diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-12-31 11:32:49 +0100 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-01-01 11:44:04 +0000 |
| commit | d61f5a269b17b4926ad848a14786ef7291ec0352 (patch) | |
| tree | f8e3f58171406af817a4dd024ac09ff4757b2ba5 | |
| parent | 069e4873ee6e6d43295da7eb6f21f3e4b1ee8f8d (diff) | |
| download | vyos-1x-d61f5a269b17b4926ad848a14786ef7291ec0352.tar.gz vyos-1x-d61f5a269b17b4926ad848a14786ef7291ec0352.zip | |
tunnel: T5879: properly verify source-interface used for tunnels
A tunnel interface can not properly be sourced from a pppoe0 interface when
such interface is not (yet) connected to the BRAS. It might work on a running
system, but subsequent reboots will fail as the source-interface most likely
does not yet exist.
(cherry picked from commit 66ce19058b7b8597536ddf63bbca027add2ca8a1)
| -rwxr-xr-x | smoketest/scripts/cli/test_interfaces_tunnel.py | 16 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces_tunnel.py | 4 |
2 files changed, 18 insertions, 2 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py index 2a7a519fd..dd9f1d2d1 100755 --- a/smoketest/scripts/cli/test_interfaces_tunnel.py +++ b/smoketest/scripts/cli/test_interfaces_tunnel.py @@ -393,5 +393,21 @@ class TunnelInterfaceTest(BasicInterfaceTest.TestCase): self.assertEqual(tunnel_config['encapsulation'], conf['linkinfo']['info_kind']) self.assertEqual(tunnel_config['remote'], conf['linkinfo']['info_data']['remote']) + def test_tunnel_invalid_source_interface(self): + encapsulation = 'gre' + remote = '192.0.2.1' + interface = 'tun7543' + + self.cli_set(self._base_path + [interface, 'encapsulation', encapsulation]) + self.cli_set(self._base_path + [interface, 'remote', remote]) + + for dynamic_interface in ['l2tp0', 'ppp4220', 'sstpc0', 'ipoe654']: + self.cli_set(self._base_path + [interface, 'source-interface', dynamic_interface]) + # verify() - we can not source from dynamic interfaces + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_set(self._base_path + [interface, 'source-interface', 'eth0']) + self.cli_commit() + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/interfaces_tunnel.py b/src/conf_mode/interfaces_tunnel.py index 91aed9cc3..efa5ebc64 100755 --- a/src/conf_mode/interfaces_tunnel.py +++ b/src/conf_mode/interfaces_tunnel.py @@ -24,7 +24,7 @@ from vyos.configdict import get_interface_dict from vyos.configdict import is_node_changed from vyos.configverify import verify_address from vyos.configverify import verify_bridge_delete -from vyos.configverify import verify_interface_exists +from vyos.configverify import verify_source_interface from vyos.configverify import verify_mtu_ipv6 from vyos.configverify import verify_mirror_redirect from vyos.configverify import verify_vrf @@ -166,7 +166,7 @@ def verify(tunnel): verify_mirror_redirect(tunnel) if 'source_interface' in tunnel: - verify_interface_exists(tunnel['source_interface']) + verify_source_interface(tunnel) # TTL != 0 and nopmtudisc are incompatible, parameters and ip use default # values, thus the keys are always present. |