From: shihanzhang <shihanzhang@huawei.com>
Date: Mon, 21 Sep 2015 07:38:28 +0000 (+0800)
Subject: Check supported subnet CIDR
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=e31e2f38fc2c8ec32c46f9a5280e00b4d1dc846a;p=openstack-build%2Fneutron-build.git

Check supported subnet CIDR

For IP CIDR, D class is for multicast, but neutron does not
check this, if user create a subnet like '224.0.0.1/16', DHCP
agent will fail to spawn Dnsmasq service.
This patch adds a check, if subnet CIDR is D class or loopback,
neutron-server will raise a error.

APIImpact
DocImpact

Closes-bug: #1497522
Change-Id: I36aa8b8e6decaff1cc27aaa61f4aaa8f247826c6
---

diff --git a/neutron/db/db_base_plugin_v2.py b/neutron/db/db_base_plugin_v2.py
index b93e89a27..5ea921c34 100644
--- a/neutron/db/db_base_plugin_v2.py
+++ b/neutron/db/db_base_plugin_v2.py
@@ -461,6 +461,15 @@ class NeutronDbPluginV2(db_base_plugin_common.DbBasePluginCommon,
                     if not ip_range:
                         raise n_exc.IpAddressGenerationFailure(
                             net_id=cur_subnet.network_id)
+            net = netaddr.IPNetwork(s['cidr'])
+            if net.is_multicast():
+                error_message = _("Multicast IP subnet is not supported "
+                                  "if enable_dhcp is True.")
+                raise n_exc.InvalidInput(error_message=error_message)
+            elif net.is_loopback():
+                error_message = _("Loopback IP subnet is not supported "
+                                  "if enable_dhcp is True.")
+                raise n_exc.InvalidInput(error_message=error_message)
 
         if attributes.is_attr_set(s.get('gateway_ip')):
             self._validate_ip_version(ip_ver, s['gateway_ip'], 'gateway_ip')
diff --git a/neutron/tests/unit/db/test_db_base_plugin_v2.py b/neutron/tests/unit/db/test_db_base_plugin_v2.py
index dea0296ac..4e197940d 100644
--- a/neutron/tests/unit/db/test_db_base_plugin_v2.py
+++ b/neutron/tests/unit/db/test_db_base_plugin_v2.py
@@ -4494,6 +4494,26 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
             res = subnet_req.get_response(self.api)
             self.assertEqual(res.status_int, webob.exc.HTTPClientError.code)
 
+    def _test_unsupported_subnet_cidr(self, subnet_cidr):
+        with self.network() as network:
+            subnet = {'network_id': network['network']['id'],
+                      'cidr': subnet_cidr,
+                      'ip_version': 4,
+                      'enable_dhcp': True,
+                      'tenant_id': network['network']['tenant_id']}
+            plugin = manager.NeutronManager.get_plugin()
+            if hasattr(plugin, '_validate_subnet'):
+                self.assertRaises(n_exc.InvalidInput,
+                                  plugin._validate_subnet,
+                                  context.get_admin_context(),
+                                  subnet)
+
+    def test_unsupported_subnet_cidr_multicast(self):
+        self._test_unsupported_subnet_cidr("224.0.0.1/16")
+
+    def test_unsupported_subnet_cidr_loopback(self):
+        self._test_unsupported_subnet_cidr("127.0.0.1/8")
+
     def test_invalid_ip_address(self):
         with self.network() as network:
             data = {'subnet': {'network_id': network['network']['id'],