diff options
| author | Bob Gilligan <gilligan@vyatta.com> | 2010-08-31 02:48:00 -0700 |
|---|---|---|
| committer | Bob Gilligan <gilligan@vyatta.com> | 2010-08-31 02:48:00 -0700 |
| commit | 5139964ebc060c1b2bf3616885a8a3a48f5bcdf8 (patch) | |
| tree | 55512b6816fd2bb69f5ec0a208dea72e5472e022 /scripts/vyatta-interfaces.pl | |
| parent | 357831b8c942cf4ea4d715791ea1feb9063b0500 (diff) | |
| download | vyatta-cfg-system-5139964ebc060c1b2bf3616885a8a3a48f5bcdf8.tar.gz vyatta-cfg-system-5139964ebc060c1b2bf3616885a8a3a48f5bcdf8.zip | |
Bugfix 5499: Fix restrictions on IPv6 addresses.
The code previously prevented the user from assigning the all-zeros or
the all-ones IPv6 host addresses on a subnet. These addresses are not
illegal in IPv6. This commit removes that restriction, and adds
checks for some IPv6 addresses that are illegal to be assigned to an
interface.
Diffstat (limited to 'scripts/vyatta-interfaces.pl')
| -rwxr-xr-x | scripts/vyatta-interfaces.pl | 53 |
1 files changed, 40 insertions, 13 deletions
diff --git a/scripts/vyatta-interfaces.pl b/scripts/vyatta-interfaces.pl index f9426ac4..56abfbf2 100755 --- a/scripts/vyatta-interfaces.pl +++ b/scripts/vyatta-interfaces.pl @@ -379,19 +379,46 @@ sub is_valid_addr_set { my $network = $ip->network(); my $bcast = $ip->broadcast(); - if ($ip->version == 4 and $ip->masklen() == 31) { - # - # RFC3021 allows for /31 to treat both address as host addresses - # - } elsif ($ip->masklen() != $ip->bits()) { - # - # allow /32 for ivp4 and /128 for ipv6 - # - die "Can not assign network address as the IP address\n" - if ($ip->addr() eq $network->addr()); - - die "Can not assign broadcast address as the IP address\n" - if ($ip->addr() eq $bcast->addr()); + if ($ip->version == 4) { + # Check for illegal IPv4 addresses. + # + # RFC3021 allows for a mask of /31. In this case both addresses + # are treated host addresses. And /32 is also a legal mask. + # + if (($ip->masklen() != 31) && ($ip->masklen() != 32)) { + die "Can not assign network address as the IP address\n" + if ($ip->addr() eq $network->addr()); + + die "Can not assign broadcast address as the IP address\n" + if ($ip->addr() eq $bcast->addr()); + } + } + + if ($ip->version == 6) { + # Check for illegal IPv6 addreseses. + # + my $multicast_range = NetAddr::IP->new("FF00::/8"); + if ($ip->within($multicast_range)) { + die "Can not assign address within IPv6 multicast range\n"; + } + + my $linklocal_range = NetAddr::IP->new("FE80::/10"); + if ($ip->within($linklocal_range)) { + die "Can not assign address within IPv6 link local range\n"; + } + + if ($ip->contains($multicast_range)) { + die "Can not assign address containing IPv6 multicast range\n"; + } + + if ($ip->contains($linklocal_range)) { + die "Can not assign address containing IPv6 link local range\n"; + } + + my $unspecified_addr = NetAddr::IP->new("::/128"); + if ($ip == $unspecified_addr ) { + die "Can not assign IPv6 Unspecified address\n"; + } } die "Error: duplicate address/prefix [$addr_net]\n" |