fix: gateway should not be network address and broadcast address (#4043)

* fix: gateway should not be network address and broadcast address --------- Signed-off-by: zcq98 <[email protected]>
kubeovn · May 23, 2024 · 2a3cdbd · 2a3cdbd
1 parent 08e3c56
commit 2a3cdbd
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 6 deletions.
diff --git a/pkg/controller/pod.go b/pkg/controller/pod.go
@@ -688,7 +688,7 @@ func (c *Controller) reconcileAllocateSubnets(cachedPod, pod *v1.Pod, needAlloca
 			}
 		}
 
-		if err := util.ValidatePodCidr(podNet.Subnet.Spec.CIDRBlock, ipStr); err != nil {
+		if err := util.ValidateNetworkBroadcast(podNet.Subnet.Spec.CIDRBlock, ipStr); err != nil {
 			klog.Errorf("validate pod %s/%s failed: %v", namespace, name, err)
 			c.recorder.Eventf(pod, v1.EventTypeWarning, "ValidatePodNetworkFailed", err.Error())
 			return nil, err

diff --git a/pkg/util/validator.go b/pkg/util/validator.go
@@ -13,9 +13,15 @@ import (
 )
 
 func ValidateSubnet(subnet kubeovnv1.Subnet) error {
-	if subnet.Spec.Gateway != "" && !CIDRContainIP(subnet.Spec.CIDRBlock, subnet.Spec.Gateway) {
-		return fmt.Errorf(" gateway %s is not in cidr %s", subnet.Spec.Gateway, subnet.Spec.CIDRBlock)
+	if subnet.Spec.Gateway != "" {
+		if !CIDRContainIP(subnet.Spec.CIDRBlock, subnet.Spec.Gateway) {
+			return fmt.Errorf("gateway %s is not in cidr %s", subnet.Spec.Gateway, subnet.Spec.CIDRBlock)
+		}
+		if err := ValidateNetworkBroadcast(subnet.Spec.CIDRBlock, subnet.Spec.Gateway); err != nil {
+			return fmt.Errorf("validate gateway %s for cidr %s failed: %v", subnet.Spec.Gateway, subnet.Spec.CIDRBlock, err)
+		}
 	}
+
 	if err := CIDRGlobalUnicast(subnet.Spec.CIDRBlock); err != nil {
 		return err
 	}
@@ -274,7 +280,7 @@ func ValidatePodNetwork(annotations map[string]string) error {
 	return utilerrors.NewAggregate(errors)
 }
 
-func ValidatePodCidr(cidr, ip string) error {
+func ValidateNetworkBroadcast(cidr, ip string) error {
 	for _, cidrBlock := range strings.Split(cidr, ",") {
 		for _, ipAddr := range strings.Split(ip, ",") {
 			if CheckProtocol(cidrBlock) != CheckProtocol(ipAddr) {

diff --git a/pkg/util/validator_test.go b/pkg/util/validator_test.go
@@ -622,7 +622,7 @@ func TestValidatePodNetwork(t *testing.T) {
 	}
 }
 
-func TestValidatePodCidr(t *testing.T) {
+func TestValidateNetworkBroadcast(t *testing.T) {
 	tests := []struct {
 		name string
 		cidr string
@@ -656,7 +656,7 @@ func TestValidatePodCidr(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ret := ValidatePodCidr(tt.cidr, tt.ip)
+			ret := ValidateNetworkBroadcast(tt.cidr, tt.ip)
 			if !ErrorContains(ret, tt.err) {
 				t.Errorf("got %v, want a error %v", ret, tt.err)
 			}