diff options
author | Jernej Jakob <jernej.jakob@gmail.com> | 2020-05-01 19:58:30 +0200 |
---|---|---|
committer | Jernej Jakob <jernej.jakob@gmail.com> | 2020-05-04 22:59:40 +0200 |
commit | 4efdaa11523d4fed36f2ea73bd1aed4c4186faa7 (patch) | |
tree | f1fd8ed23cd5dcc6a0cd0fa96d4127461a0d57c1 | |
parent | 08bb34e392989ccefa4706ac017449148e8f61fe (diff) | |
download | vyos-1x-4efdaa11523d4fed36f2ea73bd1aed4c4186faa7.tar.gz vyos-1x-4efdaa11523d4fed36f2ea73bd1aed4c4186faa7.zip |
wireguard: T2241: make VRF and bridge membership mutually exclusive
-rwxr-xr-x | src/conf_mode/interfaces-wireguard.py | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 98d5fcb27..3fb527401 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -38,8 +38,8 @@ default_config_data = { 'listen_port': '', 'deleted': False, 'disable': False, - 'is_bridge_member': False, 'fwmark': 0, + 'is_bridge_member': False, 'mtu': 1420, 'peer': [], 'peer_remove': [], # stores public keys of peers to remove @@ -200,9 +200,15 @@ def verify(wg): return None - vrf_name = wg['vrf'] - if vrf_name and vrf_name not in interfaces(): - raise ConfigError(f'VRF "{vrf_name}" does not exist') + if wg['vrf']: + if wg['vrf'] not in interfaces(): + raise ConfigError(f'VRF "{wg["vrf"]}" does not exist') + + if wg['is_bridge_member']: + raise ConfigError(( + f'Interface "{wg["intf"]}" cannot be member of VRF ' + f'"{wg["vrf"]}" and bridge {wg["is_bridge_member"]} ' + f'at the same time!')) if not os.path.exists(wg['pk']): raise ConfigError('No keys found, generate them by executing:\n' \ |