| 493 | } |
| 494 | |
| 495 | func validateIPRange(ipRange, subnet netip.Prefix, subnetFamily int) []error { |
| 496 | if !ipRange.IsValid() { |
| 497 | return nil |
| 498 | } |
| 499 | family := 4 |
| 500 | if ipRange.Addr().Is6() { |
| 501 | family = 6 |
| 502 | } |
| 503 | |
| 504 | if family != subnetFamily { |
| 505 | return []error{fmt.Errorf("invalid ip-range %s: parent subnet is an IPv%d block", ipRange, subnetFamily)} |
| 506 | } |
| 507 | |
| 508 | var errs []error |
| 509 | if ipRange.Bits() < subnet.Bits() { |
| 510 | errs = append(errs, fmt.Errorf("invalid ip-range %s: CIDR block is bigger than its parent subnet %s", ipRange, subnet)) |
| 511 | } |
| 512 | if ipRange != ipRange.Masked() { |
| 513 | errs = append(errs, fmt.Errorf("invalid ip-range %s: it should be %s", ipRange, ipRange.Masked())) |
| 514 | } |
| 515 | if !subnet.Overlaps(ipRange) { |
| 516 | errs = append(errs, fmt.Errorf("invalid ip-range %s: parent subnet %s doesn't contain ip-range", ipRange, subnet)) |
| 517 | } |
| 518 | |
| 519 | return errs |
| 520 | } |
| 521 | |
| 522 | func validateAddress(addr netip.Addr, subnet netip.Prefix, subnetFamily int) error { |
| 523 | if !addr.IsValid() { |