+ die "bond '$iface' - bond-primary interface is not a slave" if $d->{'bond-primary'} && !$bond_primary_is_slave;
+ }
+ }
+
+ # check vxlan
+ my $vxlans = {};
+ foreach my $iface (keys %$ifaces) {
+ my $d = $ifaces->{$iface};
+
+ if ($d->{type} eq 'vxlan' && $d->{'vxlan-id'}) {
+ my $vxlanid = $d->{'vxlan-id'};
+ die "iface $iface - duplicate vxlan-id $vxlanid already used in $vxlans->{$vxlanid}\n" if $vxlans->{$vxlanid};
+ $vxlans->{$vxlanid} = $iface;
+ }
+
+ my $ips = 0;
+ ++$ips if defined $d->{'vxlan-svcnodeip'};
+ ++$ips if defined $d->{'vxlan-remoteip'};
+ ++$ips if defined $d->{'vxlan-local-tunnelip'};
+ if ($ips > 1) {
+ die "iface $iface - vxlan-svcnodeip, vxlan-remoteip and vxlan-localtunnelip are mutually exclusive\n";
+ }
+
+ if (defined($d->{'vxlan-svcnodeip'}) != defined($d->{'vxlan-physdev'})) {
+ die "iface $iface - vxlan-svcnodeip and vxlan-physdev must be define together\n";
+ }
+ #fixme : check if vxlan mtu is lower than 50bytes than physical interface where tunnel is going out
+ }
+
+ # check vlan
+ foreach my $iface (keys %$ifaces) {
+ my $d = $ifaces->{$iface};
+ if ($d->{type} eq 'vlan' && $iface =~ m/^(\S+)\.\d+$/) {
+ my $p = $1;
+ my $n = $ifaces->{$p};
+
+ die "vlan '$iface' - unable to find parent '$p'\n"
+ if !$n;
+
+ if ($n->{type} ne 'eth' && $n->{type} ne 'bridge' && $n->{type} ne 'bond' && $n->{type} ne 'vlan') {
+ die "vlan '$iface' - wrong interface type on parent '$p' " .
+ "('$n->{type}' != 'eth|bond|bridge|vlan' )\n";
+ }
+
+ &$check_mtu($ifaces, $p, $iface);
+
+ }
+ }
+
+ # check uplink
+ my $uplinks = {};
+ foreach my $iface (keys %$ifaces) {
+ my $d = $ifaces->{$iface};
+ if (my $uplinkid = $d->{'uplink-id'}) {
+ die "iface '$iface' - uplink-id $uplinkid is only allowed on physical and linux bond interfaces\n"
+ if $d->{type} ne 'eth' && $d->{type} ne 'bond';
+
+ die "iface '$iface' - uplink-id $uplinkid is already assigned on '$uplinks->{$uplinkid}'\n"
+ if $uplinks->{$uplinkid};
+
+ $uplinks->{$uplinkid} = $iface;
+ }
+ }
+
+ # check bridgeport option
+ my $bridgeports = {};
+ my $bridges = {};
+ foreach my $iface (keys %$ifaces) {
+ my $d = $ifaces->{$iface};
+ if ($d->{type} eq 'bridge') {
+ foreach my $p (split (/\s+/, $d->{bridge_ports})) {
+ $p =~ s/\.\d+$//;
+ my $n = $ifaces->{$p};
+ die "bridge '$iface' - unable to find bridge port '$p'\n"
+ if !$n;
+ die "iface $p - ip address can't be set on interface if bridged in $iface\n"
+ if ($n->{method} eq 'static' && $n->{address} ne '0.0.0.0') ||
+ ($n->{method6} eq 'static' && $n->{address} ne "\:\:");
+
+ &$check_mtu($ifaces, $iface, $p);
+ $bridgeports->{$p} = $iface;
+ }
+ $bridges->{$iface} = $d;
+ }
+ }
+
+ foreach my $iface (keys %$ifaces) {
+ my $d = $ifaces->{$iface};
+
+ foreach my $k (qw(bridge-learning bridge-arp-nd-suppress bridge-unicast-flood bridge-multicast-flood bridge-access)) {
+ die "iface $iface - $k: bridge port specific options can be used only on interfaces attached to a bridge\n"
+ if $d->{$k} && !$bridgeports->{$iface};
+ }
+
+ if ($d->{'bridge-access'} && !$bridges->{$bridgeports->{$iface}}->{bridge_vlan_aware}) {
+ die "iface $iface - bridge-access option can be only used if interface is in a vlan aware bridge\n";