[lxc-devel] [lxd/master] Network: Validates DHCP ranges
tomponline on Github
lxc-bot at linuxcontainers.org
Tue Aug 11 14:34:27 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200811/e4be4259/attachment.bin>
-------------- next part --------------
From e90cd6e0e6a7539e0e721d1ec12ab1bec9260732 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 11 Aug 2020 13:43:41 +0100
Subject: [PATCH 1/4] doc/networks: dns.search clarification
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
doc/networks.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/networks.md b/doc/networks.md
index e33e7b5ab4..1574f6781f 100644
--- a/doc/networks.md
+++ b/doc/networks.md
@@ -68,7 +68,7 @@ bridge.hwaddr | string | - | -
bridge.mode | string | - | standard | Bridge operation mode ("standard" or "fan")
bridge.mtu | integer | - | 1500 | Bridge MTU (default varies if tunnel or fan setup)
dns.domain | string | - | lxd | Domain to advertise to DHCP clients and use for DNS resolution
-dns.search | string | - | - | Full comma separated domain search list, defaulting to dns.domain
+dns.search | string | - | - | Full comma separated domain search list, defaulting to `dns.domain` value
dns.mode | string | - | managed | DNS registration mode ("none" for no DNS record, "managed" for LXD generated static records or "dynamic" for client generated records)
fan.overlay\_subnet | string | fan mode | 240.0.0.0/8 | Subnet to use as the overlay for the FAN (CIDR notation)
fan.type | string | fan mode | vxlan | The tunneling type for the FAN ("vxlan" or "ipip")
From 27d1d4906471453b2fff66740b7a6b9c58b5ee9c Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 11 Aug 2020 15:05:48 +0100
Subject: [PATCH 2/4] lxd/network/driver/bridge: Validates
bridge.external_interfaces using validate.Optional() helper
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/network/driver_bridge.go | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go
index 56d6260b95..bdae1e5a94 100644
--- a/lxd/network/driver_bridge.go
+++ b/lxd/network/driver_bridge.go
@@ -148,11 +148,7 @@ func (n *bridge) Validate(config map[string]string) error {
"bridge.driver": func(value string) error {
return validate.IsOneOf(value, []string{"native", "openvswitch"})
},
- "bridge.external_interfaces": func(value string) error {
- if value == "" {
- return nil
- }
-
+ "bridge.external_interfaces": validate.Optional(func(value string) error {
for _, entry := range strings.Split(value, ",") {
entry = strings.TrimSpace(entry)
if err := validInterfaceName(entry); err != nil {
@@ -161,7 +157,7 @@ func (n *bridge) Validate(config map[string]string) error {
}
return nil
- },
+ }),
"bridge.hwaddr": validate.Optional(validate.IsNetworkMAC),
"bridge.mtu": validate.Optional(validate.IsInt64),
"bridge.mode": func(value string) error {
From 6ed1012386d6a370877a4e5ae3d9fefdd452eb2e Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 11 Aug 2020 15:31:51 +0100
Subject: [PATCH 3/4] shared/validate: Adds network IP range validators
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
shared/validate/validate.go | 58 +++++++++++++++++++++++++++++++++++++
1 file changed, 58 insertions(+)
diff --git a/shared/validate/validate.go b/shared/validate/validate.go
index 236b3e0431..c631995e6f 100644
--- a/shared/validate/validate.go
+++ b/shared/validate/validate.go
@@ -313,6 +313,64 @@ func IsNetworkV6List(value string) error {
return nil
}
+// IsNetworkRangeV4 validates an IPv4 range in the format "start-end".
+func IsNetworkRangeV4(value string) error {
+ ips := strings.SplitN(value, "-", 2)
+ if len(ips) != 2 {
+ return fmt.Errorf("IP range must contain start and end IP addresses")
+ }
+
+ for _, ip := range ips {
+ err := IsNetworkAddressV4(ip)
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+// IsNetworkRangeV4List validates a comma delimited list of IPv4 ranges.
+func IsNetworkRangeV4List(value string) error {
+ for _, ipRange := range strings.Split(value, ",") {
+ err := IsNetworkRangeV4(strings.TrimSpace(ipRange))
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+// IsNetworkRangeV6 validates an IPv6 range in the format "start-end".
+func IsNetworkRangeV6(value string) error {
+ ips := strings.SplitN(value, "-", 2)
+ if len(ips) != 2 {
+ return fmt.Errorf("IP range must contain start and end IP addresses")
+ }
+
+ for _, ip := range ips {
+ err := IsNetworkAddressV6(ip)
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+// IsNetworkRangeV6List validates a comma delimited list of IPv6 ranges.
+func IsNetworkRangeV6List(value string) error {
+ for _, ipRange := range strings.Split(value, ",") {
+ err := IsNetworkRangeV6(strings.TrimSpace(ipRange))
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
// IsNetworkVLAN validates a VLAN ID.
func IsNetworkVLAN(value string) error {
vlanID, err := strconv.Atoi(value)
From d0d35b66ed3ec3430a05e13fa65dfbde81ef0e57 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 11 Aug 2020 15:32:10 +0100
Subject: [PATCH 4/4] lxd/network/driver/bridge: Adds DHCP IP range validation
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/network/driver_bridge.go | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go
index bdae1e5a94..30ab38014d 100644
--- a/lxd/network/driver_bridge.go
+++ b/lxd/network/driver_bridge.go
@@ -192,7 +192,7 @@ func (n *bridge) Validate(config map[string]string) error {
"ipv4.dhcp": validate.Optional(validate.IsBool),
"ipv4.dhcp.gateway": validate.Optional(validate.IsNetworkAddressV4),
"ipv4.dhcp.expiry": validate.IsAny,
- "ipv4.dhcp.ranges": validate.IsAny,
+ "ipv4.dhcp.ranges": validate.Optional(validate.IsNetworkRangeV4List),
"ipv4.routes": validate.Optional(validate.IsNetworkV4List),
"ipv4.routing": validate.Optional(validate.IsBool),
@@ -212,7 +212,7 @@ func (n *bridge) Validate(config map[string]string) error {
"ipv6.dhcp": validate.Optional(validate.IsBool),
"ipv6.dhcp.expiry": validate.IsAny,
"ipv6.dhcp.stateful": validate.Optional(validate.IsBool),
- "ipv6.dhcp.ranges": validate.IsAny,
+ "ipv6.dhcp.ranges": validate.Optional(validate.IsNetworkRangeV6List),
"ipv6.routes": validate.Optional(validate.IsNetworkV6List),
"ipv6.routing": validate.Optional(validate.IsBool),
More information about the lxc-devel
mailing list