summaryrefslogtreecommitdiff
path: root/data/templates/conntrack/vyos_nf_conntrack.conf.j2
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-07-23 19:05:21 +0200
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-07-24 18:18:29 +0000
commit69fe18810b8f8b78cc6f6e320f419334e5665691 (patch)
tree6c2c7e00b6defb791aeaef1a224a333bd40e0591 /data/templates/conntrack/vyos_nf_conntrack.conf.j2
parent3147c580cf9b9d965b62b27b5eee5f3e91df07f8 (diff)
downloadvyos-1x-69fe18810b8f8b78cc6f6e320f419334e5665691.tar.gz
vyos-1x-69fe18810b8f8b78cc6f6e320f419334e5665691.zip
vrf: T6602: verify supplied VRF name on all interface types
Only some (e.g. ethernet or wireguard) interfaces validate if the supplied VRF actually exists. If this is not validated, one can pass an invalid VRF to the system which generates an OSError exception. To reproduce set interfaces vxlan vxlan1 vni 1000 set interfaces vxlan vxlan1 remote 1.2.3.4 set interfaces vxlan vxlan1 vrf smoketest results in OSError: [Errno 255] failed to run command: ip link set dev vxlan1 master smoketest_mgmt This commit adds the missing verify_vrf() call to the missing interface types and an appropriate smoketest for all interfaces supporting VRF assignment. (cherry picked from commit dd0ebffa33728e452ac6e11737c2283f0e390359)
Diffstat (limited to 'data/templates/conntrack/vyos_nf_conntrack.conf.j2')
0 files changed, 0 insertions, 0 deletions