From eb4a7ee3afc0765671ce0fa379ab5e3518e9e49e Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Wed, 24 Aug 2022 21:43:10 +0200
Subject: T4630: can not use same source-interface for macsec and
 pseudo-ethernet

A macsec interface requires a dedicated source interface, it can not be
shared with another macsec or a pseudo-ethernet interface.

set interfaces macsec macsec10 address '192.168.2.1/30'
set interfaces macsec macsec10 security cipher 'gcm-aes-256'
set interfaces macsec macsec10 security encrypt
set interfaces macsec macsec10 security mka cak '232e44b7fda6f8e2d88a07bf78a7aff4232e44b7fda6f8e2d88a07bf78a7aff4'
set interfaces macsec macsec10 security mka ckn '09924585a6f3010208cf5222ef24c821405b0e34f4b4f63b1f0ced474b9bb6e6'
set interfaces macsec macsec10 source-interface 'eth1'
commit

set interfaces pseudo-ethernet peth0 source-interface eth1
commit

Reuslts in

FileNotFoundError: [Errno 2] failed to run command: ip link add peth0 link eth1 type macvlan mode private
returned:
exit code: 2

noteworthy:
cmd 'ip link add peth0 link eth1 type macvlan mode private'
returned (out):

returned (err):
RTNETLINK answers: Device or resource busy

[[interfaces pseudo-ethernet peth0]] failed
Commit failed
---
 src/conf_mode/interfaces-pseudo-ethernet.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/conf_mode/interfaces-pseudo-ethernet.py')

diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py
index f26a50a0e..20f2b1975 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces-pseudo-ethernet.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019-2020 VyOS maintainers and contributors
+# Copyright (C) 2019-2022 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -19,6 +19,7 @@ from sys import exit
 from vyos.config import Config
 from vyos.configdict import get_interface_dict
 from vyos.configdict import is_node_changed
+from vyos.configdict import is_source_interface
 from vyos.configverify import verify_vrf
 from vyos.configverify import verify_address
 from vyos.configverify import verify_bridge_delete
@@ -51,6 +52,10 @@ def get_config(config=None):
     if 'source_interface' in peth:
         _, peth['parent'] = get_interface_dict(conf, ['interfaces', 'ethernet'],
                                                peth['source_interface'])
+        # test if source-interface is maybe already used by another interface
+        tmp = is_source_interface(conf, peth['source_interface'], ['macsec'])
+        if tmp and tmp != ifname: peth.update({'is_source_interface' : tmp})
+
     return peth
 
 def verify(peth):
-- 
cgit v1.2.3