From f7bab4058d8677079db32bdc2e6c452267b98694 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Fri, 9 Sep 2022 10:38:46 +0000 Subject: openvpn: T4679: Fix incorrect verify local and remote address In the OpenVPN site-to-site config we can use IPv6 peers without IPv4 configurations but "verify()" checks also local and remote IPv4 addresses that in this case will be empty lists For example: set interfaces openvpn vtun2 local-address 2001:db8::1 set interfaces openvpn vtun2 remote-address 2001:db8::2 Check in the commit (v4loAddr == v4remAddr) <= both empty lists commit DEBUG: [] == [] or ['2001:db8::2'] == [] So we should also check v4loAddr, v4remAddr, v6loAddr, v6remAddr are not empty --- python/vyos/util.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'python') diff --git a/python/vyos/util.py b/python/vyos/util.py index 325b630bc..461df9a6e 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -1,4 +1,4 @@ -# Copyright 2020-2021 VyOS maintainers and contributors +# Copyright 2020-2022 VyOS maintainers and contributors # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -471,6 +471,12 @@ def process_named_running(name): return p.pid return None +def is_list_equal(first: list, second: list) -> bool: + """ Check if 2 lists are equal and list not empty """ + if len(first) != len(second) or len(first) == 0: + return False + return sorted(first) == sorted(second) + def is_listen_port_bind_service(port: int, service: str) -> bool: """Check if listen port bound to expected program name :param port: Bind port -- cgit v1.2.3