github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't allow link-local Endpoints

Browse Source
This commit is contained in:
Tim Hockin
2015-06-02 21:49:51 -07:00
parent 1845ca88fc
commit 1aa9b0b86a
2 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/api/validation/validation.go
View File

@@ -1592,11 +1592,24 @@ func validateEndpointSubsets(subsets []api.EndpointSubset) errs.ValidationErrorL
return allErrs
}
var linkLocalNet *net.IPNet
func validateEndpointAddress(address *api.EndpointAddress) errs.ValidationErrorList {
if linkLocalNet == nil {
var err error
_, linkLocalNet, err = net.ParseCIDR("169.254.0.0/16")
if err != nil {
glog.Errorf("Failed to parse link-local CIDR: %v", err)
}
}
allErrs := errs.ValidationErrorList{}
if !util.IsValidIPv4(address.IP) {
allErrs = append(allErrs, errs.NewFieldInvalid("ip", address.IP, "invalid IPv4 address"))
}
if linkLocalNet.Contains(net.ParseIP(address.IP)) {
allErrs = append(allErrs, errs.NewFieldInvalid("ip", address.IP, "may not be in the link-local range (169.254.0.0/16)"))
}
return allErrs
}