From 6f3130ea5c8c3043e4a5377c972b96233f22a5fc Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 18 Sep 2021 15:18:21 +0200
Subject: ipsec: vti: T3831: avoid usinf xfrm if_id 0 - implement shift by one

The key defaults to 0 and will match any policies which similarly do not have
a lookup key configuration. This means that a vti0 named interface will pull in
all traffic and others will stop working. Thus we simply shift the key by one
to also support a vti0 interface.
---
 python/vyos/ifconfig/vti.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'python')

diff --git a/python/vyos/ifconfig/vti.py b/python/vyos/ifconfig/vti.py
index 470ebbff3..c50cd5ce9 100644
--- a/python/vyos/ifconfig/vti.py
+++ b/python/vyos/ifconfig/vti.py
@@ -35,8 +35,11 @@ class VTIIf(Interface):
         mapping = {
             'source_interface' : 'dev',
         }
-
         if_id = self.ifname.lstrip('vti')
+        # The key defaults to 0 and will match any policies which similarly do
+        # not have a lookup key configuration - thus we shift the key by one
+        # to also support a vti0 interface
+        if_id = str(int(if_id) +1)
         cmd = f'ip link add {self.ifname} type xfrm if_id {if_id}'
         for vyos_key, iproute2_key in mapping.items():
             # dict_search will return an empty dict "{}" for valueless nodes like
-- 
cgit v1.2.3