summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-03-17 19:17:29 +0100
committerChristian Poessinger <christian@poessinger.com>2021-03-17 19:18:17 +0100
commit9184dfb57ef763585c2b822259bd086842e79eb2 (patch)
treeee9712cd2b638a35acd6b31df4782f376008437e
parent9920f7340d60b51d32bad9dbd24a907718f72837 (diff)
downloadvyos-1x-9184dfb57ef763585c2b822259bd086842e79eb2.tar.gz
vyos-1x-9184dfb57ef763585c2b822259bd086842e79eb2.zip
static: vrf: T3344: add target vrf verify()
When leaking routes to a VRF ensure that the VRF we are leaking to exists.
-rwxr-xr-xsrc/conf_mode/protocols_static.py20
1 files changed, 19 insertions, 1 deletions
diff --git a/src/conf_mode/protocols_static.py b/src/conf_mode/protocols_static.py
index 51b4acfc8..3314baf47 100755
--- a/src/conf_mode/protocols_static.py
+++ b/src/conf_mode/protocols_static.py
@@ -20,9 +20,10 @@ from sys import exit
from sys import argv
from vyos.config import Config
+from vyos.configverify import verify_route_maps
+from vyos.configverify import verify_vrf
from vyos.template import render_to_string
from vyos.util import call
-from vyos.configverify import verify_route_maps
from vyos import ConfigError
from vyos import frr
from vyos import airbag
@@ -52,6 +53,23 @@ def get_config(config=None):
def verify(static):
verify_route_maps(static)
+
+ for route in ['route', 'route6']:
+ # if there is no route(6) key in the dictionary we can immediately
+ # bail out early
+ if route not in static:
+ continue
+
+ # When leaking routes to other VRFs we must ensure that the destination
+ # VRF exists
+ for prefix, prefix_options in static[route].items():
+ # both the interface and next-hop CLI node can have a VRF subnode,
+ # thus we check this using a for loop
+ for type in ['interface', 'next_hop']:
+ if type in prefix_options:
+ for interface, interface_config in prefix_options[type].items():
+ verify_vrf(interface_config)
+
return None
def generate(static):