Merge pull request #644 from jack9603301/T3089

interfaces: mirror: T3089: Fix the dependency problem between interfaces

1 files changed, 45 insertions, 3 deletions

diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py
index e3c6beb8f..7026223b1 100644
--- a/python/vyos/ifconfig/interface.py
+++ b/python/vyos/ifconfig/interface.py
@@ -13,6 +13,7 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 
+from netifaces import interfaces
 import os
 import re
 import json
@@ -1043,7 +1044,9 @@ class Interface(Control):
         
         # Setting up packet mirroring
         ingress_mirror = dict_search('mirror.ingress', self._config)
-        if ingress_mirror:
+        # if interface does yet not exist bail out early and
+        # add it later
+        if ingress_mirror and ingress_mirror in interfaces():
             # Mirror ingress traffic
             mirror_cmd = f'tc qdisc add dev {ifname} handle ffff: ingress'
             self._cmd(mirror_cmd)
@@ -1052,7 +1055,9 @@ class Interface(Control):
             self._cmd(mirror_cmd)
         
         egress_mirror = dict_search('mirror.egress', self._config)
-        if egress_mirror:
+        # if interface does yet not exist bail out early and
+        # add it later
+        if egress_mirror and egress_mirror in interfaces():
             # Mirror egress traffic
             mirror_cmd = f'tc qdisc add dev {ifname} handle 1: root prio'
             self._cmd(mirror_cmd)
@@ -1060,6 +1065,39 @@ class Interface(Control):
             mirror_cmd = f'tc filter add dev {ifname} parent 1: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress mirror dev {egress_mirror}'
             self._cmd(mirror_cmd)
 
+    def apply_mirror_of_monitor(self):
+        # Please refer to the document for details
+        # https://man7.org/linux/man-pages/man8/tc.8.html
+        # https://man7.org/linux/man-pages/man8/tc-mirred.8.html
+        ifname = self._config['ifname']
+        mirror_rules = self._config.get('is_monitor_intf')
+        
+        # Remove existing mirroring rules
+        # The rule must be completely deleted first
+        for rule in mirror_rules:
+            for intf, dire in rule.items():
+                self.del_tc_qdisc(intf,'ingress','ffff:')
+                self.del_tc_qdisc(intf,'prio','1:')
+        
+        # Setting mirror rules
+        for rule in mirror_rules:
+            for intf, dire in rule.items():
+                # Setting up packet mirroring
+                if dire == "ingress":
+                    # Mirror ingress traffic
+                    mirror_cmd = f'tc qdisc add dev {intf} handle ffff: ingress'
+                    self._cmd(mirror_cmd)
+                    # Export the mirrored traffic to the interface
+                    mirror_cmd = f'tc filter add dev {intf} parent ffff: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress mirror dev {ifname}'
+                    self._cmd(mirror_cmd)
+                elif dire == "egress":
+                    # Mirror egress traffic
+                    mirror_cmd = f'tc qdisc add dev {intf} handle 1: root prio'
+                    self._cmd(mirror_cmd)
+                    # Export the mirrored traffic to the interface
+                    mirror_cmd = f'tc filter add dev {intf} parent 1: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress mirror dev {ifname}'
+                    self._cmd(mirror_cmd)
+
     def update(self, config):
         """ General helper function which works on a dictionary retrived by
         get_config_dict(). It's main intention is to consolidate the scattered
@@ -1227,7 +1265,11 @@ class Interface(Control):
         if 'is_bridge_member' in config:
             bridge_dict = config.get('is_bridge_member')
             self.add_to_bridge(bridge_dict)
-
+        
+        # Re-set rules for the mirror monitoring interface
+        if 'is_monitor_intf' in config:
+            self.apply_mirror_of_monitor()
+        
         # remove no longer required 802.1ad (Q-in-Q VLANs)
         ifname = config['ifname']
         for vif_s_id in config.get('vif_s_remove', {}):