diff options
| author | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-07-25 05:48:39 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-25 05:48:39 +0300 |
| commit | 67695c3e7a0d9fdc10ad3e381ad67cb30688e217 (patch) | |
| tree | b2e276a8b384f0c90cd050f701e89f1049b96c7b /smoketest | |
| parent | 8fa7de187c32d0fcc08e2c86d0e297ed8288077e (diff) | |
| download | vyos-1x-67695c3e7a0d9fdc10ad3e381ad67cb30688e217.tar.gz vyos-1x-67695c3e7a0d9fdc10ad3e381ad67cb30688e217.zip | |
vrf: T6602: verify supplied VRF name on all interface types (#3870)
Only some (e.g. ethernet or wireguard) interfaces validate if the supplied VRF
actually exists. If this is not validated, one can pass an invalid VRF to the
system which generates an OSError exception.
To reproduce
set interfaces vxlan vxlan1 vni 1000
set interfaces vxlan vxlan1 remote 1.2.3.4
set interfaces vxlan vxlan1 vrf smoketest
results in
OSError: [Errno 255] failed to run command: ip link set dev vxlan1 master smoketest_mgmt
This commit adds the missing verify_vrf() call to the missing interface types
and an appropriate smoketest for all interfaces supporting VRF assignment.
(cherry picked from commit dd0ebffa33728e452ac6e11737c2283f0e390359)
Co-authored-by: Christian Breunig <christian@breunig.cc>
Diffstat (limited to 'smoketest')
| -rw-r--r-- | smoketest/scripts/cli/base_interfaces_test.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py index 4072fd5c2..66b789e94 100644 --- a/smoketest/scripts/cli/base_interfaces_test.py +++ b/smoketest/scripts/cli/base_interfaces_test.py @@ -303,6 +303,24 @@ class BasicInterfaceTest: self.cli_delete(['vrf', 'name', vrf1_name]) self.cli_delete(['vrf', 'name', vrf2_name]) + def test_add_to_invalid_vrf(self): + if not self._test_vrf: + self.skipTest('not supported') + + # move interface into first VRF + for interface in self._interfaces: + for option in self._options.get(interface, []): + self.cli_set(self._base_path + [interface] + option.split()) + self.cli_set(self._base_path + [interface, 'vrf', 'invalid']) + + # check validate() - can not use a non-existing VRF + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + for interface in self._interfaces: + self.cli_delete(self._base_path + [interface, 'vrf', 'invalid']) + self.cli_set(self._base_path + [interface, 'description', 'test_add_to_invalid_vrf']) + def test_span_mirror(self): if not self._mirror_interfaces: self.skipTest('not supported') |