diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-07-25 11:49:05 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-07-25 21:10:25 +0200 |
| commit | 7a85dbfb8b97dade658e8213099fc4995ae62ea1 (patch) | |
| tree | 0223edb96033a250674ce83b4de9cda419f7ef99 /python/vyos/configverify.py | |
| parent | e4d697b1d3aad0cb8e81f4c36bcaa4c089195f43 (diff) | |
| download | vyos-1x-7a85dbfb8b97dade658e8213099fc4995ae62ea1.tar.gz vyos-1x-7a85dbfb8b97dade658e8213099fc4995ae62ea1.zip | |
ifconfig: backport ifconfig framework from 1.4 to support new tunnel options
It is easier to backport the entire vyos.ifconfig library from 1.4 instead of
backporting single pieces which are required to add new feature to the tunnel
interface section.
In addition that both libraries are now back in sync it will become much easier
to backport any other new feature introduced in VyOS 1.4!
Diffstat (limited to 'python/vyos/configverify.py')
| -rw-r--r-- | python/vyos/configverify.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index ee0fd94f7..0fb3501e8 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -84,6 +84,50 @@ def verify_mtu_ipv6(config): if tmp and 'eui64' in tmp: raise ConfigError(error_msg) +def verify_tunnel(config): + """ + This helper is used to verify the common part of the tunnel + """ + from vyos.template import is_ipv4 + from vyos.template import is_ipv6 + + if 'encapsulation' not in config: + raise ConfigError('Must configure the tunnel encapsulation for '\ + '{ifname}!'.format(**config)) + + if 'source_address' not in config and 'dhcp_interface' not in config: + raise ConfigError('source-address is mandatory for tunnel') + + if 'remote' not in config and config['encapsulation'] != 'gre': + raise ConfigError('remote-ip address is mandatory for tunnel') + + if {'source_address', 'dhcp_interface'} <= set(config): + raise ConfigError('Can not use both source-address and dhcp-interface') + + if config['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre']: + error_ipv6 = 'Encapsulation mode requires IPv6' + if 'source_address' in config and not is_ipv6(config['source_address']): + raise ConfigError(f'{error_ipv6} source-address') + + if 'remote' in config and not is_ipv6(config['remote']): + raise ConfigError(f'{error_ipv6} remote-ip address') + else: + error_ipv4 = 'Encapsulation mode requires IPv4' + if 'source_address' in config and not is_ipv4(config['source_address']): + raise ConfigError(f'{error_ipv4} source-address') + + if 'remote' in config and not is_ipv4(config['remote']): + raise ConfigError(f'{error_ipv4} remote address') + + if config['encapsulation'] in ['sit', 'gretap']: + if 'source_interface' in config: + encapsulation = config['encapsulation'] + raise ConfigError(f'Option source-interface can not be used with ' \ + f'encapsulation "{encapsulation}"!') + elif config['encapsulation'] == 'gre': + if 'source_address' in config and is_ipv6(config['source_address']): + raise ConfigError('Can not use local IPv6 address is for mGRE tunnels') + def verify_vrf(config): """ Common helper function used by interface implementations to perform |