* [pbs-devel] [PATCH pve-network] sdn: validate dhcp-range in API
@ 2023-11-22 13:00 Stefan Lendl
2023-11-22 13:07 ` Gabriel Goller
2023-11-22 13:39 ` [pbs-devel] applied: " Thomas Lamprecht
0 siblings, 2 replies; 6+ messages in thread
From: Stefan Lendl @ 2023-11-22 13:00 UTC (permalink / raw)
To: pbs-devel
* start- and end-addresses must be valid IPs
* must both be in the subnet's CIDR
* and start needs to smaller (or equal) to end
Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
---
src/PVE/Network/SDN/SubnetPlugin.pm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/src/PVE/Network/SDN/SubnetPlugin.pm b/src/PVE/Network/SDN/SubnetPlugin.pm
index 37b6b2b..049f7e1 100644
--- a/src/PVE/Network/SDN/SubnetPlugin.pm
+++ b/src/PVE/Network/SDN/SubnetPlugin.pm
@@ -74,6 +74,33 @@ my $dhcp_range_fmt = {
PVE::JSONSchema::register_format('pve-sdn-dhcp-range', $dhcp_range_fmt);
+sub validate_dhcp_ranges {
+ my ($subnet) = @_;
+
+ my $cidr = $subnet->{cidr};
+ my $subnet_matcher = subnet_matcher($cidr);
+
+ my $dhcp_ranges = PVE::Network::SDN::Subnets::get_dhcp_ranges($subnet);
+
+ foreach my $dhcp_range (@$dhcp_ranges) {
+ my $dhcp_start = $dhcp_range->{'start-address'};
+ my $dhcp_end = $dhcp_range->{'end-address'};
+
+ my $start_ip = new Net::IP($dhcp_start);
+ raise_param_exc({ 'dhcp-range' => "start-adress is not a valid IP $dhcp_start" }) if !$start_ip;
+
+ my $end_ip = new Net::IP($dhcp_end);
+ raise_param_exc({ 'dhcp-range' => "end-adress is not a valid IP $dhcp_end" }) if !$end_ip;
+
+ if (Net::IP::ip_bincomp($end_ip->binip(), 'lt', $start_ip->binip()) == 1) {
+ raise_param_exc({ 'dhcp-range' => "start-address $dhcp_start must be smaller than end-address $dhcp_end" })
+ }
+
+ raise_param_exc({ 'dhcp-range' => "start-address $dhcp_start is not in subnet $cidr" }) if !$subnet_matcher->($dhcp_start);
+ raise_param_exc({ 'dhcp-range' => "end-address $dhcp_end is not in subnet $cidr" }) if !$subnet_matcher->($dhcp_end);
+ }
+}
+
sub properties {
return {
vnet => {
@@ -156,6 +183,7 @@ sub on_update_hook {
#for /32 pointopoint, we allow gateway outside the subnet
raise_param_exc({ gateway => "$gateway is not in subnet $cidr"}) if $gateway && !$subnet_matcher->($gateway) && !$pointopoint;
+ validate_dhcp_ranges($subnet);
if ($ipam) {
PVE::Network::SDN::Subnets::add_subnet($zone, $subnetid, $subnet);
--
2.42.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [pbs-devel] [PATCH pve-network] sdn: validate dhcp-range in API
2023-11-22 13:00 [pbs-devel] [PATCH pve-network] sdn: validate dhcp-range in API Stefan Lendl
@ 2023-11-22 13:07 ` Gabriel Goller
2023-11-22 13:39 ` [pbs-devel] applied: " Thomas Lamprecht
1 sibling, 0 replies; 6+ messages in thread
From: Gabriel Goller @ 2023-11-22 13:07 UTC (permalink / raw)
To: Proxmox Backup Server development discussion, Stefan Lendl
wrong mailing list :)
On 11/22/23 14:00, Stefan Lendl wrote:
> * start- and end-addresses must be valid IPs
> * must both be in the subnet's CIDR
> * and start needs to smaller (or equal) to end
>
> Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
> ---
> src/PVE/Network/SDN/SubnetPlugin.pm | 28 ++++++++++++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
> diff --git a/src/PVE/Network/SDN/SubnetPlugin.pm b/src/PVE/Network/SDN/SubnetPlugin.pm
> index 37b6b2b..049f7e1 100644
> --- a/src/PVE/Network/SDN/SubnetPlugin.pm
> +++ b/src/PVE/Network/SDN/SubnetPlugin.pm
> @@ -74,6 +74,33 @@ my $dhcp_range_fmt = {
>
> PVE::JSONSchema::register_format('pve-sdn-dhcp-range', $dhcp_range_fmt);
>
> +sub validate_dhcp_ranges {
> + my ($subnet) = @_;
> +
> + my $cidr = $subnet->{cidr};
> + my $subnet_matcher = subnet_matcher($cidr);
> +
> + my $dhcp_ranges = PVE::Network::SDN::Subnets::get_dhcp_ranges($subnet);
> +
> + foreach my $dhcp_range (@$dhcp_ranges) {
> + my $dhcp_start = $dhcp_range->{'start-address'};
> + my $dhcp_end = $dhcp_range->{'end-address'};
> +
> + my $start_ip = new Net::IP($dhcp_start);
> + raise_param_exc({ 'dhcp-range' => "start-adress is not a valid IP $dhcp_start" }) if !$start_ip;
> +
> + my $end_ip = new Net::IP($dhcp_end);
> + raise_param_exc({ 'dhcp-range' => "end-adress is not a valid IP $dhcp_end" }) if !$end_ip;
> +
> + if (Net::IP::ip_bincomp($end_ip->binip(), 'lt', $start_ip->binip()) == 1) {
> + raise_param_exc({ 'dhcp-range' => "start-address $dhcp_start must be smaller than end-address $dhcp_end" })
> + }
> +
> + raise_param_exc({ 'dhcp-range' => "start-address $dhcp_start is not in subnet $cidr" }) if !$subnet_matcher->($dhcp_start);
> + raise_param_exc({ 'dhcp-range' => "end-address $dhcp_end is not in subnet $cidr" }) if !$subnet_matcher->($dhcp_end);
> + }
> +}
> +
> sub properties {
> return {
> vnet => {
> @@ -156,6 +183,7 @@ sub on_update_hook {
> #for /32 pointopoint, we allow gateway outside the subnet
> raise_param_exc({ gateway => "$gateway is not in subnet $cidr"}) if $gateway && !$subnet_matcher->($gateway) && !$pointopoint;
>
> + validate_dhcp_ranges($subnet);
>
> if ($ipam) {
> PVE::Network::SDN::Subnets::add_subnet($zone, $subnetid, $subnet);
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] applied: [pbs-devel] [PATCH pve-network] sdn: validate dhcp-range in API
2023-11-22 13:00 [pbs-devel] [PATCH pve-network] sdn: validate dhcp-range in API Stefan Lendl
@ 2023-11-22 13:39 ` Thomas Lamprecht
2023-11-22 13:39 ` [pbs-devel] applied: " Thomas Lamprecht
1 sibling, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2023-11-22 13:39 UTC (permalink / raw)
To: Stefan Lendl, PVE development discussion
Cc: Proxmox Backup Server development discussion
Am 22/11/2023 um 14:00 schrieb Stefan Lendl:
> * start- and end-addresses must be valid IPs
> * must both be in the subnet's CIDR
> * and start needs to smaller (or equal) to end
>
> Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
> ---
> src/PVE/Network/SDN/SubnetPlugin.pm | 28 ++++++++++++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pbs-devel] applied: [PATCH pve-network] sdn: validate dhcp-range in API
@ 2023-11-22 13:39 ` Thomas Lamprecht
0 siblings, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2023-11-22 13:39 UTC (permalink / raw)
To: Stefan Lendl, PVE development discussion
Cc: Proxmox Backup Server development discussion
Am 22/11/2023 um 14:00 schrieb Stefan Lendl:
> * start- and end-addresses must be valid IPs
> * must both be in the subnet's CIDR
> * and start needs to smaller (or equal) to end
>
> Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
> ---
> src/PVE/Network/SDN/SubnetPlugin.pm | 28 ++++++++++++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [pve-devel] applied: [pbs-devel] [PATCH pve-network] sdn: validate dhcp-range in API
2023-11-22 13:39 ` [pbs-devel] applied: " Thomas Lamprecht
@ 2023-11-22 16:28 ` DERUMIER, Alexandre
-1 siblings, 0 replies; 6+ messages in thread
From: DERUMIER, Alexandre @ 2023-11-22 16:28 UTC (permalink / raw)
To: pve-devel, s.lendl, pve-devel; +Cc: pbs-devel
Hi,
I think it could be improve with checking that
we don't have overlapping ranges in a subnet, like
range=start=192.168.0.10,end=192.168.0.20
range=start=192.168.0.15,end=192.168.0.25
I'm 100% sure it'll break with netbox ipam.
-------- Message initial --------
De: Thomas Lamprecht <t.lamprecht@proxmox.com>
Répondre à: Proxmox VE development discussion <pve-
devel@lists.proxmox.com>
À: Stefan Lendl <s.lendl@proxmox.com>, PVE development discussion <pve-
devel@pve.proxmox.com>
Cc: Proxmox Backup Server development discussion <pbs-
devel@lists.proxmox.com>
Objet: [pve-devel] applied: [pbs-devel] [PATCH pve-network] sdn:
validate dhcp-range in API
Date: 22/11/2023 14:39:20
Am 22/11/2023 um 14:00 schrieb Stefan Lendl:
> * start- and end-addresses must be valid IPs
> * must both be in the subnet's CIDR
> * and start needs to smaller (or equal) to end
>
> Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
> ---
> src/PVE/Network/SDN/SubnetPlugin.pm | 28
> ++++++++++++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
>
applied, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://antiphishing.cetsi.fr/proxy/v3?i=WjB4M1dJWGJJMnNGTHV5MuAPDwEdQk
o7KGyaWIIeme0&r=Skk2OVhvdXl2cm1uOWJtRKZXDrAi7oKVS1onnLf-
_Wczd58Jf89GqHNsiUfzdlXTIlsgAbazPx-
o0Y0wd8PLxg&f=M2FwZHlGNnU1aUlkc09ZNNuAtV8OGeBQmVUOSCMxZYi0WAdbSPQQhYaGw
WCxSpDL_rpYEExEcQs0YHFUT9yrXQ&u=https%3A//lists.proxmox.com/cgi-
bin/mailman/listinfo/pve-devel&k=CXOq
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [pbs-devel] [pve-devel] applied: [PATCH pve-network] sdn: validate dhcp-range in API
@ 2023-11-22 16:28 ` DERUMIER, Alexandre
0 siblings, 0 replies; 6+ messages in thread
From: DERUMIER, Alexandre @ 2023-11-22 16:28 UTC (permalink / raw)
To: pve-devel, s.lendl, pve-devel; +Cc: pbs-devel
Hi,
I think it could be improve with checking that
we don't have overlapping ranges in a subnet, like
range=start=192.168.0.10,end=192.168.0.20
range=start=192.168.0.15,end=192.168.0.25
I'm 100% sure it'll break with netbox ipam.
-------- Message initial --------
De: Thomas Lamprecht <t.lamprecht@proxmox.com>
Répondre à: Proxmox VE development discussion <pve-
devel@lists.proxmox.com>
À: Stefan Lendl <s.lendl@proxmox.com>, PVE development discussion <pve-
devel@pve.proxmox.com>
Cc: Proxmox Backup Server development discussion <pbs-
devel@lists.proxmox.com>
Objet: [pve-devel] applied: [pbs-devel] [PATCH pve-network] sdn:
validate dhcp-range in API
Date: 22/11/2023 14:39:20
Am 22/11/2023 um 14:00 schrieb Stefan Lendl:
> * start- and end-addresses must be valid IPs
> * must both be in the subnet's CIDR
> * and start needs to smaller (or equal) to end
>
> Signed-off-by: Stefan Lendl <s.lendl@proxmox.com>
> ---
> src/PVE/Network/SDN/SubnetPlugin.pm | 28
> ++++++++++++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
>
applied, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://antiphishing.cetsi.fr/proxy/v3?i=WjB4M1dJWGJJMnNGTHV5MuAPDwEdQk
o7KGyaWIIeme0&r=Skk2OVhvdXl2cm1uOWJtRKZXDrAi7oKVS1onnLf-
_Wczd58Jf89GqHNsiUfzdlXTIlsgAbazPx-
o0Y0wd8PLxg&f=M2FwZHlGNnU1aUlkc09ZNNuAtV8OGeBQmVUOSCMxZYi0WAdbSPQQhYaGw
WCxSpDL_rpYEExEcQs0YHFUT9yrXQ&u=https%3A//lists.proxmox.com/cgi-
bin/mailman/listinfo/pve-devel&k=CXOq
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-11-22 16:36 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-22 13:00 [pbs-devel] [PATCH pve-network] sdn: validate dhcp-range in API Stefan Lendl
2023-11-22 13:07 ` Gabriel Goller
2023-11-22 13:39 ` [pve-devel] applied: " Thomas Lamprecht
2023-11-22 13:39 ` [pbs-devel] applied: " Thomas Lamprecht
2023-11-22 16:28 ` [pve-devel] applied: [pbs-devel] " DERUMIER, Alexandre
2023-11-22 16:28 ` [pbs-devel] [pve-devel] applied: " DERUMIER, Alexandre
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal