network: perform network validation at creation time

Some of the checks were previously performed when parsing the network config.
But since we allow for a little more flexibility now it doesn't work anymore.
Instead, let's validate the network at creation time.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index ade8fac0f4ae5134220f5eb651e92f7bdbc49268..255318781611637e9659cd645ae5bb29f35421af 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3047,6 +3047,21 @@ int lxc_create_network(struct lxc_handler *handler)
 
                netdev = iterator->elem;
 
+               if (netdev->type != LXC_NET_MACVLAN && netdev->priv.macvlan_attr.mode) {
+                       ERROR("Invalid macvlan.mode for a non-macvlan netdev");
+                       return -1;
+               }
+
+               if (netdev->type != LXC_NET_VETH && netdev->priv.veth_attr.pair) {
+                       ERROR("Invalid veth pair for a non-veth netdev");
+                       return -1;
+               }
+
+               if (netdev->type != LXC_NET_VLAN && netdev->priv.vlan_attr.vid > 0) {
+                       ERROR("Invalid vlan.id for a non-macvlan netdev");
+                       return -1;
+               }
+
                if (netdev->type < 0 || netdev->type > LXC_NET_MAXCONFTYPE) {
                        ERROR("invalid network configuration type '%d'",
                              netdev->type);