From a509d5ee53f42912d9722c9aae890e2ca6967680 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 3 Apr 2020 14:23:00 +0200 Subject: vrf: T31: name of isntance is not allowed to mimic an interface name Every VRF that's created is not allowed to be named like any interface that can be active on the system. This includes eth, lan, br, dum, lo .... In theoriy this would work but as soon as such a regular interface is created things will go sideways rather quick thus we limit the namespace which can be used to create a VRF. Appending an interface name is still possible like coolvrf-eth0. --- interface-definitions/vrf.xml.in | 6 +++--- src/validators/vrf-name | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 3 deletions(-) create mode 100755 src/validators/vrf-name diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index 76748e5ae..7c75bf824 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -17,9 +17,9 @@ VRF instance name - [^/\s]{1,16}$ + - VRF instance name must be 16 characters or less + VRF instance name must be 16 characters or less and can not\nbe named as regular network interfaces name Instance name @@ -44,4 +44,4 @@ - \ No newline at end of file + diff --git a/src/validators/vrf-name b/src/validators/vrf-name new file mode 100755 index 000000000..b1a2527d8 --- /dev/null +++ b/src/validators/vrf-name @@ -0,0 +1,40 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import re +from sys import exit, argv + +if len(argv) == 2: + len = len(argv[1]) + # VRF instance name must be 16 characters or less, python range needs to be + # extended by one + if not len in range(1, 17): + exit(1) + + # Treat loopback interface "lo" explicitly. Adding "lo" explicitly to the + # following regex pattern would deny any VRF name starting with lo - thuse + # local-vrf would be illegal - and that we do not want. + if argv[1] == "lo": + exit(1) + + # VRF instances should not be named after regular interface names like bond0, + # br10 and so on - this can cause a lot of confusion/trouble + pattern = "^(?!(bond|br|dum|eth|lan|eno|ens|enp|enx|gnv|ipoe|l2tp|l2tpeth|" \ + "vtun|ppp|pppoe|peth|tun|vti|vxlan|wg|wlan|wlm)[0-9]+).*$" + if re.match(pattern, argv[1]): + exit(0) + +exit(1) -- cgit v1.2.3