summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-05-22 08:32:07 +0200
committerGitHub <noreply@github.com>2024-05-22 08:32:07 +0200
commit413fd63b631b1ddd098d9c25dd5268054e6d0674 (patch)
treee936ffb18409c377844411f0349c0ba1232f3c06 /src/conf_mode
parentd702b781f472a370ecb8c5d6a45cf19505948f3c (diff)
parent4cde0b8ce778d269d3fe1d4f33ba5b2caf424181 (diff)
downloadvyos-1x-413fd63b631b1ddd098d9c25dd5268054e6d0674.tar.gz
vyos-1x-413fd63b631b1ddd098d9c25dd5268054e6d0674.zip
Merge pull request #3499 from Giggum/sagitta
dhcpv6-server: T3493: adds prefix range validation and fixes typos in…
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/service_dhcpv6-server.py32
1 files changed, 26 insertions, 6 deletions
diff --git a/src/conf_mode/service_dhcpv6-server.py b/src/conf_mode/service_dhcpv6-server.py
index 5489a744e..36b2d8b08 100755
--- a/src/conf_mode/service_dhcpv6-server.py
+++ b/src/conf_mode/service_dhcpv6-server.py
@@ -85,21 +85,21 @@ def verify(dhcpv6):
# Stop address must be greater or equal to start address
if not ip_address(stop) >= ip_address(start):
- raise ConfigError(f'address-range stop address "{stop}" must be greater then or equal ' \
+ raise ConfigError(f'address-range stop address "{stop}" must be greater than or equal ' \
f'to the range start address "{start}"!')
# DHCPv6 range start address must be unique - two ranges can't
# start with the same address - makes no sense
if start in range6_start:
raise ConfigError(f'Conflicting DHCPv6 lease range: '\
- f'Pool start address "{start}" defined multipe times!')
+ f'Pool start address "{start}" defined multiple times!')
range6_start.append(start)
# DHCPv6 range stop address must be unique - two ranges can't
# end with the same address - makes no sense
if stop in range6_stop:
raise ConfigError(f'Conflicting DHCPv6 lease range: '\
- f'Pool stop address "{stop}" defined multipe times!')
+ f'Pool stop address "{stop}" defined multiple times!')
range6_stop.append(stop)
if 'prefix' in subnet_config:
@@ -113,12 +113,32 @@ def verify(dhcpv6):
raise ConfigError('prefix-delegation start address not defined!')
for prefix, prefix_config in subnet_config['prefix_delegation']['start'].items():
+ prefix_start_addr = prefix
+
+ # Prefix start address must be inside network
+ if not ip_address(prefix_start_addr) in ip_network(subnet):
+ raise ConfigError(f'Prefix delegation start address '\
+ f'"{prefix_start_addr}" is not in '\
+ f'subnet "{subnet}"')
+
if 'stop' not in prefix_config:
- raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\
+ raise ConfigError(f'Stop address of delegated IPv6 '\
+ f'prefix range "{prefix}" '\
f'must be configured')
+ if 'stop' in prefix_config:
+ prefix_stop_addr = prefix_config['stop']
+
+ # Prefix stop address must be inside network
+ if not (ip_address(prefix_stop_addr) in
+ ip_network(subnet)):
+ raise ConfigError(f'Prefix delegation stop '\
+ f'address "{prefix_stop_addr}" '\
+ f'is not in subnet "{subnet}"')
+
if 'prefix_length' not in prefix_config:
- raise ConfigError('Length of delegated IPv6 prefix must be configured')
+ raise ConfigError(f'Length of delegated IPv6 prefix '\
+ f'must be configured')
# Static mappings don't require anything (but check if IP is in subnet if it's set)
if 'static_mapping' in subnet_config:
@@ -130,7 +150,7 @@ def verify(dhcpv6):
if 'vendor_option' in subnet_config:
if len(dict_search('vendor_option.cisco.tftp_server', subnet_config)) > 2:
- raise ConfigError(f'No more then two Cisco tftp-servers should be defined for subnet "{subnet}"!')
+ raise ConfigError(f'No more than two Cisco tftp-servers should be defined for subnet "{subnet}"!')
# Subnets must be unique
if subnet in subnets: