From nobody Sun May  5 14:37:17 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1550532082301127.24781581801676;
 Mon, 18 Feb 2019 15:21:22 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 312C27266F;
	Mon, 18 Feb 2019 23:21:19 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B4C4F1024909;
	Mon, 18 Feb 2019 23:21:18 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id CA7DF181A00A;
	Mon, 18 Feb 2019 23:21:17 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x1INLGfn023147 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 18 Feb 2019 18:21:16 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 91B6560139; Mon, 18 Feb 2019 23:21:16 +0000 (UTC)
Received: from vhost2.laine.org (ovpn-116-241.phx2.redhat.com [10.3.116.241])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 39A29600C8;
	Mon, 18 Feb 2019 23:21:16 +0000 (UTC)
From: Laine Stump <laine@laine.org>
To: libvir-list@redhat.com
Date: Mon, 18 Feb 2019 18:21:08 -0500
Message-Id: <20190218232109.31388-2-laine@laine.org>
In-Reply-To: <20190218232109.31388-1-laine@laine.org>
References: <20190218232109.31388-1-laine@laine.org>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Cc: Marc Hoersken <info@marc-hoersken.de>
Subject: [libvirt] [PATCHv2 1/2] util: set missing data length in
	virSocketAddrPrefixToNetmask()
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]);
 Mon, 18 Feb 2019 23:21:19 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

This fixes a bug that has been present since the original version of
the function was pushed in commit 1ab80f3 on Nov. 26 2010 (by me). The
virSocketAddr::len was not being set.

Apparently until now we were always calling
virSocketAddrPrefixToNetmask() with a virSocketAddr object that was
already (coincidentally) initialized for the proper address family,
but the bug became apparent when trying to use it to fill in an
otherwise uninitialized object.

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/util/virsocketaddr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/util/virsocketaddr.c b/src/util/virsocketaddr.c
index 4bc14bbd15..ccfaeabe13 100644
--- a/src/util/virsocketaddr.c
+++ b/src/util/virsocketaddr.c
@@ -1032,6 +1032,7 @@ virSocketAddrPrefixToNetmask(unsigned int prefix,
         ip =3D prefix ? ~((1 << (32 - prefix)) - 1) : 0;
         netmask->data.inet4.sin_addr.s_addr =3D htonl(ip);
         netmask->data.stor.ss_family =3D AF_INET;
+        netmask->len =3D sizeof(struct sockaddr_in);
         result =3D 0;
=20
     } else if (family =3D=3D AF_INET6) {
@@ -1055,6 +1056,7 @@ virSocketAddrPrefixToNetmask(unsigned int prefix,
             netmask->data.inet6.sin6_addr.s6_addr[i++] =3D 0;
         }
         netmask->data.stor.ss_family =3D AF_INET6;
+        netmask->len =3D sizeof(struct sockaddr_in6);
         result =3D 0;
     }
=20
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Sun May  5 14:37:17 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1550532087850907.7696800028841;
 Mon, 18 Feb 2019 15:21:27 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id A5717C05D41E;
	Mon, 18 Feb 2019 23:21:25 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7B91B61495;
	Mon, 18 Feb 2019 23:21:25 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3A41241F3D;
	Mon, 18 Feb 2019 23:21:25 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x1INLHT5023152 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 18 Feb 2019 18:21:17 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 33B7E600C8; Mon, 18 Feb 2019 23:21:17 +0000 (UTC)
Received: from vhost2.laine.org (ovpn-116-241.phx2.redhat.com [10.3.116.241])
	by smtp.corp.redhat.com (Postfix) with ESMTP id BB8D66013C;
	Mon, 18 Feb 2019 23:21:16 +0000 (UTC)
From: Laine Stump <laine@laine.org>
To: libvir-list@redhat.com
Date: Mon, 18 Feb 2019 18:21:09 -0500
Message-Id: <20190218232109.31388-3-laine@laine.org>
In-Reply-To: <20190218232109.31388-1-laine@laine.org>
References: <20190218232109.31388-1-laine@laine.org>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Cc: Marc Hoersken <info@marc-hoersken.de>
Subject: [libvirt] [PATCHv2 2/2] network: add netmask to dhcp range of
	dnsmasq conf file for IPv4
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]);
 Mon, 18 Feb 2019 23:21:26 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"

dnsmasq documentation says that the *IPv4* prefix/network
address/broadcast address sent to dhcp clients will be automatically
determined by dnsmasq by looking at the interface it's listening on,
so the original libvirt code did not add a netmask to the dnsmasq
commandline (or later, the dnsmasq conf file).

For *IPv6* however, dnsmasq apparently cannot automatically determine
the prefix (functionally the same as a netmask), and it must be
explicitly provided in the conf file (as a part of the dhcp-range
option). So many years after IPv4 DHCP support had been added, when
IPv6 dhcp support was added the prefix was included at the end of the
dhcp-range setting, but only for IPv6.

Recently a user reported (privately, because they suspected a possible
security implication, which turned out to be unfounded) a bug on a
host where one of the interfaces was a superset of the libvirt network
where dhcp is needed (e.g., the host's ethernet is 10.0.0.20/8, and
the libvirt network is 10.10.0.1/24). For some reason dnsmasq was
supplying the netmask for the /8 network to clients requesting an
address on the /24 interface.

This seems like a bug in dnsmasq, but even if/when it gets fixed
there, it looks like there is no harm in just always adding the
netmask to all IPv4 dhcp-range options similar to how prefix is added
to all IPv6 dhcp-range options.

Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/network/bridge_driver.c                   | 27 +++++++++++++++----
 .../dhcp6-nat-network.conf                    |  2 +-
 .../networkxml2confdata/isolated-network.conf |  2 +-
 .../nat-network-dns-srv-record-minimal.conf   |  2 +-
 .../nat-network-dns-srv-record.conf           |  2 +-
 .../nat-network-dns-txt-record.conf           |  2 +-
 .../networkxml2confdata/nat-network-mtu.conf  |  2 +-
 .../nat-network-name-with-quotes.conf         |  2 +-
 tests/networkxml2confdata/nat-network.conf    |  2 +-
 .../networkxml2confdata/netboot-network.conf  |  2 +-
 .../netboot-proxy-network.conf                |  2 +-
 .../networkxml2confdata/ptr-domains-auto.conf |  2 +-
 12 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 6d80818e40..9fa902896b 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1320,11 +1320,28 @@ networkDnsmasqConfContents(virNetworkObjPtr obj,
                 !(eaddr =3D virSocketAddrFormat(&ipdef->ranges[r].end)))
                 goto cleanup;
=20
-            virBufferAsprintf(&configbuf, "dhcp-range=3D%s,%s",
-                              saddr, eaddr);
-            if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET6))
-                virBufferAsprintf(&configbuf, ",%d", prefix);
-            virBufferAddLit(&configbuf, "\n");
+            if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET6)) {
+               virBufferAsprintf(&configbuf, "dhcp-range=3D%s,%s,%d\n",
+                                 saddr, eaddr, prefix);
+            } else {
+                /* IPv4 - dnsmasq requires a netmask rather than prefix */
+                virSocketAddr netmask;
+                char *netmaskStr;
+
+                if (virSocketAddrPrefixToNetmask(prefix, &netmask, AF_INET=
) < 0) {
+                    virReportError(VIR_ERR_INTERNAL_ERROR,
+                                   _("Failed to translate bridge '%s' "
+                                     "prefix %d to netmask"),
+                                   def->bridge, prefix);
+                    goto cleanup;
+                }
+
+                if (!(netmaskStr =3D virSocketAddrFormat(&netmask)))
+                    goto cleanup;
+                virBufferAsprintf(&configbuf, "dhcp-range=3D%s,%s,%s\n",
+                                  saddr, eaddr, netmaskStr);
+                VIR_FREE(netmaskStr);
+            }
=20
             VIR_FREE(saddr);
             VIR_FREE(eaddr);
diff --git a/tests/networkxml2confdata/dhcp6-nat-network.conf b/tests/netwo=
rkxml2confdata/dhcp6-nat-network.conf
index d1058df3b6..536974e508 100644
--- a/tests/networkxml2confdata/dhcp6-nat-network.conf
+++ b/tests/networkxml2confdata/dhcp6-nat-network.conf
@@ -8,7 +8,7 @@ strict-order
 except-interface=3Dlo
 bind-dynamic
 interface=3Dvirbr0
-dhcp-range=3D192.168.122.2,192.168.122.254
+dhcp-range=3D192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
 dhcp-range=3D2001:db8:ac10:fd01::1:10,2001:db8:ac10:fd01::1:ff,64
diff --git a/tests/networkxml2confdata/isolated-network.conf b/tests/networ=
kxml2confdata/isolated-network.conf
index ce4a59f6c1..693a83d9a0 100644
--- a/tests/networkxml2confdata/isolated-network.conf
+++ b/tests/networkxml2confdata/isolated-network.conf
@@ -10,7 +10,7 @@ bind-interfaces
 listen-address=3D192.168.152.1
 dhcp-option=3D3
 no-resolv
-dhcp-range=3D192.168.152.2,192.168.152.254
+dhcp-range=3D192.168.152.2,192.168.152.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
 dhcp-lease-max=3D253
diff --git a/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.c=
onf b/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf
index f35ea1d5d4..0b2ca6f5aa 100644
--- a/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf
+++ b/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf
@@ -13,7 +13,7 @@ listen-address=3Dfc00:db8:ac10:fe01::1
 listen-address=3Dfc00:db8:ac10:fd01::1
 listen-address=3D10.24.10.1
 srv-host=3D_name._tcp
-dhcp-range=3D192.168.122.2,192.168.122.254
+dhcp-range=3D192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
 dhcp-lease-max=3D253
diff --git a/tests/networkxml2confdata/nat-network-dns-srv-record.conf b/te=
sts/networkxml2confdata/nat-network-dns-srv-record.conf
index af1ed70758..a18c09aaa7 100644
--- a/tests/networkxml2confdata/nat-network-dns-srv-record.conf
+++ b/tests/networkxml2confdata/nat-network-dns-srv-record.conf
@@ -15,7 +15,7 @@ srv-host=3D_name4._tcp.test4.com,test4.example.com,4444
 srv-host=3D_name5._udp,test5.example.com,1,55,555
 srv-host=3D_name6._tcp.test6.com,test6.example.com,6666,0,666
 srv-host=3D_name7._tcp.test7.com,test7.example.com,1,0,777
-dhcp-range=3D192.168.122.2,192.168.122.254
+dhcp-range=3D192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
 dhcp-lease-max=3D253
diff --git a/tests/networkxml2confdata/nat-network-dns-txt-record.conf b/te=
sts/networkxml2confdata/nat-network-dns-txt-record.conf
index 7f560fbb5c..735c261c01 100644
--- a/tests/networkxml2confdata/nat-network-dns-txt-record.conf
+++ b/tests/networkxml2confdata/nat-network-dns-txt-record.conf
@@ -9,7 +9,7 @@ except-interface=3Dlo
 bind-dynamic
 interface=3Dvirbr0
 txt-record=3Dexample,example value
-dhcp-range=3D192.168.122.2,192.168.122.254
+dhcp-range=3D192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
 dhcp-lease-max=3D253
diff --git a/tests/networkxml2confdata/nat-network-mtu.conf b/tests/network=
xml2confdata/nat-network-mtu.conf
index 91b574b964..1dd4754f2a 100644
--- a/tests/networkxml2confdata/nat-network-mtu.conf
+++ b/tests/networkxml2confdata/nat-network-mtu.conf
@@ -8,7 +8,7 @@ strict-order
 except-interface=3Dlo
 bind-dynamic
 interface=3Dvirbr0
-dhcp-range=3D192.168.122.2,192.168.122.254
+dhcp-range=3D192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
 dhcp-lease-max=3D253
diff --git a/tests/networkxml2confdata/nat-network-name-with-quotes.conf b/=
tests/networkxml2confdata/nat-network-name-with-quotes.conf
index 36e11d17b9..1b06de3066 100644
--- a/tests/networkxml2confdata/nat-network-name-with-quotes.conf
+++ b/tests/networkxml2confdata/nat-network-name-with-quotes.conf
@@ -13,7 +13,7 @@ listen-address=3Dfc00:db8:ac10:fe01::1
 listen-address=3Dfc00:db8:ac10:fd01::1
 listen-address=3D10.24.10.1
 srv-host=3D_name._tcp
-dhcp-range=3D192.168.122.2,192.168.122.254
+dhcp-range=3D192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
 dhcp-lease-max=3D253
diff --git a/tests/networkxml2confdata/nat-network.conf b/tests/networkxml2=
confdata/nat-network.conf
index a3c8b102d3..873a360acc 100644
--- a/tests/networkxml2confdata/nat-network.conf
+++ b/tests/networkxml2confdata/nat-network.conf
@@ -8,7 +8,7 @@ strict-order
 except-interface=3Dlo
 bind-dynamic
 interface=3Dvirbr0
-dhcp-range=3D192.168.122.2,192.168.122.254
+dhcp-range=3D192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
 dhcp-lease-max=3D253
diff --git a/tests/networkxml2confdata/netboot-network.conf b/tests/network=
xml2confdata/netboot-network.conf
index b554a5456c..99272b9d68 100644
--- a/tests/networkxml2confdata/netboot-network.conf
+++ b/tests/networkxml2confdata/netboot-network.conf
@@ -10,7 +10,7 @@ expand-hosts
 except-interface=3Dlo
 bind-interfaces
 listen-address=3D192.168.122.1
-dhcp-range=3D192.168.122.2,192.168.122.254
+dhcp-range=3D192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
 enable-tftp
diff --git a/tests/networkxml2confdata/netboot-proxy-network.conf b/tests/n=
etworkxml2confdata/netboot-proxy-network.conf
index afb4033f7e..fb0a20cff4 100644
--- a/tests/networkxml2confdata/netboot-proxy-network.conf
+++ b/tests/networkxml2confdata/netboot-proxy-network.conf
@@ -10,7 +10,7 @@ expand-hosts
 except-interface=3Dlo
 bind-interfaces
 listen-address=3D192.168.122.1
-dhcp-range=3D192.168.122.2,192.168.122.254
+dhcp-range=3D192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
 dhcp-boot=3Dpxeboot.img,,10.20.30.40
diff --git a/tests/networkxml2confdata/ptr-domains-auto.conf b/tests/networ=
kxml2confdata/ptr-domains-auto.conf
index 7f1a393dd5..86701c4ddf 100644
--- a/tests/networkxml2confdata/ptr-domains-auto.conf
+++ b/tests/networkxml2confdata/ptr-domains-auto.conf
@@ -10,7 +10,7 @@ local=3D/1.0.e.f.0.1.c.a.8.b.d.0.1.0.0.2.ip6.arpa/
 except-interface=3Dlo
 bind-dynamic
 interface=3Dvirbr0
-dhcp-range=3D192.168.122.2,192.168.122.254
+dhcp-range=3D192.168.122.2,192.168.122.254,255.255.255.0
 dhcp-no-override
 dhcp-authoritative
 dhcp-lease-max=3D253
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list