* [pve-devel] [PATCH installer 0/2] sync allowed nic-names with pve-common by using the same regex
@ 2025-11-26 18:07 Stoiko Ivanov
2025-11-26 18:07 ` [pve-devel] [PATCH installer 1/2] sys: net: use literal pve-iface regular expression for validation Stoiko Ivanov
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2025-11-26 18:07 UTC (permalink / raw)
To: pve-devel
This patchset tries to address the discrepancies between the validation
for nic-names used in our JSONSchema.pm in pve-common:
https://git.proxmox.com/?p=pve-common.git;a=blob;f=src/PVE/JSONSchema.pm;h=827889950b9165dd22e7b12e934d08fd8b21e855;hb=HEAD#l680
and here in our installer. Thx @Thomas for noticing this:
https://lore.proxmox.com/pve-devel/5482904f-efa5-40ef-b8e6-f1ba935f2431@proxmox.com/
Here I simply copied the regex from pve-common and used that for
validation.
minimally tested in a VM with (the now permitted) 'ABC' 'Nic0' and 'B_' as
nicnames.
Stoiko Ivanov (2):
sys: net: use literal pve-iface regular expression for validation
common: pinning: use pve-iface regular expression for validation
Proxmox/Sys/Net.pm | 15 ++------
proxmox-installer-common/src/options.rs | 51 +++++++++----------------
test/validate-link-pin-map.pl | 12 ++++--
3 files changed, 29 insertions(+), 49 deletions(-)
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH installer 1/2] sys: net: use literal pve-iface regular expression for validation
2025-11-26 18:07 [pve-devel] [PATCH installer 0/2] sync allowed nic-names with pve-common by using the same regex Stoiko Ivanov
@ 2025-11-26 18:07 ` Stoiko Ivanov
2025-11-26 18:07 ` [pve-devel] [PATCH installer 2/2] common: pinning: use " Stoiko Ivanov
2025-11-27 7:18 ` [pve-devel] applied: [PATCH installer 0/2] sync allowed nic-names with pve-common by using the same regex Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2025-11-26 18:07 UTC (permalink / raw)
To: pve-devel
Instead of trying to do partial checks to validate the interface name
in accordance with `pve-iface` in pve-common, just copy the regular
expression. This comes at the expense of a longer and unified
error-message for different errors, but I'd consider this acceptable.
The length of {1,20} is also copied from the pve-iface validation
regex to make this a literal copy. The kernel restricts it to 15 bytes
(16 with terminating \0) - but we check for the actual length
boundaries before anyways.
Fixes: fc9e720 ("sys: net: fix error-message for interface names first character")
Reported-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
Proxmox/Sys/Net.pm | 15 +++------------
test/validate-link-pin-map.pl | 12 ++++++++----
2 files changed, 11 insertions(+), 16 deletions(-)
diff --git a/Proxmox/Sys/Net.pm b/Proxmox/Sys/Net.pm
index 37feee1..e3b3b56 100644
--- a/Proxmox/Sys/Net.pm
+++ b/Proxmox/Sys/Net.pm
@@ -335,18 +335,9 @@ sub validate_link_pin_map : prototype($) {
. " characters\n";
}
- if ($name =~ m/^[0-9]+$/) {
- die "interface name '$name' for '$mac' is invalid: "
- . "name must not be fully numeric\n";
- }
-
- if ($name !~ m/^[a-z]/) {
- die "interface name '$name' for '$mac' is invalid: name must start with a lower-case letter\n";
- }
-
- if ($name !~ m/^[a-zA-Z_][a-zA-Z0-9_]*$/) {
- die "interface name '$name' for '$mac' is invalid: "
- . "name must only consist of alphanumeric characters and underscores\n";
+ if ($name !~ m/^[a-z][a-z0-9_]{1,20}([:\.]\d+)?$/i) {
+ die "interface name '$name' for '$mac' is invalid: name must start with a letter and "
+ . "contain only ascii characters, digits and underscores\n";
}
if ($reverse_mapping->{$name}) {
diff --git a/test/validate-link-pin-map.pl b/test/validate-link-pin-map.pl
index 3fbd0e4..2cb8a90 100755
--- a/test/validate-link-pin-map.pl
+++ b/test/validate-link-pin-map.pl
@@ -38,28 +38,32 @@ like($@, qr/12:34:56:ab:cd:ef/, "duplicate error message contains expected mac a
eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => 'nic-' }) };
is(
$@,
- "interface name 'nic-' for 'ab:cd:ef:12:34:56' is invalid: name must only consist of alphanumeric characters and underscores\n",
+ "interface name 'nic-' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter and "
+ . "contain only ascii characters, digits and underscores\n",
"name with dash is rejected",
);
eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => '0nic' }) };
is(
$@,
- "interface name '0nic' for 'ab:cd:ef:12:34:56' is invalid: name must start with a lower-case letter\n",
+ "interface name '0nic' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter and "
+ . "contain only ascii characters, digits and underscores\n",
"name starting with number is rejected",
);
eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => '_a' }) };
is(
$@,
- "interface name '_a' for 'ab:cd:ef:12:34:56' is invalid: name must start with a lower-case letter\n",
+ "interface name '_a' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter and "
+ . "contain only ascii characters, digits and underscores\n",
"name starting with underscore is rejected",
);
eval { validate_link_pin_map({ 'ab:cd:ef:12:34:56' => '12345' }) };
is(
$@,
- "interface name '12345' for 'ab:cd:ef:12:34:56' is invalid: name must not be fully numeric\n",
+ "interface name '12345' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter and "
+ . "contain only ascii characters, digits and underscores\n",
"fully numeric name is rejected",
);
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH installer 2/2] common: pinning: use pve-iface regular expression for validation
2025-11-26 18:07 [pve-devel] [PATCH installer 0/2] sync allowed nic-names with pve-common by using the same regex Stoiko Ivanov
2025-11-26 18:07 ` [pve-devel] [PATCH installer 1/2] sys: net: use literal pve-iface regular expression for validation Stoiko Ivanov
@ 2025-11-26 18:07 ` Stoiko Ivanov
2025-11-27 7:18 ` [pve-devel] applied: [PATCH installer 0/2] sync allowed nic-names with pve-common by using the same regex Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Stoiko Ivanov @ 2025-11-26 18:07 UTC (permalink / raw)
To: pve-devel
the previous attempts at mimicking the `pve-iface` validation in
pve-common mis-read the validation, or missed some corner-cases.
So instead of trying to rebuild a regex validation, simply copy the
regular expression from pve-common. Following the recommendation at
https://docs.rs/regex/latest/regex/#overview by using RegexBuilder for
case-insensitive matching.
I kept the length-check at {1,20}, to have this as close to the
original as possible, as we restrict the length to 15 in the checks
before anyways.
Fixes: 47700a5 ("common: pinning: require first character to be lower-case ascii")
Reported-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
proxmox-installer-common/src/options.rs | 51 +++++++++----------------
1 file changed, 18 insertions(+), 33 deletions(-)
diff --git a/proxmox-installer-common/src/options.rs b/proxmox-installer-common/src/options.rs
index 34d0725..fbc0207 100644
--- a/proxmox-installer-common/src/options.rs
+++ b/proxmox-installer-common/src/options.rs
@@ -1,5 +1,5 @@
use anyhow::{Result, bail};
-use regex::Regex;
+use regex::{Regex, RegexBuilder};
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use std::net::{IpAddr, Ipv4Addr};
@@ -517,25 +517,18 @@ impl NetworkInterfacePinningOptions {
);
}
- if name.chars().all(char::is_numeric) {
- bail!(
- "interface name '{name}' for '{mac}' is invalid: name must not be fully numeric"
- );
- }
-
// Mimicking the `pve-iface` schema verification
- if !name.starts_with(|c: char| c.is_ascii_lowercase()) {
- bail!(
- "interface name '{name}' for '{mac}' is invalid: name must start with a lowercase letter"
- );
- }
-
- if !name
- .chars()
- .all(|c| c.is_ascii_lowercase() || c.is_ascii_digit() || c == '_')
- {
+ static RE: OnceLock<Regex> = OnceLock::new();
+ let re = RE.get_or_init(|| {
+ RegexBuilder::new(r"^[a-z][a-z0-9_]{1,20}([:\.]\d+)?$")
+ .case_insensitive(true)
+ .build()
+ .unwrap()
+ });
+
+ if !re.is_match(name) {
bail!(
- "interface name '{name}' for '{mac}' is invalid: name must only consist of alphanumeric lowercase characters and underscores"
+ "interface name '{name}' for '{mac}' is invalid: name must start with a letter and contain only ascii characters, digits and underscores"
);
}
@@ -1022,7 +1015,7 @@ mod tests {
assert!(res.is_err());
assert_eq!(
res.unwrap_err().to_string(),
- "interface name 'nic-' for 'ab:cd:ef:12:34:56' is invalid: name must only consist of alphanumeric lowercase characters and underscores"
+ "interface name 'nic-' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter and contain only ascii characters, digits and underscores"
)
}
@@ -1037,7 +1030,7 @@ mod tests {
assert!(res.is_err());
assert_eq!(
res.unwrap_err().to_string(),
- "interface name '0nic' for 'ab:cd:ef:12:34:56' is invalid: name must start with a lowercase letter"
+ "interface name '0nic' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter and contain only ascii characters, digits and underscores"
);
options
@@ -1048,34 +1041,26 @@ mod tests {
assert!(res.is_err());
assert_eq!(
res.unwrap_err().to_string(),
- "interface name '_a' for 'ab:cd:ef:12:34:56' is invalid: name must start with a lowercase letter"
+ "interface name '_a' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter and contain only ascii characters, digits and underscores"
);
}
#[test]
- fn network_interface_pinning_options_fail_on_uppercase_char() {
+ fn network_interface_pinning_options_pass_on_uppercase_char() {
let mut options = NetworkInterfacePinningOptions::default();
options
.mapping
.insert("ab:cd:ef:12:34:56".to_owned(), "Nic0".to_owned());
let res = options.verify();
- assert!(res.is_err());
- assert_eq!(
- res.unwrap_err().to_string(),
- "interface name 'Nic0' for 'ab:cd:ef:12:34:56' is invalid: name must start with a lowercase letter"
- );
+ assert!(res.is_ok());
options
.mapping
.insert("ab:cd:ef:12:34:56".to_owned(), "nIc0".to_owned());
let res = options.verify();
- assert!(res.is_err());
- assert_eq!(
- res.unwrap_err().to_string(),
- "interface name 'nIc0' for 'ab:cd:ef:12:34:56' is invalid: name must only consist of alphanumeric lowercase characters and underscores"
- );
+ assert!(res.is_ok());
options
.mapping
@@ -1096,7 +1081,7 @@ mod tests {
assert!(res.is_err());
assert_eq!(
res.unwrap_err().to_string(),
- "interface name '12345' for 'ab:cd:ef:12:34:56' is invalid: name must not be fully numeric"
+ "interface name '12345' for 'ab:cd:ef:12:34:56' is invalid: name must start with a letter and contain only ascii characters, digits and underscores"
)
}
}
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] applied: [PATCH installer 0/2] sync allowed nic-names with pve-common by using the same regex
2025-11-26 18:07 [pve-devel] [PATCH installer 0/2] sync allowed nic-names with pve-common by using the same regex Stoiko Ivanov
2025-11-26 18:07 ` [pve-devel] [PATCH installer 1/2] sys: net: use literal pve-iface regular expression for validation Stoiko Ivanov
2025-11-26 18:07 ` [pve-devel] [PATCH installer 2/2] common: pinning: use " Stoiko Ivanov
@ 2025-11-27 7:18 ` Thomas Lamprecht
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2025-11-27 7:18 UTC (permalink / raw)
To: pve-devel, Stoiko Ivanov
On Wed, 26 Nov 2025 19:07:14 +0100, Stoiko Ivanov wrote:
> This patchset tries to address the discrepancies between the validation
> for nic-names used in our JSONSchema.pm in pve-common:
> https://git.proxmox.com/?p=pve-common.git;a=blob;f=src/PVE/JSONSchema.pm;h=827889950b9165dd22e7b12e934d08fd8b21e855;hb=HEAD#l680
> and here in our installer. Thx @Thomas for noticing this:
> https://lore.proxmox.com/pve-devel/5482904f-efa5-40ef-b8e6-f1ba935f2431@proxmox.com/
>
> Here I simply copied the regex from pve-common and used that for
> validation.
>
> [...]
Applied, thanks!
[1/2] sys: net: use literal pve-iface regular expression for validation
commit: 854eef5f55152618dd86be61bb2bc4afdbd93477
[2/2] common: pinning: use pve-iface regular expression for validation
commit: 035594b94f947e3c2c336ab562174886d002b400
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-11-27 7:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-11-26 18:07 [pve-devel] [PATCH installer 0/2] sync allowed nic-names with pve-common by using the same regex Stoiko Ivanov
2025-11-26 18:07 ` [pve-devel] [PATCH installer 1/2] sys: net: use literal pve-iface regular expression for validation Stoiko Ivanov
2025-11-26 18:07 ` [pve-devel] [PATCH installer 2/2] common: pinning: use " Stoiko Ivanov
2025-11-27 7:18 ` [pve-devel] applied: [PATCH installer 0/2] sync allowed nic-names with pve-common by using the same regex Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.