network: perform network validation at creation time

Some of the checks were previously performed when parsing the network config. But since we allow for a little more flexibility now it doesn't work anymore. Instead, let's validate the network at creation time. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
lxc · Jul 16, 2017 · 9c8ca2a · 9c8ca2a
1 parent 5d9a6c6
commit 9c8ca2a
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
@@ -2948,6 +2948,21 @@ int lxc_create_network(struct lxc_handler *handler)
 
 		netdev = iterator->elem;
 
+		if (netdev->type != LXC_NET_MACVLAN && netdev->priv.macvlan_attr.mode) {
+			ERROR("Invalid macvlan.mode for a non-macvlan netdev");
+			return -1;
+		}
+
+		if (netdev->type != LXC_NET_VETH && netdev->priv.veth_attr.pair) {
+			ERROR("Invalid veth pair for a non-veth netdev");
+			return -1;
+		}
+
+		if (netdev->type != LXC_NET_VLAN && netdev->priv.vlan_attr.vid > 0) {
+			ERROR("Invalid vlan.id for a non-macvlan netdev");
+			return -1;
+		}
+
 		if (netdev->type < 0 || netdev->type > LXC_NET_MAXCONFTYPE) {
 			ERROR("invalid network configuration type '%d'",
 			      netdev->type);