tunnel: T6157: fixing GRE tunnel uniqueness checks

Unset params would mistakenly match when None and trigger a validation error even when used params were unique. Updated check to ensure unique source-addresses if not None, and that (source-interfaces, source-addresses) are unique together appropriately.
author: Andrew Topp <andrewt@telekinetica.net> 2024-05-31 21:51:25 +1000
committer: Andrew Topp <andrewt@telekinetica.net> 2024-05-31 21:54:25 +1000
commit: 34024e630ec70ac5dc59fc57f818f6cd9dc15cd2 (patch)
tree: 62fe0d31ddd776624461e0ac81fe223ec597871e /src/conf_mode/interfaces_tunnel.py
parent: ea477ed0cec87041cb94c0eb2bc2ce9523a92a0a (diff)
download: vyos-1x-34024e630ec70ac5dc59fc57f818f6cd9dc15cd2.tar.gz
vyos-1x-34024e630ec70ac5dc59fc57f818f6cd9dc15cd2.zip
1 files changed, 14 insertions, 5 deletions
diff --git a/src/conf_mode/interfaces_tunnel.py b/src/conf_mode/interfaces_tunnel.py
index 43ba72857..98ef98d12 100755
--- a/src/conf_mode/interfaces_tunnel.py
+++ b/src/conf_mode/interfaces_tunnel.py
@@ -145,11 +145,20 @@ def verify(tunnel):
                 # If no IP GRE key is defined we can not have more then one GRE tunnel
                 # bound to any one interface/IP address and the same remote. This will
                 # result in a OS  PermissionError: add tunnel "gre0" failed: File exists
-                if (their_address == our_address or our_source_if == their_source_if) and \
-                    our_remote == their_remote:
-                    raise ConfigError(f'Missing required "ip key" parameter when '\
-                                       'running more then one GRE based tunnel on the '\
-                                       'same source-interface/source-address')
+                if our_remote == their_remote:
+                    if our_address is not None and their_address == our_address: 
+                        # If set to the same values, this is always a fail 
+                        raise ConfigError(f'Missing required "ip key" parameter when '\
+                                           'running more then one GRE based tunnel on the '\
+                                           'same source-address')
+
+                    if their_source_if == our_source_if and their_address == our_address:
+                        # Note that lack of None check on these is deliberate. 
+                        # source-if and source-ip matching while unset (all None) is a fail
+                        # source-ifs set and matching with unset source-ips is a fail
+                        raise ConfigError(f'Missing required "ip key" parameter when '\
+                                           'running more then one GRE based tunnel on the '\
+                                           'same source-interface')
 
     # Keys are not allowed with ipip and sit tunnels
     if tunnel['encapsulation'] in ['ipip', 'sit']:
author	Andrew Topp <andrewt@telekinetica.net>	2024-05-31 21:51:25 +1000
committer	Andrew Topp <andrewt@telekinetica.net>	2024-05-31 21:54:25 +1000
commit	34024e630ec70ac5dc59fc57f818f6cd9dc15cd2 (patch)
tree	62fe0d31ddd776624461e0ac81fe223ec597871e /src/conf_mode/interfaces_tunnel.py
parent	ea477ed0cec87041cb94c0eb2bc2ce9523a92a0a (diff)
download	vyos-1x-34024e630ec70ac5dc59fc57f818f6cd9dc15cd2.tar.gz vyos-1x-34024e630ec70ac5dc59fc57f818f6cd9dc15cd2.zip