summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBob Gilligan <gilligan@vyatta.com>2010-08-31 02:48:00 -0700
committerBob Gilligan <gilligan@vyatta.com>2010-08-31 02:48:00 -0700
commit5139964ebc060c1b2bf3616885a8a3a48f5bcdf8 (patch)
tree55512b6816fd2bb69f5ec0a208dea72e5472e022
parent357831b8c942cf4ea4d715791ea1feb9063b0500 (diff)
downloadvyatta-cfg-system-5139964ebc060c1b2bf3616885a8a3a48f5bcdf8.tar.gz
vyatta-cfg-system-5139964ebc060c1b2bf3616885a8a3a48f5bcdf8.zip
Bugfix 5499: Fix restrictions on IPv6 addresses.
The code previously prevented the user from assigning the all-zeros or the all-ones IPv6 host addresses on a subnet. These addresses are not illegal in IPv6. This commit removes that restriction, and adds checks for some IPv6 addresses that are illegal to be assigned to an interface.
-rwxr-xr-xscripts/vyatta-interfaces.pl53
1 files changed, 40 insertions, 13 deletions
diff --git a/scripts/vyatta-interfaces.pl b/scripts/vyatta-interfaces.pl
index f9426ac4..56abfbf2 100755
--- a/scripts/vyatta-interfaces.pl
+++ b/scripts/vyatta-interfaces.pl
@@ -379,19 +379,46 @@ sub is_valid_addr_set {
my $network = $ip->network();
my $bcast = $ip->broadcast();
- if ($ip->version == 4 and $ip->masklen() == 31) {
- #
- # RFC3021 allows for /31 to treat both address as host addresses
- #
- } elsif ($ip->masklen() != $ip->bits()) {
- #
- # allow /32 for ivp4 and /128 for ipv6
- #
- die "Can not assign network address as the IP address\n"
- if ($ip->addr() eq $network->addr());
-
- die "Can not assign broadcast address as the IP address\n"
- if ($ip->addr() eq $bcast->addr());
+ if ($ip->version == 4) {
+ # Check for illegal IPv4 addresses.
+ #
+ # RFC3021 allows for a mask of /31. In this case both addresses
+ # are treated host addresses. And /32 is also a legal mask.
+ #
+ if (($ip->masklen() != 31) && ($ip->masklen() != 32)) {
+ die "Can not assign network address as the IP address\n"
+ if ($ip->addr() eq $network->addr());
+
+ die "Can not assign broadcast address as the IP address\n"
+ if ($ip->addr() eq $bcast->addr());
+ }
+ }
+
+ if ($ip->version == 6) {
+ # Check for illegal IPv6 addreseses.
+ #
+ my $multicast_range = NetAddr::IP->new("FF00::/8");
+ if ($ip->within($multicast_range)) {
+ die "Can not assign address within IPv6 multicast range\n";
+ }
+
+ my $linklocal_range = NetAddr::IP->new("FE80::/10");
+ if ($ip->within($linklocal_range)) {
+ die "Can not assign address within IPv6 link local range\n";
+ }
+
+ if ($ip->contains($multicast_range)) {
+ die "Can not assign address containing IPv6 multicast range\n";
+ }
+
+ if ($ip->contains($linklocal_range)) {
+ die "Can not assign address containing IPv6 link local range\n";
+ }
+
+ my $unspecified_addr = NetAddr::IP->new("::/128");
+ if ($ip == $unspecified_addr ) {
+ die "Can not assign IPv6 Unspecified address\n";
+ }
}
die "Error: duplicate address/prefix [$addr_net]\n"