diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-03-31 18:05:39 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-31 18:05:39 +0200 |
commit | 292d65031878ad70ae996b2de16a5228bff69b72 (patch) | |
tree | a0261798c83ce6208607f45b5207670d88e3ed5c | |
parent | 33411e9d2815d40e0389b369cd24df0f9f82d92e (diff) | |
parent | e2f80e57d9895d207edf0ad92c299dc7862087d6 (diff) | |
download | vyos-1x-292d65031878ad70ae996b2de16a5228bff69b72.tar.gz vyos-1x-292d65031878ad70ae996b2de16a5228bff69b72.zip |
Merge pull request #287 from thomas-mangin/T2182
validate: T2182: IPv6 are not normalised when compared
-rw-r--r-- | python/vyos/validate.py | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/python/vyos/validate.py b/python/vyos/validate.py index 0e6d34e7e..b110a62fa 100644 --- a/python/vyos/validate.py +++ b/python/vyos/validate.py @@ -13,6 +13,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. +import socket import netifaces import ipaddress @@ -83,6 +84,8 @@ def is_intf_addr_assigned(intf, addr): print(e) return False + addr_host, addr_mask = addr.split('/') + if addr_type in netifaces.ifaddresses(intf).keys(): # Check every IP address on this interface for a match for ip in netifaces.ifaddresses(intf)[addr_type]: @@ -92,23 +95,24 @@ def is_intf_addr_assigned(intf, addr): if r'/' in addr: prefixlen = '' if is_ipv6(addr): - # Note that currently expanded netmasks are not supported. That means - # 2001:db00::0/24 is a valid argument while 2001:db00::0/ffff:ff00:: not. - # see https://docs.python.org/3/library/ipaddress.html - bits = bin( int(ip['netmask'].replace(':',''), 16) ).count('1') - prefixlen = '/' + str(bits) - + # Note that currently expanded netmasks are not supported. That means + # 2001:db00::0/24 is a valid argument while 2001:db00::0/ffff:ff00:: not. + # see https://docs.python.org/3/library/ipaddress.html + bits = bin( int(ip['netmask'].replace(':',''), 16) ).count('1') + prefixlen = str(bits) else: - prefixlen = '/' + str(ipaddress.IPv4Network('0.0.0.0/' + ip['netmask']).prefixlen) + prefixlen = str(ipaddress.IPv4Network('0.0.0.0/' + ip['netmask']).prefixlen) - # construct temporary variable holding IPv6 address and netmask - # in CIDR notation - tmp = ip['addr'] + prefixlen - if addr == tmp: - return True + # the netmask are different + if prefixlen != addr_mask: + continue - elif ip['addr'] == addr: - return True + addr_af = socket.AF_INET if is_ipv4(addr_host) else socket.AF_INET6 + ip_af = socket.AF_INET if is_ipv4(ip['addr']) else socket.AF_INET6 + + # compare the binary representation of the IP + if socket.inet_pton(addr_af, addr_host) == socket.inet_pton(ip_af, ip['addr']): + return True return False |