diff options
author | Christian Breunig <christian@breunig.cc> | 2024-05-26 14:01:52 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-26 14:01:52 +0200 |
commit | 4a9befb92550ae9abd5cf687208fdb09838ccc9d (patch) | |
tree | cd4c9f5546473a6868ecffa8fbee57606381c602 /src/conf_mode | |
parent | 9301c507f91ea40fc0d4d86cf708a7ba6d3b0bb9 (diff) | |
parent | ccd564c2328a086b326957fdde8b07ca560bd6b2 (diff) | |
download | vyos-1x-4a9befb92550ae9abd5cf687208fdb09838ccc9d.tar.gz vyos-1x-4a9befb92550ae9abd5cf687208fdb09838ccc9d.zip |
Merge pull request #3519 from c-po/dhcpv6-T3493
T3493: dhcpv6-server does not have prefix range validation
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/service_dhcpv6-server.py | 33 |
1 files changed, 11 insertions, 22 deletions
diff --git a/src/conf_mode/service_dhcpv6-server.py b/src/conf_mode/service_dhcpv6-server.py index 36b2d8b08..25f19285c 100755 --- a/src/conf_mode/service_dhcpv6-server.py +++ b/src/conf_mode/service_dhcpv6-server.py @@ -105,40 +105,29 @@ def verify(dhcpv6): if 'prefix' in subnet_config: for prefix in subnet_config['prefix']: if ip_network(prefix) not in ip_network(subnet): - raise ConfigError(f'address-range prefix "{prefix}" is not in subnet "{subnet}""') + raise ConfigError(f'address-range prefix "{prefix}" is not in subnet "{subnet}"!') # Prefix delegation sanity checks if 'prefix_delegation' in subnet_config: if 'start' not in subnet_config['prefix_delegation']: - raise ConfigError('prefix-delegation start address not defined!') + raise ConfigError(f'Start address of delegated IPv6 prefix range "{prefix}" '\ + f'must be configured!') for prefix, prefix_config in subnet_config['prefix_delegation']['start'].items(): - prefix_start_addr = prefix - - # Prefix start address must be inside network - if not ip_address(prefix_start_addr) in ip_network(subnet): - raise ConfigError(f'Prefix delegation start address '\ - f'"{prefix_start_addr}" is not in '\ - f'subnet "{subnet}"') - if 'stop' not in prefix_config: - raise ConfigError(f'Stop address of delegated IPv6 '\ - f'prefix range "{prefix}" '\ - f'must be configured') + raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\ + f'must be configured!') - if 'stop' in prefix_config: - prefix_stop_addr = prefix_config['stop'] + start_addr = prefix + stop_addr = prefix_config['stop'] - # Prefix stop address must be inside network - if not (ip_address(prefix_stop_addr) in - ip_network(subnet)): - raise ConfigError(f'Prefix delegation stop '\ - f'address "{prefix_stop_addr}" '\ - f'is not in subnet "{subnet}"') + if ip_address(stop_addr) <= ip_address(start_addr): + raise ConfigError(f'Stop address of delegated IPv6 prefix range "{prefix}" '\ + f'must be greater than start address!') if 'prefix_length' not in prefix_config: raise ConfigError(f'Length of delegated IPv6 prefix '\ - f'must be configured') + f'must be configured!') # Static mappings don't require anything (but check if IP is in subnet if it's set) if 'static_mapping' in subnet_config: |