summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-09-26 12:00:06 +0200
committerChristian Poessinger <christian@poessinger.com>2020-09-26 12:00:06 +0200
commit5db3d63160670c796ed74a170862c367048d89bb (patch)
tree029590908fb0bef85d04b44aeeb1c6c3db119784 /python/vyos
parentdfa949c5b758e2954ed5c6ad455fe586965cd156 (diff)
downloadvyos-1x-5db3d63160670c796ed74a170862c367048d89bb.tar.gz
vyos-1x-5db3d63160670c796ed74a170862c367048d89bb.zip
ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interface
Using an MTU less then the required 1280 bytes (as per RFC) on an interface where IPv6 is not explicitly disabled by: - set interfaces ethernet eth1 ipv6 address no-default-link-local - not having any other IPv6 address configured Will now trigger a commit error via verify() instead of raising FileNotFoundError!
Diffstat (limited to 'python/vyos')
-rw-r--r--python/vyos/configverify.py30
1 files changed, 30 insertions, 0 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 6e5ba1df0..944fc4294 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -44,6 +44,36 @@ def verify_mtu(config):
raise ConfigError(f'Interface MTU too high, ' \
f'maximum supported MTU is {max_mtu}!')
+def verify_mtu_ipv6(config):
+ """
+ Common helper function used by interface implementations to perform
+ recurring validation if the specified MTU can be used when IPv6 is
+ configured on the interface. IPv6 requires a 1280 bytes MTU.
+ """
+ from vyos.validate import is_ipv6
+ from vyos.util import vyos_dict_search
+ # IPv6 minimum required link mtu
+ min_mtu = 1280
+
+ if int(config['mtu']) < min_mtu:
+ interface = config['ifname']
+ error_msg = f'IPv6 address will be configured on interface "{interface}" ' \
+ f'thus the minimum MTU requirement is {min_mtu}!'
+
+ if not vyos_dict_search('ipv6.address.no_default_link_local', config):
+ raise ConfigError('link-local ' + error_msg)
+
+ for address in (vyos_dict_search('address', config) or []):
+ if address in ['dhcpv6'] or is_ipv6(address):
+ raise ConfigError(error_msg)
+
+ if vyos_dict_search('ipv6.address.autoconf', config):
+ raise ConfigError(error_msg)
+
+ if vyos_dict_search('ipv6.address.eui64', config):
+ raise ConfigError(error_msg)
+
+
def verify_vrf(config):
"""
Common helper function used by interface implementations to perform