From 77deec39262be04d121bd500d80ba2ed8bf04f84 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 3 Jan 2021 21:12:58 +0100
Subject: mirror: add verify() check so we can not mirror back to our self

---
 python/vyos/configverify.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'python/vyos')

diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 96eeb6bb1..a425ca671 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -99,6 +99,20 @@ def verify_eapol(config):
             raise ConfigError('Both cert and key-file must be specified '\
                               'when using EAPoL!')
 
+def verify_mirror(config):
+    """
+    Common helper function used by interface implementations to perform
+    recurring validation of mirror interface configuration.
+
+    It makes no sense to mirror traffic back at yourself!
+    """
+    if 'mirror' in config:
+        for direction, mirror_interface in config['mirror'].items():
+            if mirror_interface == config['ifname']:
+                raise ConfigError(f'Can not mirror "{direction}" traffic back ' \
+                                   'the originating interface!')
+
+
 def verify_address(config):
     """
     Common helper function used by interface implementations to perform
-- 
cgit v1.2.3