From 56637458cae04d109b07da7d31aef23eb7ff646f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 14 Jun 2017 13:53:23 +0200
Subject: [PATCH] network: perform network validation at creation time

Some of the checks were previously performed when parsing the network config.
But since we allow for a little more flexibility now it doesn't work anymore.
Instead, let's validate the network at creation time.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/conf.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index ade8fac0f..255318781 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3047,6 +3047,21 @@ int lxc_create_network(struct lxc_handler *handler)
 
 		netdev = iterator->elem;
 
+		if (netdev->type != LXC_NET_MACVLAN && netdev->priv.macvlan_attr.mode) {
+			ERROR("Invalid macvlan.mode for a non-macvlan netdev");
+			return -1;
+		}
+
+		if (netdev->type != LXC_NET_VETH && netdev->priv.veth_attr.pair) {
+			ERROR("Invalid veth pair for a non-veth netdev");
+			return -1;
+		}
+
+		if (netdev->type != LXC_NET_VLAN && netdev->priv.vlan_attr.vid > 0) {
+			ERROR("Invalid vlan.id for a non-macvlan netdev");
+			return -1;
+		}
+
 		if (netdev->type < 0 || netdev->type > LXC_NET_MAXCONFTYPE) {
 			ERROR("invalid network configuration type '%d'",
 			      netdev->type);
-- 
2.39.5