From 7e84566dedfdc532ffe05b404005daa6f21df567 Mon Sep 17 00:00:00 2001
From: Viacheslav <v.gletenko@vyos.io>
Date: Thu, 2 Sep 2021 18:58:11 +0000
Subject: tunnel: T3788: Add check keys for ipip and sit

Keys are not allowed with ipip and sit tunnels
---
 src/conf_mode/interfaces-tunnel.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py
index bfd9a8c56..ef385d2e7 100755
--- a/src/conf_mode/interfaces-tunnel.py
+++ b/src/conf_mode/interfaces-tunnel.py
@@ -123,6 +123,11 @@ def verify(tunnel):
                     raise ConfigError(f'Key "{orig_new_key}" for source-address "{new_source_address}" ' \
                                       f'is already used for tunnel "{tunnel_if}"!')
 
+    # Keys are not allowed with ipip and sit tunnels
+    if tunnel['encapsulation'] in ['ipip', 'sit']:
+        if dict_search('parameters.ip.key', tunnel) != None:
+            raise ConfigError('Keys are not allowed with ipip and sit tunnels!')
+
     verify_mtu_ipv6(tunnel)
     verify_address(tunnel)
     verify_vrf(tunnel)
-- 
cgit v1.2.3