diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-08-04 08:29:14 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2022-08-04 08:29:14 +0200 |
commit | 993961f60ead2a18912eb577b1152463d4eb8b4e (patch) | |
tree | 16de30600ea8f485bd182075f0e5115ae34175dc /src/conf_mode | |
parent | 475fbb785dca76868715827833dc44115635c4a6 (diff) | |
download | vyos-1x-993961f60ead2a18912eb577b1152463d4eb8b4e.tar.gz vyos-1x-993961f60ead2a18912eb577b1152463d4eb8b4e.zip |
macsec: T4592: can not create two interfaces using the same source-interface
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/interfaces-macsec.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index 65b0612ea..870049a88 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -22,6 +22,7 @@ from sys import exit from vyos.config import Config from vyos.configdict import get_interface_dict from vyos.configdict import is_node_changed +from vyos.configdict import is_source_interface from vyos.configverify import verify_vrf from vyos.configverify import verify_address from vyos.configverify import verify_bridge_delete @@ -65,6 +66,10 @@ def get_config(config=None): if is_node_changed(conf, base + [ifname, 'source_interface']): macsec.update({'shutdown_required': {}}) + if 'source_interface' in macsec: + tmp = is_source_interface(conf, macsec['source_interface'], 'macsec') + if tmp and tmp != ifname: macsec.update({'is_source_interface' : tmp}) + return macsec @@ -97,6 +102,12 @@ def verify(macsec): # gcm-aes-128 requires a 128bit long key - 64 characters (string) = 32byte = 256bit raise ConfigError('gcm-aes-128 requires a 256bit long key!') + if 'is_source_interface' in macsec: + tmp = macsec['is_source_interface'] + src_ifname = macsec['source_interface'] + raise ConfigError(f'Can not use source-interface "{src_ifname}", it already ' \ + f'belongs to interface "{tmp}"!') + if 'source_interface' in macsec: # MACsec adds a 40 byte overhead (32 byte MACsec + 8 bytes VLAN 802.1ad # and 802.1q) - we need to check the underlaying MTU if our configured |