canonical · hamistao · Oct 20, 2024 · Oct 20, 2024 · Oct 20, 2024 · Oct 22, 2024
diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go
@@ -3447,10 +3447,23 @@ func (n *bridge) Leases(projectName string, clientType request.ClientType) ([]ap
 	instanceProjects := make(map[string]string)
 	leases := []api.NetworkLease{}
 
+	// Include gateway leases if network is visible from requested project or requesting all projects.
+	// Avoid querying project if we don't need to check features.networks.
+	includeGatewayLeases := projectName == "" || n.project == projectName
+	if !includeGatewayLeases {
+		var effectiveProject string
+		effectiveProject, _, err = project.NetworkProject(n.state.DB.Cluster, projectName)
+		if err != nil {
+			return nil, err
+		}
+
+		includeGatewayLeases = n.project == effectiveProject
+	}
+
 	// Get all static leases.
 	if clientType == request.ClientTypeNormal {
-		// If requested project matches network's project then include gateway and downstream uplink IPs.
-		if projectName == n.project || projectName == "" {
+		// Include gateway IPs if applicable.
+		if includeGatewayLeases {
 			// Add our own gateway IPs.
 			for _, addr := range []string{n.config["ipv4.address"], n.config["ipv6.address"]} {
 				ip, _, _ := net.ParseCIDR(addr)

diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go
@@ -5442,8 +5442,21 @@ func (n *ovn) Leases(projectName string, clientType request.ClientType) ([]api.N
 	var err error
 	leases := []api.NetworkLease{}
 
-	// If requested project matches network's project then include gateway IPs.
-	if projectName == n.project || projectName == "" {
+	// Include gateway leases if network is visible from requested project or requesting all projects.
+	// Avoid querying project if we don't need to check features.networks.
+	includeGatewayLeases := projectName == "" || n.project == projectName
+	if !includeGatewayLeases {
+		var effectiveProject string
+		effectiveProject, _, err = project.NetworkProject(n.state.DB.Cluster, projectName)
+		if err != nil {
+			return nil, err
+		}
+
+		includeGatewayLeases = n.project == effectiveProject
+	}
+
+	// Include gateway IPs if applicable.
+	if includeGatewayLeases {
 		// Add our own gateway IPs.
 		for _, addr := range []string{n.config["ipv4.address"], n.config["ipv6.address"]} {
 			ip, _, _ := net.ParseCIDR(addr)

diff --git a/lxd/network/zone/zone.go b/lxd/network/zone/zone.go
@@ -261,6 +261,36 @@ func (d *zone) validateConfigMap(config map[string]string, rules map[string]func
 	return nil
 }
 
+func (d *zone) getProjectRecords(projectName string, n network.Network, recordGenerator func(name string, ip net.IP) map[string]string) ([]map[string]string, error) {
+	var records []map[string]string
+
+	leases, err := n.Leases(projectName, request.ClientTypeNormal)
+	if err != nil {
+		return nil, err
+	}
+
+	// Convert leases to usable PTR records.
+	for _, lease := range leases {
+		// Since networks can be visible from more than one project
+		// We don't want to consider gateway leases unless dealing with the network's project,
+		if projectName != n.Project() && lease.Type == "gateway" {
+			continue
+		}
+
+		ip := net.ParseIP(lease.Address)
+
+		// Get the record.
+		record := recordGenerator(fmt.Sprintf("%s.%s", lease.Hostname, projectName), ip)
+		if record == nil {
+			continue
+		}
+
+		records = append(records, record)
+	}
+
+	return records, nil
+}
+
 // Update applies the supplied config to the zone.
 func (d *zone) Update(config *api.NetworkZonePut, clientType request.ClientType) error {
 	err := d.validateConfig(config)
@@ -442,6 +472,8 @@ func (d *zone) Content() (*strings.Builder, error) {
 				return record
 			}
 
+			var leaseRecords []map[string]string
+
 			if isReverse {
 				// Load network leases in correct project context for each forward zone referenced.
 				for _, forwardZoneName := range shared.SplitNTrimSpace(n.Config()["dns.zone.forward"], ",", -1, true) {
@@ -452,44 +484,20 @@ func (d *zone) Content() (*strings.Builder, error) {
 					}
 
 					// Load the leases for the forward zone project.
-					leases, err := n.Leases(forwardZoneProjectName, request.ClientTypeNormal)
+					leaseRecords, err = d.getProjectRecords(d.projectName, n, genRecord)
 					if err != nil {
 						return nil, err
 					}
-
-					// Convert leases to usable PTR records.
-					for _, lease := range leases {
-						ip := net.ParseIP(lease.Address)
-
-						// Get the record.
-						record := genRecord(fmt.Sprintf("%s.%s", lease.Hostname, forwardZoneName), ip)
-						if record == nil {
-							continue
-						}
-
-						records = append(records, record)
-					}
 				}
 			} else {
 				// Load the leases in the forward zone's project.
-				leases, err := n.Leases(d.projectName, request.ClientTypeNormal)
+				leaseRecords, err = d.getProjectRecords(d.projectName, n, genRecord)
 				if err != nil {
 					return nil, err
 				}
-
-				// Convert leases to usable records.
-				for _, lease := range leases {
-					ip := net.ParseIP(lease.Address)
-
-					// Get the record.
-					record := genRecord(lease.Hostname, ip)
-					if record == nil {
-						continue
-					}
-
-					records = append(records, record)
-				}
 			}
+
+			records = append(records, leaseRecords...)
 		}
 	}
 

diff --git a/lxd/networks.go b/lxd/networks.go
@@ -1349,7 +1349,7 @@ func networkPut(d *Daemon, r *http.Request) response.Response {
 
 	clientType := clusterRequest.UserAgentClientType(r.Header.Get("User-Agent"))
 
-	response := doNetworkUpdate(effectiveProjectName, n, req, targetNode, clientType, r.Method, s.ServerClustered)
+	response := doNetworkUpdate(n, req, targetNode, clientType, r.Method, s.ServerClustered)
 
 	requestor := request.CreateRequestor(r)
 	s.Events.SendLifecycle(effectiveProjectName, lifecycle.NetworkUpdated.Event(n, requestor, nil))
@@ -1402,7 +1402,7 @@ func networkPatch(d *Daemon, r *http.Request) response.Response {
 
 // doNetworkUpdate loads the current local network config, merges with the requested network config, validates
 // and applies the changes. Will also notify other cluster nodes of non-node specific config if needed.
-func doNetworkUpdate(projectName string, n network.Network, req api.NetworkPut, targetNode string, clientType clusterRequest.ClientType, httpMethod string, clustered bool) response.Response {
+func doNetworkUpdate(n network.Network, req api.NetworkPut, targetNode string, clientType clusterRequest.ClientType, httpMethod string, clustered bool) response.Response {
 	if req.Config == nil {
 		req.Config = map[string]string{}
 	}

diff --git a/test/suites/network.sh b/test/suites/network.sh
@@ -94,15 +94,18 @@ test_network() {
   # Create new project with an instance with ipv[46] for the next tests.
   lxc project create foo -c features.networks=false -c features.images=false -c features.profiles=false
   lxc launch testimage outsider -n lxdt$$ --project foo
+  gateway_addr="$(lxc network get lxdt$$ ipv4.address | cut -d/ -f1)"
   v4_addr_foo="$(lxc network get lxdt$$ ipv4.address | cut -d/ -f1)1"
   v6_addr_foo="$(lxc network get lxdt$$ ipv6.address | cut -d/ -f1)01"
   lxc config device set outsider eth0 ipv4.address "${v4_addr_foo}" --project foo
   lxc config device set outsider eth0 ipv6.address "${v6_addr_foo}" --project foo
 
   lxc network list-leases lxdt$$ | grep STATIC | grep -q "${v4_addr}"
   lxc network list-leases lxdt$$ | grep STATIC | grep -q "${v6_addr}"
+  lxc network list-leases lxdt$$ | grep GATEWAY | grep -q "${gateway_addr}"
   lxc network list-leases lxdt$$ --project foo | grep STATIC | grep -q "${v4_addr_foo}"
   lxc network list-leases lxdt$$ --project foo | grep STATIC | grep -q "${v6_addr_foo}"
+  lxc network list-leases lxdt$$ --project foo | grep GATEWAY | grep -q "${gateway_addr}"
 
   # Request DHCPv6 lease (if udhcpc6 is in busybox image).
   busyboxUdhcpc6=1