From nobody Fri Apr 19 02:16:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1539797037182754.1140123679008; Wed, 17 Oct 2018 10:23:57 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7A41D300194A; Wed, 17 Oct 2018 17:23:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B73B81949B; Wed, 17 Oct 2018 17:23:52 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2180B4BB74; Wed, 17 Oct 2018 17:23:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w9HG6Ii9031658 for ; Wed, 17 Oct 2018 12:06:18 -0400 Received: by smtp.corp.redhat.com (Postfix) id 025EF5C63B; Wed, 17 Oct 2018 16:06:18 +0000 (UTC) Received: from vhost2.laine.org (ovpn-117-190.phx2.redhat.com [10.3.117.190]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6C8D45C57A; Wed, 17 Oct 2018 16:06:13 +0000 (UTC) From: Laine Stump To: libvir-list@redhat.com Date: Wed, 17 Oct 2018 12:06:09 -0400 Message-Id: <20181017160609.434767-1-laine@laine.org> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] network: add prefix to dhcp range of dnsmasq conf file for IPv4 too X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Wed, 17 Oct 2018 17:23:55 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" dnsmasq documentation says that the *IPv4* prefix/network address/broadcast address sent to dhcp clients will be automatically determined by dnsmasq by looking at the interface it's listening on, so the original libvirt code that added dhcp support to virtual networks did not add a prefix to the dnsmasq commandline (or later, the dnsmasq conf file). For *IPv6* however, dnsmasq cannot automatically determine the prefix, so it must be explicitly provided in the conf file (as a part of the dhcp-range option). Years after the initial IPv4 support, when IPv6 dhcp support was added, libvirt added the prefix to dhcp-range, but only for IPv6 (following the "if it ain't broke, don't fix it" doctrine). Recently a user reported (privately, because they suspected a possible security implication, which turned out to be unfounded) a bug on a host where one of the interfaces was a superset of the libvirt network where dhcp is needed (e.g., the host's ethernet is 10.0.0.20/8, and the libvirt network is 10.10.0.1/24). For some reason dnsmasq was supplying the netmask/broadcast address for the /8 network to clients requesting an address on the /24 interface. This seems like a bug in dnsmasq, but even if/when it gets fixed there, it looks like there is no harm in just adding the prefix to all dhcp-range options regardless of IPv4 vs IPv6, so that's what this patch does. Signed-off-by: Laine Stump --- src/network/bridge_driver.c | 7 ++--= --- tests/networkxml2confdata/dhcp6-nat-network.conf | 2 +- tests/networkxml2confdata/isolated-network.conf | 2 +- tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf | 2 +- tests/networkxml2confdata/nat-network-dns-srv-record.conf | 2 +- tests/networkxml2confdata/nat-network-dns-txt-record.conf | 2 +- tests/networkxml2confdata/nat-network-name-with-quotes.conf | 2 +- tests/networkxml2confdata/nat-network.conf | 2 +- tests/networkxml2confdata/netboot-network.conf | 2 +- tests/networkxml2confdata/netboot-proxy-network.conf | 2 +- tests/networkxml2confdata/ptr-domains-auto.conf | 2 +- 11 files changed, 12 insertions(+), 15 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 4bbc4f5a6d..7f5ff79fdc 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -1416,11 +1416,8 @@ networkDnsmasqConfContents(virNetworkObjPtr obj, !(eaddr =3D virSocketAddrFormat(&ipdef->ranges[r].end))) goto cleanup; =20 - virBufferAsprintf(&configbuf, "dhcp-range=3D%s,%s", - saddr, eaddr); - if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET6)) - virBufferAsprintf(&configbuf, ",%d", prefix); - virBufferAddLit(&configbuf, "\n"); + virBufferAsprintf(&configbuf, "dhcp-range=3D%s,%s,%d\n", + saddr, eaddr, prefix); =20 VIR_FREE(saddr); VIR_FREE(eaddr); diff --git a/tests/networkxml2confdata/dhcp6-nat-network.conf b/tests/netwo= rkxml2confdata/dhcp6-nat-network.conf index d1058df3b6..e1e110fe23 100644 --- a/tests/networkxml2confdata/dhcp6-nat-network.conf +++ b/tests/networkxml2confdata/dhcp6-nat-network.conf @@ -8,7 +8,7 @@ strict-order except-interface=3Dlo bind-dynamic interface=3Dvirbr0 -dhcp-range=3D192.168.122.2,192.168.122.254 +dhcp-range=3D192.168.122.2,192.168.122.254,24 dhcp-no-override dhcp-authoritative dhcp-range=3D2001:db8:ac10:fd01::1:10,2001:db8:ac10:fd01::1:ff,64 diff --git a/tests/networkxml2confdata/isolated-network.conf b/tests/networ= kxml2confdata/isolated-network.conf index ce4a59f6c1..d182f42f0a 100644 --- a/tests/networkxml2confdata/isolated-network.conf +++ b/tests/networkxml2confdata/isolated-network.conf @@ -10,7 +10,7 @@ bind-interfaces listen-address=3D192.168.152.1 dhcp-option=3D3 no-resolv -dhcp-range=3D192.168.152.2,192.168.152.254 +dhcp-range=3D192.168.152.2,192.168.152.254,24 dhcp-no-override dhcp-authoritative dhcp-lease-max=3D253 diff --git a/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.c= onf b/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf index f35ea1d5d4..678e4a4bfd 100644 --- a/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf +++ b/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf @@ -13,7 +13,7 @@ listen-address=3Dfc00:db8:ac10:fe01::1 listen-address=3Dfc00:db8:ac10:fd01::1 listen-address=3D10.24.10.1 srv-host=3D_name._tcp -dhcp-range=3D192.168.122.2,192.168.122.254 +dhcp-range=3D192.168.122.2,192.168.122.254,24 dhcp-no-override dhcp-authoritative dhcp-lease-max=3D253 diff --git a/tests/networkxml2confdata/nat-network-dns-srv-record.conf b/te= sts/networkxml2confdata/nat-network-dns-srv-record.conf index af1ed70758..4f21eb18b3 100644 --- a/tests/networkxml2confdata/nat-network-dns-srv-record.conf +++ b/tests/networkxml2confdata/nat-network-dns-srv-record.conf @@ -15,7 +15,7 @@ srv-host=3D_name4._tcp.test4.com,test4.example.com,4444 srv-host=3D_name5._udp,test5.example.com,1,55,555 srv-host=3D_name6._tcp.test6.com,test6.example.com,6666,0,666 srv-host=3D_name7._tcp.test7.com,test7.example.com,1,0,777 -dhcp-range=3D192.168.122.2,192.168.122.254 +dhcp-range=3D192.168.122.2,192.168.122.254,24 dhcp-no-override dhcp-authoritative dhcp-lease-max=3D253 diff --git a/tests/networkxml2confdata/nat-network-dns-txt-record.conf b/te= sts/networkxml2confdata/nat-network-dns-txt-record.conf index 7f560fbb5c..12e13c999e 100644 --- a/tests/networkxml2confdata/nat-network-dns-txt-record.conf +++ b/tests/networkxml2confdata/nat-network-dns-txt-record.conf @@ -9,7 +9,7 @@ except-interface=3Dlo bind-dynamic interface=3Dvirbr0 txt-record=3Dexample,example value -dhcp-range=3D192.168.122.2,192.168.122.254 +dhcp-range=3D192.168.122.2,192.168.122.254,24 dhcp-no-override dhcp-authoritative dhcp-lease-max=3D253 diff --git a/tests/networkxml2confdata/nat-network-name-with-quotes.conf b/= tests/networkxml2confdata/nat-network-name-with-quotes.conf index 36e11d17b9..63475ef511 100644 --- a/tests/networkxml2confdata/nat-network-name-with-quotes.conf +++ b/tests/networkxml2confdata/nat-network-name-with-quotes.conf @@ -13,7 +13,7 @@ listen-address=3Dfc00:db8:ac10:fe01::1 listen-address=3Dfc00:db8:ac10:fd01::1 listen-address=3D10.24.10.1 srv-host=3D_name._tcp -dhcp-range=3D192.168.122.2,192.168.122.254 +dhcp-range=3D192.168.122.2,192.168.122.254,24 dhcp-no-override dhcp-authoritative dhcp-lease-max=3D253 diff --git a/tests/networkxml2confdata/nat-network.conf b/tests/networkxml2= confdata/nat-network.conf index a3c8b102d3..015d51c952 100644 --- a/tests/networkxml2confdata/nat-network.conf +++ b/tests/networkxml2confdata/nat-network.conf @@ -8,7 +8,7 @@ strict-order except-interface=3Dlo bind-dynamic interface=3Dvirbr0 -dhcp-range=3D192.168.122.2,192.168.122.254 +dhcp-range=3D192.168.122.2,192.168.122.254,24 dhcp-no-override dhcp-authoritative dhcp-lease-max=3D253 diff --git a/tests/networkxml2confdata/netboot-network.conf b/tests/network= xml2confdata/netboot-network.conf index b554a5456c..987164c24c 100644 --- a/tests/networkxml2confdata/netboot-network.conf +++ b/tests/networkxml2confdata/netboot-network.conf @@ -10,7 +10,7 @@ expand-hosts except-interface=3Dlo bind-interfaces listen-address=3D192.168.122.1 -dhcp-range=3D192.168.122.2,192.168.122.254 +dhcp-range=3D192.168.122.2,192.168.122.254,24 dhcp-no-override dhcp-authoritative enable-tftp diff --git a/tests/networkxml2confdata/netboot-proxy-network.conf b/tests/n= etworkxml2confdata/netboot-proxy-network.conf index afb4033f7e..ad7e55fd09 100644 --- a/tests/networkxml2confdata/netboot-proxy-network.conf +++ b/tests/networkxml2confdata/netboot-proxy-network.conf @@ -10,7 +10,7 @@ expand-hosts except-interface=3Dlo bind-interfaces listen-address=3D192.168.122.1 -dhcp-range=3D192.168.122.2,192.168.122.254 +dhcp-range=3D192.168.122.2,192.168.122.254,24 dhcp-no-override dhcp-authoritative dhcp-boot=3Dpxeboot.img,,10.20.30.40 diff --git a/tests/networkxml2confdata/ptr-domains-auto.conf b/tests/networ= kxml2confdata/ptr-domains-auto.conf index 7f1a393dd5..3be679ac4d 100644 --- a/tests/networkxml2confdata/ptr-domains-auto.conf +++ b/tests/networkxml2confdata/ptr-domains-auto.conf @@ -10,7 +10,7 @@ local=3D/1.0.e.f.0.1.c.a.8.b.d.0.1.0.0.2.ip6.arpa/ except-interface=3Dlo bind-dynamic interface=3Dvirbr0 -dhcp-range=3D192.168.122.2,192.168.122.254 +dhcp-range=3D192.168.122.2,192.168.122.254,24 dhcp-no-override dhcp-authoritative dhcp-lease-max=3D253 --=20 2.14.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list