diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-18 21:12:50 +0100 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2024-01-18 21:15:23 +0100 |
commit | c7b6484dc975cbbe9c916a8d51f5b87728625502 (patch) | |
tree | c6791a3b240479fa2ff20126133e0f0a7105660e | |
parent | 4b3ef473c3acfedeb70a023a9ca46df5437fc5a2 (diff) | |
download | vyos-1x-c7b6484dc975cbbe9c916a8d51f5b87728625502.tar.gz vyos-1x-c7b6484dc975cbbe9c916a8d51f5b87728625502.zip |
dhcp: T5952: validate duplicate MAC and IP address in static-mappings incl. smoketests
(cherry picked from commit 62a8ef29d6238d5b777c3e946c132aca16a813c3)
(cherry picked from commit eb4cac98cb3790eb888d4ea7626781b9afbea8f4)
-rwxr-xr-x | smoketest/scripts/cli/test_service_dhcp-server.py | 13 | ||||
-rwxr-xr-x | src/conf_mode/service_dhcp-server.py | 11 |
2 files changed, 18 insertions, 6 deletions
diff --git a/smoketest/scripts/cli/test_service_dhcp-server.py b/smoketest/scripts/cli/test_service_dhcp-server.py index 91ae901cd..9e8196d7a 100755 --- a/smoketest/scripts/cli/test_service_dhcp-server.py +++ b/smoketest/scripts/cli/test_service_dhcp-server.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020-2021 VyOS maintainers and contributors +# Copyright (C) 2020-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -203,12 +203,19 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): client_base += 1 # cannot have mappings with duplicate IP addresses + self.cli_set(pool + ['static-mapping', 'dupe1', 'mac-address', '00:50:00:00:fe:ff']) + self.cli_set(pool + ['static-mapping', 'dupe1', 'ip-address', inc_ip(subnet, 10)]) with self.assertRaises(ConfigSessionError): - self.cli_set(pool + ['static-mapping', 'dupe1', 'mac', '00:50:00:00:00:01']) - self.cli_set(pool + ['static-mapping', 'dupe1', 'ip-address', inc_ip(subnet, 10)]) self.cli_commit() self.cli_delete(pool + ['static-mapping', 'dupe1']) + # cannot have mappings with duplicate MAC addresses + self.cli_set(pool + ['static-mapping', 'dupe2', 'mac-address', '00:50:00:00:00:10']) + self.cli_set(pool + ['static-mapping', 'dupe2', 'ip-address', inc_ip(subnet, 120)]) + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_delete(pool + ['static-mapping', 'dupe2']) + # commit changes self.cli_commit() diff --git a/src/conf_mode/service_dhcp-server.py b/src/conf_mode/service_dhcp-server.py index 8d849b1e6..6eed2129b 100755 --- a/src/conf_mode/service_dhcp-server.py +++ b/src/conf_mode/service_dhcp-server.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2023 VyOS maintainers and contributors +# Copyright (C) 2018-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -215,6 +215,7 @@ def verify(dhcp): if 'static_mapping' in subnet_config: # Static mappings require just a MAC address (will use an IP from the dynamic pool if IP is not set) used_ips = [] + used_mac = [] for mapping, mapping_config in subnet_config['static_mapping'].items(): if 'ip_address' in mapping_config: if ip_address(mapping_config['ip_address']) not in ip_network(subnet): @@ -226,10 +227,14 @@ def verify(dhcp): f'within shared-network "{network}, {subnet}"!') if mapping_config['ip_address'] in used_ips: - raise ConfigError(f'Configured IP address for static mapping "{mapping}" exists on another static mapping') - + raise ConfigError(f'Configured IP address for static mapping "{mapping}" already exists on another static mapping') used_ips.append(mapping_config['ip_address']) + if 'mac_address' in mapping_config: + if mapping_config['mac_address'] in used_mac: + raise ConfigError(f'Configured MAC address for static mapping "{mapping}" already exists on another static mapping') + used_mac.append(mapping_config['mac_address']) + # There must be one subnet connected to a listen interface. # This only counts if the network itself is not disabled! if 'disable' not in network_config: |