summaryrefslogtreecommitdiff
path: root/python/vyos/configverify.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-03-23 10:07:41 +0100
committerChristian Poessinger <christian@poessinger.com>2022-04-07 09:44:35 +0200
commit37c6d9fae5172b0342f94212e6483b3aa8fcd673 (patch)
treec23c5b65a1ca0b050906d09dca734d93c8a98a53 /python/vyos/configverify.py
parent25069b949eb97c1308ec927b53ac0c2d9d118467 (diff)
downloadvyos-1x-37c6d9fae5172b0342f94212e6483b3aa8fcd673.tar.gz
vyos-1x-37c6d9fae5172b0342f94212e6483b3aa8fcd673.zip
qos: T4284: support mirror and redirect on all interface types
Diffstat (limited to 'python/vyos/configverify.py')
-rw-r--r--python/vyos/configverify.py27
1 files changed, 11 insertions, 16 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 7f1258575..df2c5775a 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -178,31 +178,26 @@ def verify_eapol(config):
if 'certificate' not in ca_cert:
raise ConfigError('Invalid CA certificate specified for EAPoL')
-def verify_mirror(config):
+def verify_mirror_redirect(config):
"""
Common helper function used by interface implementations to perform
- recurring validation of mirror interface configuration.
+ recurring validation of mirror and redirect interface configuration via tc(8)
It makes no sense to mirror traffic back at yourself!
"""
+ if {'mirror', 'redirect'} <= set(config):
+ raise ConfigError('Mirror and redirect can not be enabled at the same time!')
+
if 'mirror' in config:
for direction, mirror_interface in config['mirror'].items():
if mirror_interface == config['ifname']:
raise ConfigError(f'Can not mirror "{direction}" traffic back ' \
'the originating interface!')
-def verify_redirect(config):
- """
- Common helper function used by interface implementations to perform
- recurring validation of the redirect interface configuration.
-
- It makes no sense to mirror and redirect traffic at the same time!
- """
- if {'mirror', 'redirect'} <= set(config):
- raise ConfigError('Can not do both redirect and mirror')
-
if dict_search('traffic_policy.in', config) != None:
- raise ConfigError('Can not use ingress policy and redirect')
+ # XXX: support combination of limiting and redirect/mirror - this is an
+ # artificial limitation
+ raise ConfigError('Can not use ingress policy tigether with mirror or redirect!')
def verify_authentication(config):
"""
@@ -328,7 +323,7 @@ def verify_vlan_config(config):
verify_dhcpv6(vlan)
verify_address(vlan)
verify_vrf(vlan)
- verify_redirect(vlan)
+ verify_mirror_redirect(vlan)
verify_mtu_parent(vlan, config)
# 802.1ad (Q-in-Q) VLANs
@@ -337,7 +332,7 @@ def verify_vlan_config(config):
verify_dhcpv6(s_vlan)
verify_address(s_vlan)
verify_vrf(s_vlan)
- verify_redirect(s_vlan)
+ verify_mirror_redirect(s_vlan)
verify_mtu_parent(s_vlan, config)
for c_vlan in s_vlan.get('vif_c', {}):
@@ -345,7 +340,7 @@ def verify_vlan_config(config):
verify_dhcpv6(c_vlan)
verify_address(c_vlan)
verify_vrf(c_vlan)
- verify_redirect(c_vlan)
+ verify_mirror_redirect(c_vlan)
verify_mtu_parent(c_vlan, config)
verify_mtu_parent(c_vlan, s_vlan)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-24 21:00:42 +0000