diff options
author | Christian Breunig <christian@breunig.cc> | 2024-04-01 21:47:41 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2024-04-01 21:53:37 +0200 |
commit | 09ac2851f89f2b7d94a21c3506e46f380e961fba (patch) | |
tree | e8d6d84eeadf70311b7125e2d39ef755af0f81ce | |
parent | 6e0fdbcbba39691461f791c7a68a2c6c5091d2c1 (diff) | |
download | vyos-1x-09ac2851f89f2b7d94a21c3506e46f380e961fba.tar.gz vyos-1x-09ac2851f89f2b7d94a21c3506e46f380e961fba.zip |
vrf: T3655: always use full nft command name (e.g. --check over -c)
-rw-r--r-- | python/vyos/ifconfig/interface.py | 2 | ||||
-rwxr-xr-x | src/conf_mode/vrf.py | 11 |
2 files changed, 8 insertions, 5 deletions
diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index c87fb9c71..b2cb621bc 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -415,7 +415,7 @@ class Interface(Control): else: nft_del_element = f'delete element inet vrf_zones ct_iface_map {{ "{self.ifname}" }}' # Check if deleting is possible first to avoid raising errors - _, err = self._popen(f'nft -c {nft_del_element}') + _, err = self._popen(f'nft --check {nft_del_element}') if not err: # Remove map element self._cmd(f'nft {nft_del_element}') diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 16908100f..1fc813189 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -14,8 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import os - from sys import exit from json import loads @@ -33,6 +31,7 @@ from vyos.utils.network import get_vrf_members from vyos.utils.network import interface_exists from vyos.utils.process import call from vyos.utils.process import cmd +from vyos.utils.process import popen from vyos.utils.system import sysctl_write from vyos import ConfigError from vyos import frr @@ -227,7 +226,11 @@ def apply(vrf): # Remove nftables conntrack zone map item nft_del_element = f'delete element inet vrf_zones ct_iface_map {{ "{tmp}" }}' - cmd(f'nft {nft_del_element}') + # Check if deleting is possible first to avoid raising errors + _, err = popen(f'nft --check {nft_del_element}') + if not err: + # Remove map element + cmd(f'nft {nft_del_element}') # Delete the VRF Kernel interface call(f'ip link delete dev {tmp}') @@ -307,7 +310,7 @@ def apply(vrf): if vrf['conntrack']: for chain, rule in nftables_rules.items(): cmd(f'nft add rule inet vrf_zones {chain} {rule}') - + if 'name' not in vrf or not vrf['conntrack']: for chain, rule in nftables_rules.items(): cmd(f'nft flush chain inet vrf_zones {chain}') |