From 82552e2abc77640b3a81560e3f8c5be2c21e3ad2 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Fri, 10 May 2024 15:15:53 +0200 Subject: bond: T6303: system-mac is not allowed to be a multicast MAC address (cherry picked from commit d8ddd7191d3004e886fa45a2cf9bd8dd5e7f5e14) --- python/vyos/ifconfig/bond.py | 2 +- python/vyos/utils/assertion.py | 4 ++-- src/conf_mode/interfaces_bonding.py | 11 +++++++++++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/python/vyos/ifconfig/bond.py b/python/vyos/ifconfig/bond.py index b381ba0e1..f26426915 100644 --- a/python/vyos/ifconfig/bond.py +++ b/python/vyos/ifconfig/bond.py @@ -56,7 +56,7 @@ class BondIf(Interface): 'location': '/sys/class/net/{ifname}/bonding/lacp_rate', }, 'bond_system_mac': { - 'validate': assert_mac, + 'validate': lambda v: assert_mac(v, test_all_zero=False), 'location': '/sys/class/net/{ifname}/bonding/ad_actor_system', }, 'bond_miimon': { diff --git a/python/vyos/utils/assertion.py b/python/vyos/utils/assertion.py index 1aaa54dff..c7fa220c3 100644 --- a/python/vyos/utils/assertion.py +++ b/python/vyos/utils/assertion.py @@ -53,7 +53,7 @@ def assert_mtu(mtu, ifname): if (max_mtu and cur_mtu > max_mtu) or cur_mtu > 65536: raise ValueError(f'MTU is too small for interface "{ifname}": {mtu} > {max_mtu}') -def assert_mac(m): +def assert_mac(m, test_all_zero=True): split = m.split(':') size = len(split) @@ -74,7 +74,7 @@ def assert_mac(m): raise ValueError(f'{m} is a multicast MAC address') # overall mac address is not allowed to be 00:00:00:00:00:00 - if sum(octets) == 0: + if test_all_zero and sum(octets) == 0: raise ValueError('00:00:00:00:00:00 is not a valid MAC address') if octets[:5] == (0, 0, 94, 0, 1): diff --git a/src/conf_mode/interfaces_bonding.py b/src/conf_mode/interfaces_bonding.py index 371b219c0..5e5d5fba1 100755 --- a/src/conf_mode/interfaces_bonding.py +++ b/src/conf_mode/interfaces_bonding.py @@ -33,6 +33,7 @@ from vyos.ifconfig import BondIf from vyos.ifconfig.ethernet import EthernetIf from vyos.ifconfig import Section from vyos.template import render_to_string +from vyos.utils.assertion import assert_mac from vyos.utils.dict import dict_search from vyos.utils.dict import dict_to_paths_values from vyos.utils.network import interface_exists @@ -244,6 +245,16 @@ def verify(bond): raise ConfigError('primary interface only works for mode active-backup, ' \ 'transmit-load-balance or adaptive-load-balance') + if 'system_mac' in bond: + if bond['mode'] != '802.3ad': + raise ConfigError('Actor MAC address only available in 802.3ad mode!') + + system_mac = bond['system_mac'] + try: + assert_mac(system_mac, test_all_zero=False) + except: + raise ConfigError(f'Cannot use a multicast MAC address "{system_mac}" as system-mac!') + return None def generate(bond): -- cgit v1.2.3