Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

T3493: dhcpv6-server does not have prefix range validation #3519

Merged
merged 3 commits into from
May 26, 2024
Merged

T3493: dhcpv6-server does not have prefix range validation #3519

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c15ee87
smoketest: support dynamic enable of smoketest debugging
c-po Apr 21, 2024
b6c343c
Revert "dhcpv6-server: T3493: adds prefix range validation"
c-po May 26, 2024
ccd564c
dhcpv6-server: T3493: add proper validation for prefix-delegation sta…
c-po May 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions interface-definitions/service_dhcpv6-server.xml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,8 @@
<description>IPv6 address used in prefix delegation</description>
</valueHelp>
<constraint>
<validator name="ipv6-address"/>
<!-- IPv6 address used MUST end with :: -->
<regex>([a-fA-F0-9]{1,4}:)+:</regex>
</constraint>
</properties>
<children>
Expand All @@ -254,7 +255,8 @@
<description>IPv6 address used in prefix delegation</description>
</valueHelp>
<constraint>
<validator name="ipv6-address"/>
<!-- IPv6 address used MUST end with :: -->
<regex>([a-fA-F0-9]{1,4}:)+:</regex>
</constraint>
</properties>
</leafNode>
Expand Down
4 changes: 3 additions & 1 deletion smoketest/scripts/cli/base_vyostest_shim.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (C) 2021-2023 VyOS maintainers and contributors
# Copyright (C) 2021-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
Expand Down Expand Up @@ -47,6 +47,8 @@ class TestCase(unittest.TestCase):
def setUpClass(cls):
cls._session = ConfigSession(os.getpid())
cls._session.save_config(save_config)
if os.path.exists('/tmp/vyos.smoketest.debug'):
cls.debug = True
pass

@classmethod
Expand Down
8 changes: 7 additions & 1 deletion smoketest/scripts/cli/test_service_dhcpv6-server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

from base_vyostest_shim import VyOSUnitTestSHIM

from vyos.configsession import ConfigSessionError
from vyos.template import inc_ip
from vyos.utils.process import process_named_running
from vyos.utils.file import read_file
Expand Down Expand Up @@ -143,9 +144,14 @@ def test_prefix_delegation(self):
pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet]

self.cli_set(pool + ['address-range', 'start', range_start, 'stop', range_stop])
self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'stop', delegate_stop])
self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'prefix-length', delegate_len])

self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'stop', delegate_start])
# Prefix delegation stop address must be greater then start address
with self.assertRaises(ConfigSessionError):
self.cli_commit()
self.cli_set(pool + ['prefix-delegation', 'start', delegate_start, 'stop', delegate_stop])

# commit changes
self.cli_commit()

Expand Down
33 changes: 11 additions & 22 deletions src/conf_mode/service_dhcpv6-server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,40 +105,29 @@ def verify(dhcpv6):
if 'prefix' in subnet_config:
for prefix in subnet_config['prefix']:
if ip_network(prefix) not in ip_network(subnet):
raise ConfigError(f'address-range prefix "{prefix}" is not in subnet "{subnet}""')
raise ConfigError(f'address-range prefix "{prefix}" is not in subnet "{subnet}"!')

# Prefix delegation sanity checks
if 'prefix_delegation' in subnet_config:
if 'start' not in subnet_config['prefix_delegation']:
raise ConfigError('prefix-delegation start address not defined!')
raise ConfigError(f'Start address of delegated IPv6 prefix range "{prefix}" '\
f'must be configured!')

for prefix, prefix_config in subnet_config['prefix_delegation']['start'].items():
prefix_start_addr = prefix

# Prefix start address must be inside network
if not ip_address(prefix_start_addr) in ip_network(subnet):
raise ConfigError(f'Prefix delegation start address '\
f'"{prefix_start_addr}" is not in '\
f'subnet "{subnet}"')

if 'stop' not in prefix_config:
raise ConfigError(f'Stop address of delegated IPv6 '\
f'prefix range "{prefix}" '\
f'must be configured')
raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\
f'must be configured!')

if 'stop' in prefix_config:
prefix_stop_addr = prefix_config['stop']
start_addr = prefix
stop_addr = prefix_config['stop']

# Prefix stop address must be inside network
if not (ip_address(prefix_stop_addr) in
ip_network(subnet)):
raise ConfigError(f'Prefix delegation stop '\
f'address "{prefix_stop_addr}" '\
f'is not in subnet "{subnet}"')
if ip_address(stop_addr) <= ip_address(start_addr):
raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\
f'must be greater than start address!')

if 'prefix_length' not in prefix_config:
raise ConfigError(f'Length of delegated IPv6 prefix '\
f'must be configured')
f'must be configured!')

# Static mappings don't require anything (but check if IP is in subnet if it's set)
if 'static_mapping' in subnet_config:
Expand Down
1 change: 1 addition & 0 deletions src/init/vyos-router
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -388,6 +388,7 @@ start ()
touch /tmp/vyos.ifconfig.debug
touch /tmp/vyos.frr.debug
touch /tmp/vyos.container.debug
touch /tmp/vyos.smoketest.debug
fi

log_action_begin_msg "Mounting VyOS Config"
Expand Down
Loading