summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-08-04 08:29:14 +0200
committerChristian Poessinger <christian@poessinger.com>2022-08-15 18:00:56 +0200
commit922871b4dc41f345d7ec1aae518ba91b6dfeb62c (patch)
tree03c263b17666ca0fa67479e08ef031ff84bed839 /src/conf_mode
parentae139a68883caae9591e6ce17674e41d9e65c836 (diff)
downloadvyos-1x-922871b4dc41f345d7ec1aae518ba91b6dfeb62c.tar.gz
vyos-1x-922871b4dc41f345d7ec1aae518ba91b6dfeb62c.zip
macsec: T4592: can not create two interfaces using the same source-interface
(cherry picked from commit 993961f60ead2a18912eb577b1152463d4eb8b4e)
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/interfaces-macsec.py11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py
index eac92f149..8076a27b6 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces-macsec.py
@@ -22,6 +22,7 @@ from sys import exit
from vyos.config import Config
from vyos.configdict import get_interface_dict
from vyos.configdict import is_node_changed
+from vyos.configdict import is_source_interface
from vyos.configverify import verify_vrf
from vyos.configverify import verify_address
from vyos.configverify import verify_bridge_delete
@@ -65,6 +66,10 @@ def get_config(config=None):
if is_node_changed(conf, base + [ifname, 'source_interface']):
macsec.update({'shutdown_required': {}})
+ if 'source_interface' in macsec:
+ tmp = is_source_interface(conf, macsec['source_interface'], 'macsec')
+ if tmp and tmp != ifname: macsec.update({'is_source_interface' : tmp})
+
return macsec
@@ -96,6 +101,12 @@ def verify(macsec):
# gcm-aes-128 requires a 128bit long key - 64 characters (string) = 32byte = 256bit
raise ConfigError('gcm-aes-128 requires a 256bit long key!')
+ if 'is_source_interface' in macsec:
+ tmp = macsec['is_source_interface']
+ src_ifname = macsec['source_interface']
+ raise ConfigError(f'Can not use source-interface "{src_ifname}", it already ' \
+ f'belongs to interface "{tmp}"!')
+
if 'source_interface' in macsec:
# MACsec adds a 40 byte overhead (32 byte MACsec + 8 bytes VLAN 802.1ad
# and 802.1q) - we need to check the underlaying MTU if our configured