diff options
author | Daniil Baturin <daniil@vyos.io> | 2022-03-28 19:53:18 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-28 19:53:18 +0300 |
commit | 43a3300afed5d4b4bee203d2abc741954a865ba3 (patch) | |
tree | 3867e77044a09c6e703edf2fdb5ff54fa24cc7e3 | |
parent | 2a511dfaf8fcc633baf254a45224ff612d0d1202 (diff) | |
parent | 45a2a7d0adc7e9d27d6c7aee1ccbd9b64a1437ad (diff) | |
download | vyos-1x-43a3300afed5d4b4bee203d2abc741954a865ba3.tar.gz vyos-1x-43a3300afed5d4b4bee203d2abc741954a865ba3.zip |
Merge pull request #1255 from vyos/revert-1235-equuleus-ipv6-local-route
Revert "backport: T4515: T4219: policy local-route6 and inbound-interface support"
-rw-r--r-- | interface-definitions/include/interface/inbound-interface.xml.i | 10 | ||||
-rw-r--r-- | interface-definitions/policy-local-route.xml.in | 123 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_policy.py | 405 | ||||
-rwxr-xr-x | src/conf_mode/policy-local-route.py | 183 |
4 files changed, 38 insertions, 683 deletions
diff --git a/interface-definitions/include/interface/inbound-interface.xml.i b/interface-definitions/include/interface/inbound-interface.xml.i deleted file mode 100644 index 5a8d47280..000000000 --- a/interface-definitions/include/interface/inbound-interface.xml.i +++ /dev/null @@ -1,10 +0,0 @@ -<!-- include start from interface/inbound-interface.xml.i --> -<leafNode name="inbound-interface"> - <properties> - <help>Inbound Interface</help> - <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py</script> - </completionHelp> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/policy-local-route.xml.in b/interface-definitions/policy-local-route.xml.in index 573a7963f..3769c3748 100644 --- a/interface-definitions/policy-local-route.xml.in +++ b/interface-definitions/policy-local-route.xml.in @@ -14,7 +14,7 @@ <valueHelp> <!-- table main with prio 32766 --> <format>u32:1-32765</format> - <description>Local-route rule number (1-32765)</description> + <description>Local-route rule number (1-219)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-32765"/> @@ -40,18 +40,6 @@ </leafNode> </children> </node> - <leafNode name="fwmark"> - <properties> - <help>Match fwmark value</help> - <valueHelp> - <format>u32:1-2147483647</format> - <description>Address to match against</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-2147483647"/> - </constraint> - </properties> - </leafNode> <leafNode name="source"> <properties> <help>Source address or prefix</help> @@ -70,115 +58,6 @@ <multi/> </properties> </leafNode> - <leafNode name="destination"> - <properties> - <help>Destination address or prefix</help> - <valueHelp> - <format>ipv4</format> - <description>Address to match against</description> - </valueHelp> - <valueHelp> - <format>ipv4net</format> - <description>Prefix to match against</description> - </valueHelp> - <constraint> - <validator name="ipv4-address"/> - <validator name="ip-prefix"/> - </constraint> - <multi/> - </properties> - </leafNode> - #include <include/interface/inbound-interface.xml.i> - </children> - </tagNode> - </children> - </node> - <node name="local-route6" owner="${vyos_conf_scripts_dir}/policy-local-route.py"> - <properties> - <help>IPv6 policy route of local traffic</help> - </properties> - <children> - <tagNode name="rule"> - <properties> - <help>IPv6 policy local-route rule set number</help> - <valueHelp> - <!-- table main with prio 32766 --> - <format>u32:1-32765</format> - <description>Local-route rule number (1-32765)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-32765"/> - </constraint> - </properties> - <children> - <node name="set"> - <properties> - <help>Packet modifications</help> - </properties> - <children> - <leafNode name="table"> - <properties> - <help>Routing table to forward packet with</help> - <valueHelp> - <format>u32:1-200</format> - <description>Table number</description> - </valueHelp> - <completionHelp> - <list>main</list> - </completionHelp> - </properties> - </leafNode> - </children> - </node> - <leafNode name="fwmark"> - <properties> - <help>Match fwmark value</help> - <valueHelp> - <format>u32:1-2147483647</format> - <description>Address to match against</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-2147483647"/> - </constraint> - </properties> - </leafNode> - <leafNode name="source"> - <properties> - <help>Source address or prefix</help> - <valueHelp> - <format>ipv4</format> - <description>Address to match against</description> - </valueHelp> - <valueHelp> - <format>ipv4net</format> - <description>Prefix to match against</description> - </valueHelp> - <constraint> - <validator name="ipv6-address"/> - <validator name="ipv6-prefix"/> - </constraint> - <multi/> - </properties> - </leafNode> - <leafNode name="destination"> - <properties> - <help>Destination address or prefix</help> - <valueHelp> - <format>ipv6</format> - <description>Address to match against</description> - </valueHelp> - <valueHelp> - <format>ipv6net</format> - <description>Prefix to match against</description> - </valueHelp> - <constraint> - <validator name="ipv6-address"/> - <validator name="ipv6-prefix"/> - </constraint> - <multi/> - </properties> - </leafNode> - #include <include/interface/inbound-interface.xml.i> </children> </tagNode> </children> diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py index 50f2d7b43..f1d195381 100755 --- a/smoketest/scripts/cli/test_policy.py +++ b/smoketest/scripts/cli/test_policy.py @@ -678,413 +678,14 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): self.cli_commit() - original = """ - 50: from 203.0.113.1 lookup 23 - 50: from 203.0.113.2 lookup 23 - """ - tmp = cmd('ip rule show prio 50') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test set table for fwmark - def test_fwmark_table_id(self): - path = base_path + ['local-route'] - - fwmk = '24' - rule = '101' - table = '154' - - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'fwmark', fwmk]) - - self.cli_commit() - - original = """ - 101: from all fwmark 0x18 lookup 154 - """ - tmp = cmd('ip rule show prio 101') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test set table for destination - def test_destination_table_id(self): - path = base_path + ['local-route'] - - dst = '203.0.113.1' - rule = '102' - table = '154' - - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'destination', dst]) - - self.cli_commit() - - original = """ - 102: from all to 203.0.113.1 lookup 154 - """ - tmp = cmd('ip rule show prio 102') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test set table for sources with fwmark - def test_fwmark_sources_table_id(self): - path = base_path + ['local-route'] - - sources = ['203.0.113.11', '203.0.113.12'] - fwmk = '23' - rule = '100' - table = '150' - for src in sources: - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'source', src]) - self.cli_set(path + ['rule', rule, 'fwmark', fwmk]) - - self.cli_commit() - - original = """ - 100: from 203.0.113.11 fwmark 0x17 lookup 150 - 100: from 203.0.113.12 fwmark 0x17 lookup 150 - """ - tmp = cmd('ip rule show prio 100') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test set table for sources with iif - def test_iif_sources_table_id(self): - path = base_path + ['local-route'] - - sources = ['203.0.113.11', '203.0.113.12'] - iif = 'lo' - rule = '100' - table = '150' - - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'inbound-interface', iif]) - for src in sources: - self.cli_set(path + ['rule', rule, 'source', src]) - - self.cli_commit() - - # Check generated configuration - # Expected values - original = """ - 100: from 203.0.113.11 iif lo lookup 150 - 100: from 203.0.113.12 iif lo lookup 150 - """ - tmp = cmd('ip rule show prio 100') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test set table for sources and destinations with fwmark - def test_fwmark_sources_destination_table_id(self): - path = base_path + ['local-route'] - - sources = ['203.0.113.11', '203.0.113.12'] - destinations = ['203.0.113.13', '203.0.113.15'] - fwmk = '23' - rule = '103' - table = '150' - for src in sources: - for dst in destinations: - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'source', src]) - self.cli_set(path + ['rule', rule, 'destination', dst]) - self.cli_set(path + ['rule', rule, 'fwmark', fwmk]) - - self.cli_commit() - - original = """ - 103: from 203.0.113.11 to 203.0.113.13 fwmark 0x17 lookup 150 - 103: from 203.0.113.11 to 203.0.113.15 fwmark 0x17 lookup 150 - 103: from 203.0.113.12 to 203.0.113.13 fwmark 0x17 lookup 150 - 103: from 203.0.113.12 to 203.0.113.15 fwmark 0x17 lookup 150 - """ - tmp = cmd('ip rule show prio 103') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test set table ipv6 for some sources ipv6 - def test_ipv6_table_id(self): - path = base_path + ['local-route6'] - - sources = ['2001:db8:123::/48', '2001:db8:126::/48'] - rule = '50' - table = '23' - for src in sources: - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'source', src]) - - self.cli_commit() - - original = """ - 50: from 2001:db8:123::/48 lookup 23 - 50: from 2001:db8:126::/48 lookup 23 - """ - tmp = cmd('ip -6 rule show prio 50') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test set table for fwmark ipv6 - def test_fwmark_ipv6_table_id(self): - path = base_path + ['local-route6'] - - fwmk = '24' - rule = '100' - table = '154' - - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'fwmark', fwmk]) - - self.cli_commit() - - original = """ - 100: from all fwmark 0x18 lookup 154 - """ - tmp = cmd('ip -6 rule show prio 100') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test set table for destination ipv6 - def test_destination_ipv6_table_id(self): - path = base_path + ['local-route6'] - - dst = '2001:db8:1337::/126' - rule = '101' - table = '154' - - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'destination', dst]) - - self.cli_commit() - - original = """ - 101: from all to 2001:db8:1337::/126 lookup 154 - """ - tmp = cmd('ip -6 rule show prio 101') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test set table for sources with fwmark ipv6 - def test_fwmark_sources_ipv6_table_id(self): - path = base_path + ['local-route6'] - - sources = ['2001:db8:1338::/126', '2001:db8:1339::/126'] - fwmk = '23' - rule = '102' - table = '150' - for src in sources: - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'source', src]) - self.cli_set(path + ['rule', rule, 'fwmark', fwmk]) - - self.cli_commit() - - original = """ - 102: from 2001:db8:1338::/126 fwmark 0x17 lookup 150 - 102: from 2001:db8:1339::/126 fwmark 0x17 lookup 150 - """ - tmp = cmd('ip -6 rule show prio 102') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test set table for sources with iif ipv6 - def test_iif_sources_ipv6_table_id(self): - path = base_path + ['local-route6'] - - sources = ['2001:db8:1338::/126', '2001:db8:1339::/126'] - iif = 'lo' - rule = '102' - table = '150' - for src in sources: - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'source', src]) - self.cli_set(path + ['rule', rule, 'inbound-interface', iif]) - - self.cli_commit() - - # Check generated configuration - # Expected values - original = """ - 102: from 2001:db8:1338::/126 iif lo lookup 150 - 102: from 2001:db8:1339::/126 iif lo lookup 150 - """ - tmp = cmd('ip -6 rule show prio 102') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test set table for sources and destinations with fwmark ipv6 - def test_fwmark_sources_destination_ipv6_table_id(self): - path = base_path + ['local-route6'] - - sources = ['2001:db8:1338::/126', '2001:db8:1339::/56'] - destinations = ['2001:db8:13::/48', '2001:db8:16::/48'] - fwmk = '23' - rule = '103' - table = '150' - for src in sources: - for dst in destinations: - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'source', src]) - self.cli_set(path + ['rule', rule, 'destination', dst]) - self.cli_set(path + ['rule', rule, 'fwmark', fwmk]) - - self.cli_commit() - - original = """ - 103: from 2001:db8:1338::/126 to 2001:db8:13::/48 fwmark 0x17 lookup 150 - 103: from 2001:db8:1338::/126 to 2001:db8:16::/48 fwmark 0x17 lookup 150 - 103: from 2001:db8:1339::/56 to 2001:db8:13::/48 fwmark 0x17 lookup 150 - 103: from 2001:db8:1339::/56 to 2001:db8:16::/48 fwmark 0x17 lookup 150 - """ - tmp = cmd('ip -6 rule show prio 103') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - - # Test delete table for sources and destination with fwmark ipv4/ipv6 - def test_delete_ipv4_ipv6_table_id(self): - path = base_path + ['local-route'] - path_v6 = base_path + ['local-route6'] - - sources = ['203.0.113.0/24', '203.0.114.5'] - destinations = ['203.0.112.0/24', '203.0.116.5'] - sources_v6 = ['2001:db8:1338::/126', '2001:db8:1339::/56'] - destinations_v6 = ['2001:db8:13::/48', '2001:db8:16::/48'] - fwmk = '23' - rule = '103' - table = '150' - for src in sources: - for dst in destinations: - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'source', src]) - self.cli_set(path + ['rule', rule, 'destination', dst]) - self.cli_set(path + ['rule', rule, 'fwmark', fwmk]) - - for src in sources_v6: - for dst in destinations_v6: - self.cli_set(path_v6 + ['rule', rule, 'set', 'table', table]) - self.cli_set(path_v6 + ['rule', rule, 'source', src]) - self.cli_set(path_v6 + ['rule', rule, 'destination', dst]) - self.cli_set(path_v6 + ['rule', rule, 'fwmark', fwmk]) - - self.cli_commit() - - original = """ - 103: from 203.0.113.0/24 to 203.0.116.5 fwmark 0x17 lookup 150 - 103: from 203.0.114.5 to 203.0.112.0/24 fwmark 0x17 lookup 150 - 103: from 203.0.114.5 to 203.0.116.5 fwmark 0x17 lookup 150 - 103: from 203.0.113.0/24 to 203.0.112.0/24 fwmark 0x17 lookup 150 - """ - original_v6 = """ - 103: from 2001:db8:1338::/126 to 2001:db8:16::/48 fwmark 0x17 lookup 150 - 103: from 2001:db8:1339::/56 to 2001:db8:13::/48 fwmark 0x17 lookup 150 - 103: from 2001:db8:1339::/56 to 2001:db8:16::/48 fwmark 0x17 lookup 150 - 103: from 2001:db8:1338::/126 to 2001:db8:13::/48 fwmark 0x17 lookup 150 - """ - tmp = cmd('ip rule show prio 103') - tmp_v6 = cmd('ip -6 rule show prio 103') - - self.assertEqual(sort_ip(tmp), sort_ip(original)) - self.assertEqual(sort_ip(tmp_v6), sort_ip(original_v6)) - - self.cli_delete(path) - self.cli_delete(path_v6) - self.cli_commit() - - tmp = cmd('ip rule show prio 103') - tmp_v6 = cmd('ip -6 rule show prio 103') - - self.assertEqual(sort_ip(tmp), []) - self.assertEqual(sort_ip(tmp_v6), []) - - # Test multiple commits ipv4 - def test_multiple_commit_ipv4_table_id(self): - path = base_path + ['local-route'] - - sources = ['192.0.2.1', '192.0.2.2'] - destination = '203.0.113.25' - rule = '105' - table = '151' - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - for src in sources: - self.cli_set(path + ['rule', rule, 'source', src]) - - self.cli_commit() - - original_first = """ - 105: from 192.0.2.1 lookup 151 - 105: from 192.0.2.2 lookup 151 - """ - tmp = cmd('ip rule show prio 105') - - self.assertEqual(sort_ip(tmp), sort_ip(original_first)) - - # Create second commit with added destination - self.cli_set(path + ['rule', rule, 'destination', destination]) - self.cli_commit() - - original_second = """ - 105: from 192.0.2.1 to 203.0.113.25 lookup 151 - 105: from 192.0.2.2 to 203.0.113.25 lookup 151 - """ - tmp = cmd('ip rule show prio 105') - - self.assertEqual(sort_ip(tmp), sort_ip(original_second)) - - -def sort_ip(output): - o = '\n'.join([' '.join(line.strip().split()) for line in output.strip().splitlines()]) - o = o.splitlines() - o.sort() - return o - - # Test set table for fwmark - def test_fwmark_table_id(self): - path = base_path + ['local-route'] - - fwmk = '24' - rule = '101' - table = '154' - - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'fwmark', fwmk]) - - self.cli_commit() - # Check generated configuration # Expected values original = """ - 101: from all fwmark 0x18 lookup 154 - """ - tmp = cmd('ip rule show prio 101') - original = original.split() - tmp = tmp.split() - - self.assertEqual(tmp, original) - - # Test set table for sources with fwmark - def test_fwmark_sources_table_id(self): - path = base_path + ['local-route'] - - sources = ['203.0.113.11', '203.0.113.12'] - fwmk = '23' - rule = '100' - table = '150' - for src in sources: - self.cli_set(path + ['rule', rule, 'set', 'table', table]) - self.cli_set(path + ['rule', rule, 'source', src]) - self.cli_set(path + ['rule', rule, 'fwmark', fwmk]) - - self.cli_commit() - - # Check generated configuration - - # Expected values - original = """ - 100: from 203.0.113.11 fwmark 0x17 lookup 150 - 100: from 203.0.113.12 fwmark 0x17 lookup 150 + 50: from 203.0.113.1 lookup 23 + 50: from 203.0.113.2 lookup 23 """ - tmp = cmd('ip rule show prio 100') + tmp = cmd('ip rule show prio 50') original = original.split() tmp = tmp.split() diff --git a/src/conf_mode/policy-local-route.py b/src/conf_mode/policy-local-route.py index 0a4597869..013f22665 100755 --- a/src/conf_mode/policy-local-route.py +++ b/src/conf_mode/policy-local-route.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020-2021 VyOS maintainers and contributors +# Copyright (C) 2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -18,7 +18,6 @@ import os from sys import exit -from netifaces import interfaces from vyos.config import Config from vyos.configdict import dict_merge from vyos.configdict import node_changed @@ -36,95 +35,26 @@ def get_config(config=None): conf = config else: conf = Config() - base = ['policy'] - + base = ['policy', 'local-route'] pbr = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) - for route in ['local_route', 'local_route6']: - dict_id = 'rule_remove' if route == 'local_route' else 'rule6_remove' - route_key = 'local-route' if route == 'local_route' else 'local-route6' - base_rule = base + [route_key, 'rule'] - - # delete policy local-route - dict = {} - tmp = node_changed(conf, base_rule, key_mangling=('-', '_')) - if tmp: - for rule in (tmp or []): - src = leaf_node_changed(conf, base_rule + [rule, 'source']) - fwmk = leaf_node_changed(conf, base_rule + [rule, 'fwmark']) - iif = leaf_node_changed(conf, base_rule + [rule, 'inbound-interface']) - dst = leaf_node_changed(conf, base_rule + [rule, 'destination']) - rule_def = {} - if src: - rule_def = dict_merge({'source' : src}, rule_def) - if fwmk: - rule_def = dict_merge({'fwmark' : fwmk}, rule_def) - if iif: - rule_def = dict_merge({'inbound_interface' : iif}, rule_def) - if dst: - rule_def = dict_merge({'destination' : dst}, rule_def) - dict = dict_merge({dict_id : {rule : rule_def}}, dict) - pbr.update(dict) - if fwmk: - dict = dict_merge({'rule_remove' : {rule : {'fwmark' : fwmk}}}, dict) + # delete policy local-route + dict = {} + tmp = node_changed(conf, ['policy', 'local-route', 'rule'], key_mangling=('-', '_')) + if tmp: + for rule in (tmp or []): + src = leaf_node_changed(conf, ['policy', 'local-route', 'rule', rule, 'source']) + if src: + dict = dict_merge({'rule_remove' : {rule : {'source' : src}}}, dict) pbr.update(dict) - if not route in pbr: - continue - - # delete policy local-route rule x source x.x.x.x - # delete policy local-route rule x fwmark x - # delete policy local-route rule x destination x.x.x.x - if 'rule' in pbr[route]: - for rule, rule_config in pbr[route]['rule'].items(): - src = leaf_node_changed(conf, base_rule + [rule, 'source']) - fwmk = leaf_node_changed(conf, base_rule + [rule, 'fwmark']) - iif = leaf_node_changed(conf, base_rule + [rule, 'inbound-interface']) - dst = leaf_node_changed(conf, base_rule + [rule, 'destination']) - # keep track of changes in configuration - # otherwise we might remove an existing node although nothing else has changed - changed = False - - rule_def = {} - # src is None if there are no changes to src - if src is None: - # if src hasn't changed, include it in the removal selector - # if a new selector is added, we have to remove all previous rules without this selector - # to make sure we remove all previous rules with this source(s), it will be included - if 'source' in rule_config: - rule_def = dict_merge({'source': rule_config['source']}, rule_def) - else: - # if src is not None, it's previous content will be returned - # this can be an empty array if it's just being set, or the previous value - # either way, something has to be changed and we only want to remove previous values - changed = True - # set the old value for removal if it's not empty - if len(src) > 0: - rule_def = dict_merge({'source' : src}, rule_def) - if fwmk is None: - if 'fwmark' in rule_config: - rule_def = dict_merge({'fwmark': rule_config['fwmark']}, rule_def) - else: - changed = True - if len(fwmk) > 0: - rule_def = dict_merge({'fwmark' : fwmk}, rule_def) - if iif is None: - if 'inbound_interface' in rule_config: - rule_def = dict_merge({'inbound_interface': rule_config['inbound_interface']}, rule_def) - else: - changed = True - if len(iif) > 0: - rule_def = dict_merge({'inbound_interface' : iif}, rule_def) - if dst is None: - if 'destination' in rule_config: - rule_def = dict_merge({'destination': rule_config['destination']}, rule_def) - else: - changed = True - if len(dst) > 0: - rule_def = dict_merge({'destination' : dst}, rule_def) - if changed: - dict = dict_merge({dict_id : {rule : rule_def}}, dict) - pbr.update(dict) + # delete policy local-route rule x source x.x.x.x + if 'rule' in pbr: + for rule in pbr['rule']: + src = leaf_node_changed(conf, ['policy', 'local-route', 'rule', rule, 'source']) + if src: + dict = dict_merge({'rule_remove' : {rule : {'source' : src}}}, dict) + pbr.update(dict) return pbr @@ -133,25 +63,13 @@ def verify(pbr): if not pbr: return None - for route in ['local_route', 'local_route6']: - if not route in pbr: - continue - - pbr_route = pbr[route] - if 'rule' in pbr_route: - for rule in pbr_route['rule']: - if 'source' not in pbr_route['rule'][rule] \ - and 'destination' not in pbr_route['rule'][rule] \ - and 'fwmark' not in pbr_route['rule'][rule] \ - and 'inbound_interface' not in pbr_route['rule'][rule]: - raise ConfigError('Source or destination address or fwmark or inbound-interface is required!') - else: - if 'set' not in pbr_route['rule'][rule] or 'table' not in pbr_route['rule'][rule]['set']: - raise ConfigError('Table set is required!') - if 'inbound_interface' in pbr_route['rule'][rule]: - interface = pbr_route['rule'][rule]['inbound_interface'] - if interface not in interfaces(): - raise ConfigError(f'Interface "{interface}" does not exist') + if 'rule' in pbr: + for rule in pbr['rule']: + if 'source' not in pbr['rule'][rule]: + raise ConfigError('Source address required!') + else: + if 'set' not in pbr['rule'][rule] or 'table' not in pbr['rule'][rule]['set']: + raise ConfigError('Table set is required!') return None @@ -166,51 +84,18 @@ def apply(pbr): return None # Delete old rule if needed - for rule_rm in ['rule_remove', 'rule6_remove']: - if rule_rm in pbr: - v6 = " -6" if rule_rm == 'rule6_remove' else "" - for rule, rule_config in pbr[rule_rm].items(): - rule_config['source'] = rule_config['source'] if 'source' in rule_config else [''] - for src in rule_config['source']: - f_src = '' if src == '' else f' from {src} ' - rule_config['destination'] = rule_config['destination'] if 'destination' in rule_config else [''] - for dst in rule_config['destination']: - f_dst = '' if dst == '' else f' to {dst} ' - rule_config['fwmark'] = rule_config['fwmark'] if 'fwmark' in rule_config else [''] - for fwmk in rule_config['fwmark']: - f_fwmk = '' if fwmk == '' else f' fwmark {fwmk} ' - rule_config['inbound_interface'] = rule_config['inbound_interface'] if 'inbound_interface' in rule_config else [''] - for iif in rule_config['inbound_interface']: - f_iif = '' if iif == '' else f' iif {iif} ' - call(f'ip{v6} rule del prio {rule} {f_src}{f_dst}{f_fwmk}{f_iif}') + if 'rule_remove' in pbr: + for rule in pbr['rule_remove']: + for src in pbr['rule_remove'][rule]['source']: + call(f'ip rule del prio {rule} from {src}') # Generate new config - for route in ['local_route', 'local_route6']: - if not route in pbr: - continue - - v6 = " -6" if route == 'local_route6' else "" - - pbr_route = pbr[route] - if 'rule' in pbr_route: - for rule, rule_config in pbr_route['rule'].items(): - table = rule_config['set']['table'] - - rule_config['source'] = rule_config['source'] if 'source' in rule_config else ['all'] - for src in rule_config['source'] or ['all']: - f_src = '' if src == '' else f' from {src} ' - rule_config['destination'] = rule_config['destination'] if 'destination' in rule_config else ['all'] - for dst in rule_config['destination']: - f_dst = '' if dst == '' else f' to {dst} ' - f_fwmk = '' - if 'fwmark' in rule_config: - fwmk = rule_config['fwmark'] - f_fwmk = f' fwmark {fwmk} ' - f_iif = '' - if 'inbound_interface' in rule_config: - iif = rule_config['inbound_interface'] - f_iif = f' iif {iif} ' - call(f'ip{v6} rule add prio {rule} {f_src}{f_dst}{f_fwmk}{f_iif} lookup {table}') + if 'rule' in pbr: + for rule in pbr['rule']: + table = pbr['rule'][rule]['set']['table'] + if pbr['rule'][rule]['source']: + for src in pbr['rule'][rule]['source']: + call(f'ip rule add prio {rule} from {src} lookup {table}') return None |