diff options
| -rwxr-xr-x | src/conf_mode/interfaces-macsec.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index abf8b05c3..73b62dcf1 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -28,6 +28,7 @@ from vyos.configverify import verify_vrf from vyos.configverify import verify_address from vyos.configverify import verify_bridge_delete from vyos.configverify import verify_source_interface +from vyos.validate import is_member from vyos import ConfigError from vyos import airbag airbag.enable() @@ -61,6 +62,11 @@ def get_config(config=None): base + ['source-interface']) macsec.update({'source_interface': source_interface}) + if 'source_interface' in macsec: + # Check if source interface is used by another bridge + tmp = is_member(conf, macsec['source_interface'], 'bridge') + if tmp: macsec.update({'is_bridge_member_source_interface' : tmp}) + return macsec @@ -88,6 +94,10 @@ def verify(macsec): raise ConfigError('Missing mandatory MACsec security ' 'keys as encryption is enabled!') + if 'is_bridge_member_source_interface' in macsec: + raise ConfigError('source-interface is already member of bridge ' \ + '{is_bridge_member_source_interface}!'.format(**macsec)) + if 'source_interface' in macsec: # MACsec adds a 40 byte overhead (32 byte MACsec + 8 bytes VLAN 802.1ad # and 802.1q) - we need to check the underlaying MTU if our configured |