diff options
Diffstat (limited to 'src/conf_mode/interfaces-tunnel.py')
| -rwxr-xr-x | src/conf_mode/interfaces-tunnel.py | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index 06c2ea29b..fc084814a 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -25,7 +25,7 @@ from vyos.config import Config from vyos.ifconfig import Interface, GREIf, GRETapIf, IPIPIf, IP6GREIf, IPIP6If, IP6IP6If, SitIf, Sit6RDIf from vyos.ifconfig.afi import IP4, IP6 from vyos.configdict import list_diff -from vyos.validate import is_ipv4, is_ipv6 +from vyos.validate import is_ipv4, is_ipv6, is_bridge_member from vyos import ConfigError from vyos.dicts import FixedDict @@ -255,7 +255,9 @@ default_config_data = { 'ipv6_forwarding': 1, 'ipv6_dad_transmits': 1, # internal + 'interfaces': [], 'tunnel': {}, + 'bridge': '', # the following names are exactly matching the name # for the ip command and must not be changed 'ifname': '', @@ -264,6 +266,7 @@ default_config_data = { 'mtu': '1476', 'local': '', 'remote': '', + 'dev': '', 'multicast': 'disable', 'allmulticast': 'disable', 'ttl': '255', @@ -285,6 +288,7 @@ mapping = { 'local': ('local-ip', False, None), 'remote': ('remote-ip', False, None), 'multicast': ('multicast', False, None), + 'dev': ('source-interface', False, None), 'ttl': ('parameters ip ttl', False, None), 'tos': ('parameters ip tos', False, None), 'key': ('parameters ip key', False, None), @@ -405,6 +409,10 @@ def get_config(): ct = conf.get_config_dict()['tunnel'] options['tunnel'] = {} + # check for bridges + options['bridge'] = is_bridge_member(conf, ifname) + options['interfaces'] = interfaces() + for name in ct: tunnel = ct[name] encap = tunnel.get('encapsulation', '') @@ -429,6 +437,11 @@ def verify(conf): if changes['section'] == 'delete': if ifname in options['nhrp']: raise ConfigError(f'Can not delete interface tunnel {iftype} {ifname}, it is used by nhrp') + + bridge = options['bridge'] + if bridge: + raise ConfigError(f'Interface "{ifname}" can not be deleted as it belongs to bridge "{bridge}"!') + # done, bail out early return None @@ -448,7 +461,7 @@ def verify(conf): # what are the tunnel options we can set / modified / deleted kls = get_class(options) - valid = kls.updates + ['alias', 'addresses-add', 'addresses-del', 'vrf'] + valid = kls.updates + ['alias', 'addresses-add', 'addresses-del', 'vrf', 'state'] if changes['section'] == 'create': valid.extend(['type',]) @@ -474,6 +487,7 @@ def verify(conf): afi_remote = get_afi(tun_remote) tun_ismgre = iftype == 'gre' and not options['remote'] tun_is6rd = iftype == 'sit' and options['6rd-prefix'] + tun_dev = options['dev'] # incompatible options @@ -483,6 +497,9 @@ def verify(conf): if tun_local and options['dhcp-interface']: raise ConfigError(f'Must configure only one of local-ip or dhcp-interface for tunnel {iftype} {ifname}') + if tun_dev and iftype in ('gre-bridge', 'sit'): + raise ConfigError(f'source interface can not be used with {iftype} {ifname}') + # tunnel endpoint if afi_local != afi_remote: @@ -510,9 +527,14 @@ def verify(conf): # vrf check vrf = options['vrf'] - if vrf and vrf not in interfaces(): + if vrf and vrf not in options['interfaces']: raise ConfigError(f'VRF "{vrf}" does not exist') + # source-interface check + + if tun_dev and tun_dev not in options['interfaces']: + raise ConfigError(f'device "{dev}" does not exist') + # tunnel encapsulation check convert = { |