mac_prefix: do not allow multicast prefixes

MAC-addresses having the LSB of the first octet set, are considered
multicast-addresses (see [0,1]). LXC (the kernel) does not allow
such a mac-address to be set for a device, thus preventing containers from
starting if a multicast prefix is set (reported in [2] by Alexandre)

This patch introduces 'mac-prefix' (permitting only unicast prefixes) via
register_format and uses it instead of the pattern.

[0] https://lists.linuxcontainers.org/pipermail/lxc-users/2010-August/000783.html
[1] https://en.wikipedia.org/wiki/MAC_address
[2] https://pve.proxmox.com/pipermail/pve-devel/2019-March/035996.html

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index e52bf9d9df23815329f76ed6f112a435cf380b83..5c71c1ceff5d3f82d94324f110bacf4d3e53eebe 100644 (file)
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1348,6 +1348,16 @@ my $ha_format = {
     }
 };
 
+PVE::JSONSchema::register_format('mac-prefix', \&pve_verify_mac_prefix);
+sub pve_verify_mac_prefix {
+    my ($mac_prefix, $noerr) = @_;
+
+    if ($mac_prefix !~ m/^[a-f0-9][02468ace](?::[a-f0-9]{2}){0,2}:?$/i) {
+       return undef if $noerr;
+       die "value is not a valid unicast MAC address prefix\n";
+    }
+    return $mac_prefix;
+}
 
 my $datacenter_schema = {
     type => "object",
@@ -1440,7 +1450,7 @@ my $datacenter_schema = {
        mac_prefix => {
            optional => 1,
            type => 'string',
-           pattern => qr/[a-f0-9]{2}(?::[a-f0-9]{2}){0,2}:?/i,
+           format => 'mac-prefix',
            description => 'Prefix for autogenerated MAC addresses.',
        },
        bwlimit => PVE::JSONSchema::get_standard_option('bwlimit'),