Submitter: Zuul
Branch: master

commit 7da36840989c29d27903283785fdc7b8723b5ecc
Author: longqianzhao <email address hidden>
Date: Sat Dec 8 00:23:37 2018 +0800

    Modify the judgment method of CIDR and Add utests

    The routing table could not add information, because
    the original method could not identify the invalid CIDR.
    This patch modify the judgement method. It will help
    the router working normally.

    Co-Authored-By: Allain Legacy <email address hidden>

    Change-Id: I4db2e35303492aeda7e14cf9d525cc9b4a54ac36
    Closes-Bug: #1805991
    Story: 2004567

This issue was fixed in the openstack/neutron-lib 1.22.0 release.

Reviewed: https://review.openstack.org/623420
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=4cbaa060316441b1d3dae58c6d0928789037213b
Submitter: Zuul
Branch: master

commit 4cbaa060316441b1d3dae58c6d0928789037213b
Author: longqianzhao <email address hidden>
Date: Fri Dec 7 23:18:36 2018 +0800

    Add test cases: invalidate CIDR

    Add the invalid CIDR for verifing the modified
    method is valid.

    Co-Authored-By: Allain Legacy <email address hidden>

    Depends-On: https://review.openstack.org/623415/
    Change-Id: I0f051130e4708682104bd935b23991b534fc99d2
    Related-Bug: #1805991
    Story: 2004567