diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-09-26 12:00:06 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-09-26 12:00:06 +0200 |
commit | 5db3d63160670c796ed74a170862c367048d89bb (patch) | |
tree | 029590908fb0bef85d04b44aeeb1c6c3db119784 /python | |
parent | dfa949c5b758e2954ed5c6ad455fe586965cd156 (diff) | |
download | vyos-1x-5db3d63160670c796ed74a170862c367048d89bb.tar.gz vyos-1x-5db3d63160670c796ed74a170862c367048d89bb.zip |
ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interface
Using an MTU less then the required 1280 bytes (as per RFC) on an interface
where IPv6 is not explicitly disabled by:
- set interfaces ethernet eth1 ipv6 address no-default-link-local
- not having any other IPv6 address configured
Will now trigger a commit error via verify() instead of raising
FileNotFoundError!
Diffstat (limited to 'python')
-rw-r--r-- | python/vyos/configverify.py | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 6e5ba1df0..944fc4294 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -44,6 +44,36 @@ def verify_mtu(config): raise ConfigError(f'Interface MTU too high, ' \ f'maximum supported MTU is {max_mtu}!') +def verify_mtu_ipv6(config): + """ + Common helper function used by interface implementations to perform + recurring validation if the specified MTU can be used when IPv6 is + configured on the interface. IPv6 requires a 1280 bytes MTU. + """ + from vyos.validate import is_ipv6 + from vyos.util import vyos_dict_search + # IPv6 minimum required link mtu + min_mtu = 1280 + + if int(config['mtu']) < min_mtu: + interface = config['ifname'] + error_msg = f'IPv6 address will be configured on interface "{interface}" ' \ + f'thus the minimum MTU requirement is {min_mtu}!' + + if not vyos_dict_search('ipv6.address.no_default_link_local', config): + raise ConfigError('link-local ' + error_msg) + + for address in (vyos_dict_search('address', config) or []): + if address in ['dhcpv6'] or is_ipv6(address): + raise ConfigError(error_msg) + + if vyos_dict_search('ipv6.address.autoconf', config): + raise ConfigError(error_msg) + + if vyos_dict_search('ipv6.address.eui64', config): + raise ConfigError(error_msg) + + def verify_vrf(config): """ Common helper function used by interface implementations to perform |