summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-08-16 19:23:52 +0200
committerGitHub <noreply@github.com>2022-08-16 19:23:52 +0200
commit1f880973e221b91ac843a27d2e4c0b3de1880b97 (patch)
treebb3f4c79bbd75f6decbef58cc97d1676167c36ee
parent8093312a899b898da73c9491d68768a2020332ac (diff)
parentd69b7989620da1348fe187975dc5a1c467400354 (diff)
downloadvyos-1x-1f880973e221b91ac843a27d2e4c0b3de1880b97.tar.gz
vyos-1x-1f880973e221b91ac843a27d2e4c0b3de1880b97.zip
Merge pull request #1475 from sever-sever/T4613
upnp: T4613: Verify listen key in dictionary
-rw-r--r--interface-definitions/service-upnp.xml.in12
-rwxr-xr-xsrc/conf_mode/service_upnp.py19
2 files changed, 19 insertions, 12 deletions
diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service-upnp.xml.in
index a129b7260..b1e6f170a 100644
--- a/interface-definitions/service-upnp.xml.in
+++ b/interface-definitions/service-upnp.xml.in
@@ -103,19 +103,19 @@
</valueHelp>
<valueHelp>
<format>ipv4</format>
- <description>IP address to listen for incoming connections</description>
+ <description>IPv4 address to listen for incoming connections</description>
</valueHelp>
<valueHelp>
- <format>ipv4-prefix</format>
- <description>IP prefix to listen for incoming connections</description>
+ <format>ipv4net</format>
+ <description>IPv4 prefix to listen for incoming connections</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
- <description>IP address to listen for incoming connections</description>
+ <description>IPv6 address to listen for incoming connections</description>
</valueHelp>
<valueHelp>
- <format>ipv6-prefix</format>
- <description>IP prefix to listen for incoming connections</description>
+ <format>ipv6net</format>
+ <description>IPv6 prefix to listen for incoming connections</description>
</valueHelp>
<multi/>
<constraint>
diff --git a/src/conf_mode/service_upnp.py b/src/conf_mode/service_upnp.py
index 36f3e18a7..c798fd515 100755
--- a/src/conf_mode/service_upnp.py
+++ b/src/conf_mode/service_upnp.py
@@ -24,8 +24,6 @@ from ipaddress import IPv6Network
from vyos.config import Config
from vyos.configdict import dict_merge
-from vyos.configdict import get_interface_dict
-from vyos.configverify import verify_vrf
from vyos.util import call
from vyos.template import render
from vyos.template import is_ipv4
@@ -113,19 +111,28 @@ def verify(upnpd):
listen_dev = []
system_addrs_cidr = get_all_interface_addr(True, [], [netifaces.AF_INET, netifaces.AF_INET6])
system_addrs = get_all_interface_addr(False, [], [netifaces.AF_INET, netifaces.AF_INET6])
+ if 'listen' not in upnpd:
+ raise ConfigError(f'Listen address or interface is required!')
for listen_if_or_addr in upnpd['listen']:
if listen_if_or_addr not in netifaces.interfaces():
listen_dev.append(listen_if_or_addr)
- if (listen_if_or_addr not in system_addrs) and (listen_if_or_addr not in system_addrs_cidr) and (listen_if_or_addr not in netifaces.interfaces()):
+ if (listen_if_or_addr not in system_addrs) and (listen_if_or_addr not in system_addrs_cidr) and \
+ (listen_if_or_addr not in netifaces.interfaces()):
if is_ipv4(listen_if_or_addr) and IPv4Network(listen_if_or_addr).is_multicast:
- raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed to listen on. It is not an interface address nor a multicast address!')
+ raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed'
+ f'to listen on. It is not an interface address nor a multicast address!')
if is_ipv6(listen_if_or_addr) and IPv6Network(listen_if_or_addr).is_multicast:
- raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed to listen on. It is not an interface address nor a multicast address!')
+ raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed'
+ f'to listen on. It is not an interface address nor a multicast address!')
system_listening_dev_addrs_cidr = get_all_interface_addr(True, listen_dev, [netifaces.AF_INET6])
system_listening_dev_addrs = get_all_interface_addr(False, listen_dev, [netifaces.AF_INET6])
for listen_if_or_addr in upnpd['listen']:
- if listen_if_or_addr not in netifaces.interfaces() and (listen_if_or_addr not in system_listening_dev_addrs_cidr) and (listen_if_or_addr not in system_listening_dev_addrs) and is_ipv6(listen_if_or_addr) and (not IPv6Network(listen_if_or_addr).is_multicast):
+ if listen_if_or_addr not in netifaces.interfaces() and \
+ (listen_if_or_addr not in system_listening_dev_addrs_cidr) and \
+ (listen_if_or_addr not in system_listening_dev_addrs) and \
+ is_ipv6(listen_if_or_addr) and \
+ (not IPv6Network(listen_if_or_addr).is_multicast):
raise ConfigError(f'{listen_if_or_addr} must listen on the interface of the network card')
def generate(upnpd):