summaryrefslogtreecommitdiff
path: root/src/conf_mode/service_dhcpv6-server.py
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-05-26 14:01:52 +0200
committerGitHub <noreply@github.com>2024-05-26 14:01:52 +0200
commit4a9befb92550ae9abd5cf687208fdb09838ccc9d (patch)
treecd4c9f5546473a6868ecffa8fbee57606381c602 /src/conf_mode/service_dhcpv6-server.py
parent9301c507f91ea40fc0d4d86cf708a7ba6d3b0bb9 (diff)
parentccd564c2328a086b326957fdde8b07ca560bd6b2 (diff)
downloadvyos-1x-4a9befb92550ae9abd5cf687208fdb09838ccc9d.tar.gz
vyos-1x-4a9befb92550ae9abd5cf687208fdb09838ccc9d.zip
Merge pull request #3519 from c-po/dhcpv6-T3493
T3493: dhcpv6-server does not have prefix range validation
Diffstat (limited to 'src/conf_mode/service_dhcpv6-server.py')
-rwxr-xr-xsrc/conf_mode/service_dhcpv6-server.py33
1 files changed, 11 insertions, 22 deletions
diff --git a/src/conf_mode/service_dhcpv6-server.py b/src/conf_mode/service_dhcpv6-server.py
index 36b2d8b08..25f19285c 100755
--- a/src/conf_mode/service_dhcpv6-server.py
+++ b/src/conf_mode/service_dhcpv6-server.py
@@ -105,40 +105,29 @@ def verify(dhcpv6):
if 'prefix' in subnet_config:
for prefix in subnet_config['prefix']:
if ip_network(prefix) not in ip_network(subnet):
- raise ConfigError(f'address-range prefix "{prefix}" is not in subnet "{subnet}""')
+ raise ConfigError(f'address-range prefix "{prefix}" is not in subnet "{subnet}"!')
# Prefix delegation sanity checks
if 'prefix_delegation' in subnet_config:
if 'start' not in subnet_config['prefix_delegation']:
- raise ConfigError('prefix-delegation start address not defined!')
+ raise ConfigError(f'Start address of delegated IPv6 prefix range "{prefix}" '\
+ f'must be configured!')
for prefix, prefix_config in subnet_config['prefix_delegation']['start'].items():
- prefix_start_addr = prefix
-
- # Prefix start address must be inside network
- if not ip_address(prefix_start_addr) in ip_network(subnet):
- raise ConfigError(f'Prefix delegation start address '\
- f'"{prefix_start_addr}" is not in '\
- f'subnet "{subnet}"')
-
if 'stop' not in prefix_config:
- raise ConfigError(f'Stop address of delegated IPv6 '\
- f'prefix range "{prefix}" '\
- f'must be configured')
+ raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\
+ f'must be configured!')
- if 'stop' in prefix_config:
- prefix_stop_addr = prefix_config['stop']
+ start_addr = prefix
+ stop_addr = prefix_config['stop']
- # Prefix stop address must be inside network
- if not (ip_address(prefix_stop_addr) in
- ip_network(subnet)):
- raise ConfigError(f'Prefix delegation stop '\
- f'address "{prefix_stop_addr}" '\
- f'is not in subnet "{subnet}"')
+ if ip_address(stop_addr) <= ip_address(start_addr):
+ raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\
+ f'must be greater than start address!')
if 'prefix_length' not in prefix_config:
raise ConfigError(f'Length of delegated IPv6 prefix '\
- f'must be configured')
+ f'must be configured!')
# Static mappings don't require anything (but check if IP is in subnet if it's set)
if 'static_mapping' in subnet_config: