diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-09-26 12:00:06 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-09-26 12:00:06 +0200 |
| commit | 5db3d63160670c796ed74a170862c367048d89bb (patch) | |
| tree | 029590908fb0bef85d04b44aeeb1c6c3db119784 /src/conf_mode/interfaces-macsec.py | |
| parent | dfa949c5b758e2954ed5c6ad455fe586965cd156 (diff) | |
| download | vyos-1x-5db3d63160670c796ed74a170862c367048d89bb.tar.gz vyos-1x-5db3d63160670c796ed74a170862c367048d89bb.zip | |
ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interface
Using an MTU less then the required 1280 bytes (as per RFC) on an interface
where IPv6 is not explicitly disabled by:
- set interfaces ethernet eth1 ipv6 address no-default-link-local
- not having any other IPv6 address configured
Will now trigger a commit error via verify() instead of raising
FileNotFoundError!
Diffstat (limited to 'src/conf_mode/interfaces-macsec.py')
| -rwxr-xr-x | src/conf_mode/interfaces-macsec.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index a224c540e..0a20a121b 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -27,6 +27,7 @@ from vyos.util import call from vyos.configverify import verify_vrf from vyos.configverify import verify_address from vyos.configverify import verify_bridge_delete +from vyos.configverify import verify_mtu_ipv6 from vyos.configverify import verify_source_interface from vyos import ConfigError from vyos import airbag @@ -71,6 +72,7 @@ def verify(macsec): verify_source_interface(macsec) verify_vrf(macsec) + verify_mtu_ipv6(macsec) verify_address(macsec) if not (('security' in macsec) and |