4eb3b8
From 7bd016008429f0a18393a070d88e669f3ed89caa Mon Sep 17 00:00:00 2001
65b69d
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
4eb3b8
Date: Fri, 11 Feb 2022 14:37:46 +0100
65b69d
Subject: [PATCH] Fix IPv6 netmask format for sysconfig (#1215)
65b69d
65b69d
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
4eb3b8
RH-MergeRequest: 48: Fix IPv6 netmask format for sysconfig (#1215)
4eb3b8
RH-Commit: [1/1] 4c940bbcf85dba1fce9f4acb9fc7820c0d7777f6
4eb3b8
RH-Bugzilla: 2046540
65b69d
RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
4eb3b8
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
65b69d
65b69d
commit b97a30f0a05c1dea918c46ca9c05c869d15fe2d5
65b69d
Author: Harald <hjensas@redhat.com>
65b69d
Date:   Tue Feb 8 15:49:00 2022 +0100
65b69d
65b69d
    Fix IPv6 netmask format for sysconfig (#1215)
65b69d
65b69d
    This change converts the IPv6 netmask from the network_data.json[1]
65b69d
    format to the CIDR style, <IPv6_addr>/<prefix>.
65b69d
65b69d
    Using an IPv6 address like ffff:ffff:ffff:ffff:: does not work with
65b69d
    NetworkManager, nor networkscripts.
65b69d
65b69d
    NetworkManager will ignore the route, logging:
65b69d
      ifcfg-rh: ignoring invalid route at \
65b69d
        "::/:: via fd00:fd00:fd00:2::fffe dev $DEV" \
65b69d
        (/etc/sysconfig/network-scripts/route6-$DEV:3): \
65b69d
        Argument for "::/::" is not ADDR/PREFIX format
65b69d
65b69d
    Similarly if using networkscripts, ip route fail with error:
65b69d
      Error: inet6 prefix is expected rather than \
65b69d
        "fd00:fd00:fd00::/ffff:ffff:ffff:ffff::".
65b69d
65b69d
    Also a bit of refactoring ...
65b69d
65b69d
    cloudinit.net.sysconfig.Route.to_string:
65b69d
    * Move a couple of lines around to reduce repeated code.
65b69d
    * if "ADDRESS" not in key -> continute, so that the
65b69d
      code block following it can be de-indented.
65b69d
    cloudinit.net.network_state:
65b69d
    * Refactors the ipv4_mask_to_net_prefix, ipv6_mask_to_net_prefix
65b69d
      removes mask_to_net_prefix methods. Utilize ipaddress library to
65b69d
      do some of the heavy lifting.
65b69d
65b69d
    LP: #1959148
65b69d
65b69d
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
65b69d
---
65b69d
 cloudinit/net/__init__.py                     |   7 +-
65b69d
 cloudinit/net/network_state.py                | 103 +++++++-----------
65b69d
 cloudinit/net/sysconfig.py                    |  91 ++++++++++------
65b69d
 cloudinit/sources/DataSourceOpenNebula.py     |   2 +-
65b69d
 .../sources/helpers/vmware/imc/config_nic.py  |   4 +-
65b69d
 tests/unittests/test_net.py                   |  78 ++++++++++++-
65b69d
 6 files changed, 176 insertions(+), 109 deletions(-)
65b69d
65b69d
diff --git a/cloudinit/net/__init__.py b/cloudinit/net/__init__.py
65b69d
index 003efa2a..12bf64de 100644
65b69d
--- a/cloudinit/net/__init__.py
65b69d
+++ b/cloudinit/net/__init__.py
65b69d
@@ -14,7 +14,7 @@ import re
65b69d
 
65b69d
 from cloudinit import subp
65b69d
 from cloudinit import util
65b69d
-from cloudinit.net.network_state import mask_to_net_prefix
65b69d
+from cloudinit.net.network_state import ipv4_mask_to_net_prefix
65b69d
 from cloudinit.url_helper import UrlError, readurl
65b69d
 
65b69d
 LOG = logging.getLogger(__name__)
65b69d
@@ -1048,10 +1048,11 @@ class EphemeralIPv4Network(object):
65b69d
                 'Cannot init network on {0} with {1}/{2} and bcast {3}'.format(
65b69d
                     interface, ip, prefix_or_mask, broadcast))
65b69d
         try:
65b69d
-            self.prefix = mask_to_net_prefix(prefix_or_mask)
65b69d
+            self.prefix = ipv4_mask_to_net_prefix(prefix_or_mask)
65b69d
         except ValueError as e:
65b69d
             raise ValueError(
65b69d
-                'Cannot setup network: {0}'.format(e)
65b69d
+                "Cannot setup network, invalid prefix or "
65b69d
+                "netmask: {0}".format(e)
65b69d
             ) from e
65b69d
 
65b69d
         self.connectivity_url = connectivity_url
65b69d
diff --git a/cloudinit/net/network_state.py b/cloudinit/net/network_state.py
65b69d
index e8bf9e39..2768ef94 100644
65b69d
--- a/cloudinit/net/network_state.py
65b69d
+++ b/cloudinit/net/network_state.py
65b69d
@@ -6,6 +6,7 @@
65b69d
 
65b69d
 import copy
65b69d
 import functools
65b69d
+import ipaddress
65b69d
 import logging
65b69d
 import socket
65b69d
 import struct
65b69d
@@ -872,12 +873,18 @@ def _normalize_net_keys(network, address_keys=()):
65b69d
         try:
65b69d
             prefix = int(maybe_prefix)
65b69d
         except ValueError:
65b69d
-            # this supports input of <address>/255.255.255.0
65b69d
-            prefix = mask_to_net_prefix(maybe_prefix)
65b69d
-    elif netmask:
65b69d
-        prefix = mask_to_net_prefix(netmask)
65b69d
-    elif 'prefix' in net:
65b69d
-        prefix = int(net['prefix'])
65b69d
+            if ipv6:
65b69d
+                # this supports input of ffff:ffff:ffff::
65b69d
+                prefix = ipv6_mask_to_net_prefix(maybe_prefix)
65b69d
+            else:
65b69d
+                # this supports input of 255.255.255.0
65b69d
+                prefix = ipv4_mask_to_net_prefix(maybe_prefix)
65b69d
+    elif netmask and not ipv6:
65b69d
+        prefix = ipv4_mask_to_net_prefix(netmask)
65b69d
+    elif netmask and ipv6:
65b69d
+        prefix = ipv6_mask_to_net_prefix(netmask)
65b69d
+    elif "prefix" in net:
65b69d
+        prefix = int(net["prefix"])
65b69d
     else:
65b69d
         prefix = 64 if ipv6 else 24
65b69d
 
65b69d
@@ -972,72 +979,42 @@ def ipv4_mask_to_net_prefix(mask):
65b69d
        str(24)         => 24
65b69d
        "24"            => 24
65b69d
     """
65b69d
-    if isinstance(mask, int):
65b69d
-        return mask
65b69d
-    if isinstance(mask, str):
65b69d
-        try:
65b69d
-            return int(mask)
65b69d
-        except ValueError:
65b69d
-            pass
65b69d
-    else:
65b69d
-        raise TypeError("mask '%s' is not a string or int")
65b69d
-
65b69d
-    if '.' not in mask:
65b69d
-        raise ValueError("netmask '%s' does not contain a '.'" % mask)
65b69d
-
65b69d
-    toks = mask.split(".")
65b69d
-    if len(toks) != 4:
65b69d
-        raise ValueError("netmask '%s' had only %d parts" % (mask, len(toks)))
65b69d
-
65b69d
-    return sum([bin(int(x)).count('1') for x in toks])
65b69d
+    return ipaddress.ip_network(f"0.0.0.0/{mask}").prefixlen
65b69d
 
65b69d
 
65b69d
 def ipv6_mask_to_net_prefix(mask):
65b69d
     """Convert an ipv6 netmask (very uncommon) or prefix (64) to prefix.
65b69d
 
65b69d
-    If 'mask' is an integer or string representation of one then
65b69d
-    int(mask) will be returned.
65b69d
+    If the input is already an integer or a string representation of
65b69d
+    an integer, then int(mask) will be returned.
65b69d
+       "ffff:ffff:ffff::"  => 48
65b69d
+       "48"                => 48
65b69d
     """
65b69d
-
65b69d
-    if isinstance(mask, int):
65b69d
-        return mask
65b69d
-    if isinstance(mask, str):
65b69d
-        try:
65b69d
-            return int(mask)
65b69d
-        except ValueError:
65b69d
-            pass
65b69d
-    else:
65b69d
-        raise TypeError("mask '%s' is not a string or int")
65b69d
-
65b69d
-    if ':' not in mask:
65b69d
-        raise ValueError("mask '%s' does not have a ':'")
65b69d
-
65b69d
-    bitCount = [0, 0x8000, 0xc000, 0xe000, 0xf000, 0xf800, 0xfc00, 0xfe00,
65b69d
-                0xff00, 0xff80, 0xffc0, 0xffe0, 0xfff0, 0xfff8, 0xfffc,
65b69d
-                0xfffe, 0xffff]
65b69d
-    prefix = 0
65b69d
-    for word in mask.split(':'):
65b69d
-        if not word or int(word, 16) == 0:
65b69d
-            break
65b69d
-        prefix += bitCount.index(int(word, 16))
65b69d
-
65b69d
-    return prefix
65b69d
-
65b69d
-
65b69d
-def mask_to_net_prefix(mask):
65b69d
-    """Return the network prefix for the netmask provided.
65b69d
-
65b69d
-    Supports ipv4 or ipv6 netmasks."""
65b69d
     try:
65b69d
-        # if 'mask' is a prefix that is an integer.
65b69d
-        # then just return it.
65b69d
-        return int(mask)
65b69d
+        # In the case the mask is already a prefix
65b69d
+        prefixlen = ipaddress.ip_network(f"::/{mask}").prefixlen
65b69d
+        return prefixlen
65b69d
     except ValueError:
65b69d
+        # ValueError means mask is an IPv6 address representation and need
65b69d
+        # conversion.
65b69d
         pass
65b69d
-    if is_ipv6_addr(mask):
65b69d
-        return ipv6_mask_to_net_prefix(mask)
65b69d
-    else:
65b69d
-        return ipv4_mask_to_net_prefix(mask)
65b69d
+
65b69d
+    netmask = ipaddress.ip_address(mask)
65b69d
+    mask_int = int(netmask)
65b69d
+    # If the mask is all zeroes, just return it
65b69d
+    if mask_int == 0:
65b69d
+        return mask_int
65b69d
+
65b69d
+    trailing_zeroes = min(
65b69d
+        ipaddress.IPV6LENGTH, (~mask_int & (mask_int - 1)).bit_length()
65b69d
+    )
65b69d
+    leading_ones = mask_int >> trailing_zeroes
65b69d
+    prefixlen = ipaddress.IPV6LENGTH - trailing_zeroes
65b69d
+    all_ones = (1 << prefixlen) - 1
65b69d
+    if leading_ones != all_ones:
65b69d
+        raise ValueError("Invalid network mask '%s'" % mask)
65b69d
+
65b69d
+    return prefixlen
65b69d
 
65b69d
 
65b69d
 def mask_and_ipv4_to_bcast_addr(mask, ip):
65b69d
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
65b69d
index d5440998..7ecbe1c3 100644
65b69d
--- a/cloudinit/net/sysconfig.py
65b69d
+++ b/cloudinit/net/sysconfig.py
65b69d
@@ -12,6 +12,7 @@ from cloudinit import util
65b69d
 from cloudinit import subp
65b69d
 from cloudinit.distros.parsers import networkmanager_conf
65b69d
 from cloudinit.distros.parsers import resolv_conf
65b69d
+from cloudinit.net import network_state
65b69d
 
65b69d
 from . import renderer
65b69d
 from .network_state import (
65b69d
@@ -171,43 +172,61 @@ class Route(ConfigMap):
65b69d
         # (because Route can contain a mix of IPv4 and IPv6)
65b69d
         reindex = -1
65b69d
         for key in sorted(self._conf.keys()):
65b69d
-            if 'ADDRESS' in key:
65b69d
-                index = key.replace('ADDRESS', '')
65b69d
-                address_value = str(self._conf[key])
65b69d
-                # only accept combinations:
65b69d
-                # if proto ipv6 only display ipv6 routes
65b69d
-                # if proto ipv4 only display ipv4 routes
65b69d
-                # do not add ipv6 routes if proto is ipv4
65b69d
-                # do not add ipv4 routes if proto is ipv6
65b69d
-                # (this array will contain a mix of ipv4 and ipv6)
65b69d
-                if proto == "ipv4" and not self.is_ipv6_route(address_value):
65b69d
-                    netmask_value = str(self._conf['NETMASK' + index])
65b69d
-                    gateway_value = str(self._conf['GATEWAY' + index])
65b69d
-                    # increase IPv4 index
65b69d
-                    reindex = reindex + 1
65b69d
-                    buf.write("%s=%s\n" % ('ADDRESS' + str(reindex),
65b69d
-                                           _quote_value(address_value)))
65b69d
-                    buf.write("%s=%s\n" % ('GATEWAY' + str(reindex),
65b69d
-                                           _quote_value(gateway_value)))
65b69d
-                    buf.write("%s=%s\n" % ('NETMASK' + str(reindex),
65b69d
-                                           _quote_value(netmask_value)))
65b69d
-                    metric_key = 'METRIC' + index
65b69d
-                    if metric_key in self._conf:
65b69d
-                        metric_value = str(self._conf['METRIC' + index])
65b69d
-                        buf.write("%s=%s\n" % ('METRIC' + str(reindex),
65b69d
-                                               _quote_value(metric_value)))
65b69d
-                elif proto == "ipv6" and self.is_ipv6_route(address_value):
65b69d
-                    netmask_value = str(self._conf['NETMASK' + index])
65b69d
-                    gateway_value = str(self._conf['GATEWAY' + index])
65b69d
-                    metric_value = (
65b69d
-                        'metric ' + str(self._conf['METRIC' + index])
65b69d
-                        if 'METRIC' + index in self._conf else '')
65b69d
+            if "ADDRESS" not in key:
65b69d
+                continue
65b69d
+
65b69d
+            index = key.replace("ADDRESS", "")
65b69d
+            address_value = str(self._conf[key])
65b69d
+            netmask_value = str(self._conf["NETMASK" + index])
65b69d
+            gateway_value = str(self._conf["GATEWAY" + index])
65b69d
+
65b69d
+            # only accept combinations:
65b69d
+            # if proto ipv6 only display ipv6 routes
65b69d
+            # if proto ipv4 only display ipv4 routes
65b69d
+            # do not add ipv6 routes if proto is ipv4
65b69d
+            # do not add ipv4 routes if proto is ipv6
65b69d
+            # (this array will contain a mix of ipv4 and ipv6)
65b69d
+            if proto == "ipv4" and not self.is_ipv6_route(address_value):
65b69d
+                # increase IPv4 index
65b69d
+                reindex = reindex + 1
65b69d
+                buf.write(
65b69d
+                    "%s=%s\n"
65b69d
+                    % ("ADDRESS" + str(reindex), _quote_value(address_value))
65b69d
+                )
65b69d
+                buf.write(
65b69d
+                    "%s=%s\n"
65b69d
+                    % ("GATEWAY" + str(reindex), _quote_value(gateway_value))
65b69d
+                )
65b69d
+                buf.write(
65b69d
+                    "%s=%s\n"
65b69d
+                    % ("NETMASK" + str(reindex), _quote_value(netmask_value))
65b69d
+                )
65b69d
+                metric_key = "METRIC" + index
65b69d
+                if metric_key in self._conf:
65b69d
+                    metric_value = str(self._conf["METRIC" + index])
65b69d
                     buf.write(
65b69d
-                        "%s/%s via %s %s dev %s\n" % (address_value,
65b69d
-                                                      netmask_value,
65b69d
-                                                      gateway_value,
65b69d
-                                                      metric_value,
65b69d
-                                                      self._route_name))
65b69d
+                        "%s=%s\n"
65b69d
+                        % ("METRIC" + str(reindex), _quote_value(metric_value))
65b69d
+                    )
65b69d
+            elif proto == "ipv6" and self.is_ipv6_route(address_value):
65b69d
+                prefix_value = network_state.ipv6_mask_to_net_prefix(
65b69d
+                    netmask_value
65b69d
+                )
65b69d
+                metric_value = (
65b69d
+                    "metric " + str(self._conf["METRIC" + index])
65b69d
+                    if "METRIC" + index in self._conf
65b69d
+                    else ""
65b69d
+                )
65b69d
+                buf.write(
65b69d
+                    "%s/%s via %s %s dev %s\n"
65b69d
+                    % (
65b69d
+                        address_value,
65b69d
+                        prefix_value,
65b69d
+                        gateway_value,
65b69d
+                        metric_value,
65b69d
+                        self._route_name,
65b69d
+                    )
65b69d
+                )
65b69d
 
65b69d
         return buf.getvalue()
65b69d
 
65b69d
diff --git a/cloudinit/sources/DataSourceOpenNebula.py b/cloudinit/sources/DataSourceOpenNebula.py
65b69d
index 730ec586..e7980ab1 100644
65b69d
--- a/cloudinit/sources/DataSourceOpenNebula.py
65b69d
+++ b/cloudinit/sources/DataSourceOpenNebula.py
65b69d
@@ -233,7 +233,7 @@ class OpenNebulaNetwork(object):
65b69d
             # Set IPv4 address
65b69d
             devconf['addresses'] = []
65b69d
             mask = self.get_mask(c_dev)
65b69d
-            prefix = str(net.mask_to_net_prefix(mask))
65b69d
+            prefix = str(net.ipv4_mask_to_net_prefix(mask))
65b69d
             devconf['addresses'].append(
65b69d
                 self.get_ip(c_dev, mac) + '/' + prefix)
65b69d
 
65b69d
diff --git a/cloudinit/sources/helpers/vmware/imc/config_nic.py b/cloudinit/sources/helpers/vmware/imc/config_nic.py
65b69d
index 9cd2c0c0..3a45c67e 100644
65b69d
--- a/cloudinit/sources/helpers/vmware/imc/config_nic.py
65b69d
+++ b/cloudinit/sources/helpers/vmware/imc/config_nic.py
65b69d
@@ -9,7 +9,7 @@ import logging
65b69d
 import os
65b69d
 import re
65b69d
 
65b69d
-from cloudinit.net.network_state import mask_to_net_prefix
65b69d
+from cloudinit.net.network_state import ipv4_mask_to_net_prefix
65b69d
 from cloudinit import subp
65b69d
 from cloudinit import util
65b69d
 
65b69d
@@ -180,7 +180,7 @@ class NicConfigurator(object):
65b69d
         """
65b69d
         route_list = []
65b69d
 
65b69d
-        cidr = mask_to_net_prefix(netmask)
65b69d
+        cidr = ipv4_mask_to_net_prefix(netmask)
65b69d
 
65b69d
         for gateway in gateways:
65b69d
             destination = "%s/%d" % (gen_subnet(gateway, netmask), cidr)
65b69d
diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
65b69d
index 14d3462f..a7f6a1f7 100644
65b69d
--- a/tests/unittests/test_net.py
65b69d
+++ b/tests/unittests/test_net.py
65b69d
@@ -2025,10 +2025,10 @@ pre-down route del -net 10.0.0.0/8 gw 11.0.0.1 metric 3 || true
65b69d
                     routes:
65b69d
                         - gateway: 2001:67c:1562:1
65b69d
                           network: 2001:67c:1
65b69d
-                          netmask: ffff:ffff:0
65b69d
+                          netmask: "ffff:ffff::"
65b69d
                         - gateway: 3001:67c:1562:1
65b69d
                           network: 3001:67c:1
65b69d
-                          netmask: ffff:ffff:0
65b69d
+                          netmask: "ffff:ffff::"
65b69d
                           metric: 10000
65b69d
             """),
65b69d
         'expected_netplan': textwrap.dedent("""
65b69d
@@ -2295,8 +2295,8 @@ iface bond0 inet6 static
65b69d
             'route6-bond0': textwrap.dedent("""\
65b69d
         # Created by cloud-init on instance boot automatically, do not edit.
65b69d
         #
65b69d
-        2001:67c:1/ffff:ffff:0 via 2001:67c:1562:1  dev bond0
65b69d
-        3001:67c:1/ffff:ffff:0 via 3001:67c:1562:1 metric 10000 dev bond0
65b69d
+        2001:67c:1/32 via 2001:67c:1562:1  dev bond0
65b69d
+        3001:67c:1/32 via 3001:67c:1562:1 metric 10000 dev bond0
65b69d
             """),
65b69d
             'route-bond0': textwrap.dedent("""\
65b69d
         ADDRESS0=10.1.3.0
65b69d
@@ -3088,6 +3088,76 @@ USERCTL=no
65b69d
             renderer.render_network_state(ns, target=render_dir)
65b69d
         self.assertEqual([], os.listdir(render_dir))
65b69d
 
65b69d
+    def test_invalid_network_mask_ipv6(self):
65b69d
+        net_json = {
65b69d
+            "services": [{"type": "dns", "address": "172.19.0.12"}],
65b69d
+            "networks": [
65b69d
+                {
65b69d
+                    "network_id": "public-ipv6",
65b69d
+                    "type": "ipv6",
65b69d
+                    "netmask": "",
65b69d
+                    "link": "tap1a81968a-79",
65b69d
+                    "routes": [
65b69d
+                        {
65b69d
+                            "gateway": "2001:DB8::1",
65b69d
+                            "netmask": "ff:ff:ff:ff::",
65b69d
+                            "network": "2001:DB8:1::1",
65b69d
+                        },
65b69d
+                    ],
65b69d
+                    "ip_address": "2001:DB8::10",
65b69d
+                    "id": "network1",
65b69d
+                }
65b69d
+            ],
65b69d
+            "links": [
65b69d
+                {
65b69d
+                    "ethernet_mac_address": "fa:16:3e:ed:9a:59",
65b69d
+                    "mtu": None,
65b69d
+                    "type": "bridge",
65b69d
+                    "id": "tap1a81968a-79",
65b69d
+                    "vif_id": "1a81968a-797a-400f-8a80-567f997eb93f",
65b69d
+                },
65b69d
+            ],
65b69d
+        }
65b69d
+        macs = {"fa:16:3e:ed:9a:59": "eth0"}
65b69d
+        network_cfg = openstack.convert_net_json(net_json, known_macs=macs)
65b69d
+        with self.assertRaises(ValueError):
65b69d
+            network_state.parse_net_config_data(network_cfg, skip_broken=False)
65b69d
+
65b69d
+    def test_invalid_network_mask_ipv4(self):
65b69d
+        net_json = {
65b69d
+            "services": [{"type": "dns", "address": "172.19.0.12"}],
65b69d
+            "networks": [
65b69d
+                {
65b69d
+                    "network_id": "public-ipv4",
65b69d
+                    "type": "ipv4",
65b69d
+                    "netmask": "",
65b69d
+                    "link": "tap1a81968a-79",
65b69d
+                    "routes": [
65b69d
+                        {
65b69d
+                            "gateway": "172.20.0.1",
65b69d
+                            "netmask": "255.234.255.0",
65b69d
+                            "network": "172.19.0.0",
65b69d
+                        },
65b69d
+                    ],
65b69d
+                    "ip_address": "172.20.0.10",
65b69d
+                    "id": "network1",
65b69d
+                }
65b69d
+            ],
65b69d
+            "links": [
65b69d
+                {
65b69d
+                    "ethernet_mac_address": "fa:16:3e:ed:9a:59",
65b69d
+                    "mtu": None,
65b69d
+                    "type": "bridge",
65b69d
+                    "id": "tap1a81968a-79",
65b69d
+                    "vif_id": "1a81968a-797a-400f-8a80-567f997eb93f",
65b69d
+                },
65b69d
+            ],
65b69d
+        }
65b69d
+        macs = {"fa:16:3e:ed:9a:59": "eth0"}
65b69d
+        network_cfg = openstack.convert_net_json(net_json, known_macs=macs)
65b69d
+        with self.assertRaises(ValueError):
65b69d
+            network_state.parse_net_config_data(network_cfg, skip_broken=False)
65b69d
+
65b69d
     def test_openstack_rendering_samples(self):
65b69d
         for os_sample in OS_SAMPLES:
65b69d
             render_dir = self.tmp_dir()
65b69d
-- 
65b69d
2.27.0
65b69d