[libvirt] [PATCH] network: validate network NAT range

Ján Tomko jtomko at redhat.com
Mon Aug 10 12:02:50 UTC 2015


On Sat, Aug 08, 2015 at 06:04:00PM -0400, Laine Stump wrote:
> This patch modifies virSocketAddrGetRange() to function properly when
> the containing network/prefix of the address range isn't known, for
> example in the case of the NAT range of a virtual network (since it is
> a range of addresses on the *host*, not within the network itself). We
> then take advantage of this new functionality to validate the NAT
> range of a virtual network.
> 
> Extra test cases are also added to verify that virSocketAddrGetRange()
> works properly in both positive and negative cases when the network
> pointer is NULL.
> 
> This is the *real* fix for:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=985653
> 
> Commits 1e334a and 48e8b9 had earlier been pushed as fixes for that
> bug, but I had neglected to read the report carefully, so instead of
> fixing validation for the NAT range, I had fixed validation for the
> DHCP range. sigh.
> ---
> 
> The changes to virSocketAddrGetRange() *look* like they are extensive,
> but really they almost completely consist of:
> 
> 1) reordering and reindenting some of the checks so that they are only
>    executed when we have a valid network address
> 
> 2) modifying the error messages that could occur when there isn't a
>    valid network so that they don't attempt to use the network address
>    or prefix.
> 
>  src/conf/network_conf.c  |   4 ++
>  src/util/virsocketaddr.c | 168 +++++++++++++++++++++++++----------------------
>  tests/sockettest.c       |  46 ++++++++++++-
>  3 files changed, 136 insertions(+), 82 deletions(-)
> 

ACK

Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150810/b354ea72/attachment-0001.sig>


More information about the libvir-list mailing list