From 3a6ba18b5430ee3506f4d1de54ceb4b63e08695c Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 21 Jul 2010 16:48:05 -0700 Subject: Only allow redirect and mirror on ethernet devices For simplicity only allow mirror/redirect templates to exist on ethernet device. --- interface-templates/mirror/node.def | 19 ------------------- interface-templates/redirect/node.def | 18 ------------------ .../interfaces/ethernet/node.tag/mirror/node.def | 18 ++++++++++++++++++ .../interfaces/ethernet/node.tag/redirect/node.def | 18 ++++++++++++++++++ 4 files changed, 36 insertions(+), 37 deletions(-) delete mode 100644 interface-templates/mirror/node.def delete mode 100644 interface-templates/redirect/node.def create mode 100644 templates/interfaces/ethernet/node.tag/mirror/node.def create mode 100644 templates/interfaces/ethernet/node.tag/redirect/node.def diff --git a/interface-templates/mirror/node.def b/interface-templates/mirror/node.def deleted file mode 100644 index 599ccec..0000000 --- a/interface-templates/mirror/node.def +++ /dev/null @@ -1,19 +0,0 @@ -type: txt -help: Incoming packet mirroring destination -allowed: ${vyatta_sbindir}/vyatta-interfaces.pl --show=ethernet - -syntax:expression: $VAR(@) != $VAR(../@) ;\ - "interface $VAR(../@): mirroring to same interface not allowed" -val_help: Interface for packet mirroring - -commit:expression: $VAR(../redirect) == ""; \ - "interface $VAR(../@) : can not redirect and mirror on $IFNAME" - -commit:expression: $VAR(../traffic-policy/in) == ""; \ - "interface $VAR(../@) : can not use ingress policy and mirror on $IFNAME" - -commit:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(@) --check=all" - - -update: /opt/vyatta/sbin/vyatta-qos.pl --update-action $IFNAME -delete: /opt/vyatta/sbin/vyatta-qos.pl --delete-action $IFNAME diff --git a/interface-templates/redirect/node.def b/interface-templates/redirect/node.def deleted file mode 100644 index c836662..0000000 --- a/interface-templates/redirect/node.def +++ /dev/null @@ -1,18 +0,0 @@ -type: txt -help: Incoming packet redirection destination -allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=input - -syntax:expression: $VAR(@) != $VAR(../@) ;\ - "interface $VAR(../@): redirect to same interface not allowed" -val_help: Interface for packet redirection - -commit:expression: $VAR(../mirror) == "";\ - "interface $VAR(../@) : can not redirect and mirror on $IFNAME" - -commit:expression: $VAR(../traffic-policy/in) == ""; \ - "interface $VAR(../@) : can not use ingress policy and redirect on $IFNAME" - -commit:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(@) --check=all" - -update: /opt/vyatta/sbin/vyatta-qos.pl --update-action $IFNAME -delete: /opt/vyatta/sbin/vyatta-qos.pl --delete-action $IFNAME diff --git a/templates/interfaces/ethernet/node.tag/mirror/node.def b/templates/interfaces/ethernet/node.tag/mirror/node.def new file mode 100644 index 0000000..8541d4e --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/mirror/node.def @@ -0,0 +1,18 @@ +type: txt +help: Incoming packet mirroring destination +allowed: ${vyatta_sbindir}/vyatta-interfaces.pl --show=ethernet + +syntax:expression: $VAR(@) != $VAR(../@) ;\ + "interface $VAR(../@): mirroring to same interface not allowed" +val_help: Interface for packet mirroring + +commit:expression: $VAR(../redirect) == ""; \ + "interface $VAR(../@) : can not do both redirect and mirror" + +commit:expression: $VAR(../traffic-policy/in) == ""; \ + "interface $VAR(../@) : can not use ingress policy and mirror on $IFNAME" + +commit:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(@) --check=all" + +update: /opt/vyatta/sbin/vyatta-qos.pl --update-action $VAR(../@) +delete: /opt/vyatta/sbin/vyatta-qos.pl --delete-action $VAR(../@) diff --git a/templates/interfaces/ethernet/node.tag/redirect/node.def b/templates/interfaces/ethernet/node.tag/redirect/node.def new file mode 100644 index 0000000..6475ad6 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/redirect/node.def @@ -0,0 +1,18 @@ +type: txt +help: Incoming packet redirection destination +allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --show=input + +syntax:expression: $VAR(@) != $VAR(../@) ;\ + "interface $VAR(../@): redirect to same interface not allowed" +val_help: Interface for packet redirection + +commit:expression: $VAR(../mirror) == "";\ + "interface $VAR(../@) : can not do both redirect and mirror" + +commit:expression: $VAR(../traffic-policy/in) == ""; \ + "interface $VAR(../@) : can not use ingress policy and redirect on $IFNAME" + +commit:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --dev $VAR(@) --check=all" + +update: /opt/vyatta/sbin/vyatta-qos.pl --update-action $VAR(../@) +delete: /opt/vyatta/sbin/vyatta-qos.pl --delete-action $VAR(../@) -- cgit v1.2.3