summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2022-08-20 13:48:30 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2022-08-20 13:48:30 +0000
commitc0f5d00d92667f2a45896180cd05747c3ba82782 (patch)
treefcc5be19c276aaadb6e306589eaa65cb15e60027 /src
parentd247bc04b765a92c973ef93d94f8955312fdc13c (diff)
downloadvyos-1x-c0f5d00d92667f2a45896180cd05747c3ba82782.tar.gz
vyos-1x-c0f5d00d92667f2a45896180cd05747c3ba82782.zip
ocserv: T4597: Fix check bounded port by service itself
We check listen port before commit service if is port available and not bounded, but when we start openconnect our own port starts be bounded by "ocserv-main" process and next commit will be fail as port is already bound To fix it, extend check if port already bonded and it is not our self process "ocserv-main"
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/vpn_openconnect.py5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index a3e774678..240546817 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -25,6 +25,7 @@ from vyos.template import render
from vyos.util import call
from vyos.util import check_port_availability
from vyos.util import is_systemd_service_running
+from vyos.util import is_listen_port_bind_service
from vyos.util import dict_search
from vyos.xml import defaults
from vyos import ConfigError
@@ -77,8 +78,10 @@ def verify(ocserv):
if ocserv is None:
return None
# Check if listen-ports not binded other services
+ # It can be only listen by 'ocserv-main'
for proto, port in ocserv.get('listen_ports').items():
- if check_port_availability('0.0.0.0', int(port), proto) is not True:
+ if check_port_availability('0.0.0.0', int(port), proto) is not True and \
+ not is_listen_port_bind_service(int(port), 'ocserv-main'):
raise ConfigError(f'"{proto}" port "{port}" is used by another service')
# Check authentication
if "authentication" in ocserv:
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 19:40:10 +0000