From 2a3cdbd361a1ecf1442d2659f1fd5abdff39c3cd Mon Sep 17 00:00:00 2001
From: Zhao Congqi <zhaocongqi_yewu@cmss.chinamobile.com>
Date: Thu, 23 May 2024 10:29:53 +0800
Subject: [PATCH] fix: gateway should not be network address and broadcast
 address (#4043)

* fix: gateway should not be network address and broadcast address
---------

Signed-off-by: zcq98 <zhaocongqi_yewu@cmss.chinamobile.com>
---
 pkg/controller/pod.go      |  2 +-
 pkg/util/validator.go      | 12 +++++++++---
 pkg/util/validator_test.go |  4 ++--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/pkg/controller/pod.go b/pkg/controller/pod.go
index b98dc5a2414..96b3faa514c 100644
--- a/pkg/controller/pod.go
+++ b/pkg/controller/pod.go
@@ -688,7 +688,7 @@ func (c *Controller) reconcileAllocateSubnets(cachedPod, pod *v1.Pod, needAlloca
 			}
 		}
 
-		if err := util.ValidatePodCidr(podNet.Subnet.Spec.CIDRBlock, ipStr); err != nil {
+		if err := util.ValidateNetworkBroadcast(podNet.Subnet.Spec.CIDRBlock, ipStr); err != nil {
 			klog.Errorf("validate pod %s/%s failed: %v", namespace, name, err)
 			c.recorder.Eventf(pod, v1.EventTypeWarning, "ValidatePodNetworkFailed", err.Error())
 			return nil, err
diff --git a/pkg/util/validator.go b/pkg/util/validator.go
index b55eef24e3d..438c2225da6 100644
--- a/pkg/util/validator.go
+++ b/pkg/util/validator.go
@@ -13,9 +13,15 @@ import (
 )
 
 func ValidateSubnet(subnet kubeovnv1.Subnet) error {
-	if subnet.Spec.Gateway != "" && !CIDRContainIP(subnet.Spec.CIDRBlock, subnet.Spec.Gateway) {
-		return fmt.Errorf(" gateway %s is not in cidr %s", subnet.Spec.Gateway, subnet.Spec.CIDRBlock)
+	if subnet.Spec.Gateway != "" {
+		if !CIDRContainIP(subnet.Spec.CIDRBlock, subnet.Spec.Gateway) {
+			return fmt.Errorf("gateway %s is not in cidr %s", subnet.Spec.Gateway, subnet.Spec.CIDRBlock)
+		}
+		if err := ValidateNetworkBroadcast(subnet.Spec.CIDRBlock, subnet.Spec.Gateway); err != nil {
+			return fmt.Errorf("validate gateway %s for cidr %s failed: %v", subnet.Spec.Gateway, subnet.Spec.CIDRBlock, err)
+		}
 	}
+
 	if err := CIDRGlobalUnicast(subnet.Spec.CIDRBlock); err != nil {
 		return err
 	}
@@ -274,7 +280,7 @@ func ValidatePodNetwork(annotations map[string]string) error {
 	return utilerrors.NewAggregate(errors)
 }
 
-func ValidatePodCidr(cidr, ip string) error {
+func ValidateNetworkBroadcast(cidr, ip string) error {
 	for _, cidrBlock := range strings.Split(cidr, ",") {
 		for _, ipAddr := range strings.Split(ip, ",") {
 			if CheckProtocol(cidrBlock) != CheckProtocol(ipAddr) {
diff --git a/pkg/util/validator_test.go b/pkg/util/validator_test.go
index 600b784c575..67fd8bd484d 100644
--- a/pkg/util/validator_test.go
+++ b/pkg/util/validator_test.go
@@ -622,7 +622,7 @@ func TestValidatePodNetwork(t *testing.T) {
 	}
 }
 
-func TestValidatePodCidr(t *testing.T) {
+func TestValidateNetworkBroadcast(t *testing.T) {
 	tests := []struct {
 		name string
 		cidr string
@@ -656,7 +656,7 @@ func TestValidatePodCidr(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ret := ValidatePodCidr(tt.cidr, tt.ip)
+			ret := ValidateNetworkBroadcast(tt.cidr, tt.ip)
 			if !ErrorContains(ret, tt.err) {
 				t.Errorf("got %v, want a error %v", ret, tt.err)
 			}