summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--interface-definitions/interfaces-wireless.xml.in4
-rw-r--r--python/vyos/ifconfig_vlan.py2
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py2
-rwxr-xr-xsrc/conf_mode/interfaces-pseudo-ethernet.py4
-rwxr-xr-xsrc/conf_mode/interfaces-vxlan.py2
-rwxr-xr-xsrc/conf_mode/interfaces-wireless.py158
-rw-r--r--src/systemd/isc-dhcp-relay.service8
-rw-r--r--src/systemd/isc-dhcp-relay6.service8
-rw-r--r--src/systemd/isc-dhcp-server.service19
-rw-r--r--src/systemd/isc-dhcp-server6.service18
10 files changed, 64 insertions, 161 deletions
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index 3edcbb8ff..7cf4da70f 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -463,10 +463,13 @@
</leafNode>
<node name="ip">
<children>
+ #include <include/interface-arp-cache-timeout.xml.i>
#include <include/interface-disable-arp-filter.xml.i>
#include <include/interface-enable-arp-accept.xml.i>
#include <include/interface-enable-arp-announce.xml.i>
#include <include/interface-enable-arp-ignore.xml.i>
+ #include <include/interface-enable-proxy-arp.xml.i>
+ #include <include/interface-proxy-arp-pvlan.xml.i>
</children>
</node>
<node name="ipv6">
@@ -761,6 +764,7 @@
</properties>
</leafNode>
#include <include/vif.xml.i>
+ #include <include/vif-s.xml.i>
</children>
</tagNode>
</children>
diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py
index 09fb8c802..bb93121e7 100644
--- a/python/vyos/ifconfig_vlan.py
+++ b/python/vyos/ifconfig_vlan.py
@@ -185,7 +185,7 @@ def verify_vlan_config(config):
if vif_id == vif_s_id:
raise ConfigError((
f'Cannot use identical ID on vif "{vif["intf"]}" '
- f'and vif-s "{vif_s}"'))
+ f'and vif-s "{vif_s["intf"]}"'))
# DHCPv6 parameters-only and temporary address are mutually exclusive
if vif_s['dhcpv6_prm_only'] and vif_s['dhcpv6_temporary']:
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index c0678764f..bd69e4d4b 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -632,7 +632,7 @@ def verify(openvpn):
raise ConfigError((
f'Cannot delete interface "{openvpn["intf"]}" as it is a '
f'member of bridge "{openvpn["is_bridge_menber"]}"!'))
- return None
+ return None
if not openvpn['mode']:
diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py
index 4063b85b0..ec2f1146e 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces-pseudo-ethernet.py
@@ -122,7 +122,7 @@ def verify(peth):
if not peth['source_interface'] in interfaces():
raise ConfigError((
- f'Pseudo-ethernet "{peth["intf"]}" link device does not exist')
+ f'Pseudo-ethernet "{peth["intf"]}" link device does not exist'))
if ( peth['is_bridge_member']
and ( peth['address']
@@ -254,7 +254,7 @@ def apply(peth):
p.add_to_bridge(peth['is_bridge_member'])
# apply all vlans to interface
- apply_all_vlans(b, bond)
+ apply_all_vlans(p, peth)
return None
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index fabfaa9df..91682a540 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -167,7 +167,7 @@ def verify(vxlan):
if vxlan['is_bridge_member']:
raise ConfigError((
f'Cannot delete interface "{vxlan["intf"]}" as it is a '
- f'member of bridge "{vxlan["is_bridge_member"]}"!')
+ f'member of bridge "{vxlan["is_bridge_member"]}"!'))
return None
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index 4d61dc303..03f66dd81 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -24,9 +24,9 @@ from netifaces import interfaces
from netaddr import EUI, mac_unix_expanded
from vyos.config import Config
-from vyos.configdict import list_diff, vlan_to_dict
+from vyos.configdict import list_diff, intf_to_dict, add_to_dict
from vyos.ifconfig import WiFiIf, Section
-from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config
+from vyos.ifconfig_vlan import apply_all_vlans, verify_vlan_config
from vyos.template import render
from vyos.util import chown, call
from vyos.validate import is_member
@@ -87,6 +87,7 @@ default_config_data = {
'ip_enable_arp_accept': 0,
'ip_enable_arp_announce': 0,
'ip_enable_arp_ignore': 0,
+ 'ip_proxy_arp': 0,
'ipv6_autoconf': 0,
'ipv6_eui64_prefix': [],
'ipv6_eui64_prefix_remove': [],
@@ -108,8 +109,10 @@ default_config_data = {
'sec_wpa_radius' : [],
'ssid' : '',
'op_mode' : 'monitor',
- 'vif': [],
+ 'vif': {},
'vif_remove': [],
+ 'vif_s': {},
+ 'vif_s_remove': [],
'vrf': ''
}
@@ -125,22 +128,21 @@ def get_conf_file(conf_type, intf):
return cfg_file
def get_config():
- wifi = deepcopy(default_config_data)
- conf = Config()
-
# determine tagNode instance
if 'VYOS_TAGNODE_VALUE' not in os.environ:
raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
- wifi['intf'] = os.environ['VYOS_TAGNODE_VALUE']
-
- # check if interface is member if a bridge
- wifi['is_bridge_member'] = is_member(conf, wifi['intf'], 'bridge')
+ ifname = os.environ['VYOS_TAGNODE_VALUE']
+ conf = Config()
# check if wireless interface has been removed
- cfg_base = 'interfaces wireless ' + wifi['intf']
+ cfg_base = ['interfaces', 'wireless ', ifname]
if not conf.exists(cfg_base):
+ wifi = deepcopy(default_config_data)
+ wifi['intf'] = ifname
wifi['deleted'] = True
+ # we need to know if we're a bridge member so we can refuse deletion
+ wifi['is_bridge_member'] = is_member(conf, wifi['intf'], 'bridge')
# we can not bail out early as wireless interface can not be removed
# Kernel will complain with: RTNETLINK answers: Operation not supported.
# Thus we need to remove individual settings
@@ -149,14 +151,8 @@ def get_config():
# set new configuration level
conf.set_level(cfg_base)
- # retrieve configured interface addresses
- if conf.exists('address'):
- wifi['address'] = conf.return_values('address')
-
- # get interface addresses (currently effective) - to determine which
- # address is no longer valid and needs to be removed
- eff_addr = conf.return_effective_values('address')
- wifi['address_remove'] = list_diff(eff_addr, wifi['address'])
+ # get common interface settings
+ wifi, disabled = intf_to_dict(conf, default_config_data)
# 40MHz intolerance, use 20MHz only
if conf.exists('capabilities ht 40mhz-incapable'):
@@ -310,38 +306,10 @@ def get_config():
if conf.exists('channel'):
wifi['channel'] = conf.return_value('channel')
- # retrieve interface description
- if conf.exists('description'):
- wifi['description'] = conf.return_value('description')
-
- # get DHCP client identifier
- if conf.exists('dhcp-options client-id'):
- wifi['dhcp_client_id'] = conf.return_value('dhcp-options client-id')
-
- # DHCP client host name (overrides the system host name)
- if conf.exists('dhcp-options host-name'):
- wifi['dhcp_hostname'] = conf.return_value('dhcp-options host-name')
-
- # DHCP client vendor identifier
- if conf.exists('dhcp-options vendor-class-id'):
- wifi['dhcp_vendor_class_id'] = conf.return_value('dhcp-options vendor-class-id')
-
- # DHCPv6 only acquire config parameters, no address
- if conf.exists('dhcpv6-options parameters-only'):
- wifi['dhcpv6_prm_only'] = conf.return_value('dhcpv6-options parameters-only')
-
- # DHCPv6 temporary IPv6 address
- if conf.exists('dhcpv6-options temporary'):
- wifi['dhcpv6_temporary'] = conf.return_value('dhcpv6-options temporary')
-
# Disable broadcast of SSID from access-point
if conf.exists('disable-broadcast-ssid'):
wifi['disable_broadcast_ssid'] = True
- # ignore link state changes on this interface
- if conf.exists('disable-link-detect'):
- wifi['disable_link_detect'] = 2
-
# Disassociate stations based on excessive transmission failures
if conf.exists('expunge-failing-stations'):
wifi['expunge_failing_stations'] = True
@@ -354,64 +322,10 @@ def get_config():
if conf.exists('isolate-stations'):
wifi['isolate_stations'] = True
- # ARP filter configuration
- if conf.exists('ip disable-arp-filter'):
- wifi['ip_disable_arp_filter'] = 0
-
- # ARP enable accept
- if conf.exists('ip enable-arp-accept'):
- wifi['ip_enable_arp_accept'] = 1
-
- # ARP enable announce
- if conf.exists('ip enable-arp-announce'):
- wifi['ip_enable_arp_announce'] = 1
-
- # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC)
- if conf.exists('ipv6 address autoconf'):
- wifi['ipv6_autoconf'] = 1
-
- # Get prefixes for IPv6 addressing based on MAC address (EUI-64)
- if conf.exists('ipv6 address eui64'):
- wifi['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64')
-
- # Determine currently effective EUI64 addresses - to determine which
- # address is no longer valid and needs to be removed
- eff_addr = conf.return_effective_values('ipv6 address eui64')
- wifi['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, wifi['ipv6_eui64_prefix'])
-
- # Remove the default link-local address if set or if member of a bridge
- if conf.exists('ipv6 address no-default-link-local') or wifi['is_bridge_member']:
- wifi['ipv6_eui64_prefix_remove'].append('fe80::/64')
- else:
- # add the link-local by default to make IPv6 work
- wifi['ipv6_eui64_prefix'].append('fe80::/64')
-
- # ARP enable ignore
- if conf.exists('ip enable-arp-ignore'):
- wifi['ip_enable_arp_ignore'] = 1
-
- # Disable IPv6 forwarding on this interface
- if conf.exists('ipv6 disable-forwarding'):
- wifi['ipv6_forwarding'] = 0
-
- # IPv6 Duplicate Address Detection (DAD) tries
- if conf.exists('ipv6 dup-addr-detect-transmits'):
- wifi['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits'))
-
# Wireless physical device
if conf.exists('physical-device'):
wifi['phy'] = conf.return_value('physical-device')
- # Media Access Control (MAC) address
- if conf.exists('mac'):
- wifi['mac'] = conf.return_value('mac')
-
- # Find out if MAC has changed - if so, we need to delete all IPv6 EUI64 addresses
- # before re-adding them
- if ( wifi['mac'] and wifi['intf'] in Section.interfaces(section='wireless')
- and wifi['mac'] != WiFiIf(wifi['intf'], create=False).get_mac() ):
- wifi['ipv6_eui64_prefix_remove'] += wifi['ipv6_eui64_prefix']
-
# Maximum number of wireless radio stations
if conf.exists('max-stations'):
wifi['max_stations'] = conf.return_value('max-stations')
@@ -424,10 +338,6 @@ def get_config():
if conf.exists('mode'):
wifi['mode'] = conf.return_value('mode')
- # retrieve VRF instance
- if conf.exists('vrf'):
- wifi['vrf'] = conf.return_value('vrf')
-
# Transmission power reduction in dBm
if conf.exists('reduce-transmit-power'):
wifi['reduce_transmit_power'] = conf.return_value('reduce-transmit-power')
@@ -523,24 +433,6 @@ def get_config():
wifi['op_mode'] = tmp
- # re-set configuration level to parse new nodes
- conf.set_level(cfg_base)
- # Determine vif interfaces (currently effective) - to determine which
- # vif interface is no longer present and needs to be removed
- eff_intf = conf.list_effective_nodes('vif')
- act_intf = conf.list_nodes('vif')
- wifi['vif_remove'] = list_diff(eff_intf, act_intf)
-
- if conf.exists('vif'):
- for vif in conf.list_nodes('vif'):
- # set config level to vif interface
- conf.set_level(cfg_base + ' vif ' + vif)
- wifi['vif'].append(vlan_to_dict(conf))
-
- # disable interface
- if conf.exists('disable'):
- wifi['disable'] = True
-
# retrieve configured regulatory domain
conf.set_level('system')
if conf.exists('wifi-regulatory-domain'):
@@ -770,24 +662,8 @@ def apply(wifi):
for addr in wifi['address']:
w.add_addr(addr)
- # remove no longer required VLAN interfaces (vif)
- for vif in wifi['vif_remove']:
- w.del_vlan(vif)
-
- # create VLAN interfaces (vif)
- for vif in wifi['vif']:
- # QoS priority mapping can only be set during interface creation
- # so we delete the interface first if required.
- if vif['egress_qos_changed'] or vif['ingress_qos_changed']:
- try:
- # on system bootup the above condition is true but the interface
- # does not exists, which throws an exception, but that's legal
- w.del_vlan(vif['id'])
- except:
- pass
-
- vlan = w.add_vlan(vif['id'])
- apply_vlan_config(vlan, vif)
+ # apply all vlans to interface
+ apply_all_vlans(w, wifi)
# Enable/Disable interface - interface is always placed in
# administrative down state in WiFiIf class
diff --git a/src/systemd/isc-dhcp-relay.service b/src/systemd/isc-dhcp-relay.service
index ebf4d234e..56bcec840 100644
--- a/src/systemd/isc-dhcp-relay.service
+++ b/src/systemd/isc-dhcp-relay.service
@@ -2,13 +2,19 @@
Description=ISC DHCP IPv4 relay
Documentation=man:dhcrelay(8)
Wants=network-online.target
+RequiresMountsFor=/run
ConditionPathExists=/run/dhcp-relay/dhcp.conf
After=vyos-router.service
[Service]
+Type=forking
WorkingDirectory=/run/dhcp-relay
+RuntimeDirectory=dhcp-relay
+RuntimeDirectoryPreserve=yes
EnvironmentFile=/run/dhcp-relay/dhcp.conf
-ExecStart=/usr/sbin/dhcrelay -d -4 $OPTIONS
+PIDFile=/run/dhcp-relay/dhcrelay.pid
+ExecStart=/usr/sbin/dhcrelay -4 -pf /run/dhcp-relay/dhcrelay.pid $OPTIONS
+Restart=always
[Install]
WantedBy=multi-user.target
diff --git a/src/systemd/isc-dhcp-relay6.service b/src/systemd/isc-dhcp-relay6.service
index a477618b1..85ff16e41 100644
--- a/src/systemd/isc-dhcp-relay6.service
+++ b/src/systemd/isc-dhcp-relay6.service
@@ -2,13 +2,19 @@
Description=ISC DHCP IPv6 relay
Documentation=man:dhcrelay(8)
Wants=network-online.target
+RequiresMountsFor=/run
ConditionPathExists=/run/dhcp-relay/dhcpv6.conf
After=vyos-router.service
[Service]
+Type=forking
WorkingDirectory=/run/dhcp-relay
+RuntimeDirectory=dhcp-relay
+RuntimeDirectoryPreserve=yes
EnvironmentFile=/run/dhcp-relay/dhcpv6.conf
-ExecStart=/usr/sbin/dhcrelay -d -6 $OPTIONS
+PIDFile=/run/dhcp-relay/dhcrelayv6.pid
+ExecStart=/usr/sbin/dhcrelay -6 -pf /run/dhcp-relay/dhcrelayv6.pid $OPTIONS
+Restart=always
[Install]
WantedBy=multi-user.target
diff --git a/src/systemd/isc-dhcp-server.service b/src/systemd/isc-dhcp-server.service
index d848e3df1..e13c66dc6 100644
--- a/src/systemd/isc-dhcp-server.service
+++ b/src/systemd/isc-dhcp-server.service
@@ -6,14 +6,19 @@ ConditionPathExists=/run/dhcp-server/dhcpd.conf
After=vyos-router.service
[Service]
+Type=forking
WorkingDirectory=/run/dhcp-server
-# The leases files need to be root:vyattacfg even when dropping privileges
-ExecStart=/bin/sh -ec '\
- CONFIG_FILE=/run/dhcp-server/dhcpd.conf; \
- [ -e /config/dhcpd.leases ] || touch /config/dhcpd.leases; \
- chown root:vyattacfg /config/dhcpd.leases; \
- chmod 664 /config/dhcpd.leases; \
- exec /usr/sbin/dhcpd -user nobody -group nogroup -f -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE -lf /config/dhcpd.leases'
+RuntimeDirectory=dhcp-server
+RuntimeDirectoryPreserve=yes
+Environment=PID_FILE=/run/dhcp-server/dhcpd.pid CONFIG_FILE=/run/dhcp-server/dhcpd.conf LEASE_FILE=/config/dhcpd.leases
+PIDFile=/run/dhcp-server/dhcpd.pid
+ExecStartPre=/bin/sh -ec '\
+touch ${LEASE_FILE}; \
+chown nobody:nogroup ${LEASE_FILE}* ; \
+chmod 664 ${LEASE_FILE}* ; \
+/usr/sbin/dhcpd -4 -t -T -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} '
+ExecStart=/usr/sbin/dhcpd -4 -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE}
+Restart=always
[Install]
WantedBy=multi-user.target
diff --git a/src/systemd/isc-dhcp-server6.service b/src/systemd/isc-dhcp-server6.service
index 27bebc57f..8ac861d7a 100644
--- a/src/systemd/isc-dhcp-server6.service
+++ b/src/systemd/isc-dhcp-server6.service
@@ -6,13 +6,19 @@ ConditionPathExists=/run/dhcp-server/dhcpdv6.conf
After=vyos-router.service
[Service]
+Type=forking
WorkingDirectory=/run/dhcp-server
-# The leases files need to be root:vyattacfg even when dropping privileges
-ExecStart=/bin/sh -ec '\
- [ -e /config/dhcpdv6.leases ] || touch /config/dhcpdv6.leases; \
- chown root:vyattacfg /config/dhcpdv6.leases; \
- chmod 664 /config/dhcpdv6.leases; \
- exec /usr/sbin/dhcpd -user nobody -group nogroup -f -6 -pf /run/dhcp-server/dhcpdv6.pid -cf /run/dhcp-server/dhcpdv6.conf -lf /config/dhcpdv6.leases'
+RuntimeDirectory=dhcp-server
+RuntimeDirectoryPreserve=yes
+Environment=PID_FILE=/run/dhcp-server/dhcpdv6.pid CONFIG_FILE=/run/dhcp-server/dhcpdv6.conf LEASE_FILE=/config/dhcpdv6.leases
+PIDFile=/run/dhcp-server/dhcpdv6.pid
+ExecStartPre=/bin/sh -ec '\
+touch ${LEASE_FILE}; \
+chown nobody:nogroup ${LEASE_FILE}* ; \
+chmod 664 ${LEASE_FILE}* ; \
+/usr/sbin/dhcpd -6 -t -T -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE} '
+ExecStart=/usr/sbin/dhcpd -6 -q -user nobody -group nogroup -pf ${PID_FILE} -cf ${CONFIG_FILE} -lf ${LEASE_FILE}
+Restart=always
[Install]
WantedBy=multi-user.target