From 005e3fd6926aa12ebd8e5c22ce6c1538bea19ad0 Mon Sep 17 00:00:00 2001
From: Austin de Coup-Crank <94914780+decoupca@users.noreply.github.com>
Date: Mon, 22 May 2023 15:16:17 -0500
Subject: [PATCH] Closes #9068: validate addresses assigned to interfaces
 (#12618)

* Begin logic

* Closes #9068: Disallow assigning bcast/networks to interfaces

* Allow net IDs in /31, /32, /127, /128

* linting error

* Implement requested changes

* Condensed the "if" logic a bit

---------

Co-authored-by: Austin de Coup-Crank <decoupca@moodys.com>
Co-authored-by: jeremystretch <jstretch@netboxlabs.com>
---
 netbox/ipam/forms/model_forms.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/netbox/ipam/forms/model_forms.py b/netbox/ipam/forms/model_forms.py
index cf8117bf7..ac75e2cc3 100644
--- a/netbox/ipam/forms/model_forms.py
+++ b/netbox/ipam/forms/model_forms.py
@@ -351,6 +351,18 @@ class IPAddressForm(TenancyForm, NetBoxModelForm):
                 'primary_for_parent', "Only IP addresses assigned to an interface can be designated as primary IPs."
             )
 
+        # Do not allow assigning a network ID or broadcast address to an interface.
+        if interface and (address := self.cleaned_data.get('address')):
+            if address.ip == address.network:
+                msg = f"{address} is a network ID, which may not be assigned to an interface."
+                if address.version == 4 and address.prefixlen not in (31, 32):
+                    raise ValidationError(msg)
+                if address.version == 6 and address.prefixlen not in (127, 128):
+                    raise ValidationError(msg)
+            if address.ip == address.broadcast:
+                msg = f"{address} is a broadcast address, which may not be assigned to an interface."
+                raise ValidationError(msg)
+
     def save(self, *args, **kwargs):
         ipaddress = super().save(*args, **kwargs)