[lxc-devel] [lxd/master] Network: Validates DHCP ranges

tomponline on Github lxc-bot at linuxcontainers.org
Tue Aug 11 14:34:27 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200811/e4be4259/attachment.bin>
-------------- next part --------------
From e90cd6e0e6a7539e0e721d1ec12ab1bec9260732 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 11 Aug 2020 13:43:41 +0100
Subject: [PATCH 1/4] doc/networks: dns.search clarification

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 doc/networks.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/networks.md b/doc/networks.md
index e33e7b5ab4..1574f6781f 100644
--- a/doc/networks.md
+++ b/doc/networks.md
@@ -68,7 +68,7 @@ bridge.hwaddr                   | string    | -                     | -
 bridge.mode                     | string    | -                     | standard                  | Bridge operation mode ("standard" or "fan")
 bridge.mtu                      | integer   | -                     | 1500                      | Bridge MTU (default varies if tunnel or fan setup)
 dns.domain                      | string    | -                     | lxd                       | Domain to advertise to DHCP clients and use for DNS resolution
-dns.search                      | string    | -                     | -                         | Full comma separated domain search list, defaulting to dns.domain
+dns.search                      | string    | -                     | -                         | Full comma separated domain search list, defaulting to `dns.domain` value
 dns.mode                        | string    | -                     | managed                   | DNS registration mode ("none" for no DNS record, "managed" for LXD generated static records or "dynamic" for client generated records)
 fan.overlay\_subnet             | string    | fan mode              | 240.0.0.0/8               | Subnet to use as the overlay for the FAN (CIDR notation)
 fan.type                        | string    | fan mode              | vxlan                     | The tunneling type for the FAN ("vxlan" or "ipip")

From 27d1d4906471453b2fff66740b7a6b9c58b5ee9c Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 11 Aug 2020 15:05:48 +0100
Subject: [PATCH 2/4] lxd/network/driver/bridge: Validates
 bridge.external_interfaces using validate.Optional() helper

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/network/driver_bridge.go | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go
index 56d6260b95..bdae1e5a94 100644
--- a/lxd/network/driver_bridge.go
+++ b/lxd/network/driver_bridge.go
@@ -148,11 +148,7 @@ func (n *bridge) Validate(config map[string]string) error {
 		"bridge.driver": func(value string) error {
 			return validate.IsOneOf(value, []string{"native", "openvswitch"})
 		},
-		"bridge.external_interfaces": func(value string) error {
-			if value == "" {
-				return nil
-			}
-
+		"bridge.external_interfaces": validate.Optional(func(value string) error {
 			for _, entry := range strings.Split(value, ",") {
 				entry = strings.TrimSpace(entry)
 				if err := validInterfaceName(entry); err != nil {
@@ -161,7 +157,7 @@ func (n *bridge) Validate(config map[string]string) error {
 			}
 
 			return nil
-		},
+		}),
 		"bridge.hwaddr": validate.Optional(validate.IsNetworkMAC),
 		"bridge.mtu":    validate.Optional(validate.IsInt64),
 		"bridge.mode": func(value string) error {

From 6ed1012386d6a370877a4e5ae3d9fefdd452eb2e Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 11 Aug 2020 15:31:51 +0100
Subject: [PATCH 3/4] shared/validate: Adds network IP range validators

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 shared/validate/validate.go | 58 +++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)

diff --git a/shared/validate/validate.go b/shared/validate/validate.go
index 236b3e0431..c631995e6f 100644
--- a/shared/validate/validate.go
+++ b/shared/validate/validate.go
@@ -313,6 +313,64 @@ func IsNetworkV6List(value string) error {
 	return nil
 }
 
+// IsNetworkRangeV4 validates an IPv4 range in the format "start-end".
+func IsNetworkRangeV4(value string) error {
+	ips := strings.SplitN(value, "-", 2)
+	if len(ips) != 2 {
+		return fmt.Errorf("IP range must contain start and end IP addresses")
+	}
+
+	for _, ip := range ips {
+		err := IsNetworkAddressV4(ip)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// IsNetworkRangeV4List validates a comma delimited list of IPv4 ranges.
+func IsNetworkRangeV4List(value string) error {
+	for _, ipRange := range strings.Split(value, ",") {
+		err := IsNetworkRangeV4(strings.TrimSpace(ipRange))
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// IsNetworkRangeV6 validates an IPv6 range in the format "start-end".
+func IsNetworkRangeV6(value string) error {
+	ips := strings.SplitN(value, "-", 2)
+	if len(ips) != 2 {
+		return fmt.Errorf("IP range must contain start and end IP addresses")
+	}
+
+	for _, ip := range ips {
+		err := IsNetworkAddressV6(ip)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// IsNetworkRangeV6List validates a comma delimited list of IPv6 ranges.
+func IsNetworkRangeV6List(value string) error {
+	for _, ipRange := range strings.Split(value, ",") {
+		err := IsNetworkRangeV6(strings.TrimSpace(ipRange))
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 // IsNetworkVLAN validates a VLAN ID.
 func IsNetworkVLAN(value string) error {
 	vlanID, err := strconv.Atoi(value)

From d0d35b66ed3ec3430a05e13fa65dfbde81ef0e57 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 11 Aug 2020 15:32:10 +0100
Subject: [PATCH 4/4] lxd/network/driver/bridge: Adds DHCP IP range validation

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/network/driver_bridge.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go
index bdae1e5a94..30ab38014d 100644
--- a/lxd/network/driver_bridge.go
+++ b/lxd/network/driver_bridge.go
@@ -192,7 +192,7 @@ func (n *bridge) Validate(config map[string]string) error {
 		"ipv4.dhcp":         validate.Optional(validate.IsBool),
 		"ipv4.dhcp.gateway": validate.Optional(validate.IsNetworkAddressV4),
 		"ipv4.dhcp.expiry":  validate.IsAny,
-		"ipv4.dhcp.ranges":  validate.IsAny,
+		"ipv4.dhcp.ranges":  validate.Optional(validate.IsNetworkRangeV4List),
 		"ipv4.routes":       validate.Optional(validate.IsNetworkV4List),
 		"ipv4.routing":      validate.Optional(validate.IsBool),
 
@@ -212,7 +212,7 @@ func (n *bridge) Validate(config map[string]string) error {
 		"ipv6.dhcp":          validate.Optional(validate.IsBool),
 		"ipv6.dhcp.expiry":   validate.IsAny,
 		"ipv6.dhcp.stateful": validate.Optional(validate.IsBool),
-		"ipv6.dhcp.ranges":   validate.IsAny,
+		"ipv6.dhcp.ranges":   validate.Optional(validate.IsNetworkRangeV6List),
 		"ipv6.routes":        validate.Optional(validate.IsNetworkV6List),
 		"ipv6.routing":       validate.Optional(validate.IsBool),
 


More information about the lxc-devel mailing list