diff options
| -rw-r--r-- | python/vyos/util.py | 39 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-wireguard.py | 5 |
2 files changed, 44 insertions, 0 deletions
diff --git a/python/vyos/util.py b/python/vyos/util.py index 8af46a6ee..fc2834a97 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -819,3 +819,42 @@ def is_systemd_service_running(service): Copied from: https://unix.stackexchange.com/a/435317 """ tmp = cmd(f'systemctl show --value -p SubState {service}') return bool((tmp == 'running')) + +def check_port_availability(ipaddress, port, protocol): + """ + Check if port is available and not used by any service + Return False if a port is busy or IP address does not exists + Should be used carefully for services that can start listening + dynamically, because IP address may be dynamic too + """ + from socketserver import TCPServer, UDPServer + from ipaddress import ip_address + + # verify arguments + try: + ipaddress = ip_address(ipaddress).compressed + except: + print(f'The {ipaddress} is not a valid IPv4 or IPv6 address') + return + if port not in range(1, 65536): + print(f'The port number {port} is not in the 1-65535 range') + return + if protocol not in ['tcp', 'udp']: + print( + f'The protocol {protocol} is not supported. Only tcp and udp are allowed' + ) + return + + # check port availability + try: + if protocol == 'tcp': + server = TCPServer((ipaddress, port), None, bind_and_activate=True) + if protocol == 'udp': + server = UDPServer((ipaddress, port), None, bind_and_activate=True) + server.server_close() + return True + except: + print( + f'The {protocol} port {port} on the {ipaddress} is busy or unavailable' + ) + return False diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 4c566a5ad..ad3ddcba2 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -30,6 +30,7 @@ from vyos.configverify import verify_bridge_delete from vyos.configverify import verify_mtu_ipv6 from vyos.ifconfig import WireGuardIf from vyos.util import check_kmod +from vyos.util import check_port_availability from vyos import ConfigError from vyos import airbag airbag.enable() @@ -73,6 +74,10 @@ def verify(wireguard): if 'peer' not in wireguard: raise ConfigError('At least one Wireguard peer is required!') + if 'port' in wireguard and check_port_availability( + '0.0.0.0', int(wireguard['port']), 'udp') is not True: + raise ConfigError('The port cannot be used for the interface') + # run checks on individual configured WireGuard peer for tmp in wireguard['peer']: peer = wireguard['peer'][tmp] |