diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-12-31 11:32:49 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-01-01 01:01:25 +0100 |
| commit | 66ce19058b7b8597536ddf63bbca027add2ca8a1 (patch) | |
| tree | 2848ce17a2a00bdb7393c7cb3444f0e1087d7b17 | |
| parent | 5062f5d313548d6ebb9c07fee6b6d6be25b8f8f0 (diff) | |
| download | vyos-1x-66ce19058b7b8597536ddf63bbca027add2ca8a1.tar.gz vyos-1x-66ce19058b7b8597536ddf63bbca027add2ca8a1.zip | |
tunnel: T5879: properly verify source-interface used for tunnels
A tunnel interface can not properly be sourced from a pppoe0 interface when
such interface is not (yet) connected to the BRAS. It might work on a running
system, but subsequent reboots will fail as the source-interface most likely
does not yet exist.
| -rwxr-xr-x | smoketest/scripts/cli/test_interfaces_tunnel.py | 16 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces_tunnel.py | 4 |
2 files changed, 18 insertions, 2 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py index 2a7a519fd..dd9f1d2d1 100755 --- a/smoketest/scripts/cli/test_interfaces_tunnel.py +++ b/smoketest/scripts/cli/test_interfaces_tunnel.py @@ -393,5 +393,21 @@ class TunnelInterfaceTest(BasicInterfaceTest.TestCase): self.assertEqual(tunnel_config['encapsulation'], conf['linkinfo']['info_kind']) self.assertEqual(tunnel_config['remote'], conf['linkinfo']['info_data']['remote']) + def test_tunnel_invalid_source_interface(self): + encapsulation = 'gre' + remote = '192.0.2.1' + interface = 'tun7543' + + self.cli_set(self._base_path + [interface, 'encapsulation', encapsulation]) + self.cli_set(self._base_path + [interface, 'remote', remote]) + + for dynamic_interface in ['l2tp0', 'ppp4220', 'sstpc0', 'ipoe654']: + self.cli_set(self._base_path + [interface, 'source-interface', dynamic_interface]) + # verify() - we can not source from dynamic interfaces + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_set(self._base_path + [interface, 'source-interface', 'eth0']) + self.cli_commit() + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/interfaces_tunnel.py b/src/conf_mode/interfaces_tunnel.py index 91aed9cc3..efa5ebc64 100755 --- a/src/conf_mode/interfaces_tunnel.py +++ b/src/conf_mode/interfaces_tunnel.py @@ -24,7 +24,7 @@ from vyos.configdict import get_interface_dict from vyos.configdict import is_node_changed from vyos.configverify import verify_address from vyos.configverify import verify_bridge_delete -from vyos.configverify import verify_interface_exists +from vyos.configverify import verify_source_interface from vyos.configverify import verify_mtu_ipv6 from vyos.configverify import verify_mirror_redirect from vyos.configverify import verify_vrf @@ -166,7 +166,7 @@ def verify(tunnel): verify_mirror_redirect(tunnel) if 'source_interface' in tunnel: - verify_interface_exists(tunnel['source_interface']) + verify_source_interface(tunnel) # TTL != 0 and nopmtudisc are incompatible, parameters and ip use default # values, thus the keys are always present. |