11 files changed, 91 insertions, 9 deletions

diff --git a/data/templates/accel-ppp/config_chap_secrets_radius.j2 b/data/templates/accel-ppp/config_chap_secrets_radius.j2
index 49af3a228..395e55a14 100644
--- a/data/templates/accel-ppp/config_chap_secrets_radius.j2
+++ b/data/templates/accel-ppp/config_chap_secrets_radius.j2
@@ -7,6 +7,9 @@ verbose=1
 {%   for server, options in authentication.radius.server.items() if not options.disable is defined %}
 server={{ server }},{{ options.key }},auth-port={{ options.port }},acct-port={{ options.acct_port }},req-limit=0,fail-time={{ options.fail_time }}
 {%   endfor %}
+{%     if authentication.radius.accounting_interim_interval is defined and authentication.radius.accounting_interim_interval is not none %}
+acct-interim-interval={{ authentication.radius.accounting_interim_interval }}
+{%     endif %}
 {%   if authentication.radius.acct_interim_jitter is defined and authentication.radius.acct_interim_jitter is not none %}
 acct-interim-jitter={{ authentication.radius.acct_interim_jitter }}
 {%   endif %}
diff --git a/data/templates/pppoe/peer.tmpl b/data/templates/pppoe/peer.tmpl
index b681bea77..536d484de 100644
--- a/data/templates/pppoe/peer.tmpl
+++ b/data/templates/pppoe/peer.tmpl
@@ -50,7 +50,7 @@ ifname {{ ifname }}
 ipparam {{ ifname }}
 debug
 mtu {{ mtu }}
-mru {{ mtu }}
+mru {{ mru }}
 
 {% if authentication is defined %}
 {{ 'user "' + authentication.user + '"' if authentication.user is defined }}
diff --git a/data/templates/vrrp/10-override.conf.j2 b/data/templates/vrrp/10-override.conf.j2
new file mode 100644
index 000000000..4a16012b6
--- /dev/null
+++ b/data/templates/vrrp/10-override.conf.j2
@@ -0,0 +1,16 @@
+### Autogenerated by ${vyos_conf_scripts_dir}/vrrp.py ###
+{% set snmp = '--snmp' if snmp is defined else '' %}
+[Unit]
+After=vyos-router.service
+# Only start if there is our configuration file - remove Debian default
+# config file from the condition list
+ConditionFileNotEmpty=
+ConditionFileNotEmpty=/run/keepalived/keepalived.conf
+
+[Service]
+KillMode=process
+Type=simple
+# Read configuration variable file if it is present
+ExecStart=
+ExecStart=/usr/sbin/keepalived --use-file /run/keepalived/keepalived.conf --pid /run/keepalived/keepalived.pid --dont-fork {{ snmp }}
+PIDFile=/run/keepalived/keepalived.pid
diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i
index 7adf294d1..ecd03a4cc 100644
--- a/interface-definitions/include/accel-ppp/radius-additions.xml.i
+++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i
@@ -1,6 +1,19 @@
 <!-- include start from accel-ppp/radius-additions.xml.i -->
 <node name="radius">
   <children>
+    <leafNode name="accounting-interim-interval">
+      <properties>
+        <help>Interval in seconds to send accounting information</help>
+        <valueHelp>
+          <format>u32:1-3600</format>
+          <description>Interval in seconds to send accounting information</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 1-3600"/>
+        </constraint>
+        <constraintErrorMessage>Interval value must be between 1 and 3600 seconds</constraintErrorMessage>
+      </properties>
+    </leafNode>
     <leafNode name="acct-interim-jitter">
       <properties>
         <help>Maximum jitter value in seconds to be applied to accounting information interval</help>
diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index 31bd51bbb..df03ab6c3 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -117,6 +117,9 @@
                   <completionHelp>
                     <script>${vyos_completion_dir}/list_interfaces.py --bridgeable</script>
                   </completionHelp>
+                  <constraint>
+                    #include <include/constraint/interface-name.xml.in>
+                  </constraint>
                 </properties>
                 <children>
                   <leafNode name="native-vlan">
diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in
index fee5777e9..aa2965c65 100644
--- a/interface-definitions/interfaces-pppoe.xml.in
+++ b/interface-definitions/interfaces-pppoe.xml.in
@@ -114,6 +114,20 @@
           <leafNode name="mtu">
             <defaultValue>1492</defaultValue>
           </leafNode>
+          <leafNode name="mru">
+            <properties>
+              <help>Maximum Receive Unit (MRU)</help>
+              <valueHelp>
+                <format>u32:128-16384</format>
+                <description>Maximum Receive Unit in byte</description>
+              </valueHelp>
+              <constraint>
+                <validator name="numeric" argument="--range 128-16384"/>
+              </constraint>
+              <constraintErrorMessage>MRU must be between 128 and 16384</constraintErrorMessage>
+            </properties>
+            <defaultValue>1492</defaultValue>
+          </leafNode>
           <leafNode name="no-peer-dns">
             <properties>
               <help>Do not use DNS servers provided by the peer</help>
diff --git a/interface-definitions/vrrp.xml.in b/interface-definitions/vrrp.xml.in
index cacbad882..2589d61d1 100644
--- a/interface-definitions/vrrp.xml.in
+++ b/interface-definitions/vrrp.xml.in
@@ -351,6 +351,12 @@
               </leafNode>
             </children>
           </tagNode>
+          <leafNode name="snmp">
+            <properties>
+              <valueless/>
+              <help>Enable SNMP</help>
+            </properties>
+          </leafNode>
           <tagNode name="sync-group">
             <properties>
               <help>VRRP sync group</help>
diff --git a/smoketest/scripts/cli/test_interfaces_pppoe.py b/smoketest/scripts/cli/test_interfaces_pppoe.py
index 8dcac4d7d..2aaccbb13 100755
--- a/smoketest/scripts/cli/test_interfaces_pppoe.py
+++ b/smoketest/scripts/cli/test_interfaces_pppoe.py
@@ -58,11 +58,13 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
             user = 'VyOS-user-' + interface
             passwd = 'VyOS-passwd-' + interface
             mtu = '1400'
+            mru = '1300'
 
             self.cli_set(base_path + [interface, 'authentication', 'user', user])
             self.cli_set(base_path + [interface, 'authentication', 'password', passwd])
             self.cli_set(base_path + [interface, 'default-route', 'auto'])
             self.cli_set(base_path + [interface, 'mtu', mtu])
+            self.cli_set(base_path + [interface, 'mru', '9000'])
             self.cli_set(base_path + [interface, 'no-peer-dns'])
 
             # check validate() - a source-interface is required
@@ -70,8 +72,13 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
                 self.cli_commit()
             self.cli_set(base_path + [interface, 'source-interface', self._source_interface])
 
-            # commit changes
-            self.cli_commit()
+            # check validate() - MRU needs to be less or equal then MTU
+            with self.assertRaises(ConfigSessionError):
+                self.cli_commit()
+            self.cli_set(base_path + [interface, 'mru', mru])
+
+        # commit changes
+        self.cli_commit()
 
         # verify configuration file(s)
         for interface in self._interfaces:
@@ -80,6 +87,8 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
 
             tmp = get_config_value(interface, 'mtu')[1]
             self.assertEqual(tmp, mtu)
+            tmp = get_config_value(interface, 'mru')[1]
+            self.assertEqual(tmp, mru)
             tmp = get_config_value(interface, 'user')[1].replace('"', '')
             self.assertEqual(tmp, user)
             tmp = get_config_value(interface, 'password')[1].replace('"', '')
diff --git a/src/conf_mode/interfaces-pppoe.py b/src/conf_mode/interfaces-pppoe.py
index 6c4c6c95b..49714c558 100755
--- a/src/conf_mode/interfaces-pppoe.py
+++ b/src/conf_mode/interfaces-pppoe.py
@@ -59,6 +59,11 @@ def verify(pppoe):
     if {'connect_on_demand', 'vrf'} <= set(pppoe):
         raise ConfigError('On-demand dialing and VRF can not be used at the same time')
 
+    # both MTU and MRU have default values, thus we do not need to check
+    # if the key exists
+    if int(pppoe['mru']) > int(pppoe['mtu']):
+        raise ConfigError('PPPoE MRU needs to be lower then MTU!')
+
     return None
 
 def generate(pppoe):
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index bdf47eba0..27e611c87 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -21,7 +21,7 @@ from netifaces import interfaces
 
 from vyos.config import Config
 from vyos.configdict import get_interface_dict
-from vyos.configdict import leaf_node_changed
+from vyos.configdict import is_node_changed
 from vyos.configverify import verify_address
 from vyos.configverify import verify_bridge_delete
 from vyos.configverify import verify_mtu_ipv6
@@ -53,7 +53,7 @@ def get_config(config=None):
                        'source-address', 'source-interface', 'vni',
                        'parameters ip dont-fragment', 'parameters ip tos',
                        'parameters ip ttl']:
-        if leaf_node_changed(conf, cli_option.split()):
+        if is_node_changed(conf, cli_option.split()):
             vxlan.update({'rebuild_required': {}})
 
     return vxlan
diff --git a/src/conf_mode/vrrp.py b/src/conf_mode/vrrp.py
index 86b11b6c4..b53294e64 100755
--- a/src/conf_mode/vrrp.py
+++ b/src/conf_mode/vrrp.py
@@ -24,6 +24,7 @@ from ipaddress import IPv6Interface
 
 from vyos.config import Config
 from vyos.configdict import dict_merge
+from vyos.configdict import leaf_node_changed
 from vyos.ifconfig.vrrp import VRRP
 from vyos.template import render
 from vyos.template import is_ipv4
@@ -36,6 +37,10 @@ from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
 
+
+systemd_override = r'/run/systemd/system/keepalived.service.d/10-override.conf'
+
+
 def get_config(config=None):
     if config:
         conf = config
@@ -60,6 +65,9 @@ def get_config(config=None):
     if conf.exists(conntrack_path):
         vrrp['conntrack_sync_group'] = conf.return_value(conntrack_path)
 
+    if leaf_node_changed(conf, base + ['snmp']):
+        vrrp.update({'restart_required': {}})
+
     return vrrp
 
 def verify(vrrp):
@@ -138,13 +146,17 @@ def verify(vrrp):
 
 def generate(vrrp):
     if not vrrp:
+        if os.path.isfile(systemd_override):
+            os.unlink(systemd_override)
         return None
 
     render(VRRP.location['config'], 'vrrp/keepalived.conf.tmpl', vrrp)
+    render(systemd_override, 'vrrp/10-override.conf.j2', vrrp)
     return None
 
 def apply(vrrp):
     service_name = 'keepalived.service'
+    call('systemctl daemon-reload')
     if not vrrp:
         call(f'systemctl stop {service_name}')
         return None
@@ -163,10 +175,11 @@ def apply(vrrp):
 
     # XXX: T3944 - reload keepalived configuration if service is already running
     # to not cause any service disruption when applying changes.
-    if is_systemd_service_running(service_name):
-        call(f'systemctl reload {service_name}')
-    else:
-        call(f'systemctl restart {service_name}')
+    systemd_action = 'reload-or-restart'
+    if 'restart_required' in vrrp:
+        systemd_action = 'restart'
+
+    call(f'systemctl {systemd_action} {service_name}')
     return None
 
 if __name__ == '__main__':