[pve-devel] [PATCH cluster] mac_prefix: do not allow multicast prefixes

Stoiko Ivanov s.ivanov at proxmox.com
Mon Mar 11 20:29:49 CET 2019

MAC-addresses having the LSB of the first octet set, are considered
multicast-addresses (see [0,1]). LXC (the kernel) does not allow
such a mac-address to be set for a device, thus preventing containers from
starting if a multicast prefix is set (reported in [2] by Alexandre - thanks!)

This patch adapts the regex for matching the mac_prefix to only allow even
second hexdigits in the first octet.

[0] https://lists.linuxcontainers.org/pipermail/lxc-users/2010-August/000783.html
[1] https://en.wikipedia.org/wiki/MAC_address
[2] https://pve.proxmox.com/pipermail/pve-devel/2019-March/035996.html

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
Patch prevents from setting a wrong mac_prefix via GUI. If one is already set
then it is ignored when creating containers (an error-message is
logged), but an error is thrown when adding a new network interface.

Since Qemu does not seem to have a problem with these settings I think the patch
should be uninvasive enough to not break existing setups.

data/PVE/Cluster.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index e52bf9d..a139bc4 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1440,7 +1440,7 @@ my $datacenter_schema = {
 	mac_prefix => {
 	    optional => 1,
 	    type => 'string',
-	    pattern => qr/[a-f0-9]{2}(?::[a-f0-9]{2}){0,2}:?/i,
+	    pattern => qr/[a-f0-9][02468ace](?::[a-f0-9]{2}){0,2}:?/i,
 	    description => 'Prefix for autogenerated MAC addresses.',
 	bwlimit => PVE::JSONSchema::get_standard_option('bwlimit'),

More information about the pve-devel mailing list