[PATCH manager/network v2 0/4] Extend prefix-list CIDR range

[PATCH manager/network v2 0/4] Extend prefix-list CIDR range

[Gabriel Goller]

This is a follow-up on the route-maps and prefix-list series by Stefan.
The goal is to extend the CIDR range on the prefix-list, making it possible to
allow prefixes such as 0.0.0.0/0, which is a classic "allow-all".

The current IP64CIDRAddress(ui)/CIDR(api) format only allows a minimum of /8 CIDR. In order
to keep it backwards compatible and avoid accidentally breaking migration or
replication, create a new format.

Changelog:
v2 (thanks @thomas):
 * move formats from pve-common to pve-network and proxmox-widget-toolkit to
   pve-manager


pve-network:

Gabriel Goller (2):
  sdn: prefix-list: allow full prefix CIDR range
  sdn: add full-range CIDR JSON schema formats

 src/PVE/Network/SDN/PrefixLists.pm | 42 +++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)


pve-manager:

Gabriel Goller (2):
  sdn: prefix-lists: change prefix format to allow bigger subnets
  toolkit: Add IP/CIDR validator with full prefix range checks

 www/manager6/Toolkit.js             | 16 ++++++++++++++++
 www/manager6/sdn/PrefixListPanel.js |  2 +-
 2 files changed, 17 insertions(+), 1 deletion(-)


Summary over all repositories:
  3 files changed, 58 insertions(+), 2 deletions(-)

-- 
Generated by murpp 0.11.0

[PATCH pve-network v2 1/4] sdn: prefix-list: allow full prefix CIDR range

[Gabriel Goller]

Allow the full CIDR range in the prefix-list prefix. This allows us to
use prefixes such as 0.0.0.0/0.

Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
 src/PVE/Network/SDN/PrefixLists.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PVE/Network/SDN/PrefixLists.pm b/src/PVE/Network/SDN/PrefixLists.pm
index 2dd7909007bb..19d752d245f0 100644
--- a/src/PVE/Network/SDN/PrefixLists.pm
+++ b/src/PVE/Network/SDN/PrefixLists.pm
@@ -116,7 +116,7 @@ sub prefix_list_entry_properties {
         },
         prefix => {
             type => 'string',
-            format => 'CIDR',
+            format => 'FullRangeCIDR',
             optional => $update,
         },
         le => {
-- 
2.47.3

[PATCH pve-network v2 2/4] sdn: add full-range CIDR JSON schema formats

[Gabriel Goller]

Add IPv4, IPv6, and generic CIDR validators that allow the full
prefix range, including /0. Don't change the existing CIDR validators.

Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
 src/PVE/Network/SDN/PrefixLists.pm | 40 ++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/src/PVE/Network/SDN/PrefixLists.pm b/src/PVE/Network/SDN/PrefixLists.pm
index 19d752d245f0..9bb7174878f7 100644
--- a/src/PVE/Network/SDN/PrefixLists.pm
+++ b/src/PVE/Network/SDN/PrefixLists.pm
@@ -5,6 +5,7 @@ use warnings;
 
 use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_lock_file cfs_write_file);
 use PVE::JSONSchema qw(get_standard_option);
+use PVE::Tools;
 use PVE::INotify;
 use PVE::Network::SDN;
 use PVE::Network::SDN::RouteMaps;
@@ -39,6 +40,45 @@ PVE::JSONSchema::register_standard_option(
     },
 );
 
+PVE::JSONSchema::register_format('FullRangeCIDRv6', \&pve_verify_fullrangecidrv6);
+
+sub pve_verify_fullrangecidrv6 {
+    my ($cidr, $noerr) = @_;
+
+    if ($cidr =~ m!^(?:$PVE::Tools::IPV6RE)(?:/(\d+))$! && ($1 >= 0) && ($1 <= 128)) {
+        return $cidr;
+    }
+
+    return undef if $noerr;
+    die "value does not look like a valid IPv6 CIDR network\n";
+}
+
+PVE::JSONSchema::register_format('FullRangeCIDRv4', \&pve_verify_fullrangecidrv4);
+
+sub pve_verify_fullrangecidrv4 {
+    my ($cidr, $noerr) = @_;
+
+    if ($cidr =~ m!^(?:$PVE::Tools::IPV4RE)(?:/(\d+))$! && ($1 >= 0) && ($1 <= 32)) {
+        return $cidr;
+    }
+
+    return undef if $noerr;
+    die "value does not look like a valid IPv4 CIDR network\n";
+}
+
+PVE::JSONSchema::register_format('FullRangeCIDR', \&pve_verify_fullrangecidr);
+
+sub pve_verify_fullrangecidr {
+    my ($cidr, $noerr) = @_;
+
+    if (!(pve_verify_fullrangecidrv4($cidr, 1) || pve_verify_fullrangecidrv6($cidr, 1))) {
+        return undef if $noerr;
+        die "value does not look like a valid CIDR network\n";
+    }
+
+    return $cidr;
+}
+
 cfs_register_file(
     'sdn/prefix-lists.cfg', \&parse_prefix_lists_config, \&write_prefix_lists_config,
 );
-- 
2.47.3

[PATCH pve-manager v2 3/4] sdn: prefix-lists: change prefix format to allow bigger subnets

[Gabriel Goller]

Change the format on the prefix-list prefix input field. This allows us
to use bigger CIDRs such as /0.

Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
 www/manager6/sdn/PrefixListPanel.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/manager6/sdn/PrefixListPanel.js b/www/manager6/sdn/PrefixListPanel.js
index 451ff9646e0e..5b5c69c9a5f3 100644
--- a/www/manager6/sdn/PrefixListPanel.js
+++ b/www/manager6/sdn/PrefixListPanel.js
@@ -77,7 +77,7 @@ Ext.define('PVE.sdn.EditPrefixListEntryWindow', {
             xtype: 'proxmoxtextfield',
             fieldLabel: gettext('Prefix'),
             name: 'prefix',
-            vtype: 'IP64CIDRAddress',
+            vtype: 'IP64FullRangeCIDRAddress',
             allowBlank: false,
         },
         {
-- 
2.47.3

[PATCH pve-manager v2 4/4] toolkit: Add IP/CIDR validator with full prefix range checks

[Gabriel Goller]

Introduce an IP64FullRangeCIDRAddress validator that accepts IPv4 and
IPv6 CIDR addresses with the full prefix range of 0-32 and 0-128. This
is useful when e.g. selecting a prefix on the route-map, where 0.0.0.0/0
is a valid prefix (allow-all).
Place it here instead of in proxmox-widget-toolkit, because its
probably not gonna be used anywhere else for now. To preserve backwards
compatibility and not break anything, keep the old IP64CIDRAddress (with
cidr ranges 8-32, 8-128) around (in proxmox-widget-toolkit).

Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
 www/manager6/Toolkit.js | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/www/manager6/Toolkit.js b/www/manager6/Toolkit.js
index ac73f8a7b526..e345b0a8ad07 100644
--- a/www/manager6/Toolkit.js
+++ b/www/manager6/Toolkit.js
@@ -14,6 +14,22 @@ Ext.apply(Ext.form.field.VTypes, {
     IP64AddressListMask: /[A-Fa-f0-9,:.; ]/,
     PciIdText: gettext('Example') + ': 0x8086',
     PciId: (v) => /^0x[0-9a-fA-F]{4}$/.test(v),
+
+    IP64FullRangeCIDRAddress: function (v) {
+        let result = Proxmox.Utils.IP64_cidr_match.exec(v);
+        if (result === null) {
+            return false;
+        }
+        if (result[1] !== undefined) {
+            return result[1] >= 0 && result[1] <= 128;
+        } else if (result[2] !== undefined) {
+            return result[2] >= 0 && result[2] <= 32;
+        } else {
+            return false;
+        }
+    },
+    IP64FullRangeCIDRAddressText: gettext('Example') + ': 192.168.1.1/24 2001:DB8::42/64',
+    IP64FullRangeCIDRAddressMask: /[A-Fa-f0-9.:/]/,
 });
 
 Ext.define('PVE.form.field.Display', {
-- 
2.47.3

applied: [PATCH manager/network v2 0/4] Extend prefix-list CIDR range

[Thomas Lamprecht]

On Wed, 13 May 2026 10:34:19 +0200, Gabriel Goller wrote:
> This is a follow-up on the route-maps and prefix-list series by Stefan.
> The goal is to extend the CIDR range on the prefix-list, making it possible to
> allow prefixes such as 0.0.0.0/0, which is a classic "allow-all".
> 
> The current IP64CIDRAddress(ui)/CIDR(api) format only allows a minimum of /8 CIDR. In order
> to keep it backwards compatible and avoid accidentally breaking migration or
> replication, create a new format.
> 
> [...]

Applied, thanks!

[1/2] sdn: prefix-list: allow full prefix CIDR range
      commit: 15e78164ef6b6256ed64885817d2582d93610742
[2/2] sdn: add full-range CIDR JSON schema formats
      commit: 24b625249a25a944efbe21509b35e8a7545a54bd