From 6f818ee9033ee3abeedbed73eb44331dc27e7408 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 19 May 2022 20:56:28 +0200
Subject: dmvpn: nhrp: T4434: secret length can not exceed 8 characters

---
 src/conf_mode/protocols_nhrp.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/conf_mode/protocols_nhrp.py b/src/conf_mode/protocols_nhrp.py
index b6371d09f..e4848dea5 100755
--- a/src/conf_mode/protocols_nhrp.py
+++ b/src/conf_mode/protocols_nhrp.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2022 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -81,6 +81,11 @@ def verify(nhrp):
                 for map_name, map_conf in nhrp_conf['dynamic_map'].items():
                     if 'nbma_domain_name' not in map_conf:
                         raise ConfigError(f'nbma-domain-name missing on dynamic-map {map_name} on tunnel {name}')
+
+            if 'cisco_authentication' in nhrp_conf:
+                if len(nhrp_conf['cisco_authentication']) > 8:
+                    raise ConfigError('Maximum length of the secret is 8 characters!')
+
     return None
 
 def generate(nhrp):
-- 
cgit v1.2.3