summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-03-23 10:58:02 +0100
committerChristian Poessinger <christian@poessinger.com>2022-04-07 09:44:35 +0200
commit7581a5c6cbbc3f0e38ac69028b814252805d5c98 (patch)
treeb208839db99f33ca1318723ff25a34f5010931af
parent4ecf558f53d1740b5ddb0de1f7effbaf0f44ff5f (diff)
downloadvyos-1x-7581a5c6cbbc3f0e38ac69028b814252805d5c98.tar.gz
vyos-1x-7581a5c6cbbc3f0e38ac69028b814252805d5c98.zip
qos: T4284: verify mirror/redirect target interface exists
-rw-r--r--python/vyos/configverify.py13
-rwxr-xr-xpython/vyos/ifconfig/interface.py4
2 files changed, 12 insertions, 5 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 9f2771854..1062d51ee 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -185,15 +185,26 @@ def verify_mirror_redirect(config):
It makes no sense to mirror traffic back at yourself!
"""
+ import os
if {'mirror', 'redirect'} <= set(config):
raise ConfigError('Mirror and redirect can not be enabled at the same time!')
if 'mirror' in config:
for direction, mirror_interface in config['mirror'].items():
+ if not os.path.exists(f'/sys/class/net/{mirror_interface}'):
+ raise ConfigError(f'Requested mirror interface "{mirror_interface}" '\
+ 'does not exist!')
+
if mirror_interface == config['ifname']:
- raise ConfigError(f'Can not mirror "{direction}" traffic back ' \
+ raise ConfigError(f'Can not mirror "{direction}" traffic back '\
'the originating interface!')
+ if 'redirect' in config:
+ redirect_ifname = config['redirect']
+ if not os.path.exists(f'/sys/class/net/{redirect_ifname}'):
+ raise ConfigError(f'Requested redirect interface "{redirect_ifname}" '\
+ 'does not exist!')
+
if dict_search('traffic_policy.in', config) != None:
# XXX: support combination of limiting and redirect/mirror - this is an
# artificial limitation
diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py
index 1464b2969..5b2760386 100755
--- a/python/vyos/ifconfig/interface.py
+++ b/python/vyos/ifconfig/interface.py
@@ -13,7 +13,6 @@
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see <http://www.gnu.org/licenses/>.
-from netifaces import interfaces
import os
import re
import json
@@ -1319,9 +1318,6 @@ class Interface(Control):
# Apply interface mirror policy
if mirror_config:
for direction, target_if in mirror_config.items():
- if target_if not in interfaces():
- continue
-
if direction == 'ingress':
handle = 'ffff: ingress'
parent = 'ffff:'