On 02/06/2018 05:59 AM, Michal Privoznik wrote:

https://bugzilla.redhat.com/show_bug.cgi?id=1515533

We're already checking if IPv4 prefix isn't too long. But we are not checking if it isn't too short. QEMU supports prefixes longer than 4 (including). I haven't find anything similar related to IPv6 in qemu sources.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_domain.c | 6 ++++++ 1 file changed, 6 insertions(+)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index df433c2f0..4fc4db68b 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -3744,6 +3744,12 @@ qemuDomainDeviceDefValidateNetwork(const virDomainNetDef *net) _("prefix too long")); return -1; } + + if (ip->prefix < 4) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("prefix too short")); + return -1; + }

Why not just mimic what QEMU essentially does in net/slirp.c/net_slirp_init with a: if (ip->prefix < 4 || ip->prefix > 27) { virReportError(VIR_ERR_XLM_ERROR, "%s", _("invalid prefix, must be in range of 4-27")); return -1; } Perhaps even a note in formatdomain.html.in that the supported range for the prefix is hypervisor dependent (but I'm not requiring that). I trust that the details can be worked out, so Reviewed-by: John Ferlan <jferlan@redhat.com> for the concept/code John

}

if (VIR_SOCKET_ADDR_IS_FAMILY(&ip->address, AF_INET6)) {