summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces-l2tpv3.py
diff options
context:
space:
mode:
authorMarcus Hoff <marcus.hoff@ring2.dk>2020-09-05 09:58:03 +0200
committerMarcus Hoff <marcus.hoff@ring2.dk>2020-09-05 09:58:03 +0200
commit46fb580fa0131f6815bbcfc95631654f6fe999a8 (patch)
tree73ae9fcaa97d5cfab7883bc6fbf3ea036677c2a3 /src/conf_mode/interfaces-l2tpv3.py
parent0377b8e40b0d3e424da11194e97659c5066c0a1d (diff)
parentb6b61bc9ecf1328e67a0c15934f8bf3966a6b66d (diff)
downloadvyos-1x-46fb580fa0131f6815bbcfc95631654f6fe999a8.tar.gz
vyos-1x-46fb580fa0131f6815bbcfc95631654f6fe999a8.zip
Merge remote-tracking branch 'upstream/current' into current
Diffstat (limited to 'src/conf_mode/interfaces-l2tpv3.py')
-rwxr-xr-xsrc/conf_mode/interfaces-l2tpv3.py267
1 files changed, 52 insertions, 215 deletions
diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py
index 4ff0bcb57..8250a3df8 100755
--- a/src/conf_mode/interfaces-l2tpv3.py
+++ b/src/conf_mode/interfaces-l2tpv3.py
@@ -21,200 +21,68 @@ from copy import deepcopy
from netifaces import interfaces
from vyos.config import Config
-from vyos.ifconfig import L2TPv3If, Interface
+from vyos.configdict import get_interface_dict
+from vyos.configdict import leaf_node_changed
+from vyos.configverify import verify_address
+from vyos.configverify import verify_bridge_delete
+from vyos.ifconfig import L2TPv3If
+from vyos.util import check_kmod
+from vyos.validate import is_addr_assigned
from vyos import ConfigError
-from vyos.util import call
-from vyos.validate import is_member, is_addr_assigned
-
from vyos import airbag
airbag.enable()
-default_config_data = {
- 'address': [],
- 'deleted': False,
- 'description': '',
- 'disable': False,
- 'encapsulation': 'udp',
- 'local_address': '',
- 'local_port': 5000,
- 'intf': '',
- 'ipv6_accept_ra': 1,
- 'ipv6_autoconf': 0,
- 'ipv6_eui64_prefix': [],
- 'ipv6_forwarding': 1,
- 'ipv6_dup_addr_detect': 1,
- 'is_bridge_member': False,
- 'mtu': 1488,
- 'peer_session_id': '',
- 'peer_tunnel_id': '',
- 'remote_address': '',
- 'remote_port': 5000,
- 'session_id': '',
- 'tunnel_id': ''
-}
-
-def check_kmod():
- modules = ['l2tp_eth', 'l2tp_netlink', 'l2tp_ip', 'l2tp_ip6']
- for module in modules:
- if not os.path.exists(f'/sys/module/{module}'):
- if call(f'modprobe {module}') != 0:
- raise ConfigError(f'Loading Kernel module {module} failed')
-
-def get_config():
- l2tpv3 = deepcopy(default_config_data)
- conf = Config()
-
- # determine tagNode instance
- if 'VYOS_TAGNODE_VALUE' not in os.environ:
- raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
-
- l2tpv3['intf'] = os.environ['VYOS_TAGNODE_VALUE']
-
- # check if interface is member of a bridge
- l2tpv3['is_bridge_member'] = is_member(conf, l2tpv3['intf'], 'bridge')
-
- # Check if interface has been removed
- if not conf.exists('interfaces l2tpv3 ' + l2tpv3['intf']):
- l2tpv3['deleted'] = True
- interface = l2tpv3['intf']
-
- # to delete the l2tpv3 interface we need the current tunnel_id and session_id
- if conf.exists_effective(f'interfaces l2tpv3 {interface} tunnel-id'):
- l2tpv3['tunnel_id'] = conf.return_effective_value(f'interfaces l2tpv3 {interface} tunnel-id')
-
- if conf.exists_effective(f'interfaces l2tpv3 {interface} session-id'):
- l2tpv3['session_id'] = conf.return_effective_value(f'interfaces l2tpv3 {interface} session-id')
-
- return l2tpv3
-
- # set new configuration level
- conf.set_level('interfaces l2tpv3 ' + l2tpv3['intf'])
-
- # retrieve configured interface addresses
- if conf.exists('address'):
- l2tpv3['address'] = conf.return_values('address')
-
- # retrieve interface description
- if conf.exists('description'):
- l2tpv3['description'] = conf.return_value('description')
-
- # get tunnel destination port
- if conf.exists('destination-port'):
- l2tpv3['remote_port'] = int(conf.return_value('destination-port'))
-
- # Disable this interface
- if conf.exists('disable'):
- l2tpv3['disable'] = True
-
- # get tunnel encapsulation type
- if conf.exists('encapsulation'):
- l2tpv3['encapsulation'] = conf.return_value('encapsulation')
-
- # get tunnel local ip address
- if conf.exists('local-ip'):
- l2tpv3['local_address'] = conf.return_value('local-ip')
-
- # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC)
- if conf.exists('ipv6 address autoconf'):
- l2tpv3['ipv6_autoconf'] = 1
-
- # Get prefixes for IPv6 addressing based on MAC address (EUI-64)
- if conf.exists('ipv6 address eui64'):
- l2tpv3['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64')
+k_mod = ['l2tp_eth', 'l2tp_netlink', 'l2tp_ip', 'l2tp_ip6']
- # Remove the default link-local address if set.
- if not ( conf.exists('ipv6 address no-default-link-local') or
- l2tpv3['is_bridge_member'] ):
- # add the link-local by default to make IPv6 work
- l2tpv3['ipv6_eui64_prefix'].append('fe80::/64')
- # Disable IPv6 forwarding on this interface
- if conf.exists('ipv6 disable-forwarding'):
- l2tpv3['ipv6_forwarding'] = 0
+def get_config(config=None):
+ """
+ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the
+ interface name will be added or a deleted flag
+ """
+ if config:
+ conf = config
+ else:
+ conf = Config()
+ base = ['interfaces', 'l2tpv3']
+ l2tpv3 = get_interface_dict(conf, base)
- # IPv6 Duplicate Address Detection (DAD) tries
- if conf.exists('ipv6 dup-addr-detect-transmits'):
- l2tpv3['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits'))
+ # L2TPv3 is "special" the default MTU is 1488 - update accordingly
+ # as the config_level is already st in get_interface_dict() - we can use []
+ tmp = conf.get_config_dict([], key_mangling=('-', '_'), get_first_key=True)
+ if 'mtu' not in tmp:
+ l2tpv3['mtu'] = '1488'
- # to make IPv6 SLAAC and DHCPv6 work with forwarding=1,
- # accept_ra must be 2
- if l2tpv3['ipv6_autoconf'] or 'dhcpv6' in l2tpv3['address']:
- l2tpv3['ipv6_accept_ra'] = 2
+ # To delete an l2tpv3 interface we need the current tunnel and session-id
+ if 'deleted' in l2tpv3:
+ tmp = leaf_node_changed(conf, ['tunnel-id'])
+ l2tpv3.update({'tunnel_id': tmp})
- # Maximum Transmission Unit (MTU)
- if conf.exists('mtu'):
- l2tpv3['mtu'] = int(conf.return_value('mtu'))
-
- # Remote session id
- if conf.exists('peer-session-id'):
- l2tpv3['peer_session_id'] = conf.return_value('peer-session-id')
-
- # Remote tunnel id
- if conf.exists('peer-tunnel-id'):
- l2tpv3['peer_tunnel_id'] = conf.return_value('peer-tunnel-id')
-
- # Remote address of L2TPv3 tunnel
- if conf.exists('remote-ip'):
- l2tpv3['remote_address'] = conf.return_value('remote-ip')
-
- # Local session id
- if conf.exists('session-id'):
- l2tpv3['session_id'] = conf.return_value('session-id')
-
- # get local tunnel port
- if conf.exists('source-port'):
- l2tpv3['local_port'] = conf.return_value('source-port')
-
- # get local tunnel id
- if conf.exists('tunnel-id'):
- l2tpv3['tunnel_id'] = conf.return_value('tunnel-id')
+ tmp = leaf_node_changed(conf, ['session-id'])
+ l2tpv3.update({'session_id': tmp})
return l2tpv3
-
def verify(l2tpv3):
- interface = l2tpv3['intf']
-
- if l2tpv3['deleted']:
- if l2tpv3['is_bridge_member']:
- raise ConfigError((
- f'Interface "{l2tpv3["intf"]}" cannot be deleted as it is a '
- f'member of bridge "{l2tpv3["is_bridge_member"]}"!'))
-
+ if 'deleted' in l2tpv3:
+ verify_bridge_delete(l2tpv3)
return None
- if not l2tpv3['local_address']:
- raise ConfigError(f'Must configure the l2tpv3 local-ip for {interface}')
-
- if not is_addr_assigned(l2tpv3['local_address']):
- raise ConfigError(f'Must use a configured IP on l2tpv3 local-ip for {interface}')
+ interface = l2tpv3['ifname']
- if not l2tpv3['remote_address']:
- raise ConfigError(f'Must configure the l2tpv3 remote-ip for {interface}')
+ for key in ['local_ip', 'remote_ip', 'tunnel_id', 'peer_tunnel_id',
+ 'session_id', 'peer_session_id']:
+ if key not in l2tpv3:
+ tmp = key.replace('_', '-')
+ raise ConfigError(f'L2TPv3 {tmp} must be configured!')
- if not l2tpv3['tunnel_id']:
- raise ConfigError(f'Must configure the l2tpv3 tunnel-id for {interface}')
-
- if not l2tpv3['peer_tunnel_id']:
- raise ConfigError(f'Must configure the l2tpv3 peer-tunnel-id for {interface}')
-
- if not l2tpv3['session_id']:
- raise ConfigError(f'Must configure the l2tpv3 session-id for {interface}')
-
- if not l2tpv3['peer_session_id']:
- raise ConfigError(f'Must configure the l2tpv3 peer-session-id for {interface}')
-
- if ( l2tpv3['is_bridge_member']
- and ( l2tpv3['address']
- or l2tpv3['ipv6_eui64_prefix']
- or l2tpv3['ipv6_autoconf'] ) ):
- raise ConfigError((
- f'Cannot assign address to interface "{l2tpv3["intf"]}" '
- f'as it is a member of bridge "{l2tpv3["is_bridge_member"]}"!'))
+ if not is_addr_assigned(l2tpv3['local_ip']):
+ raise ConfigError('L2TPv3 local-ip address '
+ '"{local_ip}" is not configured!'.format(**l2tpv3))
+ verify_address(l2tpv3)
return None
-
def generate(l2tpv3):
return None
@@ -225,65 +93,34 @@ def apply(l2tpv3):
conf = deepcopy(L2TPv3If.get_config())
# Check if L2TPv3 interface already exists
- if l2tpv3['intf'] in interfaces():
+ if l2tpv3['ifname'] in interfaces():
# L2TPv3 is picky when changing tunnels/sessions, thus we can simply
# always delete it first.
conf['session_id'] = l2tpv3['session_id']
conf['tunnel_id'] = l2tpv3['tunnel_id']
- l = L2TPv3If(l2tpv3['intf'], **conf)
+ l = L2TPv3If(l2tpv3['ifname'], **conf)
l.remove()
- if not l2tpv3['deleted']:
+ if 'deleted' not in l2tpv3:
conf['peer_tunnel_id'] = l2tpv3['peer_tunnel_id']
- conf['local_port'] = l2tpv3['local_port']
- conf['remote_port'] = l2tpv3['remote_port']
+ conf['local_port'] = l2tpv3['source_port']
+ conf['remote_port'] = l2tpv3['destination_port']
conf['encapsulation'] = l2tpv3['encapsulation']
- conf['local_address'] = l2tpv3['local_address']
- conf['remote_address'] = l2tpv3['remote_address']
+ conf['local_address'] = l2tpv3['local_ip']
+ conf['remote_address'] = l2tpv3['remote_ip']
conf['session_id'] = l2tpv3['session_id']
conf['tunnel_id'] = l2tpv3['tunnel_id']
conf['peer_session_id'] = l2tpv3['peer_session_id']
# Finally create the new interface
- l = L2TPv3If(l2tpv3['intf'], **conf)
- # update interface description used e.g. by SNMP
- l.set_alias(l2tpv3['description'])
- # Maximum Transfer Unit (MTU)
- l.set_mtu(l2tpv3['mtu'])
- # IPv6 accept RA
- l.set_ipv6_accept_ra(l2tpv3['ipv6_accept_ra'])
- # IPv6 address autoconfiguration
- l.set_ipv6_autoconf(l2tpv3['ipv6_autoconf'])
- # IPv6 forwarding
- l.set_ipv6_forwarding(l2tpv3['ipv6_forwarding'])
- # IPv6 Duplicate Address Detection (DAD) tries
- l.set_ipv6_dad_messages(l2tpv3['ipv6_dup_addr_detect'])
-
- # Configure interface address(es) - no need to implicitly delete the
- # old addresses as they have already been removed by deleting the
- # interface above
- for addr in l2tpv3['address']:
- l.add_addr(addr)
-
- # IPv6 EUI-based addresses
- for addr in l2tpv3['ipv6_eui64_prefix']:
- l.add_ipv6_eui64_address(addr)
-
- # As the interface is always disabled first when changing parameters
- # we will only re-enable the interface if it is not administratively
- # disabled
- if not l2tpv3['disable']:
- l.set_admin_state('up')
-
- # re-add ourselves to any bridge we might have fallen out of
- if l2tpv3['is_bridge_member']:
- l.add_to_bridge(l2tpv3['is_bridge_member'])
+ l = L2TPv3If(l2tpv3['ifname'], **conf)
+ l.update(l2tpv3)
return None
if __name__ == '__main__':
try:
- check_kmod()
+ check_kmod(k_mod)
c = get_config()
verify(c)
generate(c)