1 files changed, 41 insertions, 14 deletions

diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py
index 9c0c42414..8e9bb069e 100755
--- a/src/conf_mode/interfaces-tunnel.py
+++ b/src/conf_mode/interfaces-tunnel.py
@@ -25,7 +25,7 @@ from vyos.config import Config
 from vyos.ifconfig import Interface, GREIf, GRETapIf, IPIPIf, IP6GREIf, IPIP6If, IP6IP6If, SitIf, Sit6RDIf
 from vyos.ifconfig.afi import IP4, IP6
 from vyos.configdict import list_diff
-from vyos.validate import is_ipv4, is_ipv6, is_bridge_member
+from vyos.validate import is_ipv4, is_ipv6, is_member
 from vyos import ConfigError
 from vyos.dicts import FixedDict
 
@@ -222,7 +222,7 @@ class ConfigurationState(Config):
         remove all the values which were not changed from the default
         """
         for option in options:
-            if self.exists(option) and self_return_value(option) != self.default[option]:
+            if self.exists(option) and self.self_return_value(option) != self.default[option]:
                 continue
             del self.options[option]
 
@@ -251,6 +251,7 @@ default_config_data = {
     'ip': False,
     'ipv6': False,
     'nhrp': [],
+    'ipv6_accept_ra': 1,
     'ipv6_autoconf': 0,
     'ipv6_forwarding': 1,
     'ipv6_dad_transmits': 1,
@@ -401,6 +402,11 @@ def get_config():
     eff_addr = conf.return_effective_values('address')
     options['addresses-del'] = list_diff(eff_addr, options['addresses-add'])
 
+    # to make IPv6 SLAAC and DHCPv6 work with forwarding=1,
+    # accept_ra must be 2
+    if options['ipv6_autoconf'] or 'dhcpv6' in options['addresses-add']:
+        options['ipv6_accept_ra'] = 2
+
     # allmulticast fate is linked to multicast
     options['allmulticast'] = options['multicast']
 
@@ -410,7 +416,7 @@ def get_config():
     options['tunnel'] = {}
 
     # check for bridges
-    options['bridge'] = is_bridge_member(conf, ifname)
+    options['bridge'] = is_member(conf, ifname, 'bridge')
     options['interfaces'] = interfaces()
 
     for name in ct:
@@ -436,11 +442,14 @@ def verify(conf):
 
     if changes['section'] == 'delete':
         if ifname in options['nhrp']:
-            raise ConfigError(f'Can not delete interface tunnel {iftype} {ifname}, it is used by nhrp')
+            raise ConfigError((
+                f'Cannot delete interface tunnel {iftype} {ifname}, '
+                'it is used by NHRP'))
 
-        bridge = options['bridge']
-        if bridge:
-            raise ConfigError(f'Interface "{ifname}" can not be deleted as it belongs to bridge "{bridge}"!')
+        if options['bridge']:
+             raise ConfigError((
+                f'Cannot delete interface "{options["ifname"]}" as it is a '
+                f'member of bridge "{options["bridge"]}"!'))
 
         # done, bail out early
         return None
@@ -461,7 +470,7 @@ def verify(conf):
     # what are the tunnel options we can set / modified / deleted
 
     kls = get_class(options)
-    valid = kls.updates + ['alias', 'addresses-add', 'addresses-del', 'vrf']
+    valid = kls.updates + ['alias', 'addresses-add', 'addresses-del', 'vrf', 'state']
 
     if changes['section'] == 'create':
         valid.extend(['type',])
@@ -525,15 +534,28 @@ def verify(conf):
         print(f'Should not use IPv6 addresses on tunnel {iftype} {ifname}')
 
     # vrf check
-
-    vrf = options['vrf']
-    if vrf and vrf not in options['interfaces']:
-        raise ConfigError(f'VRF "{vrf}" does not exist')
+    if options['vrf']:
+        if options['vrf'] not in options['interfaces']:
+            raise ConfigError(f'VRF "{options["vrf"]}" does not exist')
+
+        if options['bridge']:
+            raise ConfigError((
+                f'Interface "{options["ifname"]}" cannot be member of VRF '
+                f'"{options["vrf"]}" and bridge {options["bridge"]} '
+                f'at the same time!'))
+
+    # bridge and address check
+    if ( options['bridge']
+            and ( options['addresses-add']
+                or options['ipv6_autoconf'] ) ):
+        raise ConfigError((
+            f'Cannot assign address to interface "{options["name"]}" '
+            f'as it is a member of bridge "{options["bridge"]}"!'))
 
     # source-interface check
 
     if tun_dev and tun_dev not in options['interfaces']:
-        raise ConfigError(f'device "{dev}" does not exist')
+        raise ConfigError(f'device "{tun_dev}" does not exist')
 
     # tunnel encapsulation check
 
@@ -620,12 +642,17 @@ def apply(conf):
 
     # set other interface properties
     for option in ('alias', 'mtu', 'link_detect', 'multicast', 'allmulticast',
-                   'vrf', 'ipv6_autoconf', 'ipv6_forwarding', 'ipv6_dad_transmits'):
+                   'ipv6_accept_ra', 'ipv6_autoconf', 'ipv6_forwarding', 'ipv6_dad_transmits'):
         if not options[option]:
             # should never happen but better safe
             continue
         tunnel.set_interface(option, options[option])
 
+    # assign/remove VRF (ONLY when not a member of a bridge,
+    # otherwise 'nomaster' removes it from it)
+    if not options['bridge']:
+        tunnel.set_vrf(options['vrf'])
+
     # Configure interface address(es)
     for addr in options['addresses-del']:
         tunnel.del_addr(addr)