4 files changed, 31 insertions, 4 deletions

diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 83e6dee11..a381ace5c 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -310,6 +310,7 @@ def generate_run_arguments(name, container_config):
     memory = container_config['memory']
     shared_memory = container_config['shared_memory']
     restart = container_config['restart']
+    log_driver = container_config['log_driver']
 
     # Add sysctl options
     sysctl_opt = ''
@@ -408,7 +409,7 @@ def generate_run_arguments(name, container_config):
             name_server += f'--dns {ns}'
 
     container_base_cmd = f'--detach --interactive --tty --replace {capabilities} {privileged} --cpus {cpu_quota} {sysctl_opt} ' \
-                         f'--memory {memory}m --shm-size {shared_memory}m --memory-swap 0 --restart {restart} ' \
+                         f'--memory {memory}m --shm-size {shared_memory}m --memory-swap 0 --restart {restart} --log-driver={log_driver} ' \
                          f'--name {name} {hostname} {device} {port} {name_server} {volume} {tmpfs} {env_opt} {label} {uid} {host_pid}'
 
     entrypoint = ''
diff --git a/src/conf_mode/interfaces_bridge.py b/src/conf_mode/interfaces_bridge.py
index c14e6a599..fce07ae0a 100755
--- a/src/conf_mode/interfaces_bridge.py
+++ b/src/conf_mode/interfaces_bridge.py
@@ -111,6 +111,11 @@ def get_config(config=None):
             elif interface.startswith('wlan') and interface_exists(interface):
                 set_dependents('wlan', conf, interface)
 
+            if interface.startswith('vtun'):
+                _, tmp_config = get_interface_dict(conf, ['interfaces', 'openvpn'], interface)
+                tmp = tmp_config.get('device_type') == 'tap'
+                bridge['member']['interface'][interface].update({'valid_ovpn' : tmp})
+
     # delete empty dictionary keys - no need to run code paths if nothing is there to do
     if 'member' in bridge:
         if 'interface' in bridge['member'] and len(bridge['member']['interface']) == 0:
@@ -178,6 +183,9 @@ def verify(bridge):
                     if option in interface_config:
                         raise ConfigError('Can not use VLAN options on non VLAN aware bridge')
 
+            if interface.startswith('vtun') and not interface_config['valid_ovpn']:
+                raise ConfigError(error_msg + 'OpenVPN device-type must be set to "tap"')
+
     if 'enable_vlan' in bridge:
         if dict_search('vif.1', bridge):
             raise ConfigError(f'VLAN 1 sub interface cannot be set for VLAN aware bridge {ifname}, and VLAN 1 is always the parent interface')
diff --git a/src/conf_mode/protocols_rpki.py b/src/conf_mode/protocols_rpki.py
index ef0250e3d..054aa1c0e 100755
--- a/src/conf_mode/protocols_rpki.py
+++ b/src/conf_mode/protocols_rpki.py
@@ -18,6 +18,7 @@ import os
 
 from glob import glob
 from sys import exit
+from sys import argv
 
 from vyos.config import Config
 from vyos.configverify import has_frr_protocol_in_dict
@@ -39,13 +40,18 @@ def get_config(config=None):
         conf = config
     else:
         conf = Config()
-    return get_frrender_dict(conf)
+    return get_frrender_dict(conf, argv)
 
 def verify(config_dict):
     if not has_frr_protocol_in_dict(config_dict, 'rpki'):
         return None
 
-    rpki = config_dict['rpki']
+    vrf = None
+    if 'vrf_context' in config_dict:
+        vrf = config_dict['vrf_context']
+
+    # eqivalent of the C foo ? 'a' : 'b' statement
+    rpki = vrf and config_dict['vrf']['name'][vrf]['protocols']['rpki'] or config_dict['rpki']
 
     if 'cache' in rpki:
         preferences = []
@@ -79,7 +85,12 @@ def generate(config_dict):
     if not has_frr_protocol_in_dict(config_dict, 'rpki'):
         return None
 
-    rpki = config_dict['rpki']
+    vrf = None
+    if 'vrf_context' in config_dict:
+        vrf = config_dict['vrf_context']
+
+    # eqivalent of the C foo ? 'a' : 'b' statement
+    rpki = vrf and config_dict['vrf']['name'][vrf]['protocols']['rpki'] or config_dict['rpki']
 
     if 'cache' in rpki:
         for cache, cache_config in rpki['cache'].items():
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index 8baf55857..6e9d4147a 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -18,6 +18,8 @@ from sys import exit
 from jmespath import search
 from json import loads
 
+import vyos.defaults
+
 from vyos.config import Config
 from vyos.configdict import node_changed
 from vyos.configverify import verify_route_map
@@ -163,6 +165,11 @@ def verify(vrf):
             if 'table' not in vrf_config:
                 raise ConfigError(f'VRF "{name}" table id is mandatory!')
 
+            if int(vrf_config['table']) == vyos.defaults.rt_global_vrf:
+                raise ConfigError(
+                    f'VRF "{name}" table id {vrf_config["table"]} cannot be used!'
+                )
+
             # routing table id can't be changed - OS restriction
             if interface_exists(name):
                 tmp = get_vrf_tableid(name)