diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-03-23 10:58:02 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2022-04-07 09:44:35 +0200 |
| commit | 7581a5c6cbbc3f0e38ac69028b814252805d5c98 (patch) | |
| tree | b208839db99f33ca1318723ff25a34f5010931af /python | |
| parent | 4ecf558f53d1740b5ddb0de1f7effbaf0f44ff5f (diff) | |
| download | vyos-1x-7581a5c6cbbc3f0e38ac69028b814252805d5c98.tar.gz vyos-1x-7581a5c6cbbc3f0e38ac69028b814252805d5c98.zip | |
qos: T4284: verify mirror/redirect target interface exists
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/configverify.py | 13 | ||||
| -rwxr-xr-x | python/vyos/ifconfig/interface.py | 4 |
2 files changed, 12 insertions, 5 deletions
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 9f2771854..1062d51ee 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -185,15 +185,26 @@ def verify_mirror_redirect(config): It makes no sense to mirror traffic back at yourself! """ + import os if {'mirror', 'redirect'} <= set(config): raise ConfigError('Mirror and redirect can not be enabled at the same time!') if 'mirror' in config: for direction, mirror_interface in config['mirror'].items(): + if not os.path.exists(f'/sys/class/net/{mirror_interface}'): + raise ConfigError(f'Requested mirror interface "{mirror_interface}" '\ + 'does not exist!') + if mirror_interface == config['ifname']: - raise ConfigError(f'Can not mirror "{direction}" traffic back ' \ + raise ConfigError(f'Can not mirror "{direction}" traffic back '\ 'the originating interface!') + if 'redirect' in config: + redirect_ifname = config['redirect'] + if not os.path.exists(f'/sys/class/net/{redirect_ifname}'): + raise ConfigError(f'Requested redirect interface "{redirect_ifname}" '\ + 'does not exist!') + if dict_search('traffic_policy.in', config) != None: # XXX: support combination of limiting and redirect/mirror - this is an # artificial limitation diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 1464b2969..5b2760386 100755 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -13,7 +13,6 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. -from netifaces import interfaces import os import re import json @@ -1319,9 +1318,6 @@ class Interface(Control): # Apply interface mirror policy if mirror_config: for direction, target_if in mirror_config.items(): - if target_if not in interfaces(): - continue - if direction == 'ingress': handle = 'ffff: ingress' parent = 'ffff:' |