network: perform network validation at creation time

Some of the checks were previously performed when parsing the network config. But since we allow for a little more flexibility now it doesn't work anymore. Instead, let's validate the network at creation time. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: perform network validation at creation time
9c8ca2a5 · Christian Brauner · Stéphane Graber · 5d9a6c64 · 9c8ca2a5
Unverified Commit 9c8ca2a5 authored Jun 14, 2017 by Christian Brauner Committed by Stéphane Graber Jul 16, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 0 deletions

conf.c src/lxc/conf.c +15 -0

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2948,6 +2948,21 @@ int lxc_create_network(struct lxc_handler *handler)
 		netdev = iterator->elem;
+		if (netdev->type != LXC_NET_MACVLAN && netdev->priv.macvlan_attr.mode) {
+			ERROR("Invalid macvlan.mode for a non-macvlan netdev");
+			return -1;
+		}
+		if (netdev->type != LXC_NET_VETH && netdev->priv.veth_attr.pair) {
+			ERROR("Invalid veth pair for a non-veth netdev");
+			return -1;
+		}
+		if (netdev->type != LXC_NET_VLAN && netdev->priv.vlan_attr.vid > 0) {
+			ERROR("Invalid vlan.id for a non-macvlan netdev");
+			return -1;
+		}
 		if (netdev->type < 0 || netdev->type > LXC_NET_MAXCONFTYPE) {
 			ERROR("invalid network configuration type '%d'",
 			      netdev->type);