mirror: add verify() check so we can not mirror back to our self

author: Christian Poessinger <christian@poessinger.com> 2021-01-03 21:12:58 +0100
committer: Christian Poessinger <christian@poessinger.com> 2021-01-03 21:12:58 +0100
commit: 77deec39262be04d121bd500d80ba2ed8bf04f84 (patch)
tree: 2d28e4719b0d62941ce1943256fe40e1659d5607 /python
parent: f4625c9ee2f54992ed96f113ff52c5a9993ea769 (diff)
download: vyos-1x-77deec39262be04d121bd500d80ba2ed8bf04f84.tar.gz
vyos-1x-77deec39262be04d121bd500d80ba2ed8bf04f84.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 96eeb6bb1..a425ca671 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -99,6 +99,20 @@ def verify_eapol(config):
             raise ConfigError('Both cert and key-file must be specified '\
                               'when using EAPoL!')
 
+def verify_mirror(config):
+    """
+    Common helper function used by interface implementations to perform
+    recurring validation of mirror interface configuration.
+
+    It makes no sense to mirror traffic back at yourself!
+    """
+    if 'mirror' in config:
+        for direction, mirror_interface in config['mirror'].items():
+            if mirror_interface == config['ifname']:
+                raise ConfigError(f'Can not mirror "{direction}" traffic back ' \
+                                   'the originating interface!')
+
+
 def verify_address(config):
     """
     Common helper function used by interface implementations to perform
author	Christian Poessinger <christian@poessinger.com>	2021-01-03 21:12:58 +0100
committer	Christian Poessinger <christian@poessinger.com>	2021-01-03 21:12:58 +0100
commit	77deec39262be04d121bd500d80ba2ed8bf04f84 (patch)
tree	2d28e4719b0d62941ce1943256fe40e1659d5607 /python
parent	f4625c9ee2f54992ed96f113ff52c5a9993ea769 (diff)
download	vyos-1x-77deec39262be04d121bd500d80ba2ed8bf04f84.tar.gz vyos-1x-77deec39262be04d121bd500d80ba2ed8bf04f84.zip