diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-07-06 17:40:37 +0000 |
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-07-25 09:35:52 +0000 |
| commit | 5f2e9cb81d89a5cfecbac01bec054b3ba4e8dff5 (patch) | |
| tree | 3c8a963489ad77e35b7c30be55145f0980c0f7ed /src/conf_mode | |
| parent | e8ff7aa564b03c6338b2c053f3c24a08fd2cf323 (diff) | |
| download | vyos-1x-5f2e9cb81d89a5cfecbac01bec054b3ba4e8dff5.tar.gz vyos-1x-5f2e9cb81d89a5cfecbac01bec054b3ba4e8dff5.zip | |
T5154: NTP: allow maximum of one ipv4 and one ipv6 address on parameter <listen-address>. Also allow only one single value <interface>.
Diffstat (limited to 'src/conf_mode')
| -rwxr-xr-x | src/conf_mode/ntp.py | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py index 92cb73aab..95766c44c 100755 --- a/src/conf_mode/ntp.py +++ b/src/conf_mode/ntp.py @@ -24,6 +24,7 @@ from vyos.util import call from vyos.util import chmod_750 from vyos.util import get_interface_config from vyos.template import render +from vyos.template import is_ipv4 from vyos import ConfigError from vyos import airbag airbag.enable() @@ -62,16 +63,29 @@ def verify(ntp): if 'interface' in ntp: # If ntpd should listen on a given interface, ensure it exists - for interface in ntp['interface']: - verify_interface_exists(interface) - - # If we run in a VRF, our interface must belong to this VRF, too - if 'vrf' in ntp: - tmp = get_interface_config(interface) - vrf_name = ntp['vrf'] - if 'master' not in tmp or tmp['master'] != vrf_name: - raise ConfigError(f'NTP runs in VRF "{vrf_name}" - "{interface}" '\ - f'does not belong to this VRF!') + interface = ntp['interface'] + verify_interface_exists(interface) + + # If we run in a VRF, our interface must belong to this VRF, too + if 'vrf' in ntp: + tmp = get_interface_config(interface) + vrf_name = ntp['vrf'] + if 'master' not in tmp or tmp['master'] != vrf_name: + raise ConfigError(f'NTP runs in VRF "{vrf_name}" - "{interface}" '\ + f'does not belong to this VRF!') + + if 'listen_address' in ntp: + ipv4_addresses = 0 + ipv6_addresses = 0 + for address in ntp['listen_address']: + if is_ipv4(address): + ipv4_addresses += 1 + else: + ipv6_addresses += 1 + if ipv4_addresses > 1: + raise ConfigError(f'NTP Only admits one ipv4 value for listen-address parameter ') + if ipv6_addresses > 1: + raise ConfigError(f'NTP Only admits one ipv6 value for listen-address parameter ') return None |