bridge: T3137: Improved verification logic

3 files changed, 23 insertions, 17 deletions

diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index e940e6685..63c543f33 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -144,7 +144,7 @@
                         <description>VLAN id range allowed on this interface (use '-' as delimiter)</description>
                       </valueHelp>
                       <constraint>
-                        <regex>^([0-9]{1,4}-[0-9]{1,4})|([0-9]{1,4})$</regex>
+                        <validator name="allowed-vlan"/>
                       </constraint>
                       <constraintErrorMessage>not a valid VLAN ID value or range</constraintErrorMessage>
                       <multi/>
diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py
index 4817947eb..ca2718423 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces-bridge.py
@@ -138,23 +138,10 @@ def verify(bridge):
 
                 if 'wlan' in interface:
                     raise ConfigError(error_msg + 'VLAN aware cannot be set!')
-
-                if 'allowed_vlan' in interface_config:
-                    for vlan in interface_config['allowed_vlan']:
-                        if re.search('[0-9]{1,4}-[0-9]{1,4}', vlan):
-                            vlan_range = vlan.split('-')
-                            if int(vlan_range[0]) <1 and int(vlan_range[0])>4094:
-                                raise ConfigError('VLAN ID must be between 1 and 4094')
-                            if int(vlan_range[1]) <1 and int(vlan_range[1])>4094:
-                                raise ConfigError('VLAN ID must be between 1 and 4094')
-                        else:
-                            if int(vlan) <1 and int(vlan)>4094:
-                                raise ConfigError('VLAN ID must be between 1 and 4094')
             else:
-                if 'allowed_vlan' in interface_config:
-                    raise ConfigError(f'You must first activate "enable-vlan" of {ifname} bridge to use "allowed-vlan"')
-                if 'native_vlan' in interface_config:
-                    raise ConfigError(f'You must first activate "enable-vlan" of {ifname} bridge to use "native-vlan"')
+                for option in ['allowed_vlan', 'native_vlan']:
+                    if option in interface_config:
+                        raise ConfigError('Can not use VLAN options on non VLAN aware bridge')
     
     if 'enable_vlan' in bridge:
         if dict_search('vif.1', bridge):
diff --git a/src/validators/allowed-vlan b/src/validators/allowed-vlan
new file mode 100755
index 000000000..11389390b
--- /dev/null
+++ b/src/validators/allowed-vlan
@@ -0,0 +1,19 @@
+#! /usr/bin/python3
+
+import sys
+import re
+
+if __name__ == '__main__':
+    if len(sys.argv)>1:
+        allowed_vlan = sys.argv[1]
+        if re.search('[0-9]{1,4}-[0-9]{1,4}', allowed_vlan):
+            for tmp in allowed_vlan.split('-'):
+                if int(tmp) not in range(1, 4095):
+                    sys.exit(1)
+        else:
+            if int(allowed_vlan) not in range(1, 4095):
+                sys.exit(1)
+    else:
+        sys.exit(2)
+    
+    sys.exit(0)