NSX|V3+P: Support ipv4 CIDR in allowed address pairs
Change-Id: Ifabf9451cd0d530677c8cb7da7d76a6878e5fae5
This commit is contained in:
parent
37af968f0d
commit
801c074587
|
@ -320,13 +320,18 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||||
return fixed
|
return fixed
|
||||||
return mac
|
return mac
|
||||||
|
|
||||||
|
def _support_address_pairs_ipv4_cidr(self):
|
||||||
|
"""Can be implemented by each plugin"""
|
||||||
|
return False
|
||||||
|
|
||||||
def _validate_address_pairs(self, address_pairs):
|
def _validate_address_pairs(self, address_pairs):
|
||||||
for pair in address_pairs:
|
for pair in address_pairs:
|
||||||
ip = pair.get('ip_address')
|
ip = pair.get('ip_address')
|
||||||
if ':' in ip:
|
if ':' in ip:
|
||||||
# Validate ipv6 cidrs:
|
# IPv6 address pair
|
||||||
ip_split = ip.split('/')
|
ip_split = ip.split('/')
|
||||||
if len(ip_split) > 1 and ip_split[1] != '128':
|
if len(ip_split) > 1 and ip_split[1] != '128':
|
||||||
|
# Validate ipv6 CIDR
|
||||||
try:
|
try:
|
||||||
ipaddress.ip_network(ip)
|
ipaddress.ip_network(ip)
|
||||||
except ValueError:
|
except ValueError:
|
||||||
|
@ -335,11 +340,22 @@ class NsxPluginV3Base(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
|
||||||
"have host bits set") % ip)
|
"have host bits set") % ip)
|
||||||
raise n_exc.InvalidInput(error_message=err_msg)
|
raise n_exc.InvalidInput(error_message=err_msg)
|
||||||
else:
|
else:
|
||||||
# Validate ipv4 cidrs (No limitation on ipv6):
|
# IPv4 address pair
|
||||||
if len(ip.split('/')) > 1 and ip.split('/')[1] != '32':
|
if len(ip.split('/')) > 1 and ip.split('/')[1] != '32':
|
||||||
LOG.error("cidr %s is not supported in allowed address "
|
if self._support_address_pairs_ipv4_cidr():
|
||||||
"pairs", ip)
|
# validate host bits
|
||||||
raise nsx_exc.InvalidIPAddress(ip_address=ip)
|
try:
|
||||||
|
ipaddress.ip_network(ip)
|
||||||
|
except ValueError:
|
||||||
|
# This means the host bits are set
|
||||||
|
err_msg = (_("Allowed address pairs Cidr %s "
|
||||||
|
"cannot have host bits set") % ip)
|
||||||
|
raise n_exc.InvalidInput(error_message=err_msg)
|
||||||
|
else:
|
||||||
|
# IPv4 CIDR is not allowed
|
||||||
|
LOG.error("Cidr %s is not supported in allowed "
|
||||||
|
"address pairs", ip)
|
||||||
|
raise nsx_exc.InvalidIPAddress(ip_address=ip)
|
||||||
|
|
||||||
def _validate_number_of_address_pairs(self, port):
|
def _validate_number_of_address_pairs(self, port):
|
||||||
address_pairs = port.get(addr_apidef.ADDRESS_PAIRS)
|
address_pairs = port.get(addr_apidef.ADDRESS_PAIRS)
|
||||||
|
|
|
@ -4203,3 +4203,7 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
|
||||||
if tz_uuid not in ec_tzs:
|
if tz_uuid not in ec_tzs:
|
||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
def _support_address_pairs_ipv4_cidr(self):
|
||||||
|
return self.nsxpolicy.feature_supported(
|
||||||
|
nsxlib_consts.FEATURE_SPOOFGUARD_CIDR)
|
||||||
|
|
|
@ -3453,3 +3453,7 @@ class NsxV3Plugin(nsx_plugin_common.NsxPluginV3Base,
|
||||||
if tz_uuid not in ec_tzs:
|
if tz_uuid not in ec_tzs:
|
||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
def _support_address_pairs_ipv4_cidr(self):
|
||||||
|
return self.nsxlib.feature_supported(
|
||||||
|
nsxlib_consts.FEATURE_SPOOFGUARD_CIDR)
|
||||||
|
|
Loading…
Reference in New Issue