summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-01-03 21:12:58 +0100
committerChristian Poessinger <christian@poessinger.com>2021-01-03 21:12:58 +0100
commit77deec39262be04d121bd500d80ba2ed8bf04f84 (patch)
tree2d28e4719b0d62941ce1943256fe40e1659d5607
parentf4625c9ee2f54992ed96f113ff52c5a9993ea769 (diff)
downloadvyos-1x-77deec39262be04d121bd500d80ba2ed8bf04f84.tar.gz
vyos-1x-77deec39262be04d121bd500d80ba2ed8bf04f84.zip
mirror: add verify() check so we can not mirror back to our self
-rw-r--r--python/vyos/configverify.py14
-rwxr-xr-xsrc/conf_mode/interfaces-ethernet.py2
2 files changed, 16 insertions, 0 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 96eeb6bb1..a425ca671 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -99,6 +99,20 @@ def verify_eapol(config):
raise ConfigError('Both cert and key-file must be specified '\
'when using EAPoL!')
+def verify_mirror(config):
+ """
+ Common helper function used by interface implementations to perform
+ recurring validation of mirror interface configuration.
+
+ It makes no sense to mirror traffic back at yourself!
+ """
+ if 'mirror' in config:
+ for direction, mirror_interface in config['mirror'].items():
+ if mirror_interface == config['ifname']:
+ raise ConfigError(f'Can not mirror "{direction}" traffic back ' \
+ 'the originating interface!')
+
+
def verify_address(config):
"""
Common helper function used by interface implementations to perform
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index ed6396acf..bc102826f 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -29,6 +29,7 @@ from vyos.configverify import verify_mtu_ipv6
from vyos.configverify import verify_vlan_config
from vyos.configverify import verify_vrf
from vyos.configverify import verify_eapol
+from vyos.configverify import verify_mirror
from vyos.ifconfig import EthernetIf
from vyos.template import render
from vyos.util import call
@@ -74,6 +75,7 @@ def verify(ethernet):
verify_address(ethernet)
verify_vrf(ethernet)
verify_eapol(ethernet)
+ verify_mirror(ethernet)
ifname = ethernet['ifname']
# verify offloading capabilities