diff options
author | Bob Gilligan <gilligan@vyatta.com> | 2010-08-31 02:48:00 -0700 |
---|---|---|
committer | Bob Gilligan <gilligan@vyatta.com> | 2010-08-31 02:48:00 -0700 |
commit | 5139964ebc060c1b2bf3616885a8a3a48f5bcdf8 (patch) | |
tree | 55512b6816fd2bb69f5ec0a208dea72e5472e022 | |
parent | 357831b8c942cf4ea4d715791ea1feb9063b0500 (diff) | |
download | vyatta-cfg-system-5139964ebc060c1b2bf3616885a8a3a48f5bcdf8.tar.gz vyatta-cfg-system-5139964ebc060c1b2bf3616885a8a3a48f5bcdf8.zip |
Bugfix 5499: Fix restrictions on IPv6 addresses.
The code previously prevented the user from assigning the all-zeros or
the all-ones IPv6 host addresses on a subnet. These addresses are not
illegal in IPv6. This commit removes that restriction, and adds
checks for some IPv6 addresses that are illegal to be assigned to an
interface.
-rwxr-xr-x | scripts/vyatta-interfaces.pl | 53 |
1 files changed, 40 insertions, 13 deletions
diff --git a/scripts/vyatta-interfaces.pl b/scripts/vyatta-interfaces.pl index f9426ac4..56abfbf2 100755 --- a/scripts/vyatta-interfaces.pl +++ b/scripts/vyatta-interfaces.pl @@ -379,19 +379,46 @@ sub is_valid_addr_set { my $network = $ip->network(); my $bcast = $ip->broadcast(); - if ($ip->version == 4 and $ip->masklen() == 31) { - # - # RFC3021 allows for /31 to treat both address as host addresses - # - } elsif ($ip->masklen() != $ip->bits()) { - # - # allow /32 for ivp4 and /128 for ipv6 - # - die "Can not assign network address as the IP address\n" - if ($ip->addr() eq $network->addr()); - - die "Can not assign broadcast address as the IP address\n" - if ($ip->addr() eq $bcast->addr()); + if ($ip->version == 4) { + # Check for illegal IPv4 addresses. + # + # RFC3021 allows for a mask of /31. In this case both addresses + # are treated host addresses. And /32 is also a legal mask. + # + if (($ip->masklen() != 31) && ($ip->masklen() != 32)) { + die "Can not assign network address as the IP address\n" + if ($ip->addr() eq $network->addr()); + + die "Can not assign broadcast address as the IP address\n" + if ($ip->addr() eq $bcast->addr()); + } + } + + if ($ip->version == 6) { + # Check for illegal IPv6 addreseses. + # + my $multicast_range = NetAddr::IP->new("FF00::/8"); + if ($ip->within($multicast_range)) { + die "Can not assign address within IPv6 multicast range\n"; + } + + my $linklocal_range = NetAddr::IP->new("FE80::/10"); + if ($ip->within($linklocal_range)) { + die "Can not assign address within IPv6 link local range\n"; + } + + if ($ip->contains($multicast_range)) { + die "Can not assign address containing IPv6 multicast range\n"; + } + + if ($ip->contains($linklocal_range)) { + die "Can not assign address containing IPv6 link local range\n"; + } + + my $unspecified_addr = NetAddr::IP->new("::/128"); + if ($ip == $unspecified_addr ) { + die "Can not assign IPv6 Unspecified address\n"; + } } die "Error: duplicate address/prefix [$addr_net]\n" |