Dualstack Network Support #549
Conversation
…o ipv6-support
…o ipv6-support
majst01
force-pushed
the
dualstack-support
branch
4 times, most recently
from
5919c8f to
0c53831
Compare
majst01
force-pushed
the
dualstack-support
branch
from
0c53831 to
2389965
Compare
…o dualstack-support
majst01
force-pushed
the
dualstack-support
branch
7 times, most recently
from
d49d2c0 to
b65c835
Compare
majst01
force-pushed
the
dualstack-support
branch
3 times, most recently
from
23a3d1e to
89096c0
Compare
…o dualstack-support
majst01
force-pushed
the
dualstack-support
branch
2 times, most recently
from
a3571a2 to
d9667d3
Compare
| if n == nil || n.network == nil { | ||
| continue | ||
| } | ||
| if len(n.network.AddressFamilies) == 0 { |
There was a problem hiding this comment.
I don't know if this is possible but can this be dynamically evaluated where the network was retrieved?
There was a problem hiding this comment.
This simply guards if the network has not AF set
| @@ -439,6 +456,79 @@ func validateAdditionalAnnouncableCIDRs(additionalCidrs []string, privateSuper b | |||
| return nil | |||
| } | |||
|
|
|||
| func validatePrefixesAndAddressFamilies(prefixes, destinationPrefixes []string, defaultChildPrefixLength metal.ChildPrefixLength, privateSuper bool) (metal.Prefixes, metal.Prefixes, metal.AddressFamilies, error) { | |||
There was a problem hiding this comment.
Function signature does not imply the return values. Could be better to split validation functions from parsing functions to increase reusability.
| if err != nil { | ||
| return nil, nil, nil, err | ||
| } | ||
| // all DestinationPrefixes must be valid and from the same addressfamily |
There was a problem hiding this comment.
Is this still correct? Because I see different address families in the destination prefixes in our test environment.
|
|
||
| prefixes = append(prefixes, *prefix) | ||
| var childPrefixLength = metal.ChildPrefixLength{} | ||
| for af, length := range requestPayload.DefaultChildPrefixLength { |
There was a problem hiding this comment.
Either this needs only to be done for private super or the validation must be extended to validate this field for non-private super networks, too.
| return nil, nil, nil, fmt.Errorf("private super network must always contain a defaultchildprefixlength") | ||
| } | ||
|
|
||
| for af, length := range defaultChildPrefixLength { |
There was a problem hiding this comment.
It would also be good to check if the address family is actually IPv4 or IPv6.
| return nil, err | ||
| } | ||
| if childPrefix == nil { | ||
| return nil, fmt.Errorf("could not allocate child prefix in parent network: %s for addressfamily: %s length:%d", parent.ID, af, childLength) |
There was a problem hiding this comment.
Hard to mitigate this but this is a potential leakage in case one child prefix could already be allocated.
Closes #164
Actions Required
Depends on:
replaces #544
TODO: