summaryrefslogtreecommitdiff
path: root/python/vyos/configverify.py
diff options
context:
space:
mode:
Diffstat (limited to 'python/vyos/configverify.py')
-rw-r--r--python/vyos/configverify.py44
1 files changed, 44 insertions, 0 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index ee0fd94f7..0fb3501e8 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -84,6 +84,50 @@ def verify_mtu_ipv6(config):
if tmp and 'eui64' in tmp:
raise ConfigError(error_msg)
+def verify_tunnel(config):
+ """
+ This helper is used to verify the common part of the tunnel
+ """
+ from vyos.template import is_ipv4
+ from vyos.template import is_ipv6
+
+ if 'encapsulation' not in config:
+ raise ConfigError('Must configure the tunnel encapsulation for '\
+ '{ifname}!'.format(**config))
+
+ if 'source_address' not in config and 'dhcp_interface' not in config:
+ raise ConfigError('source-address is mandatory for tunnel')
+
+ if 'remote' not in config and config['encapsulation'] != 'gre':
+ raise ConfigError('remote-ip address is mandatory for tunnel')
+
+ if {'source_address', 'dhcp_interface'} <= set(config):
+ raise ConfigError('Can not use both source-address and dhcp-interface')
+
+ if config['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre']:
+ error_ipv6 = 'Encapsulation mode requires IPv6'
+ if 'source_address' in config and not is_ipv6(config['source_address']):
+ raise ConfigError(f'{error_ipv6} source-address')
+
+ if 'remote' in config and not is_ipv6(config['remote']):
+ raise ConfigError(f'{error_ipv6} remote-ip address')
+ else:
+ error_ipv4 = 'Encapsulation mode requires IPv4'
+ if 'source_address' in config and not is_ipv4(config['source_address']):
+ raise ConfigError(f'{error_ipv4} source-address')
+
+ if 'remote' in config and not is_ipv4(config['remote']):
+ raise ConfigError(f'{error_ipv4} remote address')
+
+ if config['encapsulation'] in ['sit', 'gretap']:
+ if 'source_interface' in config:
+ encapsulation = config['encapsulation']
+ raise ConfigError(f'Option source-interface can not be used with ' \
+ f'encapsulation "{encapsulation}"!')
+ elif config['encapsulation'] == 'gre':
+ if 'source_address' in config and is_ipv6(config['source_address']):
+ raise ConfigError('Can not use local IPv6 address is for mGRE tunnels')
+
def verify_vrf(config):
"""
Common helper function used by interface implementations to perform
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 06:59:56 +0000