summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-08-24 21:43:10 +0200
committerChristian Poessinger <christian@poessinger.com>2022-09-04 20:26:56 +0200
commit87894a2fa32933400a930783edcce74a8b4792a4 (patch)
treea17ace9943bbf7438511f74c69b1ed9966f02567 /python/vyos
parentb9678136eac767ece3d5a5e53f9f2b9c47c7477a (diff)
downloadvyos-1x-87894a2fa32933400a930783edcce74a8b4792a4.tar.gz
vyos-1x-87894a2fa32933400a930783edcce74a8b4792a4.zip
T4630: can not use same source-interface for macsec and pseudo-ethernet
A macsec interface requires a dedicated source interface, it can not be shared with another macsec or a pseudo-ethernet interface. set interfaces macsec macsec10 address '192.168.2.1/30' set interfaces macsec macsec10 security cipher 'gcm-aes-256' set interfaces macsec macsec10 security encrypt set interfaces macsec macsec10 security mka cak '232e44b7fda6f8e2d88a07bf78a7aff4232e44b7fda6f8e2d88a07bf78a7aff4' set interfaces macsec macsec10 security mka ckn '09924585a6f3010208cf5222ef24c821405b0e34f4b4f63b1f0ced474b9bb6e6' set interfaces macsec macsec10 source-interface 'eth1' commit set interfaces pseudo-ethernet peth0 source-interface eth1 commit Reuslts in FileNotFoundError: [Errno 2] failed to run command: ip link add peth0 link eth1 type macvlan mode private returned: exit code: 2 noteworthy: cmd 'ip link add peth0 link eth1 type macvlan mode private' returned (out): returned (err): RTNETLINK answers: Device or resource busy [[interfaces pseudo-ethernet peth0]] failed Commit failed (cherry picked from commit eb4a7ee3afc0765671ce0fa379ab5e3518e9e49e)
Diffstat (limited to 'python/vyos')
-rw-r--r--python/vyos/configdict.py12
-rw-r--r--python/vyos/configverify.py6
2 files changed, 15 insertions, 3 deletions
diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py
index 53bd1a13e..785207c7f 100644
--- a/python/vyos/configdict.py
+++ b/python/vyos/configdict.py
@@ -309,12 +309,18 @@ def is_source_interface(conf, interface, intftype=None):
"""
ret_val = None
intftypes = ['macsec', 'pppoe', 'pseudo-ethernet', 'tunnel', 'vxlan']
- if intftype not in intftypes + [None]:
+ if not intftype:
+ intftype = intftypes
+
+ if isinstance(intftype, str):
+ intftype = [intftype]
+ elif not isinstance(intftype, list):
+ raise ValueError(f'Interface type "{type(intftype)}" must be either str or list!')
+
+ if not all(x in intftypes for x in intftype):
raise ValueError(f'unknown interface type "{intftype}" or it can not '
'have a source-interface')
- intftype = intftypes if intftype == None else [intftype]
-
# set config level to root
old_level = conf.get_level()
conf.set_level([])
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index d4b532d22..a35ea0b74 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -248,6 +248,12 @@ def verify_source_interface(config):
raise ConfigError(f'Invalid source-interface "{src_ifname}". Interface '
f'is already a member of bond "{bond_name}"!')
+ if 'is_source_interface' in config:
+ tmp = config['is_source_interface']
+ src_ifname = config['source_interface']
+ raise ConfigError(f'Can not use source-interface "{src_ifname}", it already ' \
+ f'belongs to interface "{tmp}"!')
+
def verify_dhcpv6(config):
"""
Common helper function used by interface implementations to perform