5 files changed, 22 insertions, 12 deletions
diff --git a/src/conf_mode/containers.py b/src/conf_mode/containers.py
index 1e0197a13..cc34f9d39 100755
--- a/src/conf_mode/containers.py
+++ b/src/conf_mode/containers.py
@@ -271,6 +271,14 @@ def apply(container):
             tmp = run(f'podman image exists {image}')
             if tmp != 0: print(os.system(f'podman pull {image}'))
 
+            # Add capability options. Should be in uppercase
+            cap_add = ''
+            if 'cap_add' in container_config:
+                for c in container_config['cap_add']:
+                    c = c.upper()
+                    c = c.replace('-', '_')
+                    cap_add += f' --cap-add={c}'
+
             # Check/set environment options "-e foo=bar"
             env_opt = ''
             if 'environment' in container_config:
@@ -299,7 +307,7 @@ def apply(container):
                     dvol = vol_config['destination']
                     volume += f' -v {svol}:{dvol}'
 
-            container_base_cmd = f'podman run --detach --interactive --tty --replace ' \
+            container_base_cmd = f'podman run --detach --interactive --tty --replace {cap_add} ' \
                                  f'--memory {memory}m --memory-swap 0 --restart {restart} ' \
                                  f'--name {name} {port} {volume} {env_opt}'
             if 'allow_host_networks' in container_config:
diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py
index ef385d2e7..51127127d 100755
--- a/src/conf_mode/interfaces-tunnel.py
+++ b/src/conf_mode/interfaces-tunnel.py
@@ -108,18 +108,17 @@ def verify(tunnel):
             # Prevent the same key for 2 tunnels with same source-address/encap. T2920
             for tunnel_if in Section.interfaces('tunnel'):
                 tunnel_cfg = get_interface_config(tunnel_if)
-                exist_encap = tunnel_cfg['linkinfo']['info_kind']
-                exist_source_address = tunnel_cfg['address']
-                exist_key = tunnel_cfg['linkinfo']['info_data']['ikey']
+                # no match on encapsulation - bail out
+                if dict_search('linkinfo.info_kind', tunnel_cfg) != tunnel['encapsulation']:
+                    continue
                 new_source_address = tunnel['source_address']
                 # Convert tunnel key to ip key, format "ip -j link show"
                 # 1 => 0.0.0.1, 999 => 0.0.3.231
-                orig_new_key = int(tunnel['parameters']['ip']['key'])
-                new_key = IPv4Address(orig_new_key)
+                orig_new_key = dict_search('parameters.ip.key', tunnel)
+                new_key = IPv4Address(int(orig_new_key))
                 new_key = str(new_key)
-                if tunnel['encapsulation'] == exist_encap and \
-                   new_source_address == exist_source_address and \
-                   new_key == exist_key:
+                if dict_search('address', tunnel_cfg) == new_source_address and \
+                   dict_search('linkinfo.info_data.ikey', tunnel_cfg) == new_key:
                     raise ConfigError(f'Key "{orig_new_key}" for source-address "{new_source_address}" ' \
                                       f'is already used for tunnel "{tunnel_if}"!')
 
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index 7b3de6e8a..af35b5f03 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -82,11 +82,12 @@ def get_config(config=None):
     tmp = conf.get_config_dict([], key_mangling=('-', '_'), get_first_key=True)
     if not (dict_search('security.wpa.passphrase', tmp) or
             dict_search('security.wpa.radius', tmp)):
-        del wifi['security']['wpa']
+        if 'deleted' not in wifi:
+            del wifi['security']['wpa']
 
     # defaults include RADIUS server specifics per TAG node which need to be
     # added to individual RADIUS servers instead - so we can simply delete them
-    if dict_search('security.wpa.radius.server.port', wifi):
+    if dict_search('security.wpa.radius.server.port', wifi) != None:
         del wifi['security']['wpa']['radius']['server']['port']
         if not len(wifi['security']['wpa']['radius']['server']):
             del wifi['security']['wpa']['radius']
diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py
index 9c52f77ca..818e8fa0b 100755
--- a/src/conf_mode/vpn_l2tp.py
+++ b/src/conf_mode/vpn_l2tp.py
@@ -290,6 +290,8 @@ def get_config(config=None):
     # LNS secret
     if conf.exists(['lns', 'shared-secret']):
         l2tp['lns_shared_secret'] = conf.return_value(['lns', 'shared-secret'])
+    if conf.exists(['lns', 'host-name']):
+        l2tp['lns_host_name'] = conf.return_value(['lns', 'host-name'])
 
     if conf.exists(['ccp-disable']):
         l2tp['ccp_disable'] = True
diff --git a/src/validators/bgp-large-community-list b/src/validators/bgp-large-community-list
index c07268e81..80112dfdc 100755
--- a/src/validators/bgp-large-community-list
+++ b/src/validators/bgp-large-community-list
@@ -30,7 +30,7 @@ if __name__ == '__main__':
         sys.exit(1)
 
     if not (re.match(pattern, sys.argv[1]) and
-           (is_ipv4(value[0]) or value[0].isdigit()) and value[1].isdigit()):
+           (is_ipv4(value[0]) or value[0].isdigit()) and (value[1].isdigit() or value[1] == '*')):
         sys.exit(1)
 
     sys.exit(0)