summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJernej Jakob <jernej.jakob@gmail.com>2020-05-01 19:58:30 +0200
committerJernej Jakob <jernej.jakob@gmail.com>2020-05-04 22:59:40 +0200
commit4efdaa11523d4fed36f2ea73bd1aed4c4186faa7 (patch)
treef1fd8ed23cd5dcc6a0cd0fa96d4127461a0d57c1
parent08bb34e392989ccefa4706ac017449148e8f61fe (diff)
downloadvyos-1x-4efdaa11523d4fed36f2ea73bd1aed4c4186faa7.tar.gz
vyos-1x-4efdaa11523d4fed36f2ea73bd1aed4c4186faa7.zip
wireguard: T2241: make VRF and bridge membership mutually exclusive
-rwxr-xr-xsrc/conf_mode/interfaces-wireguard.py14
1 files changed, 10 insertions, 4 deletions
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 98d5fcb27..3fb527401 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -38,8 +38,8 @@ default_config_data = {
'listen_port': '',
'deleted': False,
'disable': False,
- 'is_bridge_member': False,
'fwmark': 0,
+ 'is_bridge_member': False,
'mtu': 1420,
'peer': [],
'peer_remove': [], # stores public keys of peers to remove
@@ -200,9 +200,15 @@ def verify(wg):
return None
- vrf_name = wg['vrf']
- if vrf_name and vrf_name not in interfaces():
- raise ConfigError(f'VRF "{vrf_name}" does not exist')
+ if wg['vrf']:
+ if wg['vrf'] not in interfaces():
+ raise ConfigError(f'VRF "{wg["vrf"]}" does not exist')
+
+ if wg['is_bridge_member']:
+ raise ConfigError((
+ f'Interface "{wg["intf"]}" cannot be member of VRF '
+ f'"{wg["vrf"]}" and bridge {wg["is_bridge_member"]} '
+ f'at the same time!'))
if not os.path.exists(wg['pk']):
raise ConfigError('No keys found, generate them by executing:\n' \