diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-05-27 19:40:22 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-05-27 19:42:39 +0200 |
commit | 209df86329df513073c070ed5169cb93dee09d2e (patch) | |
tree | 98e53ca6738ad37f4c2bd18bda8939722c26ba44 | |
parent | d80d8d598bb891c7d5c968ece73cc47fe39c91dc (diff) | |
download | vyos-1x-209df86329df513073c070ed5169cb93dee09d2e.tar.gz vyos-1x-209df86329df513073c070ed5169cb93dee09d2e.zip |
dhcp-server: T2669: do not allow overlapping ranges to be created
set service dhcp-server shared-network-name NET01 authoritative
set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 default-router '10.0.0.1'
set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 lease '86400'
set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG01 start '10.0.0.60'
set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG01 stop '10.0.0.70'
set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG02 start '10.0.0.55'
set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG02 stop '10.0.0.65'
Will result in a dhcpd.conf:
shared-network NET01 {
authoritative;
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.1;
default-lease-time 86400;
max-lease-time 86400;
range 10.0.0.60 10.0.0.70;
range 10.0.0.55 10.0.0.65;
}
on commit {
set shared-networkname = "NET01";
}
}
This is not allowed by ISC DHCPd:
dhcpd[3307]: /run/dhcp-server/dhcpd.conf line 25: lease 10.0.0.63 is declared twice!
dhcpd[3307]: range 10.0.0.55 10.0.0.65;
(cherry picked from commit b0e1c8a9c9ef470297bf3c9f5059ad7c720c46ff)
-rwxr-xr-x | src/conf_mode/dhcp_server.py | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py index 0ed09e130..cdee72e09 100755 --- a/src/conf_mode/dhcp_server.py +++ b/src/conf_mode/dhcp_server.py @@ -18,6 +18,8 @@ import os from ipaddress import ip_address from ipaddress import ip_network +from netaddr import IPAddress +from netaddr import IPRange from sys import exit from vyos.config import Config @@ -163,8 +165,7 @@ def verify(dhcp): # Check if DHCP address range is inside configured subnet declaration if 'range' in subnet_config: - range_start = [] - range_stop = [] + networks = [] for range, range_config in subnet_config['range'].items(): if not {'start', 'stop'} <= set(range_config): raise ConfigError(f'DHCP range "{range}" start and stop address must be defined!') @@ -179,18 +180,16 @@ def verify(dhcp): raise ConfigError(f'DHCP range "{range}" stop address must be greater or equal\n' \ 'to the ranges start address!') - # Range start address must be unique - if range_config['start'] in range_start: - raise ConfigError('Conflicting DHCP lease range: Pool start\n' \ - 'address "{start}" defined multipe times!'.format(range_config)) + for network in networks: + start = range_config['start'] + stop = range_config['stop'] + if start in network: + raise ConfigError(f'Range "{range}" start address "{start}" already part of another range!') + if stop in network: + raise ConfigError(f'Range "{range}" stop address "{stop}" already part of another range!') - # Range stop address must be unique - if range_config['stop'] in range_start: - raise ConfigError('Conflicting DHCP lease range: Pool stop\n' \ - 'address "{stop}" defined multipe times!'.format(range_config)) - - range_start.append(range_config['start']) - range_stop.append(range_config['stop']) + tmp = IPRange(range_config['start'], range_config['stop']) + networks.append(tmp) if 'failover' in subnet_config: for key in ['local_address', 'peer_address', 'name', 'status']: |