import socket
try:
- from ifupdown2.lib.addon import Addon
+ from ifupdown2.lib.addon import AddonWithIpBlackList
from ifupdown2.nlmanager.nlmanager import Link
from ifupdown2.ifupdown.iface import *
import ifupdown2.ifupdown.ifupdownflags as ifupdownflags
import ifupdown2.ifupdown.ifupdownconfig as ifupdownconfig
except (ImportError, ModuleNotFoundError):
- from lib.addon import Addon
+ from lib.addon import AddonWithIpBlackList
from nlmanager.nlmanager import Link
from ifupdown.iface import *
import ifupdown.ifupdownconfig as ifupdownconfig
-class address(Addon, moduleBase):
+class address(AddonWithIpBlackList, moduleBase):
""" ifupdown2 addon module to configure address, mtu, hwaddress, alias
(description) on an interface """
DEFAULT_MTU_STRING = "1500"
def __init__(self, *args, **kargs):
- Addon.__init__(self)
+ AddonWithIpBlackList.__init__(self)
moduleBase.__init__(self, *args, **kargs)
self._bridge_fdb_query_cache = {}
self.ipforward = policymanager.policymanager_api.get_attr_default(module_name=self.__class__.__name__, attr='ip-forward')
# enable ipv6
self.write_file(proc_path, "0")
+ # check if ip is not blacklisted
+ self.ip_blacklist_check(ifname, ip)
+
if attributes:
self.netlink.addr_add(
ifname, ip,
from collections import deque
try:
- from ifupdown2.lib.addon import Addon
+ from ifupdown2.lib.addon import AddonWithIpBlackList
from ifupdown2.ifupdown.iface import *
from ifupdown2.ifupdown.utils import utils
import ifupdown2.ifupdown.ifupdownflags as ifupdownflags
import ifupdown2.ifupdown.ifupdownconfig as ifupdownconfig
except (ImportError, ModuleNotFoundError):
- from lib.addon import Addon
+ from lib.addon import AddonWithIpBlackList
from ifupdown.iface import *
from ifupdown.utils import utils
import ifupdown.ifupdownconfig as ifupdownconfig
-class addressvirtual(Addon, moduleBase):
+class addressvirtual(AddonWithIpBlackList, moduleBase):
""" ifupdown2 addon module to configure virtual addresses """
_modinfo = {
ADDR_METRIC_SUPPORT = None
def __init__(self, *args, **kargs):
- Addon.__init__(self)
+ AddonWithIpBlackList.__init__(self)
moduleBase.__init__(self, *args, **kargs)
self._bridge_fdb_query_cache = {}
self.addressvirtual_with_route_metric = utils.get_boolean_from_string(
macvlan_mode = intf_config_dict.get("mode")
ips = intf_config_dict.get("ips")
+ for ip in ips:
+ self.ip_blacklist_check(ifname, ip)
+
if not self.cache.link_exists(macvlan_ifname):
# When creating VRRP macvlan with bridge mode, the kernel
# return an error: 'Invalid argument' (22)
from ifupdown2.lib.sysfs import Sysfs
from ifupdown2.lib.iproute2 import IPRoute2
from ifupdown2.lib.base_objects import Netlink, Cache, Requirements
+
+ import ifupdown2.ifupdown.policymanager as policymanager
+ import ifupdown2.nlmanager.ipnetwork as ipnetwork
except (ImportError, ModuleNotFoundError):
from lib.io import IO
from lib.sysfs import Sysfs
from lib.iproute2 import IPRoute2
from lib.base_objects import Netlink, Cache, Requirements
+ import ifupdown.policymanager as policymanager
+ import nlmanager.ipnetwork as ipnetwork
+
class Addon(Netlink, Cache):
"""
def __init__(self):
super(Bridge, self).__init__()
+
+
+class AddonWithIpBlackList(Addon):
+ try:
+ ip_blacklist = [ipnetwork.IPNetwork(ip).ip for ip in policymanager.policymanager_api.get_module_globals(
+ module_name="address",
+ attr="ip_blacklist"
+ ) or []]
+ __ip_blacklist_exception = None
+ except Exception as e:
+ __ip_blacklist_exception = e
+ ip_blacklist = []
+
+ def __init__(self):
+ """
+ If an exception occurred during the ip blacklist parsing we need to display it (once)
+ Also we keep this as a class variable to share it between the address and addressvirtual module
+ """
+ super(AddonWithIpBlackList, self).__init__()
+
+ if AddonWithIpBlackList.__ip_blacklist_exception:
+ self.logger.warning("policy.d: address: 'ip_blacklist': %s" % AddonWithIpBlackList.__ip_blacklist_exception)
+ AddonWithIpBlackList.__ip_blacklist_exception = None
+
+ def ip_blacklist_check(self, ifname, ip):
+ """
+ Check if the ip address is not blacklisted (in ip_blacklist)
+
+ :param ifname:
+ :param ip:
+ :return:
+ """
+ if ip.ip in AddonWithIpBlackList.ip_blacklist:
+ raise Exception("%s: blacklisted ip address in use: %s" % (ifname, ip.ip))
projects / mirror_ifupdown2.git / commitdiff