From fcce4714146a39f608ddd141338547a5a952c63f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 7 Apr 2020 22:02:49 +0200 Subject: bridge: T2232: prevent deletion of enslaved interfaces Interfaces enslaved to a bridge are not allowed to be deleted. If an interface is deleted from the config but it is still enslaved to a bridge will cause a configuration error on the subsequent boot. --- src/conf_mode/interfaces-wireguard.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'src/conf_mode/interfaces-wireguard.py') diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 4fa0dd8c0..54121a6c1 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -24,7 +24,7 @@ from netifaces import interfaces from vyos import ConfigError from vyos.config import Config from vyos.configdict import list_diff -from vyos.util import run +from vyos.util import run, is_bridge_member from vyos.ifconfig import WireGuardIf kdir = r'/config/auth/wireguard' @@ -179,6 +179,16 @@ def verify(c): if not c: return None + if c['delete']: + interface = c['intfc'] + is_member, bridge = is_bridge_member(interface) + if is_member: + # can not use a f'' formatted-string here as bridge would not get + # expanded in the print statement + raise ConfigError('Can not delete interface "{0}" as it ' \ + 'is a member of bridge "{1}"!'.format(interface, bridge)) + return None + if not os.path.exists(c['pk']): raise ConfigError( "No keys found, generate them by executing: \'run generate wireguard [keypair|named-keypairs]\'") -- cgit v1.2.3