diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-11 16:17:33 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-11 16:17:33 +0100 |
commit | ebf8c8d750357122023a0c96b41072065f755c2e (patch) | |
tree | 9d8ce1ce1d6a64466114feeba21c3def5b31a7b8 /src/conf_mode | |
parent | f5b19352a4bc641fe773c09ec84a361404881458 (diff) | |
parent | 8c941e316035e56757d77b782cf39702c73546e0 (diff) | |
download | vyos-1x-ebf8c8d750357122023a0c96b41072065f755c2e.tar.gz vyos-1x-ebf8c8d750357122023a0c96b41072065f755c2e.zip |
Merge pull request #2798 from c-po/ipsec-T5918
T5791: T5918: use genetic pattern to detect dynamic interfaces for ipsec and dynamic dns
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/service_dns_dynamic.py | 14 | ||||
-rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 12 |
2 files changed, 17 insertions, 9 deletions
diff --git a/src/conf_mode/service_dns_dynamic.py b/src/conf_mode/service_dns_dynamic.py index 99fa8feee..845aaa1b5 100755 --- a/src/conf_mode/service_dns_dynamic.py +++ b/src/conf_mode/service_dns_dynamic.py @@ -21,8 +21,10 @@ from sys import exit from vyos.base import Warning from vyos.config import Config from vyos.configverify import verify_interface_exists +from vyos.configverify import dynamic_interface_pattern from vyos.template import render from vyos.utils.process import call +from vyos.utils.network import interface_exists from vyos import ConfigError from vyos import airbag airbag.enable() @@ -30,9 +32,6 @@ airbag.enable() config_file = r'/run/ddclient/ddclient.conf' systemd_override = r'/run/systemd/system/ddclient.service.d/override.conf' -# Dynamic interfaces that might not exist when the configuration is loaded -dynamic_interfaces = ('pppoe', 'sstpc') - # Protocols that require zone zone_necessary = ['cloudflare', 'digitalocean', 'godaddy', 'hetzner', 'gandi', 'nfsn', 'nsupdate'] @@ -81,7 +80,6 @@ def verify(dyndns): # Dynamic DNS service provider - configuration validation for service, config in dyndns['name'].items(): - error_msg_req = f'is required for Dynamic DNS service "{service}"' error_msg_uns = f'is not supported for Dynamic DNS service "{service}"' @@ -93,10 +91,12 @@ def verify(dyndns): # that the interface exists (or just warn if dynamic interface) # and that web-options are not set if config['address'] != 'web': + tmp = re.compile(dynamic_interface_pattern) # exclude check interface for dynamic interfaces - if config['address'].startswith(dynamic_interfaces): - Warning(f'Interface "{config["address"]}" does not exist yet and cannot ' - f'be used for Dynamic DNS service "{service}" until it is up!') + if tmp.match(config["address"]): + if not interface_exists(config["address"]): + Warning(f'Interface "{config["address"]}" does not exist yet and cannot ' + f'be used for Dynamic DNS service "{service}" until it is up!') else: verify_interface_exists(config['address']) if 'web_options' in config: diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index adbac0405..d074ed159 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -27,6 +27,7 @@ from vyos.base import Warning from vyos.config import Config from vyos.configdict import leaf_node_changed from vyos.configverify import verify_interface_exists +from vyos.configverify import dynamic_interface_pattern from vyos.defaults import directories from vyos.ifconfig import Interface from vyos.pki import encode_certificate @@ -160,8 +161,15 @@ def verify(ipsec): raise ConfigError(f'Authentication psk "{psk}" missing "id" or "secret"') if 'interface' in ipsec: - for ifname in ipsec['interface']: - verify_interface_exists(ifname) + tmp = re.compile(dynamic_interface_pattern) + for interface in ipsec['interface']: + # exclude check interface for dynamic interfaces + if tmp.match(interface): + if not interface_exists(interface): + Warning(f'Interface "{interface}" does not exist yet and cannot be used ' + f'for IPsec until it is up!') + else: + verify_interface_exists(interface) if 'l2tp' in ipsec: if 'esp_group' in ipsec['l2tp']: |