[network] [PATCH 1/4] ipv4: new function ipv4_net_is_valid

[network] [PATCH 1/4] ipv4: new function ipv4_net_is_valid

[Jonatan Schlag]

[-- Attachment #1: Type: text/plain, Size: 711 bytes --]

This function checks if a given network is valid IPv4 network

Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
 src/functions/functions.ipv4 | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/functions/functions.ipv4 b/src/functions/functions.ipv4
index f63c2b7..e893f5e 100644
--- a/src/functions/functions.ipv4
+++ b/src/functions/functions.ipv4
@@ -51,6 +51,15 @@ ipv4_prefix_is_valid() {
 	return ${EXIT_TRUE}
 }
 
+ipv4_net_is_valid() {
+	local net="${1}"
+
+	local prefix="$(ip_get_prefix "${net}")"
+	local addr="$(ip_split_prefix "${net}")"
+
+	ipv4_prefix_is_valid "${prefix}" && ipv4_is_valid "${addr}"
+}
+
 ipv4_netmask_is_valid() {
 	local netmask="${1}"
 
-- 
2.6.3

[network] [PATCH 2/4] ip: restructure ip_net_is_valid

[Jonatan Schlag]

[-- Attachment #1: Type: text/plain, Size: 1236 bytes --]

Insted of checking the network manually we now just calö ipv4_net_is_valid or
ipv6_net_is_valid

Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
 src/functions/functions.ip | 23 +++++++----------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/src/functions/functions.ip b/src/functions/functions.ip
index 97750e3..0a07fd0 100644
--- a/src/functions/functions.ip
+++ b/src/functions/functions.ip
@@ -83,23 +83,14 @@ ip_is_network() {
 	local network=${1}
 	assert isset network
 
-	# Get the address part.
-	local address=$(ip_split_prefix ${network})
-	isset address || return ${EXIT_FALSE}
-
-	# Get the prefix.
-	local prefix=$(ip_get_prefix ${network})
-	isset prefix || return ${EXIT_FALSE}
-
-	# Detect the protocol (if this fails, the
-	# address part is invalid)
-	local proto=$(ip_detect_protocol ${address})
-	isset proto || return ${EXIT_FALSE}
-
-	# Check if the prefix is correct.
-	ip_prefix_is_valid ${proto} ${prefix} || return ${EXIT_FALSE}
+	local protocol
+	for protocol in ${IP_SUPPORTED_PROTOCOLS}; do
+		if ${protocol}_net_is_valid "${network}"; then
+			return ${EXIT_TRUE}
+		fi
+	done
 
-	return ${EXIT_TRUE}
+	return ${EXIT_FALSE}
 }
 
 ip_prefix_is_valid() {
-- 
2.6.3

[network] [PATCH 3/4] util: add function mtu_is_valid

[Jonatan Schlag]

[-- Attachment #1: Type: text/plain, Size: 781 bytes --]

This function checks if an mtu is valid for a given IP protocol.

Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
 src/functions/functions.util | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/functions/functions.util b/src/functions/functions.util
index 4b6f956..98ad9d4 100644
--- a/src/functions/functions.util
+++ b/src/functions/functions.util
@@ -321,6 +321,25 @@ isipaddress() {
 	ip_is_valid ${addr}
 }
 
+mtu_is_valid() {
+
+local proto=${1}
+local mtu=${2}
+
+case ${proto} in
+	ipv4)
+		[ ${mtu} -ge 576 ] && [ ${mtu} -le 9000 ]
+		;;
+	ipv6)
+		[ ${mtu} -ge 1280 ] && [ ${mtu} -le 9000 ]
+		;;
+	*)
+		error "${proto} is not a valid proto"
+		return ${EXIT_ERROR}
+		;;
+esac
+}
+
 backtrace() {
 	local start=1
 
-- 
2.6.3

[network] [PATCH 4/4] pppoe-server: improve input validation

[Jonatan Schlag]

[-- Attachment #1: Type: text/plain, Size: 1318 bytes --]

We now check if the subnet, the mtu and the max-sessions valud is valid.

Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
 src/hooks/configs/pppoe-server | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/hooks/configs/pppoe-server b/src/hooks/configs/pppoe-server
index 1ef3ba9..6f95212 100644
--- a/src/hooks/configs/pppoe-server
+++ b/src/hooks/configs/pppoe-server
@@ -69,15 +69,30 @@ hook_new() {
 				;;
 			--max-sessions=*)
 				MAX_SESSIONS=$(cli_get_val ${1})
+				if ! isinteger ${MAX_SESSIONS} || ! [ ${MAX_SESSIONS} -ge 0 ]; then
+					error "Invalid value for '--max-session'. This value must be an integer greate or eqal zero."
+					exit ${EXIT_ERROR}
+				fi
 				;;
 			--mtu=*)
 				MTU=$(cli_get_val ${1})
+				if ! mtu_is_valid "ipv4" ${MTU}; then
+					error "Invalid value for '--mtu'. Cannot be larger then 9000 or smaller than 576"
+					exit ${EXIT_ERROR}
+				fi
 				;;
 			--service-name=*)
 				SERVICE_NAME=$(cli_get_val ${1})
 				;;
 			--subnet=*)
 				SUBNET=$(cli_get_val ${1})
+				if ! ipv4_net_is_valid "${SUBNET}"; then
+					error "Invalid IPv4 Subnet ${SUBNET}."
+					exit ${EXIT_ERROR}
+				fi
+				;;
+			*)
+				warning "Ignoring unknown option '${1}'"
 				;;
 		esac
 		shift
-- 
2.6.3

Re: [PATCH 3/4] util: add function mtu_is_valid

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1118 bytes --]

Hello,

could you please resend this patch with indentation fixed?

All other functions are indented by one tab where this one is not.

On Sat, 2017-06-03 at 13:25 +0200, Jonatan Schlag wrote:
> This function checks if an mtu is valid for a given IP protocol.
> 
> Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
> ---
>  src/functions/functions.util | 19 +++++++++++++++++++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/src/functions/functions.util b/src/functions/functions.util
> index 4b6f956..98ad9d4 100644
> --- a/src/functions/functions.util
> +++ b/src/functions/functions.util
> @@ -321,6 +321,25 @@ isipaddress() {
>  	ip_is_valid ${addr}
>  }
>  
> +mtu_is_valid() {
> +
> +local proto=${1}
> +local mtu=${2}

The empty line after the function name is unnecessary.

> +
> +case ${proto} in
> +	ipv4)
> +		[ ${mtu} -ge 576 ] && [ ${mtu} -le 9000 ]
> +		;;
> +	ipv6)
> +		[ ${mtu} -ge 1280 ] && [ ${mtu} -le 9000 ]
> +		;;
> +	*)
> +		error "${proto} is not a valid proto"
> +		return ${EXIT_ERROR}
> +		;;
> +esac
> +}
> +
>  backtrace() {
>  	local start=1
> 

Best,
-Michael 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]