[libvirt] [PATCH] network: validate network NAT range
Ján Tomko
jtomko at redhat.com
Mon Aug 10 12:02:50 UTC 2015
On Sat, Aug 08, 2015 at 06:04:00PM -0400, Laine Stump wrote:
> This patch modifies virSocketAddrGetRange() to function properly when
> the containing network/prefix of the address range isn't known, for
> example in the case of the NAT range of a virtual network (since it is
> a range of addresses on the *host*, not within the network itself). We
> then take advantage of this new functionality to validate the NAT
> range of a virtual network.
>
> Extra test cases are also added to verify that virSocketAddrGetRange()
> works properly in both positive and negative cases when the network
> pointer is NULL.
>
> This is the *real* fix for:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=985653
>
> Commits 1e334a and 48e8b9 had earlier been pushed as fixes for that
> bug, but I had neglected to read the report carefully, so instead of
> fixing validation for the NAT range, I had fixed validation for the
> DHCP range. sigh.
> ---
>
> The changes to virSocketAddrGetRange() *look* like they are extensive,
> but really they almost completely consist of:
>
> 1) reordering and reindenting some of the checks so that they are only
> executed when we have a valid network address
>
> 2) modifying the error messages that could occur when there isn't a
> valid network so that they don't attempt to use the network address
> or prefix.
>
> src/conf/network_conf.c | 4 ++
> src/util/virsocketaddr.c | 168 +++++++++++++++++++++++++----------------------
> tests/sockettest.c | 46 ++++++++++++-
> 3 files changed, 136 insertions(+), 82 deletions(-)
>
ACK
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150810/b354ea72/attachment-0001.sig>
More information about the libvir-list
mailing list