From 87e79d214e45cee4e19455724ebf5485149dd6cf Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 9 Jun 2020 10:36:03 +0200
Subject: [PATCH] libnm-core: interpret ovs-patch.peer as an interface name
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The 'peer' property of ovs-patch is inserted into the 'options' column
of the ovsdb 'Interface' table. The ovs-vswitchd.conf.db man page says
about it:

  options : peer: optional string
    The name of the Interface for the other side of the patch. The
    named Interface’s own peer option must specify this Interface’s
    name. That is, the two patch interfaces must have reversed name
    and peer values.

Therefore, it is wrong to validate the peer property as an IP address
and document it as such.

Backport: note that on nm-1-22, we have nm_utils_ifname_valid() function
for validating OVS interface names. We don't have that here, so we
re-implement the name validation differently.

Fixes: d4a7fe46797b ('libnm-core: add ovs-patch setting')
(cherry picked from commit beb1dba8c145be0971a488dcabac241e1c3a363b)
(cherry picked from commit 5598c039e4557510b567f12418601f5983fe5357)
(cherry picked from commit 9b82c62f33d53192cd89ae9c62f67ddad2c2df1f)
---
 clients/common/settings-docs.h.in |  2 +-
 libnm-core/nm-setting-ovs-patch.c | 28 +++++++++++++++++++---------
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in
index 9bbafa32e2..b803b446e9 100644
--- a/clients/common/settings-docs.h.in
+++ b/clients/common/settings-docs.h.in
@@ -264,7 +264,7 @@
 #define DESCRIBE_DOC_NM_SETTING_OVS_BRIDGE_STP_ENABLE N_("Enable or disable STP.")
 #define DESCRIBE_DOC_NM_SETTING_OVS_DPDK_DEVARGS N_("Open vSwitch DPDK device arguments.")
 #define DESCRIBE_DOC_NM_SETTING_OVS_INTERFACE_TYPE N_("The interface type. Either \"internal\", \"system\", \"patch\", \"dpdk\", or empty.")
-#define DESCRIBE_DOC_NM_SETTING_OVS_PATCH_PEER N_("Specifies the unicast destination IP address of a remote Open vSwitch bridge port to connect to.")
+#define DESCRIBE_DOC_NM_SETTING_OVS_PATCH_PEER N_("Specifies the name of the interface for the other side of the patch. The patch on the other side must also set this interface as peer.")
 #define DESCRIBE_DOC_NM_SETTING_OVS_PORT_BOND_DOWNDELAY N_("The time port must be inactive in order to be considered down.")
 #define DESCRIBE_DOC_NM_SETTING_OVS_PORT_BOND_MODE N_("Bonding mode. One of \"active-backup\", \"balance-slb\", or \"balance-tcp\".")
 #define DESCRIBE_DOC_NM_SETTING_OVS_PORT_BOND_UPDELAY N_("The time port must be active before it starts forwarding traffic.")
diff --git a/libnm-core/nm-setting-ovs-patch.c b/libnm-core/nm-setting-ovs-patch.c
index dd0bdc7116..b1781ce5b1 100644
--- a/libnm-core/nm-setting-ovs-patch.c
+++ b/libnm-core/nm-setting-ovs-patch.c
@@ -95,13 +95,23 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
 		return FALSE;
 	}
 
-	if (   !nm_utils_ipaddr_valid (AF_INET, self->peer)
-	    && !nm_utils_ipaddr_valid (AF_INET6, self->peer)) {
-		g_set_error (error,
-		             NM_CONNECTION_ERROR,
-		             NM_CONNECTION_ERROR_INVALID_PROPERTY,
-		             _("'%s' is not a valid IP address"),
-		             self->peer);
+	if (!nm_utils_is_valid_iface_name (self->peer, error)) {
+		g_prefix_error (error, "%s.%s: ",
+		                NM_SETTING_OVS_PATCH_SETTING_NAME,
+		                NM_SETTING_OVS_PATCH_PEER);
+		return FALSE;
+	}
+
+	/* on nm-1-22, we use here nm_utils_ifname_valid(). This change was not backported to
+	 * nm-1-20, hence reimplement the check here. We don't want to accept values, that
+	 * would be rejected on newer versions of NetworkManager. */
+	if (!NM_STRCHAR_ALL (self->peer,
+	                     ch,
+	                        !NM_IN_SET (ch, '\\', '/')
+	                     && g_ascii_isgraph (ch))) {
+		g_set_error_literal (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY,
+		                     _("interface name must be alphanumerical with "
+		                     "no forward or backward slashes"));
 		g_prefix_error (error, "%s.%s: ",
 		                NM_SETTING_OVS_PATCH_SETTING_NAME,
 		                NM_SETTING_OVS_PATCH_PEER);
@@ -193,8 +203,8 @@ nm_setting_ovs_patch_class_init (NMSettingOvsPatchClass *klass)
 	/**
 	 * NMSettingOvsPatch:peer:
 	 *
-	 * Specifies the unicast destination IP address of a remote Open vSwitch
-	 * bridge port to connect to.
+	 * Specifies the name of the interface for the other side of the patch.
+	 * The patch on the other side must also set this interface as peer.
 	 *
 	 * Since: 1.10
 	 **/