4 files changed, 56 insertions, 24 deletions

diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py
index 4afea2b3a..fe2d7b1be 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces-pseudo-ethernet.py
@@ -28,6 +28,7 @@ from vyos.configverify import verify_bridge_delete
 from vyos.configverify import verify_source_interface
 from vyos.configverify import verify_vlan_config
 from vyos.ifconfig import MACVLANIf
+from vyos.validate import is_member
 from vyos import ConfigError
 
 from vyos import airbag
@@ -35,8 +36,8 @@ airbag.enable()
 
 def get_config():
     """
-    Retrive CLI config as dictionary. Dictionary can never be empty, as at least the
-    interface name will be added or a deleted flag
+    Retrive CLI config as dictionary. Dictionary can never be empty, as at
+    least the interface name will be added or a deleted flag
     """
     conf = Config()
     base = ['interfaces', 'pseudo-ethernet']
@@ -46,6 +47,17 @@ def get_config():
     if mode:
         peth.update({'mode_old' : mode})
 
+    # Check if source-interface is member of a bridge device
+    if 'source_interface' in peth:
+        bridge = is_member(conf, peth['source_interface'], 'bridge')
+        if bridge:
+            peth.update({'source_interface_is_bridge_member' : bridge})
+
+        # Check if we are a member of a bond device
+        bond = is_member(conf, peth['source_interface'], 'bonding')
+        if bond:
+            peth.update({'source_interface_is_bond_member' : bond})
+
     return peth
 
 def verify(peth):
@@ -57,6 +69,16 @@ def verify(peth):
     verify_vrf(peth)
     verify_address(peth)
 
+    if 'source_interface_is_bridge_member' in peth:
+        raise ConfigError(
+            'Source interface "{source_interface}" can not be used as it is already a '
+            'member of bridge "{source_interface_is_bridge_member}"!'.format(**peth))
+
+    if 'source_interface_is_bond_member' in peth:
+        raise ConfigError(
+            'Source interface "{source_interface}" can not be used as it is already a '
+            'member of bond "{source_interface_is_bond_member}"!'.format(**peth))
+
     # use common function to verify VLAN configuration
     verify_vlan_config(peth)
     return None
@@ -71,8 +93,8 @@ def apply(peth):
         return None
 
     # Check if MACVLAN interface already exists. Parameters like the underlaying
-    # source-interface device or mode can not be changed on the fly and the interface
-    # needs to be recreated from the bottom.
+    # source-interface device or mode can not be changed on the fly and the
+    # interface needs to be recreated from the bottom.
     if 'mode_old' in peth:
         MACVLANIf(peth['ifname']).remove()
 
diff --git a/src/conf_mode/service_console-server.py b/src/conf_mode/service_console-server.py
index ace6b8ca4..613ec6879 100755
--- a/src/conf_mode/service_console-server.py
+++ b/src/conf_mode/service_console-server.py
@@ -31,11 +31,9 @@ def get_config():
     conf = Config()
     base = ['service', 'console-server']
 
-    if not conf.exists(base):
-        return None
-
     # Retrieve CLI representation as dictionary
-    proxy = conf.get_config_dict(base, key_mangling=('-', '_'))
+    proxy = conf.get_config_dict(base, key_mangling=('-', '_'),
+                                 get_first_key=True)
     # The retrieved dictionary will look something like this:
     #
     # {'device': {'usb0b2.4p1.0': {'speed': '9600'},
@@ -47,9 +45,10 @@ def get_config():
     # We have gathered the dict representation of the CLI, but there are default
     # options which we need to update into the dictionary retrived.
     default_values = defaults(base + ['device'])
-    for device in proxy['device'].keys():
-        tmp = dict_merge(default_values, proxy['device'][device])
-        proxy['device'][device] = tmp
+    if 'device' in proxy:
+        for device in proxy['device']:
+            tmp = dict_merge(default_values, proxy['device'][device])
+            proxy['device'][device] = tmp
 
     return proxy
 
@@ -57,15 +56,14 @@ def verify(proxy):
     if not proxy:
         return None
 
-    for device in proxy['device']:
-        keys = proxy['device'][device].keys()
-        if 'speed' not in keys:
-            raise ConfigError(f'Serial port speed must be defined for "{tmp}"!')
+    if 'device' in proxy:
+        for device in proxy['device']:
+            if 'speed' not in proxy['device'][device]:
+                raise ConfigError(f'Serial port speed must be defined for "{device}"!')
 
-        if 'ssh' in keys:
-            ssh_keys = proxy['device'][device]['ssh'].keys()
-            if 'port' not in ssh_keys:
-                raise ConfigError(f'SSH port must be defined for "{tmp}"!')
+            if 'ssh' in proxy['device'][device]:
+                if 'port' not in proxy['device'][device]['ssh']:
+                    raise ConfigError(f'SSH port must be defined for "{device}"!')
 
     return None
 
@@ -86,10 +84,11 @@ def apply(proxy):
 
     call('systemctl restart conserver-server.service')
 
-    for device in proxy['device']:
-        if 'ssh' in proxy['device'][device].keys():
-            port = proxy['device'][device]['ssh']['port']
-            call(f'systemctl restart dropbear@{device}.service')
+    if 'device' in proxy:
+        for device in proxy['device']:
+            if 'ssh' in proxy['device'][device]:
+                port = proxy['device'][device]['ssh']['port']
+                call(f'systemctl restart dropbear@{device}.service')
 
     return None
 
diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py
index a8357f653..39d34a7e2 100755
--- a/src/conf_mode/service_pppoe-server.py
+++ b/src/conf_mode/service_pppoe-server.py
@@ -421,6 +421,9 @@ def verify(pppoe):
     if len(pppoe['dnsv6']) > 3:
         raise ConfigError('Not more then three IPv6 DNS name-servers can be configured')
 
+    if not pppoe['interfaces']:
+        raise ConfigError('At least one listen interface must be defined!')
+
     # local ippool and gateway settings config checks
     if pppoe['client_ip_subnets'] or pppoe['client_ip_pool']:
         if not pppoe['ppp_gw']:
diff --git a/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper b/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper
index f1167fcd2..60e001af7 100644
--- a/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper
+++ b/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper
@@ -20,6 +20,7 @@ function iptovtysh () {
     local VTYSH_NETADDR=""
     local VTYSH_GATEWAY=""
     local VTYSH_DEV=""
+    local VTYSH_VRF_NAME=$(ip -d link show dev $interface | grep $interface | awk '{print $9}')
     # convert default route to 0.0.0.0/0
     if [ "$4" == "default" ] ; then
         VTYSH_NETADDR="0.0.0.0/0"
@@ -40,7 +41,14 @@ function iptovtysh () {
     elif [ "$7" == "dev" ]; then
         VTYSH_DEV=$8
     fi
-    VTYSH_CMD="ip route $VTYSH_NETADDR $VTYSH_GATEWAY $VTYSH_DEV tag $VTYSH_TAG $VTYSH_DISTANCE"
+
+    # check if vrf is present
+    if [ $(ip -d link show dev $interface | grep vrf | wc -l) -eq 0 ]; then
+        VTYSH_CMD="ip route $VTYSH_NETADDR $VTYSH_GATEWAY $VTYSH_DEV tag $VTYSH_TAG $VTYSH_DISTANCE"
+    elif [ $(ip -d link show dev $interface | grep vrf | wc -l) -eq 1 ]; then
+        VTYSH_CMD="ip route $VTYSH_NETADDR $VTYSH_GATEWAY $VTYSH_DEV tag $VTYSH_TAG $VTYSH_DISTANCE vrf $VTYSH_VRF_NAME"
+    fi
+
     # delete route if the command is "del"
     if [ "$3" == "del" ] ; then
         VTYSH_CMD="no $VTYSH_CMD"