diff options
author | zsdc <taras@vyos.io> | 2021-08-26 18:15:36 +0300 |
---|---|---|
committer | zsdc <taras@vyos.io> | 2021-08-26 18:55:27 +0300 |
commit | 4523e9c897b3fa8d12c1b16c830c01820fee5583 (patch) | |
tree | a09f819420cb55b912c687236610b3b0118fcc69 /src/conf_mode/interfaces-wireguard.py | |
parent | b1411baf3bd32d149cb60f5a05c862e81054471a (diff) | |
download | vyos-1x-4523e9c897b3fa8d12c1b16c830c01820fee5583.tar.gz vyos-1x-4523e9c897b3fa8d12c1b16c830c01820fee5583.zip |
wireguard: T3763: Added check for listening port availability
Each wireguard interface requires a unique port for in and out
connections. This commit adds the new `vyos.util` function -
`check_port_availability`, and uses it to be sure that a port
that is planned to be used for wireguard interface is truly
available and not used by any other services (not only other
wireguard interfaces).
Diffstat (limited to 'src/conf_mode/interfaces-wireguard.py')
-rwxr-xr-x | src/conf_mode/interfaces-wireguard.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 4c566a5ad..ad3ddcba2 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -30,6 +30,7 @@ from vyos.configverify import verify_bridge_delete from vyos.configverify import verify_mtu_ipv6 from vyos.ifconfig import WireGuardIf from vyos.util import check_kmod +from vyos.util import check_port_availability from vyos import ConfigError from vyos import airbag airbag.enable() @@ -73,6 +74,10 @@ def verify(wireguard): if 'peer' not in wireguard: raise ConfigError('At least one Wireguard peer is required!') + if 'port' in wireguard and check_port_availability( + '0.0.0.0', int(wireguard['port']), 'udp') is not True: + raise ConfigError('The port cannot be used for the interface') + # run checks on individual configured WireGuard peer for tmp in wireguard['peer']: peer = wireguard['peer'][tmp] |