|
 |
7a3408 |
From 7e53d60afb8509a57caea28c95aa61a694bd29f8 Mon Sep 17 00:00:00 2001
|
|
|
7a3408 |
Message-Id: <7e53d60afb8509a57caea28c95aa61a694bd29f8@dist-git>
|
|
|
7a3408 |
From: Laine Stump <laine@laine.org>
|
|
|
7a3408 |
Date: Mon, 10 Aug 2015 02:46:45 -0400
|
|
|
7a3408 |
Subject: [PATCH] network: verify proper address family in updates to <host>
|
|
|
7a3408 |
and <range>
|
|
|
7a3408 |
|
|
|
7a3408 |
By specifying parentIndex in a call to virNetworkUpdate(), it was
|
|
|
7a3408 |
possible to direct libvirt to add a dhcp range or static host of a
|
|
|
7a3408 |
non-matching address family to the <dhcp> element of an <ip>. For
|
|
|
7a3408 |
example, given:
|
|
|
7a3408 |
|
|
|
7a3408 |
<ip address='192.168.122.1' netmask='255.255.255.0'/>
|
|
|
7a3408 |
<ip family='ipv6' address='2001:db6:ca3:45::1' prefix='64'/>
|
|
|
7a3408 |
|
|
|
7a3408 |
you could provide a static host entry with an IPv4 address, and
|
|
|
7a3408 |
specify that it be added to the 2nd <ip> element (index 1):
|
|
|
7a3408 |
|
|
|
7a3408 |
virsh net-update default add ip-dhcp-host --parent-index 1 \
|
|
|
7a3408 |
'<host mac="52:54:00:00:00:01" ip="192.168.122.45"/>'
|
|
|
7a3408 |
|
|
|
7a3408 |
This would be happily added with no error (and no concern of any
|
|
|
7a3408 |
possible future consequences).
|
|
|
7a3408 |
|
|
|
7a3408 |
This patch checks that any dhcp range or host element being added to a
|
|
|
7a3408 |
network ip's <dhcp> subelement has addresses of the same family as the
|
|
|
7a3408 |
ip element they are being added to.
|
|
|
7a3408 |
|
|
|
7a3408 |
This resolves:
|
|
|
7a3408 |
|
|
|
7a3408 |
https://bugzilla.redhat.com/show_bug.cgi?id=1184736
|
|
|
7a3408 |
|
|
|
7a3408 |
(cherry picked from commit 6a21bc119e37bafcbe5cfd13e57080d651296b43)
|
|
|
7a3408 |
|
|
|
7a3408 |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
7a3408 |
---
|
|
|
7a3408 |
src/conf/network_conf.c | 17 +++++++++++++++++
|
|
|
7a3408 |
1 file changed, 17 insertions(+)
|
|
|
7a3408 |
|
|
|
7a3408 |
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
|
|
|
7a3408 |
index 72006e9..0ebb373 100644
|
|
|
7a3408 |
--- a/src/conf/network_conf.c
|
|
|
7a3408 |
+++ b/src/conf/network_conf.c
|
|
|
7a3408 |
@@ -3498,6 +3498,15 @@ virNetworkDefUpdateIPDHCPHost(virNetworkDefPtr def,
|
|
|
7a3408 |
&host, partialOkay) < 0)
|
|
|
7a3408 |
goto cleanup;
|
|
|
7a3408 |
|
|
|
7a3408 |
+ if (!partialOkay &&
|
|
|
7a3408 |
+ VIR_SOCKET_ADDR_FAMILY(&ipdef->address)
|
|
|
7a3408 |
+ != VIR_SOCKET_ADDR_FAMILY(&host.ip)) {
|
|
|
7a3408 |
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
|
|
7a3408 |
+ _("the address family of a host entry IP must match "
|
|
|
7a3408 |
+ "the address family of the dhcp element's parent"));
|
|
|
7a3408 |
+ goto cleanup;
|
|
|
7a3408 |
+ }
|
|
|
7a3408 |
+
|
|
|
7a3408 |
if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) {
|
|
|
7a3408 |
|
|
|
7a3408 |
/* search for the entry with this (ip|mac|name),
|
|
|
7a3408 |
@@ -3635,6 +3644,14 @@ virNetworkDefUpdateIPDHCPRange(virNetworkDefPtr def,
|
|
|
7a3408 |
if (virSocketAddrRangeParseXML(def->name, ipdef, ctxt->node, &range) < 0)
|
|
|
7a3408 |
goto cleanup;
|
|
|
7a3408 |
|
|
|
7a3408 |
+ if (VIR_SOCKET_ADDR_FAMILY(&ipdef->address)
|
|
|
7a3408 |
+ != VIR_SOCKET_ADDR_FAMILY(&range.start)) {
|
|
|
7a3408 |
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
|
|
7a3408 |
+ _("the address family of a dhcp range must match "
|
|
|
7a3408 |
+ "the address family of the dhcp element's parent"));
|
|
|
7a3408 |
+ goto cleanup;
|
|
|
7a3408 |
+ }
|
|
|
7a3408 |
+
|
|
|
7a3408 |
/* check if an entry with same name/address/ip already exists */
|
|
|
7a3408 |
for (i = 0; i < ipdef->nranges; i++) {
|
|
|
7a3408 |
if (virSocketAddrEqual(&range.start, &ipdef->ranges[i].start) &&
|
|
|
7a3408 |
--
|
|
|
7a3408 |
2.5.0
|
|
|
7a3408 |
|