From dd0ebffa33728e452ac6e11737c2283f0e390359 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Tue, 23 Jul 2024 19:05:21 +0200 Subject: vrf: T6602: verify supplied VRF name on all interface types Only some (e.g. ethernet or wireguard) interfaces validate if the supplied VRF actually exists. If this is not validated, one can pass an invalid VRF to the system which generates an OSError exception. To reproduce set interfaces vxlan vxlan1 vni 1000 set interfaces vxlan vxlan1 remote 1.2.3.4 set interfaces vxlan vxlan1 vrf smoketest results in OSError: [Errno 255] failed to run command: ip link set dev vxlan1 master smoketest_mgmt This commit adds the missing verify_vrf() call to the missing interface types and an appropriate smoketest for all interfaces supporting VRF assignment. --- src/conf_mode/interfaces_geneve.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/conf_mode/interfaces_geneve.py') diff --git a/src/conf_mode/interfaces_geneve.py b/src/conf_mode/interfaces_geneve.py index 769139e0f..007708d4a 100755 --- a/src/conf_mode/interfaces_geneve.py +++ b/src/conf_mode/interfaces_geneve.py @@ -24,6 +24,7 @@ from vyos.configverify import verify_mtu_ipv6 from vyos.configverify import verify_bridge_delete from vyos.configverify import verify_mirror_redirect from vyos.configverify import verify_bond_bridge_member +from vyos.configverify import verify_vrf from vyos.ifconfig import GeneveIf from vyos.utils.network import interface_exists from vyos import ConfigError @@ -59,6 +60,7 @@ def verify(geneve): verify_mtu_ipv6(geneve) verify_address(geneve) + verify_vrf(geneve) verify_bond_bridge_member(geneve) verify_mirror_redirect(geneve) -- cgit v1.2.3