summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-18 21:12:50 +0100
committerChristian Breunig <christian@breunig.cc>2024-01-18 21:15:23 +0100
commitc7b6484dc975cbbe9c916a8d51f5b87728625502 (patch)
treec6791a3b240479fa2ff20126133e0f0a7105660e
parent4b3ef473c3acfedeb70a023a9ca46df5437fc5a2 (diff)
downloadvyos-1x-c7b6484dc975cbbe9c916a8d51f5b87728625502.tar.gz
vyos-1x-c7b6484dc975cbbe9c916a8d51f5b87728625502.zip
dhcp: T5952: validate duplicate MAC and IP address in static-mappings incl. smoketests
(cherry picked from commit 62a8ef29d6238d5b777c3e946c132aca16a813c3) (cherry picked from commit eb4cac98cb3790eb888d4ea7626781b9afbea8f4)
-rwxr-xr-xsmoketest/scripts/cli/test_service_dhcp-server.py13
-rwxr-xr-xsrc/conf_mode/service_dhcp-server.py11
2 files changed, 18 insertions, 6 deletions
diff --git a/smoketest/scripts/cli/test_service_dhcp-server.py b/smoketest/scripts/cli/test_service_dhcp-server.py
index 91ae901cd..9e8196d7a 100755
--- a/smoketest/scripts/cli/test_service_dhcp-server.py
+++ b/smoketest/scripts/cli/test_service_dhcp-server.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2020-2021 VyOS maintainers and contributors
+# Copyright (C) 2020-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -203,12 +203,19 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase):
client_base += 1
# cannot have mappings with duplicate IP addresses
+ self.cli_set(pool + ['static-mapping', 'dupe1', 'mac-address', '00:50:00:00:fe:ff'])
+ self.cli_set(pool + ['static-mapping', 'dupe1', 'ip-address', inc_ip(subnet, 10)])
with self.assertRaises(ConfigSessionError):
- self.cli_set(pool + ['static-mapping', 'dupe1', 'mac', '00:50:00:00:00:01'])
- self.cli_set(pool + ['static-mapping', 'dupe1', 'ip-address', inc_ip(subnet, 10)])
self.cli_commit()
self.cli_delete(pool + ['static-mapping', 'dupe1'])
+ # cannot have mappings with duplicate MAC addresses
+ self.cli_set(pool + ['static-mapping', 'dupe2', 'mac-address', '00:50:00:00:00:10'])
+ self.cli_set(pool + ['static-mapping', 'dupe2', 'ip-address', inc_ip(subnet, 120)])
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_delete(pool + ['static-mapping', 'dupe2'])
+
# commit changes
self.cli_commit()
diff --git a/src/conf_mode/service_dhcp-server.py b/src/conf_mode/service_dhcp-server.py
index 8d849b1e6..6eed2129b 100755
--- a/src/conf_mode/service_dhcp-server.py
+++ b/src/conf_mode/service_dhcp-server.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018-2023 VyOS maintainers and contributors
+# Copyright (C) 2018-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -215,6 +215,7 @@ def verify(dhcp):
if 'static_mapping' in subnet_config:
# Static mappings require just a MAC address (will use an IP from the dynamic pool if IP is not set)
used_ips = []
+ used_mac = []
for mapping, mapping_config in subnet_config['static_mapping'].items():
if 'ip_address' in mapping_config:
if ip_address(mapping_config['ip_address']) not in ip_network(subnet):
@@ -226,10 +227,14 @@ def verify(dhcp):
f'within shared-network "{network}, {subnet}"!')
if mapping_config['ip_address'] in used_ips:
- raise ConfigError(f'Configured IP address for static mapping "{mapping}" exists on another static mapping')
-
+ raise ConfigError(f'Configured IP address for static mapping "{mapping}" already exists on another static mapping')
used_ips.append(mapping_config['ip_address'])
+ if 'mac_address' in mapping_config:
+ if mapping_config['mac_address'] in used_mac:
+ raise ConfigError(f'Configured MAC address for static mapping "{mapping}" already exists on another static mapping')
+ used_mac.append(mapping_config['mac_address'])
+
# There must be one subnet connected to a listen interface.
# This only counts if the network itself is not disabled!
if 'disable' not in network_config: