summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-05-27 19:40:22 +0200
committerChristian Poessinger <christian@poessinger.com>2021-05-27 19:42:39 +0200
commit209df86329df513073c070ed5169cb93dee09d2e (patch)
tree98e53ca6738ad37f4c2bd18bda8939722c26ba44
parentd80d8d598bb891c7d5c968ece73cc47fe39c91dc (diff)
downloadvyos-1x-209df86329df513073c070ed5169cb93dee09d2e.tar.gz
vyos-1x-209df86329df513073c070ed5169cb93dee09d2e.zip
dhcp-server: T2669: do not allow overlapping ranges to be created
set service dhcp-server shared-network-name NET01 authoritative set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 default-router '10.0.0.1' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 lease '86400' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG01 start '10.0.0.60' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG01 stop '10.0.0.70' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG02 start '10.0.0.55' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG02 stop '10.0.0.65' Will result in a dhcpd.conf: shared-network NET01 { authoritative; subnet 10.0.0.0 netmask 255.255.255.0 { option routers 10.0.0.1; default-lease-time 86400; max-lease-time 86400; range 10.0.0.60 10.0.0.70; range 10.0.0.55 10.0.0.65; } on commit { set shared-networkname = "NET01"; } } This is not allowed by ISC DHCPd: dhcpd[3307]: /run/dhcp-server/dhcpd.conf line 25: lease 10.0.0.63 is declared twice! dhcpd[3307]: range 10.0.0.55 10.0.0.65; (cherry picked from commit b0e1c8a9c9ef470297bf3c9f5059ad7c720c46ff)
-rwxr-xr-xsrc/conf_mode/dhcp_server.py25
1 files changed, 12 insertions, 13 deletions
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index 0ed09e130..cdee72e09 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -18,6 +18,8 @@ import os
from ipaddress import ip_address
from ipaddress import ip_network
+from netaddr import IPAddress
+from netaddr import IPRange
from sys import exit
from vyos.config import Config
@@ -163,8 +165,7 @@ def verify(dhcp):
# Check if DHCP address range is inside configured subnet declaration
if 'range' in subnet_config:
- range_start = []
- range_stop = []
+ networks = []
for range, range_config in subnet_config['range'].items():
if not {'start', 'stop'} <= set(range_config):
raise ConfigError(f'DHCP range "{range}" start and stop address must be defined!')
@@ -179,18 +180,16 @@ def verify(dhcp):
raise ConfigError(f'DHCP range "{range}" stop address must be greater or equal\n' \
'to the ranges start address!')
- # Range start address must be unique
- if range_config['start'] in range_start:
- raise ConfigError('Conflicting DHCP lease range: Pool start\n' \
- 'address "{start}" defined multipe times!'.format(range_config))
+ for network in networks:
+ start = range_config['start']
+ stop = range_config['stop']
+ if start in network:
+ raise ConfigError(f'Range "{range}" start address "{start}" already part of another range!')
+ if stop in network:
+ raise ConfigError(f'Range "{range}" stop address "{stop}" already part of another range!')
- # Range stop address must be unique
- if range_config['stop'] in range_start:
- raise ConfigError('Conflicting DHCP lease range: Pool stop\n' \
- 'address "{stop}" defined multipe times!'.format(range_config))
-
- range_start.append(range_config['start'])
- range_stop.append(range_config['stop'])
+ tmp = IPRange(range_config['start'], range_config['stop'])
+ networks.append(tmp)
if 'failover' in subnet_config:
for key in ['local_address', 'peer_address', 'name', 'status']: