From 8d0207f87cf692458b688527022c8d841ec72904 Mon Sep 17 00:00:00 2001 From: zsdc Date: Sun, 29 Aug 2021 16:13:45 +0300 Subject: wireguard: T3763: The port availability check fix Check a port availability only if it was changed in current commit. This should protect from fail-positive errors when other parameters change for an interface. --- src/conf_mode/interfaces-wireguard.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 9baf5b6e9..da64dd076 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -47,6 +47,9 @@ def get_config(config=None): base = ['interfaces', 'wireguard'] wireguard = get_interface_dict(conf, base) + # Check if a port was changed + wireguard['port_changed'] = leaf_node_changed(conf, ['port']) + # Determine which Wireguard peer has been removed. # Peers can only be removed with their public key! dict = {} @@ -74,7 +77,7 @@ def verify(wireguard): if 'peer' not in wireguard: raise ConfigError('At least one Wireguard peer is required!') - if 'port' in wireguard: + if 'port' in wireguard and wireguard['port_changed']: listen_port = int(wireguard['port']) if check_port_availability('0.0.0.0', listen_port, 'udp') is not True: raise ConfigError( -- cgit v1.2.3