bond: T8084: disallow bond members that do not support MAC changes

c-po · c-po · commit 066d2be8b3d5 · 2025-12-19T21:51:39.000+01:00
Building on commit ba60266 (“ethernet: T8084: prevent MAC changes on ENA interfaces (AWS EC2)”), add safeguards to prevent interfaces from being used as bond members if they: * do not support MAC address changes, or * appear on a denylist of interfaces invalid for bonding (currently empty)
diff --git a/python/vyos/ethtool.py b/python/vyos/ethtool.py
@@ -28,6 +28,7 @@
 _drivers_without_mac_change = ['ena']
 # enable interface bonding will change the interface MAC address, thus all drivers
 # not supporting MAC address change, also do not support bonding
+_drivers_without_bonding_support = _drivers_without_mac_change + []
 
 class Ethtool:
     """
@@ -230,3 +231,7 @@ def get_channels(self, rx_tx_comb):
     def check_mac_change(self) -> bool:
         """ Check if ethernet drivers supports changing MAC address """
         return bool(self.get_driver_name() not in _drivers_without_mac_change)
+
+    def check_bonding(self) -> bool:
+        """ Check if ethernet drivers supports bonding """
+        return bool(self.get_driver_name() not in _drivers_without_bonding_support)
diff --git a/src/conf_mode/interfaces_bonding.py b/src/conf_mode/interfaces_bonding.py
@@ -30,6 +30,7 @@
 from vyos.configverify import verify_mtu_ipv6
 from vyos.configverify import verify_vlan_config
 from vyos.configverify import verify_vrf
+from vyos.ethtool import Ethtool
 from vyos.frrender import FRRender
 from vyos.frrender import get_frrender_dict
 from vyos.ifconfig import BondIf
@@ -251,6 +252,10 @@ def verify(bond):
                     raise ConfigError('Configured MTU is less then member '\
                                       f'interface "{interface}" minimum of {min_mtu}!')
 
+            # not all ethernet drivers support interface bonding
+            if not Ethtool(interface).check_bonding():
+                raise ConfigError(error_msg + 'driver is not supported!')
+
     if 'primary' in bond:
         if bond['primary'] not in bond['member']['interface']:
             raise ConfigError(f'Primary interface of bond "{bond_name}" must be a member interface')
