slapformat: WIP: Add config anc overlap checks

61ce13ae · Xavier Thompson · 7fad3e68 · 61ce13ae
Commit 61ce13ae authored Oct 28, 2022 by Xavier Thompson
Hide whitespace changes
Inline Side-by-side

Showing with 55 additions and 5 deletions

slapos/format.py slapos/format.py +55 -5

No files found.
--- a/slapos/format.py
+++ b/slapos/format.py
@@ -255,7 +255,49 @@ class Computer(object):
    self.partitions = [Partition(i, self, definition) for i in range(amount)]

  def checkConf(self):
-    pass
+    conf = self.conf
+    interface = self.interface
+    partitions =  self.partitions
+    # Big enough IPv6 network
+    ipv6_range = any(p.ipv6_range for p in partitions)
+    tap_ipv6 = any(p.tap and p.tap.ipv6_gateway for p in partitions)
+    if ipv6_range or tap_ipv6:
+      interface.checkIPv6Ranges()
+    # Warn about IP address/ranges overlaps
+    self.checkAddressOverlaps()
+
+  def checkAddressOverlaps(self):
+    ipv4 = []
+    ipv6 = []
+    ipv4_tap_gateways = {}
+    def network1(ip):
+      return ipaddress.ip_network((ip.ip, ip.max_prefixlen))
+    ip_list = ipv5 if self.address.version == 4 else ipv6
+    ip_list.append((network1(self.address), self.reference))
+    for p in self.partitions:
+      ipv4.extend((network1(a), p.reference + ' ip') for a in p.ipv4_list)
+      ipv6.extend((network1(a), p.reference + ' ip') for a in p.ipv6_list)
+      if p.ipv6_range:
+        ipv6.append((p.ipv6_range, p.reference + ' ipv6 range'))
+      if p.tap:
+        dev = p.tap.name
+        if p.tap.ipv4_address:
+          ipv4.append((p.tap.ipv4_address.network, dev))
+          ipv4_tap_gateways[network1(p.tap.ipv4_gateway)] = dev + ' gateway'
+        if p.tap.ipv6_gateway:
+          ipv6.append((p.tap.ipv6_gateway.network, dev))
+    ipv4.extend(ipv4_tap_gateways.items())
+    for range_list in (ipv4, ipv6):
+      range_list.sort()
+      it = iter(range_list)
+      r1, reason1 = next(it)
+      for r2, reason2 in it:
+        if r1.overlaps(r2):
+          self.conf.warn(
+            "%s (%s) and %s (%s) overlap",
+            r1, reason1, r2, reason2
+          )
+        r1, reason1 = r2, reason2

  def format(self):
    # Software root path
@@ -531,6 +573,18 @@ class Interface(object):
    self.ipv4_network = self.getIPv4Network(conf.ipv4_local_network)
    self.ipv6_network = self.getIPv6Network()
    self.tap_ipv4_network = self.getTapIPv4Network(conf)
+    # Check IPv4 networks overlap
+    tap_network = self.tap_ipv4_network
+    ipv4_network = self.ipv4_network
+    if ipv4_network and tap_network and ipv4_network.overlaps(tap_network):
+      self.conf.abort(
+        "IPv4 network %s and TAP IPv4 network %s overlap",
+        ipv4_network, tap_network
+      )
+
+  def checkIPv6Ranges(self):
+    if self.ipv6_network.prefixlen > 128 - 16:
+      self.conf.abort("IPv6 network %s is too small for IPv6 ranges", network)

  def getIPv4Network(self, cidr):
    if cidr:
@@ -626,8 +680,6 @@ class Interface(object):
  def getPartitionIPv6Range(self, index):
    network = self.ipv6_network
    prefixlen = network.prefixlen + 16
-    if prefixlen > 128: # XXX move this check elsewhere
-      self.conf.abort("IPv6 network %s is too small for IPv6 ranges", network)
    bits = 128 - network.prefixlen
    addr = network[(1 << (bits - 2)) + (index << (128 - prefixlen))]
    return ipaddress.IPv6Network((addr, prefixlen))
@@ -635,8 +687,6 @@ class Interface(object):
  def getTapIPv6Range(self, index):
    network = self.ipv6_network
    prefixlen = network.prefixlen + 16
-    if prefixlen > 128: # XXX move this check elsewhere
-      self.conf.abort("IPv6 network %s is too small for IPv6 ranges", network)
    bits = 128 - network.prefixlen
    addr = network[(2 << (bits - 2)) + (index << (128 - prefixlen)) + 1]
    return ipaddress.IPv6Interface((addr, prefixlen))