Browse Source

NSX|V3+P: Support ipv4 CIDR in allowed address pairs

Change-Id: Ifabf9451cd0d530677c8cb7da7d76a6878e5fae5
changes/27/734027/1
asarfaty 1 month ago
parent
commit
801c074587
3 changed files with 29 additions and 5 deletions
  1. +21
    -5
      vmware_nsx/plugins/common_v3/plugin.py
  2. +4
    -0
      vmware_nsx/plugins/nsx_p/plugin.py
  3. +4
    -0
      vmware_nsx/plugins/nsx_v3/plugin.py

+ 21
- 5
vmware_nsx/plugins/common_v3/plugin.py View File

@@ -320,13 +320,18 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
return fixed
return mac

def _support_address_pairs_ipv4_cidr(self):
"""Can be implemented by each plugin"""
return False

def _validate_address_pairs(self, address_pairs):
for pair in address_pairs:
ip = pair.get('ip_address')
if ':' in ip:
# Validate ipv6 cidrs:
# IPv6 address pair
ip_split = ip.split('/')
if len(ip_split) > 1 and ip_split[1] != '128':
# Validate ipv6 CIDR
try:
ipaddress.ip_network(ip)
except ValueError:
@@ -335,11 +340,22 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
"have host bits set") % ip)
raise n_exc.InvalidInput(error_message=err_msg)
else:
# Validate ipv4 cidrs (No limitation on ipv6):
# IPv4 address pair
if len(ip.split('/')) > 1 and ip.split('/')[1] != '32':
LOG.error("cidr %s is not supported in allowed address "
"pairs", ip)
raise nsx_exc.InvalidIPAddress(ip_address=ip)
if self._support_address_pairs_ipv4_cidr():
# validate host bits
try:
ipaddress.ip_network(ip)
except ValueError:
# This means the host bits are set
err_msg = (_("Allowed address pairs Cidr %s "
"cannot have host bits set") % ip)
raise n_exc.InvalidInput(error_message=err_msg)
else:
# IPv4 CIDR is not allowed
LOG.error("Cidr %s is not supported in allowed "
"address pairs", ip)
raise nsx_exc.InvalidIPAddress(ip_address=ip)

def _validate_number_of_address_pairs(self, port):
address_pairs = port.get(addr_apidef.ADDRESS_PAIRS)


+ 4
- 0
vmware_nsx/plugins/nsx_p/plugin.py View File

@@ -4203,3 +4203,7 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
if tz_uuid not in ec_tzs:
return False
return True

def _support_address_pairs_ipv4_cidr(self):
return self.nsxpolicy.feature_supported(
nsxlib_consts.FEATURE_SPOOFGUARD_CIDR)

+ 4
- 0
vmware_nsx/plugins/nsx_v3/plugin.py View File

@@ -3453,3 +3453,7 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
if tz_uuid not in ec_tzs:
return False
return True

def _support_address_pairs_ipv4_cidr(self):
return self.nsxlib.feature_supported(
nsxlib_consts.FEATURE_SPOOFGUARD_CIDR)

Loading…
Cancel
Save