* [pmg-devel] [PATCH pmg-api] fix #4410: Remove non-null host-bits from CIDR when reading `mynetworks`
@ 2022-12-22 10:19 Christoph Heiss
2022-12-22 15:25 ` Stoiko Ivanov
0 siblings, 1 reply; 3+ messages in thread
From: Christoph Heiss @ 2022-12-22 10:19 UTC (permalink / raw)
To: pmg-devel
This will simply drop non-null host bits when reading the config file,
thus preserving backwards-compatibility.
When creating new entries, invalid CIDRs are now rejected to prevent
creation of such entries in the future.
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
src/PMG/API2/MyNetworks.pm | 4 ++++
src/PMG/Config.pm | 21 +++++++++++----------
2 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/src/PMG/API2/MyNetworks.pm b/src/PMG/API2/MyNetworks.pm
index 975ca2e..aff4041 100644
--- a/src/PMG/API2/MyNetworks.pm
+++ b/src/PMG/API2/MyNetworks.pm
@@ -3,6 +3,7 @@ package PMG::API2::MyNetworks;
use strict;
use warnings;
use Data::Dumper;
+use Net::IP;
use PVE::SafeSyslog;
use PVE::Tools qw(extract_param);
@@ -83,6 +84,9 @@ __PACKAGE__->register_method ({
die "trusted network '$param->{cidr}' already exists\n"
if $mynetworks->{$param->{cidr}};
+ die "invalid network adress '$param->{cidr}', host-bits must be null\n"
+ if !Net::IP::ip_normalize($param->{cidr});
+
$mynetworks->{$param->{cidr}} = {
comment => $param->{comment} // '',
};
diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 9ba5c76..f03f102 100755
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -730,6 +730,7 @@ use PVE::SafeSyslog;
use PVE::Tools qw($IPV4RE $IPV6RE);
use PVE::INotify;
use PVE::JSONSchema;
+use PVE::Network;
use PMG::Cluster;
use PMG::Utils;
@@ -1008,13 +1009,13 @@ sub read_pmg_mynetworks {
while (defined(my $line = <$fh>)) {
chomp $line;
next if $line =~ m/^\s*$/;
- if ($line =~ m!^((?:$IPV4RE|$IPV6RE))/(\d+)\s*(?:#(.*)\s*)?$!) {
- my ($network, $prefix_size, $comment) = ($1, $2, $3);
- my $cidr = "$network/${prefix_size}";
- $mynetworks->{$cidr} = {
- cidr => $cidr,
- network_address => $network,
- prefix_size => $prefix_size,
+ if ($line =~ m!^((?:$IPV4RE|$IPV6RE)/\d+)\s*(?:#(.*)\s*)?$!) {
+ my ($cidr, $comment) = ($1, $2);
+ my $ip = PVE::Network::IP_from_cidr($cidr);
+ $mynetworks->{$ip->prefix()} = {
+ cidr => $ip->prefix(),
+ network_address => $ip->ip(),
+ prefix_size => $ip->prefixlen(),
comment => $comment // '',
};
} else {
@@ -1336,11 +1337,11 @@ sub get_template_vars {
}
my $netlist = PVE::INotify::read_file('mynetworks');
- foreach my $cidr (keys %$netlist) {
- if ($cidr =~ m/^($IPV6RE)\/(\d+)$/) {
+ foreach my $ip (values %$netlist) {
+ if ($ip->{cidr} =~ m/^($IPV6RE)\/(\d+)$/) {
$mynetworks->{"[$1]/$2"} = 1;
} else {
- $mynetworks->{$cidr} = 1;
+ $mynetworks->{$ip->{cidr}} = 1;
}
}
--
2.30.2
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [pmg-devel] [PATCH pmg-api] fix #4410: Remove non-null host-bits from CIDR when reading `mynetworks`
2022-12-22 10:19 [pmg-devel] [PATCH pmg-api] fix #4410: Remove non-null host-bits from CIDR when reading `mynetworks` Christoph Heiss
@ 2022-12-22 15:25 ` Stoiko Ivanov
2022-12-27 9:27 ` Christoph Heiss
0 siblings, 1 reply; 3+ messages in thread
From: Stoiko Ivanov @ 2022-12-22 15:25 UTC (permalink / raw)
To: Christoph Heiss; +Cc: pmg-devel
Huge thanks for addressing this!
I like the approach in general - two comments inline:
On Thu, 22 Dec 2022 11:19:40 +0100
Christoph Heiss <c.heiss@proxmox.com> wrote:
> This will simply drop non-null host bits when reading the config file,
> thus preserving backwards-compatibility.
> When creating new entries, invalid CIDRs are now rejected to prevent
> creation of such entries in the future.
>
> Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
> ---
> src/PMG/API2/MyNetworks.pm | 4 ++++
> src/PMG/Config.pm | 21 +++++++++++----------
> 2 files changed, 15 insertions(+), 10 deletions(-)
>
> diff --git a/src/PMG/API2/MyNetworks.pm b/src/PMG/API2/MyNetworks.pm
> index 975ca2e..aff4041 100644
> --- a/src/PMG/API2/MyNetworks.pm
> +++ b/src/PMG/API2/MyNetworks.pm
> @@ -3,6 +3,7 @@ package PMG::API2::MyNetworks;
> use strict;
> use warnings;
> use Data::Dumper;
> +use Net::IP;
>
> use PVE::SafeSyslog;
> use PVE::Tools qw(extract_param);
> @@ -83,6 +84,9 @@ __PACKAGE__->register_method ({
> die "trusted network '$param->{cidr}' already exists\n"
> if $mynetworks->{$param->{cidr}};
>
> + die "invalid network adress '$param->{cidr}', host-bits must be null\n"
> + if !Net::IP::ip_normalize($param->{cidr});
> +
> $mynetworks->{$param->{cidr}} = {
> comment => $param->{comment} // '',
> };
> diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
> index 9ba5c76..f03f102 100755
> --- a/src/PMG/Config.pm
> +++ b/src/PMG/Config.pm
> @@ -730,6 +730,7 @@ use PVE::SafeSyslog;
> use PVE::Tools qw($IPV4RE $IPV6RE);
> use PVE::INotify;
> use PVE::JSONSchema;
> +use PVE::Network;
>
> use PMG::Cluster;
> use PMG::Utils;
> @@ -1008,13 +1009,13 @@ sub read_pmg_mynetworks {
> while (defined(my $line = <$fh>)) {
> chomp $line;
> next if $line =~ m/^\s*$/;
> - if ($line =~ m!^((?:$IPV4RE|$IPV6RE))/(\d+)\s*(?:#(.*)\s*)?$!) {
> - my ($network, $prefix_size, $comment) = ($1, $2, $3);
> - my $cidr = "$network/${prefix_size}";
> - $mynetworks->{$cidr} = {
> - cidr => $cidr,
> - network_address => $network,
> - prefix_size => $prefix_size,
> + if ($line =~ m!^((?:$IPV4RE|$IPV6RE)/\d+)\s*(?:#(.*)\s*)?$!) {
> + my ($cidr, $comment) = ($1, $2);
> + my $ip = PVE::Network::IP_from_cidr($cidr);
this call expands the prefix to full-length - which I wouldn't have
noticed for ipv4 - but is quite visible with ipv6:
entering `2001:db8::/32` results in
`2001:0db8:0000:0000:0000:0000:0000:0000/32`
IIUC - Net::IP::ip_compress_prefix($ip->prefix(), $ip->version()) might
be an approach - but even that adds the last quad of zeros...
If at all possible it would be great to keep the data as the user entered it.
(In this case - in all situations where it's actually a valid prefix w/o
host-bits set)
> + $mynetworks->{$ip->prefix()} = {
> + cidr => $ip->prefix(),
> + network_address => $ip->ip(),
> + prefix_size => $ip->prefixlen(),
> comment => $comment // '',
> };
> } else {
> @@ -1336,11 +1337,11 @@ sub get_template_vars {
> }
>
> my $netlist = PVE::INotify::read_file('mynetworks');
> - foreach my $cidr (keys %$netlist) {
> - if ($cidr =~ m/^($IPV6RE)\/(\d+)$/) {
> + foreach my $ip (values %$netlist) {
why switch here to iterating over the values - and then accessing the cidr
field twice, if it's by construction above the same as the key?
> + if ($ip->{cidr} =~ m/^($IPV6RE)\/(\d+)$/) {
> $mynetworks->{"[$1]/$2"} = 1;
> } else {
> - $mynetworks->{$cidr} = 1;
> + $mynetworks->{$ip->{cidr}} = 1;
> }
> }
>
> --
> 2.30.2
>
>
>
> _______________________________________________
> pmg-devel mailing list
> pmg-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [pmg-devel] [PATCH pmg-api] fix #4410: Remove non-null host-bits from CIDR when reading `mynetworks`
2022-12-22 15:25 ` Stoiko Ivanov
@ 2022-12-27 9:27 ` Christoph Heiss
0 siblings, 0 replies; 3+ messages in thread
From: Christoph Heiss @ 2022-12-27 9:27 UTC (permalink / raw)
To: Stoiko Ivanov; +Cc: pmg-devel
On 12/22/22 16:25, Stoiko Ivanov wrote:
> Huge thanks for addressing this!
It was a nice opportunity to get into Perl and PMG too :^)
>
> I like the approach in general - two comments inline:
>
> On Thu, 22 Dec 2022 11:19:40 +0100
> Christoph Heiss <c.heiss@proxmox.com> wrote:
>
[..]
>> @@ -1008,13 +1009,13 @@ sub read_pmg_mynetworks {
>> while (defined(my $line = <$fh>)) {
>> chomp $line;
>> next if $line =~ m/^\s*$/;
>> - if ($line =~ m!^((?:$IPV4RE|$IPV6RE))/(\d+)\s*(?:#(.*)\s*)?$!) {
>> - my ($network, $prefix_size, $comment) = ($1, $2, $3);
>> - my $cidr = "$network/${prefix_size}";
>> - $mynetworks->{$cidr} = {
>> - cidr => $cidr,
>> - network_address => $network,
>> - prefix_size => $prefix_size,
>> + if ($line =~ m!^((?:$IPV4RE|$IPV6RE)/\d+)\s*(?:#(.*)\s*)?$!) {
>> + my ($cidr, $comment) = ($1, $2);
>> + my $ip = PVE::Network::IP_from_cidr($cidr);
> this call expands the prefix to full-length - which I wouldn't have
> noticed for ipv4 - but is quite visible with ipv6:
> entering `2001:db8::/32` results in
> `2001:0db8:0000:0000:0000:0000:0000:0000/32`
> IIUC - Net::IP::ip_compress_prefix($ip->prefix(), $ip->version()) might
> be an approach - but even that adds the last quad of zeros...
>
> If at all possible it would be great to keep the data as the user entered it.
> (In this case - in all situations where it's actually a valid prefix w/o
> host-bits set)
Ack, I didn't really test it all that extensively with IPv6. I'll look
into it again and send a v2.
>
>
>
>> + $mynetworks->{$ip->prefix()} = {
>> + cidr => $ip->prefix(),
>> + network_address => $ip->ip(),
>> + prefix_size => $ip->prefixlen(),
>> comment => $comment // '',
>> };
>> } else {
>> @@ -1336,11 +1337,11 @@ sub get_template_vars {
>> }
>>
>> my $netlist = PVE::INotify::read_file('mynetworks');
>> - foreach my $cidr (keys %$netlist) {
>> - if ($cidr =~ m/^($IPV6RE)\/(\d+)$/) {
>> + foreach my $ip (values %$netlist) {
> why switch here to iterating over the values - and then accessing the cidr
> field twice, if it's by construction above the same as the key?
This was a left-over from when working on the code. I'll remove it.
>
>> + if ($ip->{cidr} =~ m/^($IPV6RE)\/(\d+)$/) {
>> $mynetworks->{"[$1]/$2"} = 1;
>> } else {
>> - $mynetworks->{$cidr} = 1;
>> + $mynetworks->{$ip->{cidr}} = 1;
>> }
>> }
>>
>> --
>> 2.30.2
>>
>>
>>
>> _______________________________________________
>> pmg-devel mailing list
>> pmg-devel@lists.proxmox.com
>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
>>
>>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-12-27 9:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-22 10:19 [pmg-devel] [PATCH pmg-api] fix #4410: Remove non-null host-bits from CIDR when reading `mynetworks` Christoph Heiss
2022-12-22 15:25 ` Stoiko Ivanov
2022-12-27 9:27 ` Christoph Heiss
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.