diff options
| -rw-r--r-- | data/templates/snmp/etc.snmpd.conf.j2 | 10 | ||||
| -rw-r--r-- | interface-definitions/include/version/firewall-version.xml.i | 2 | ||||
| -rw-r--r-- | interface-definitions/protocols_static_neighbor-proxy.xml.in | 48 | ||||
| -rw-r--r-- | interface-definitions/snmp.xml.in | 95 | ||||
| -rwxr-xr-x | src/conf_mode/protocols_static_neighbor-proxy.py | 95 |
5 files changed, 249 insertions, 1 deletions
diff --git a/data/templates/snmp/etc.snmpd.conf.j2 b/data/templates/snmp/etc.snmpd.conf.j2 index 9d78d479a..3db8c4d7b 100644 --- a/data/templates/snmp/etc.snmpd.conf.j2 +++ b/data/templates/snmp/etc.snmpd.conf.j2 @@ -56,6 +56,16 @@ SysDescr {{ description }} {% endif %} agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }} +{% if mib is vyos_defined %} +# Interface MIB limits +{% if mib.interface_max is vyos_defined %} +ifmib_max_num_ifaces {{ mib.interface_max }} +{% endif %} +{% if mib.interface is vyos_defined %} +include_ifmib_iface_prefix {{ mib.interface | join(' ') }} +{% endif %} +{% endif %} + # SNMP communities {% if community is vyos_defined %} {% for comm, comm_config in community.items() %} diff --git a/interface-definitions/include/version/firewall-version.xml.i b/interface-definitions/include/version/firewall-version.xml.i index dd21bfaca..39f0cdcba 100644 --- a/interface-definitions/include/version/firewall-version.xml.i +++ b/interface-definitions/include/version/firewall-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/firewall-version.xml.i --> -<syntaxVersion component='firewall' version='11'></syntaxVersion> +<syntaxVersion component='firewall' version='12'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/protocols_static_neighbor-proxy.xml.in b/interface-definitions/protocols_static_neighbor-proxy.xml.in new file mode 100644 index 000000000..1c8433a39 --- /dev/null +++ b/interface-definitions/protocols_static_neighbor-proxy.xml.in @@ -0,0 +1,48 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="static"> + <children> + <node name="neighbor-proxy" owner="${vyos_conf_scripts_dir}/protocols_static_neighbor-proxy.py"> + <properties> + <help>Neighbor proxy parameters</help> + </properties> + <children> + <tagNode name="arp"> + <properties> + <help>IP address for selective ARP proxy</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 destination address allowed for proxy-arp</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + <children> + #include <include/generic-interface-multi.xml.i> + </children> + </tagNode> + <tagNode name="nd"> + <properties> + <help>IPv6 address for selective NDP proxy</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 destination address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + #include <include/generic-interface-multi.xml.i> + </children> + </tagNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in index 0851b8389..ec2151b98 100644 --- a/interface-definitions/snmp.xml.in +++ b/interface-definitions/snmp.xml.in @@ -79,6 +79,101 @@ </properties> </leafNode> #include <include/generic-description.xml.i> + <node name="mib"> + <properties> + <help>Management information base (MIB)</help> + </properties> + <children> + <leafNode name="interface-max"> + <properties> + <help>Sets the maximum number of interfaces included in IF-MIB data collection</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Sets the maximum number of interfaces included in IF-MIB data collection</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="interface"> + <properties> + <help>Sets the interface name prefix to include in the IF-MIB data collection</help> + <completionHelp> + <list>br bond dum eth gnv macsec peth sstpc tun veth vti vtun vxlan wg wlan wwan</list> + </completionHelp> + <valueHelp> + <format>br</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>bond</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>dum</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>eth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>gnv</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>macsec</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>peth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>sstpc</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>tun</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>veth</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vti</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vtun</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>vxlan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wg</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wlan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <valueHelp> + <format>wwan</format> + <description>Allow prefix for IF-MIB data collection</description> + </valueHelp> + <constraint> + <regex>(br|bond|dum|eth|gnv|macsec|peth|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)</regex> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </node> <tagNode name="listen-address"> <properties> <help>IP address to listen for incoming SNMP requests</help> diff --git a/src/conf_mode/protocols_static_neighbor-proxy.py b/src/conf_mode/protocols_static_neighbor-proxy.py new file mode 100755 index 000000000..10cc1e748 --- /dev/null +++ b/src/conf_mode/protocols_static_neighbor-proxy.py @@ -0,0 +1,95 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os + +from sys import exit + +from vyos.config import Config +from vyos.configdict import node_changed +from vyos.utils.process import call +from vyos import ConfigError +from vyos import airbag + +airbag.enable() + + +def get_config(config=None): + if config: + conf = config + else: + conf = Config() + + base = ['protocols', 'static', 'neighbor-proxy'] + config = conf.get_config_dict(base, get_first_key=True) + + return config + + +def verify(config): + + if 'arp' in config: + for neighbor, neighbor_conf in config['arp'].items(): + if 'interface' not in neighbor_conf: + raise ConfigError( + f"ARP neighbor-proxy for '{neighbor}' requires an interface to be set!" + ) + + if 'nd' in config: + for neighbor, neighbor_conf in config['nd'].items(): + if 'interface' not in neighbor_conf: + raise ConfigError( + f"ARP neighbor-proxy for '{neighbor}' requires an interface to be set!" + ) + + +def generate(config): + pass + + +def apply(config): + if not config: + # Cleanup proxy + call('ip neighbor flush proxy') + call('ip -6 neighbor flush proxy') + return None + + # Add proxy ARP + if 'arp' in config: + # Cleanup entries before config + call('ip neighbor flush proxy') + for neighbor, neighbor_conf in config['arp'].items(): + for interface in neighbor_conf.get('interface'): + call(f'ip neighbor add proxy {neighbor} dev {interface}') + + # Add proxy NDP + if 'nd' in config: + # Cleanup entries before config + call('ip -6 neighbor flush proxy') + for neighbor, neighbor_conf in config['nd'].items(): + for interface in neighbor_conf['interface']: + call(f'ip -6 neighbor add proxy {neighbor} dev {interface}') + + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + exit(1) |