Pull request #1329: 3529 validate dhcpv4

Merge in DNS/adguard-home from 3529-validate-dhcpv4 to master Squashed commit of the following: commit 2f2455aa13a41398cd2846f31be96da9d34ba95d Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Tue Oct 19 19:18:12 2021 +0300 dhcpv4: better test && fix changelog commit ec4ff9180e8390fb739b3be0fc76fd2c715fe691 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 19:08:44 2021 +0300 dhcpv4: better tests commit e0e2f27b7a063ed84af170b16c3f87636cb738d2 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 18:55:47 2021 +0300 dhcpv4: better tests commit 73e1d08e1265e336ee6339d5021f90883fe3e395 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 18:47:21 2021 +0300 dhcpv4: better tests commit f636fc316123f26b6e2930afb4b22c18024ec93d Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 18:47:07 2021 +0300 all: updated golibs commit 86dd107a1d483ac24bd8c26422324eb8b9c3d086 Merge: 51aaf6d9 b296fa22 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 17:18:17 2021 +0300 Merge branch 'master' into 3529-validate-dhcpv4 commit 51aaf6d9eb5fbe2b4304254dc6782305a19c53fa Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 17:18:02 2021 +0300 dhcpv4: better changelog commit 720b896bb595c57fab6d376f88c8a4b1d131db40 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 17:14:25 2021 +0300 dhcpv4: better tests commit 1098beffca8d5feb2ec104d26419210962c9a97d Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 12:08:26 2021 +0300 dhcp: changelog commit d1f6c89d68657431fb261658133c67e9e3135c1c Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 12:03:06 2021 +0300 dhcpv4: fixed tests commit 8b6713468fc04321c5238300df90bbb2d67ee679 Merge: 9991e9cb 3fa38fb4 Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 11:57:57 2021 +0300 Merge branch 'master' into 3529-validate-dhcpv4 commit 9991e9cbee7dc87d8fa1d7e86e6cc7e09ab6938c Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 11:55:40 2021 +0300 dhcpv4: added tests commit 5798a80de6c060365c1c647326d46cc13ccf28cb Author: Dmitriy Seregin <d.seregin@adguard.com> Date: Mon Oct 18 11:46:03 2021 +0300 dhcpv4: validate subnet mask and ip range
2021-10-19 19:28:18 +03:00
parent b296fa2246
commit d7aafa7dc6
13 changed files with 258 additions and 11 deletions
--- a/internal/dhcpd/dhcpd_test.go
+++ b/internal/dhcpd/dhcpd_test.go
@@ -11,6 +11,7 @@ import (

 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -138,6 +139,49 @@ func TestNormalizeLeases(t *testing.T) {
 	assert.Equal(t, leases[2].HWAddr, dynLeases[1].HWAddr)
 }

+func TestV4Server_badRange(t *testing.T) {
+	testCases := []struct {
+		name       string
+		gatewayIP  net.IP
+		subnetMask net.IP
+		wantErrMsg string
+	}{{
+		name:       "gateway_in_range",
+		gatewayIP:  net.IP{192, 168, 10, 120},
+		subnetMask: net.IP{255, 255, 255, 0},
+		wantErrMsg: "dhcpv4: gateway ip 192.168.10.120 in the ip range: " +
+			"192.168.10.20-192.168.10.200",
+	}, {
+		name:       "outside_range_start",
+		gatewayIP:  net.IP{192, 168, 10, 1},
+		subnetMask: net.IP{255, 255, 255, 240},
+		wantErrMsg: "dhcpv4: range start 192.168.10.20 is outside network " +
+			"192.168.10.1/28",
+	}, {
+		name:       "outside_range_end",
+		gatewayIP:  net.IP{192, 168, 10, 1},
+		subnetMask: net.IP{255, 255, 255, 224},
+		wantErrMsg: "dhcpv4: range end 192.168.10.200 is outside network " +
+			"192.168.10.1/27",
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			conf := V4ServerConf{
+				Enabled:    true,
+				RangeStart: net.IP{192, 168, 10, 20},
+				RangeEnd:   net.IP{192, 168, 10, 200},
+				GatewayIP:  tc.gatewayIP,
+				SubnetMask: tc.subnetMask,
+				notify:     testNotify,
+			}
+
+			_, err := v4Create(conf)
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+		})
+	}
+}
+
 // cloneUDPAddr returns a deep copy of a.
 func cloneUDPAddr(a *net.UDPAddr) (clone *net.UDPAddr) {
 	return &net.UDPAddr{
--- a/internal/dhcpd/v4.go
+++ b/internal/dhcpd/v4.go
@@ -293,6 +293,8 @@ func (s *v4Server) addLease(l *Lease) (err error) {
 	offset, inOffset := r.offset(l.IP)

 	if l.IsStatic() {
+		// TODO(a.garipov, d.seregin): Subnet can be nil when dhcp server is
+		// disabled.
 		if sn := s.conf.subnet; !sn.Contains(l.IP) {
 			return fmt.Errorf("subnet %s does not contain the ip %q", sn, l.IP)
 		}
@@ -1125,6 +1127,29 @@ func v4Create(conf V4ServerConf) (srv DHCPServer, err error) {
 		return s, fmt.Errorf("dhcpv4: %w", err)
 	}

+	if s.conf.ipRange.contains(routerIP) {
+		return s, fmt.Errorf("dhcpv4: gateway ip %v in the ip range: %v-%v",
+			routerIP,
+			conf.RangeStart,
+			conf.RangeEnd,
+		)
+	}
+
+	if !s.conf.subnet.Contains(conf.RangeStart) {
+		return s, fmt.Errorf("dhcpv4: range start %v is outside network %v",
+			conf.RangeStart,
+			s.conf.subnet,
+		)
+	}
+
+	if !s.conf.subnet.Contains(conf.RangeEnd) {
+		return s, fmt.Errorf("dhcpv4: range end %v is outside network %v",
+			conf.RangeEnd,
+			s.conf.subnet,
+		)
+	}
+
+	// TODO(a.garipov, d.seregin): Check that every lease is inside the IPRange.
 	s.leasedOffsets = newBitSet()

 	if conf.LeaseDuration == 0 {