[pve-devel] [PATCH pve-common 2/5] Inotify: forbid ip address on bridged interface.
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed Jan 8 16:17:43 CET 2020
On 1/8/20 4:31 AM, Alexandre Derumier wrote:
> Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
> ---
> src/PVE/INotify.pm | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm
> index 867da30..5c15926 100644
> --- a/src/PVE/INotify.pm
> +++ b/src/PVE/INotify.pm
> @@ -1512,6 +1512,8 @@ sub __write_etc_network_interfaces {
> my $n = $ifaces->{$p};
> die "bridge '$iface' - unable to find bridge port '$p'\n"
> if !$n;
> + die "iface $p - ip address can't be set on interface if bridged in $iface\n" if ($n->{method} eq 'static' || $n->{method6} eq 'static') && $n->{address} ne '0.0.0.0' && $n->{address6} ne '0.0.0.0';
1. the IPv6 "zero address" isn't 0.0.0.0, so you'd need to check for '::' (and normalize?)
2. this check is too long IMO, can we do
if (($n->{method} eq 'static && $n->{address} ne '0.0.0.0') ||
($n->{method6} eq 'static' && $n->{address6} ne '::')) {
die "...";
}
or move the check to a sub for readability, e.g:
sub iface_has_address {
my $if = shift;
($if->{method} ...) ||
($if...);
}
or at least move the post-if to a new line:
die "..."
if (...);
thanks!
> +
> &$check_mtu($ifaces, $iface, $p);
> $bridgeports->{$p} = $iface;
> }
>
More information about the pve-devel
mailing list