Skip to content

Support rfc6598 IP addresses in service subnet #3165

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
havetisyan merged 4 commits into from
Jan 16, 2026
Merged

Support rfc6598 IP addresses in service subnet #3165

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bd60b67
Support rfc6598 IP addresses in service subnet
Dec 24, 2025
0070233
Support rfc6598 IP addresses in service subnet
Dec 29, 2025
5442ae1
google gemini comment
Jan 12, 2026
5304d01
Merge branch 'master' into support-rfc6598-IP-addresse
balamanova Jan 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions ui/src/__tests__/components/constants/constants.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ describe('StaticWorkloadType', () => {
'192.168.2.0/24',
'192.168.100.0/24',
'10.255.255.0/24',
'100.64.0.0/10',
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Dec 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The variable name rfc1918CIDR is now misleading as it contains 100.64.0.0/10 which is defined in RFC 6598 (Shared Address Space for Carrier-Grade NAT), not RFC 1918 (Private Internets). To improve clarity and maintainability, consider renaming this variable to something more inclusive, like validServiceSubnetCIDRs, throughout this test case.

];

let nonRFC1918CIDR = [
Expand Down
2 changes: 1 addition & 1 deletion ui/src/components/constants/constants.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ export const StaticWorkloadType = [
name: 'Service Subnet',
value: 'SERVICE_SUBNET',
pattern:
'^(10(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){3}/([8-9]|(1[0-9])|(2[0-9])|(3[0-1])))|(172\\.((1[6-9])|(2[0-9])|(3[0-1]))(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){2}/((1[2-9])|(2[0-9])|(3[0-1])))|(192\\.168(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){2}/((1[6-9])|(2[0-9])|(3[0-1])))|(127(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){3}/([8-9]|(1[0-9])|(2[0-9])|(3[0-1])))$',
'^(10(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){3}/([8-9]|(1[0-9])|(2[0-9])|(3[0-1])))|(172\\.((1[6-9])|(2[0-9])|(3[0-1]))(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){2}/((1[2-9])|(2[0-9])|(3[0-1])))|(192\\.168(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){2}/((1[6-9])|(2[0-9])|(3[0-1])))|(127(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){3}/([8-9]|(1[0-9])|(2[0-9])|(3[0-1])))|(100\\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){2}/([1-9]|[12][0-9]|3[0-2]))$',
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Dec 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

This regular expression is very complex and hard to maintain. More importantly, the new part for RFC 6598 addresses contains a bug.

  1. Bug: The CIDR prefix length for the RFC 6598 range (100.64.0.0/10) should be between 10 and 32. The current regex ([1-9]|[12][0-9]|3[0-2]) incorrectly allows prefixes from 1 to 9.
  2. Maintainability: The sub-expression for matching an IP octet (([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5])) is convoluted and can be simplified to a more standard and efficient form: (25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9]).

I suggest refactoring the entire regex to fix the bug and improve readability and performance. Also, please consider updating the comment on line 120, which is now outdated.

Suggested change
'^(10(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){3}/([8-9]|(1[0-9])|(2[0-9])|(3[0-1])))|(172\\.((1[6-9])|(2[0-9])|(3[0-1]))(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){2}/((1[2-9])|(2[0-9])|(3[0-1])))|(192\\.168(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){2}/((1[6-9])|(2[0-9])|(3[0-1])))|(127(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){3}/([8-9]|(1[0-9])|(2[0-9])|(3[0-1])))|(100\\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])(\\.(([0-9]?[0-9])|(1[0-9]?[0-9])|(2[0-4]?[0-9])|(25[0-5]))){2}/([1-9]|[12][0-9]|3[0-2]))$',
'^(10(\\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}/([8-9]|1[0-9]|2[0-9]|3[0-1]))|(172\\.((1[6-9])|2[0-9]|3[0-1])(\\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){2}/(1[2-9]|2[0-9]|3[0-1]))|(192\\.168(\\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){2}/(1[6-9]|2[0-9]|3[0-1]))|(127(\\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}/([8-9]|1[0-9]|2[0-9]|3[0-1]))|(100\\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])(\\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){2}/(1[0-9]|2[0-9]|3[0-2]))$'

},
];

Expand Down