Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Overlapping IPRanges are accepted if prefix lengths are different #17358

Closed
candlerb opened this issue Sep 4, 2024 · 0 comments · Fixed by #17391
Closed

Overlapping IPRanges are accepted if prefix lengths are different #17358

candlerb opened this issue Sep 4, 2024 · 0 comments · Fixed by #17391
Assignees
@bctiemann
Labels
netbox severity: low Does not significantly disrupt application functionality, or a workaround is available status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application

Comments

@candlerb
Copy link
Contributor

candlerb commented Sep 4, 2024

Deployment Type

Self-hosted

NetBox Version

v4.0.11

Python Version

3.12

Steps to Reproduce

  1. Create an IPRange with start 1.2.3.100/24 and end 1.2.3.200/24
  2. Create an IPRange with start 1.2.3.123/26 and end 1.2.3.124/26

Expected Behavior

The second IPRange should be rejected, as it overlaps with the first. (There is code in IPRange.clean() which is clearly intended to do this)

Observed Behavior

The overlapping range is accepted.

The problem occurs because the Django ORM lte/gte filter for overlapping ranges only works if the prefix lengths match:

>>> ip = "1.2.3.101/24"
>>> IPRange.objects.filter(start_address__lte=ip, end_address__gte=ip, vrf=None)
<RestrictedQuerySet [<IPRange: 1.2.3.100-200/24>]>
>>> ip = "1.2.3.101/26"
>>> IPRange.objects.filter(start_address__lte=ip, end_address__gte=ip, vrf=None)
<RestrictedQuerySet []>

I cannot see an obvious solution here, apart from brute force iterating over all possible prefix lengths:

>>> [IPRange.objects.filter(start_address__lte=f"1.2.3.101/{pl}", end_address__gte=f"1.2.3.101/{pl}", vrf=None).count() for pl in range(33)]
[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0]

Alternatively, changing the data model so that a range uses IPAddress instead of IPNetwork for the start/end addresses would eliminate this problem.
@candlerb candlerb added status: needs triage This issue is awaiting triage by a maintainer type: bug A confirmed report of unexpected behavior in the application labels Sep 4, 2024
@bctiemann bctiemann self-assigned this Sep 4, 2024
@bctiemann bctiemann added status: accepted This issue has been accepted for implementation severity: low Does not significantly disrupt application functionality, or a workaround is available and removed status: needs triage This issue is awaiting triage by a maintainer labels Sep 4, 2024
@bctiemann bctiemann mentioned this issue Sep 5, 2024
Merged
@jeremystretch jeremystretch mentioned this issue Oct 28, 2024
Merged
@jeremystretch jeremystretch added the netbox label Nov 1, 2024 — with Linear
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bctiemann bctiemann

Labels
netbox severity: low Does not significantly disrupt application functionality, or a workaround is available status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes: #17358 - Ensure correct comparison of overlapping IPRanges netbox-community/netbox
3 participants
@candlerb @bctiemann @jeremystretch