Merge pull request #3570 from talmakion/bugfix/T6157

tunnel: T6157: fixing GRE tunnel uniqueness checks
author: Daniil Baturin <daniil@vyos.io> 2024-05-31 16:35:13 +0200
committer: GitHub <noreply@github.com> 2024-05-31 16:35:13 +0200
commit: d150067ef254a266aef2758e8e92b43c1f22956b (patch)
tree: 3f42185a7d1872e773276d91e6f0f1df163dd400 /src
parent: 3778558437101893e21f263e4bbc6013b3a9772b (diff)
parent: 34024e630ec70ac5dc59fc57f818f6cd9dc15cd2 (diff)
download: vyos-1x-d150067ef254a266aef2758e8e92b43c1f22956b.tar.gz
vyos-1x-d150067ef254a266aef2758e8e92b43c1f22956b.zip
1 files changed, 14 insertions, 5 deletions
diff --git a/src/conf_mode/interfaces_tunnel.py b/src/conf_mode/interfaces_tunnel.py
index 43ba72857..98ef98d12 100755
--- a/src/conf_mode/interfaces_tunnel.py
+++ b/src/conf_mode/interfaces_tunnel.py
@@ -145,11 +145,20 @@ def verify(tunnel):
                 # If no IP GRE key is defined we can not have more then one GRE tunnel
                 # bound to any one interface/IP address and the same remote. This will
                 # result in a OS  PermissionError: add tunnel "gre0" failed: File exists
-                if (their_address == our_address or our_source_if == their_source_if) and \
-                    our_remote == their_remote:
-                    raise ConfigError(f'Missing required "ip key" parameter when '\
-                                       'running more then one GRE based tunnel on the '\
-                                       'same source-interface/source-address')
+                if our_remote == their_remote:
+                    if our_address is not None and their_address == our_address: 
+                        # If set to the same values, this is always a fail 
+                        raise ConfigError(f'Missing required "ip key" parameter when '\
+                                           'running more then one GRE based tunnel on the '\
+                                           'same source-address')
+
+                    if their_source_if == our_source_if and their_address == our_address:
+                        # Note that lack of None check on these is deliberate. 
+                        # source-if and source-ip matching while unset (all None) is a fail
+                        # source-ifs set and matching with unset source-ips is a fail
+                        raise ConfigError(f'Missing required "ip key" parameter when '\
+                                           'running more then one GRE based tunnel on the '\
+                                           'same source-interface')
 
     # Keys are not allowed with ipip and sit tunnels
     if tunnel['encapsulation'] in ['ipip', 'sit']:
author	Daniil Baturin <daniil@vyos.io>	2024-05-31 16:35:13 +0200
committer	GitHub <noreply@github.com>	2024-05-31 16:35:13 +0200
commit	d150067ef254a266aef2758e8e92b43c1f22956b (patch)
tree	3f42185a7d1872e773276d91e6f0f1df163dd400 /src
parent	3778558437101893e21f263e4bbc6013b3a9772b (diff)
parent	34024e630ec70ac5dc59fc57f818f6cd9dc15cd2 (diff)
download	vyos-1x-d150067ef254a266aef2758e8e92b43c1f22956b.tar.gz vyos-1x-d150067ef254a266aef2758e8e92b43c1f22956b.zip