diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-04-01 21:47:41 +0200 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-04-02 16:33:03 +0000 |
| commit | ed281ef724203dd18a7238edbc0707427050b91e (patch) | |
| tree | f42c07b9ab42cd8c09ac5330665f378be70ddc73 | |
| parent | 33cb8f4f9665c8b634d998e39354d00d6bf31855 (diff) | |
| download | vyos-1x-ed281ef724203dd18a7238edbc0707427050b91e.tar.gz vyos-1x-ed281ef724203dd18a7238edbc0707427050b91e.zip | |
vrf: T3655: always use full nft command name (e.g. --check over -c)
(cherry picked from commit 09ac2851f89f2b7d94a21c3506e46f380e961fba)
| -rw-r--r-- | python/vyos/ifconfig/interface.py | 2 | ||||
| -rwxr-xr-x | src/conf_mode/vrf.py | 11 |
2 files changed, 8 insertions, 5 deletions
diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 430a8dfc3..b159b2367 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -400,7 +400,7 @@ class Interface(Control): else: nft_del_element = f'delete element inet vrf_zones ct_iface_map {{ "{self.ifname}" }}' # Check if deleting is possible first to avoid raising errors - _, err = self._popen(f'nft -c {nft_del_element}') + _, err = self._popen(f'nft --check {nft_del_element}') if not err: # Remove map element self._cmd(f'nft {nft_del_element}') diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 16908100f..1fc813189 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -14,8 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import os - from sys import exit from json import loads @@ -33,6 +31,7 @@ from vyos.utils.network import get_vrf_members from vyos.utils.network import interface_exists from vyos.utils.process import call from vyos.utils.process import cmd +from vyos.utils.process import popen from vyos.utils.system import sysctl_write from vyos import ConfigError from vyos import frr @@ -227,7 +226,11 @@ def apply(vrf): # Remove nftables conntrack zone map item nft_del_element = f'delete element inet vrf_zones ct_iface_map {{ "{tmp}" }}' - cmd(f'nft {nft_del_element}') + # Check if deleting is possible first to avoid raising errors + _, err = popen(f'nft --check {nft_del_element}') + if not err: + # Remove map element + cmd(f'nft {nft_del_element}') # Delete the VRF Kernel interface call(f'ip link delete dev {tmp}') @@ -307,7 +310,7 @@ def apply(vrf): if vrf['conntrack']: for chain, rule in nftables_rules.items(): cmd(f'nft add rule inet vrf_zones {chain} {rule}') - + if 'name' not in vrf or not vrf['conntrack']: for chain, rule in nftables_rules.items(): cmd(f'nft flush chain inet vrf_zones {chain}') |