Permalink
Browse files

OS-3027 vmadm support for IPv6 antispoof prefixes

Reviewed by: Josh Wilsdon <jwilsdon@joyent.com>
  • Loading branch information...
rmustacc committed May 10, 2014
1 parent 4df8cb4 commit fbe057b41d645981ecb236eaa38935a3082d8415
Showing with 144 additions and 12 deletions.
  1. +4 −2 src/vm/man/vmadm.1m.md
  2. +23 −9 src/vm/node_modules/VM.js
  3. +117 −1 src/vm/tests/test-spoof-opts.js
View
@@ -1314,8 +1314,10 @@ tab-complete UUIDs rather than having to type them out for every command.
This sets additional IP addresses from which this nic is allowed to
send traffic, in addition to the IPs in the ip and vrrp_primary_ip
properties (if set). Values can be either single IPv4 Addresses or
CIDR ranges in the form 192.168.1.0/24.
properties (if set). Values may be single IPv4 or IPv6 addresses
or IPv4 and IPv6 CIDR ranges. The following are all valid
examples of allowed_ips: '10.169.0.0/16', '10.99.99.7',
'fe82::/15', '2600:3c00::f03c:91ff:fe96:a267'.
type: array (of IP addresses or CIDR ranges)
vmtype: OS,KVM
View

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.
@@ -493,8 +493,124 @@ function brand_test(brand, image, t) {
'restricted' ],
allowed_ips: [ips[2], '10.5.0.201', '10.5.0.202']
}, cb);
}
}, function (cb) {
// update net2 to have a v4 prefix for IP antispoof
VM.update(state.uuid, { update_nics: [ {
mac: state.nics[2].mac,
allowed_ips: [ '10.88.88.0/24' ]
} ] }, function (e) {
if (e) {
t.ok(false, 'VM.update: ' + e.message);
return cb(e);
}
VM.load(state.uuid, function (err, obj) {
if (err) {
t.ok(false, 'VM.load: ' + err.message);
return cb(err);
}
t.ok(obj.nics[2].allowed_ips[0] == '10.88.88.0/24',
'single allowed-ips IPv4 prefix');
cb();
});
});
}, function (cb) {
// update net2 to have a v6 prefix for IP antispoof
VM.update(state.uuid, { update_nics: [ {
mac: state.nics[2].mac,
allowed_ips: [ '2600:3c00::f03c:91ff:fe96:a260/124' ]
} ] }, function (e) {
if (e) {
t.ok(false, 'VM.update: ' + e.message);
return cb(e);
}
VM.load(state.uuid, function (err, obj) {
if (err) {
t.ok(false, 'VM.load: ' + err.message);
return cb(err);
}
t.ok(obj.nics[2].allowed_ips[0] ==
'2600:3c00::f03c:91ff:fe96:a260/124',
'single allowed-ips IPv6 prefix');
cb();
});
});
}, function (cb) {
// update net2 to have an invalid v4 prefix for IP antispoof
VM.update(state.uuid, { update_nics: [ {
mac: state.nics[2].mac,
allowed_ips: [ '10.88.88.0/36' ]
} ] }, function (e) {
t.ok(e, 'v4 prefix too large');
cb();
});
}, function (cb) {
// update net2 to have an invalid v4 prefix for IP antispoof
VM.update(state.uuid, { update_nics: [ {
mac: state.nics[2].mac,
allowed_ips: [ '10.88.88.0/0' ]
} ] }, function (e) {
t.ok(e, 'v4 prefix too small');
cb();
});
}, function (cb) {
// update net2 to have an invalid v4 prefix for IP antispoof
VM.update(state.uuid, { update_nics: [ {
mac: state.nics[2].mac,
allowed_ips: [ '10.88.88.0/-3' ]
} ] }, function (e) {
t.ok(e, 'v4 prefix invalid number');
cb();
});
}, function (cb) {
// update net2 to have an invalid v4 prefix for IP antispoof
VM.update(state.uuid, { update_nics: [ {
mac: state.nics[2].mac,
allowed_ips: [ '10.88.88.0/' ]
} ] }, function (e) {
t.ok(e, 'v4 prefix missing number');
cb();
});
}, function (cb) {
// update net2 to have an invalid v6 prefix for IP antispoof
VM.update(state.uuid, { update_nics: [ {
mac: state.nics[2].mac,
allowed_ips: [ '2600:3c00::f03c:91ff:fe96:a260/129' ]
} ] }, function (e) {
t.ok(e, 'v6 prefix too large');
cb();
});
}, function (cb) {
// update net2 to have an invalid v6 prefix for IP antispoof
VM.update(state.uuid, { update_nics: [ {
mac: state.nics[2].mac,
allowed_ips: [ '2600:3c00::f03c:91ff:fe96:a260/0' ]
} ] }, function (e) {
t.ok(e, 'v6 prefix too small');
cb();
});
}, function (cb) {
// update net2 to have an invalid v6 prefix for IP antispoof
VM.update(state.uuid, { update_nics: [ {
mac: state.nics[2].mac,
allowed_ips: [ '2600:3c00::f03c:91ff:fe96:a260/-5' ]
} ] }, function (e) {
t.ok(e, 'v6 prefix invalid number');
cb();
});
}, function (cb) {
// update net2 to have an invalid v6 prefix for IP antispoof
VM.update(state.uuid, { update_nics: [ {
mac: state.nics[2].mac,
allowed_ips: [ '2600:3c00::f03c:91ff:fe96:a260/' ]
} ] }, function (e) {
t.ok(e, 'v6 prefix missing number');
cb();
});
}
], function (err) {
t.end();
});

0 comments on commit fbe057b

Please sign in to comment.