diff options
| -rw-r--r-- | python/vyos/configdict.py | 12 | ||||
| -rw-r--r-- | python/vyos/configverify.py | 6 | ||||
| -rw-r--r-- | python/vyos/ifconfig/ethernet.py | 17 | ||||
| -rw-r--r-- | python/vyos/util.py | 7 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-macsec.py | 8 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 3 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-pseudo-ethernet.py | 5 |
7 files changed, 37 insertions, 21 deletions
diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 53bd1a13e..785207c7f 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -309,12 +309,18 @@ def is_source_interface(conf, interface, intftype=None): """ ret_val = None intftypes = ['macsec', 'pppoe', 'pseudo-ethernet', 'tunnel', 'vxlan'] - if intftype not in intftypes + [None]: + if not intftype: + intftype = intftypes + + if isinstance(intftype, str): + intftype = [intftype] + elif not isinstance(intftype, list): + raise ValueError(f'Interface type "{type(intftype)}" must be either str or list!') + + if not all(x in intftypes for x in intftype): raise ValueError(f'unknown interface type "{intftype}" or it can not ' 'have a source-interface') - intftype = intftypes if intftype == None else [intftype] - # set config level to root old_level = conf.get_level() conf.set_level([]) diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index d4b532d22..a35ea0b74 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -248,6 +248,12 @@ def verify_source_interface(config): raise ConfigError(f'Invalid source-interface "{src_ifname}". Interface ' f'is already a member of bond "{bond_name}"!') + if 'is_source_interface' in config: + tmp = config['is_source_interface'] + src_ifname = config['source_interface'] + raise ConfigError(f'Can not use source-interface "{src_ifname}", it already ' \ + f'belongs to interface "{tmp}"!') + def verify_dhcpv6(config): """ Common helper function used by interface implementations to perform diff --git a/python/vyos/ifconfig/ethernet.py b/python/vyos/ifconfig/ethernet.py index cb1dcd277..c9fa6ea8b 100644 --- a/python/vyos/ifconfig/ethernet.py +++ b/python/vyos/ifconfig/ethernet.py @@ -1,4 +1,4 @@ -# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2022 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -16,6 +16,8 @@ import os import re +from glob import glob + from vyos.ethtool import Ethtool from vyos.ifconfig.interface import Interface from vyos.util import run @@ -70,13 +72,6 @@ class EthernetIf(Interface): }, }} - _sysfs_set = {**Interface._sysfs_set, **{ - 'rps': { - 'convert': lambda cpus: cpus if cpus else '0', - 'location': '/sys/class/net/{ifname}/queues/rx-0/rps_cpus', - }, - }} - def __init__(self, ifname, **kargs): super().__init__(ifname, **kargs) self.ethtool = Ethtool(ifname) @@ -240,6 +235,7 @@ class EthernetIf(Interface): raise ValueError('Value out of range') rps_cpus = '0' + queues = len(glob(f'/sys/class/net/{self.ifname}/queues/rx-*')) if state: # Enable RPS on all available CPUs except CPU0 which we will not # utilize so the system has one spare core when it's under high @@ -249,8 +245,11 @@ class EthernetIf(Interface): # Linux will clip that internally! rps_cpus = 'ffffffff,ffffffff,ffffffff,fffffffe' + for i in range(0, queues): + self._write_sysfs(f'/sys/class/net/{self.ifname}/queues/rx-{i}/rps_cpus', rps_cpus) + # send bitmask representation as hex string without leading '0x' - return self.set_interface('rps', rps_cpus) + return True def set_sg(self, state): """ diff --git a/python/vyos/util.py b/python/vyos/util.py index 554614b30..1c4102e90 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -1,4 +1,4 @@ -# Copyright 2020-2021 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2020-2022 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -623,6 +623,11 @@ def is_admin() -> bool: (_, _, _, admin_group_members) = getgrnam('sudo') return current_user in admin_group_members +def is_list_equal(first: list, second: list) -> bool: + """ Check if 2 lists are equal and list not empty """ + if len(first) != len(second) or len(first) == 0: + return False + return sorted(first) == sorted(second) def mac2eui64(mac, prefix=None): """ diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py index 8076a27b6..8a969d90f 100755 --- a/src/conf_mode/interfaces-macsec.py +++ b/src/conf_mode/interfaces-macsec.py @@ -67,7 +67,7 @@ def get_config(config=None): macsec.update({'shutdown_required': {}}) if 'source_interface' in macsec: - tmp = is_source_interface(conf, macsec['source_interface'], 'macsec') + tmp = is_source_interface(conf, macsec['source_interface'], ['macsec', 'pseudo-ethernet']) if tmp and tmp != ifname: macsec.update({'is_source_interface' : tmp}) return macsec @@ -101,12 +101,6 @@ def verify(macsec): # gcm-aes-128 requires a 128bit long key - 64 characters (string) = 32byte = 256bit raise ConfigError('gcm-aes-128 requires a 256bit long key!') - if 'is_source_interface' in macsec: - tmp = macsec['is_source_interface'] - src_ifname = macsec['source_interface'] - raise ConfigError(f'Can not use source-interface "{src_ifname}", it already ' \ - f'belongs to interface "{tmp}"!') - if 'source_interface' in macsec: # MACsec adds a 40 byte overhead (32 byte MACsec + 8 bytes VLAN 802.1ad # and 802.1q) - we need to check the underlaying MTU if our configured diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 7d20b3fd0..fe5898282 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -43,6 +43,7 @@ from vyos.util import chown from vyos.util import chmod_600 from vyos.util import cmd from vyos.util import dict_search +from vyos.util import is_list_equal from vyos.util import makedir from vyos.validate import is_addr_assigned @@ -159,7 +160,7 @@ def verify(openvpn): elif v6remAddr and not v6loAddr: raise ConfigError('IPv6 "remote-address" requires IPv6 "local-address"') - if (v4loAddr == v4remAddr) or (v6remAddr == v4remAddr): + if is_list_equal(v4loAddr, v4remAddr) or is_list_equal(v6loAddr, v6remAddr): raise ConfigError('"local-address" and "remote-address" cannot be the same') if dict_search('local_host', openvpn) in dict_search('local_address', openvpn): diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 4bd75f770..48e62a345 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -19,6 +19,7 @@ from sys import exit from vyos.config import Config from vyos.configdict import get_interface_dict from vyos.configdict import leaf_node_changed +from vyos.configdict import is_source_interface from vyos.configverify import verify_vrf from vyos.configverify import verify_address from vyos.configverify import verify_bridge_delete @@ -49,6 +50,10 @@ def get_config(config=None): if 'source_interface' in peth: peth['parent'] = get_interface_dict(conf, ['interfaces', 'ethernet'], peth['source_interface']) + # test if source-interface is maybe already used by another interface + tmp = is_source_interface(conf, peth['source_interface'], ['macsec']) + if tmp and tmp != peth['ifname']: peth.update({'is_source_interface' : tmp}) + return peth def verify(peth): |