summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-04-26 07:04:49 +0200
committerChristian Breunig <christian@breunig.cc>2023-04-26 18:59:07 +0200
commit71e45dd1c4738b3aa72d2d10b73929bf9b14e41e (patch)
tree893c9b390927d17eaefe1a154e5175d989c6a5c1 /src/conf_mode
parent930f76cf88a4175d485bc4e2df4c149ea547b380 (diff)
downloadvyos-1x-71e45dd1c4738b3aa72d2d10b73929bf9b14e41e.tar.gz
vyos-1x-71e45dd1c4738b3aa72d2d10b73929bf9b14e41e.zip
vrf: T5174: ensure no duplicate VNIs can be defined
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/vrf.py14
-rw-r--r--src/conf_mode/vrf_vni.py28
2 files changed, 33 insertions, 9 deletions
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index a7ef4cb5c..0b983293e 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -108,6 +108,12 @@ def get_config(config=None):
# vyos.configverify.verify_common_route_maps() for more information.
tmp = {'policy' : {'route-map' : conf.get_config_dict(['policy', 'route-map'],
get_first_key=True)}}
+
+ # L3VNI setup is done via vrf_vni.py as it must be de-configured (on node
+ # deletetion prior to the BGP process. Tell the Jinja2 template no VNI
+ # setup is needed
+ vrf.update({'no_vni' : ''})
+
# Merge policy dict into "regular" config dict
vrf = dict_merge(tmp, vrf)
return vrf
@@ -124,8 +130,8 @@ def verify(vrf):
f'static routes installed!')
if 'name' in vrf:
- reserved_names = ["add", "all", "broadcast", "default", "delete", "dev", "get", "inet", "mtu", "link", "type",
- "vrf"]
+ reserved_names = ["add", "all", "broadcast", "default", "delete", "dev",
+ "get", "inet", "mtu", "link", "type", "vrf"]
table_ids = []
for name, vrf_config in vrf['name'].items():
# Reserved VRF names
@@ -142,8 +148,8 @@ def verify(vrf):
if tmp and tmp != vrf_config['table']:
raise ConfigError(f'VRF "{name}" table id modification not possible!')
- # VRf routing table ID must be unique on the system
- if vrf_config['table'] in table_ids:
+ # VRF routing table ID must be unique on the system
+ if 'table' in vrf_config and vrf_config['table'] in table_ids:
raise ConfigError(f'VRF "{name}" table id is not unique!')
table_ids.append(vrf_config['table'])
diff --git a/src/conf_mode/vrf_vni.py b/src/conf_mode/vrf_vni.py
index 87d7798b8..a7424b517 100644
--- a/src/conf_mode/vrf_vni.py
+++ b/src/conf_mode/vrf_vni.py
@@ -19,6 +19,7 @@ from sys import exit
from vyos.config import Config
from vyos.template import render_to_string
+from vyos.util import dict_search
from vyos import ConfigError
from vyos import frr
from vyos import airbag
@@ -36,11 +37,19 @@ def get_config(config=None):
else:
return None
- base = ['vrf', 'name', vrf_name]
- tmp = conf.get_config_dict(base, key_mangling=('-', '_'),
- no_tag_node_value_mangle=True, get_first_key=True)
+ # Using duplicate L3VNIs makes no sense - it's also forbidden in FRR,
+ # thus VyOS CLI must deny this, too. Instead of getting only the dict for
+ # the requested VRF and den comparing it with depenent VRfs to not have any
+ # duplicate we will just grad ALL VRFs by default but only render/apply
+ # the configuration for the requested VRF - that makes the code easier and
+ # hopefully less error prone
+ vrf = conf.get_config_dict(['vrf'], key_mangling=('-', '_'),
+ no_tag_node_value_mangle=True,
+ get_first_key=True)
+
+ # Store name of VRF we are interested in for FRR config rendering
+ vrf.update({'only_vrf' : vrf_name})
- vrf = {'name': {vrf_name: tmp}}
return vrf
def verify(vrf):
@@ -50,6 +59,15 @@ def verify(vrf):
if len(argv) < 2:
raise ConfigError('VRF parameter not specified when valling vrf_vni.py')
+ if 'name' in vrf:
+ vni_ids = []
+ for name, vrf_config in vrf['name'].items():
+ # VRF VNI (Virtual Network Identifier) must be unique on the system
+ if 'vni' in vrf_config:
+ if vrf_config['vni'] in vni_ids:
+ raise ConfigError(f'VRF "{name}" VNI is not unique!')
+ vni_ids.append(vrf_config['vni'])
+
return None
def generate(vrf):
@@ -67,7 +85,7 @@ def apply(vrf):
frr_cfg.load_configuration(frr_daemon)
# There is only one VRF inside the dict as we read only one in get_config()
if vrf and 'name' in vrf:
- vrf_name = next(iter(vrf['name']))
+ vrf_name = vrf['only_vrf']
frr_cfg.modify_section(f'^vrf {vrf_name}', stop_pattern='^exit-vrf', remove_stop_mark=True)
if vrf and 'new_frr_config' in vrf:
frr_cfg.add_before(frr.default_add_before, vrf['new_frr_config'])