diff options
18 files changed, 177 insertions, 37 deletions
diff --git a/interface-definitions/interfaces-bonding.xml b/interface-definitions/interfaces-bonding.xml index 7279e5993..c71482d9c 100644 --- a/interface-definitions/interfaces-bonding.xml +++ b/interface-definitions/interfaces-bonding.xml @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="bonding" owner="${vyos_conf_scripts_dir}/interface-bonding.py"> + <tagNode name="bonding" owner="${vyos_conf_scripts_dir}/interfaces-bonding.py"> <properties> <help>Bonding interface name</help> <priority>315</priority> diff --git a/interface-definitions/interfaces-bridge.xml b/interface-definitions/interfaces-bridge.xml index c026c29b3..40505d7de 100644 --- a/interface-definitions/interfaces-bridge.xml +++ b/interface-definitions/interfaces-bridge.xml @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="bridge" owner="${vyos_conf_scripts_dir}/interface-bridge.py"> + <tagNode name="bridge" owner="${vyos_conf_scripts_dir}/interfaces-bridge.py"> <properties> <help>Bridge interface name</help> <priority>470</priority> diff --git a/interface-definitions/interfaces-dummy.xml b/interface-definitions/interfaces-dummy.xml index c9860fe3b..3bc4330e4 100644 --- a/interface-definitions/interfaces-dummy.xml +++ b/interface-definitions/interfaces-dummy.xml @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="dummy" owner="${vyos_conf_scripts_dir}/interface-dummy.py"> + <tagNode name="dummy" owner="${vyos_conf_scripts_dir}/interfaces-dummy.py"> <properties> <help>Dummy interface name</help> <priority>300</priority> diff --git a/interface-definitions/interfaces-ethernet.xml b/interface-definitions/interfaces-ethernet.xml index 96d2fda10..f51bb3d87 100644 --- a/interface-definitions/interfaces-ethernet.xml +++ b/interface-definitions/interfaces-ethernet.xml @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="ethernet" owner="${vyos_conf_scripts_dir}/interface-ethernet.py"> + <tagNode name="ethernet" owner="${vyos_conf_scripts_dir}/interfaces-ethernet.py"> <properties> <help>Ethernet interface name</help> <priority>318</priority> diff --git a/interface-definitions/interfaces-loopback.xml b/interface-definitions/interfaces-loopback.xml index 267731b1c..0f003bc64 100644 --- a/interface-definitions/interfaces-loopback.xml +++ b/interface-definitions/interfaces-loopback.xml @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="loopback" owner="${vyos_conf_scripts_dir}/interface-loopback.py"> + <tagNode name="loopback" owner="${vyos_conf_scripts_dir}/interfaces-loopback.py"> <properties> <help>Loopback interface</help> <priority>300</priority> diff --git a/interface-definitions/interfaces-openvpn.xml b/interface-definitions/interfaces-openvpn.xml index 365d80558..42c953fdc 100644 --- a/interface-definitions/interfaces-openvpn.xml +++ b/interface-definitions/interfaces-openvpn.xml @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="openvpn" owner="${vyos_conf_scripts_dir}/interface-openvpn.py"> + <tagNode name="openvpn" owner="${vyos_conf_scripts_dir}/interfaces-openvpn.py"> <properties> <help>OpenVPN tunnel interface name</help> <priority>460</priority> diff --git a/interface-definitions/interfaces-vxlan.xml b/interface-definitions/interfaces-vxlan.xml index b06c2860c..f93711741 100644 --- a/interface-definitions/interfaces-vxlan.xml +++ b/interface-definitions/interfaces-vxlan.xml @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="vxlan" owner="${vyos_conf_scripts_dir}/interface-vxlan.py"> + <tagNode name="vxlan" owner="${vyos_conf_scripts_dir}/interfaces-vxlan.py"> <properties> <help>Virtual extensible LAN interface (VXLAN)</help> <priority>460</priority> diff --git a/interface-definitions/interfaces-wireguard.xml b/interface-definitions/interfaces-wireguard.xml index f2a7cc316..0c32a3bc1 100644 --- a/interface-definitions/interfaces-wireguard.xml +++ b/interface-definitions/interfaces-wireguard.xml @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="interfaces"> <children> - <tagNode name="wireguard" owner="${vyos_conf_scripts_dir}/interface-wireguard.py"> + <tagNode name="wireguard" owner="${vyos_conf_scripts_dir}/interfaces-wireguard.py"> <properties> <help>WireGuard interface name</help> <priority>459</priority> diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 1022b88de..983906923 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -152,11 +152,11 @@ def vlan_to_dict(conf): # DHCPv6 only acquire config parameters, no address if conf.exists('dhcpv6-options parameters-only'): - vlan['dhcpv6_prm_only'] = conf.return_value('dhcpv6-options parameters-only') + vlan['dhcpv6_prm_only'] = True # DHCPv6 temporary IPv6 address if conf.exists('dhcpv6-options temporary'): - vlan['dhcpv6_temporary'] = conf.return_value('dhcpv6-options temporary') + vlan['dhcpv6_temporary'] = True # ignore link state changes if conf.exists('disable-link-detect'): diff --git a/python/vyos/ifconfig.py b/python/vyos/ifconfig.py index cc214908a..3225971ef 100644 --- a/python/vyos/ifconfig.py +++ b/python/vyos/ifconfig.py @@ -98,6 +98,13 @@ class Interface: 'vendor_class_id' : '' } + # DHCPv6 options + self._dhcpv6_options = { + 'intf' : self._ifname, + 'dhcpv6_prm_only' : False, + 'dhcpv6_temporary' : False + } + def _debug_msg(self, msg): if os.path.isfile('/tmp/vyos.ifconfig.debug'): print('DEBUG/{:<6} {}'.format(self._ifname, msg)) @@ -474,6 +481,7 @@ class Interface: def get_dhcp_options(self): """ Return dictionary with supported DHCP options. + Dictionary should be altered and send back via set_dhcp_options() so those options are applied when DHCP is run. """ @@ -485,6 +493,21 @@ class Interface: """ self._dhcp_options = options + def get_dhcpv6_options(self): + """ + Return dictionary with supported DHCPv6 options. + + Dictionary should be altered and send back via set_dhcp_options() + so those options are applied when DHCP is run. + """ + return self._dhcpv6_options + + def set_dhcpv6_options(self, options): + """ + Store new DHCP options used by next run of DHCP client. + """ + self._dhcpv6_options = options + # replace dhcpv4/v6 with systemd.networkd? def _set_dhcp(self): """ @@ -579,9 +602,14 @@ class Interface: >>> j = Interface('eth0') >>> j.set_dhcpv6() """ - dhcpv6 = { - 'intf': self._ifname - } + dhcpv6 = self.get_dhcpv6_options() + import pprint + pprint.pprint(dhcpv6) + + # better save then sorry .. should be checked in interface script + # but if you missed it we are safe! + if dhcpv6['dhcpv6_prm_only'] and dhcpv6['dhcpv6_temporary']: + raise Exception('DHCPv6 temporary and parameters-only options are mutually exclusive!') # render DHCP configuration tmpl = jinja2.Template(dhcpv6_cfg) @@ -597,16 +625,24 @@ class Interface: sleep(5) # no longer accept router announcements on this interface - cmd = 'sysctl -q -w net.ipv6.conf.{}.accept_ra=0'.format(self._ifname) - self._cmd(cmd) + self._write_sysfs('/proc/sys/net/ipv6/conf/{}/accept_ra' + .format(self._ifname), 0) # assemble command-line to start DHCPv6 client (dhclient) cmd = 'start-stop-daemon --start --quiet --pidfile ' + \ self._dhcpv6_pid_file cmd += ' --exec /sbin/dhclient --' # now pass arguments to dhclient binary - cmd += ' -6 -nw -cf {} -pf {} -lf {} {}'.format( - self._dhcpv6_cfg_file, self._dhcpv6_pid_file, self._dhcpv6_lease_file, self._ifname) + cmd += ' -6 -nw -cf {} -pf {} -lf {}'.format( + self._dhcpv6_cfg_file, self._dhcpv6_pid_file, self._dhcpv6_lease_file) + + # add optional arguments + if dhcpv6['dhcpv6_prm_only']: + cmd += ' -S' + if dhcpv6['dhcpv6_temporary']: + cmd += ' -T' + + cmd += ' {}'.format(self._ifname) return self._cmd(cmd) @@ -634,8 +670,8 @@ class Interface: self._cmd(cmd) # accept router announcements on this interface - cmd = 'sysctl -q -w net.ipv6.conf.{}.accept_ra=1'.format(self._ifname) - self._cmd(cmd) + self._write_sysfs('/proc/sys/net/ipv6/conf/{}/accept_ra' + .format(self._ifname), 1) # cleanup old config file if os.path.isfile(self._dhcpv6_cfg_file): diff --git a/src/conf_mode/interface-bonding.py b/src/conf_mode/interfaces-bonding.py index 49d2a05d4..8a0f9f84d 100755 --- a/src/conf_mode/interface-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -84,6 +84,33 @@ def apply_vlan_config(vlan, config): if type(vlan) != type(VLANIf("lo")): raise TypeError() + # get DHCP config dictionary and update values + opt = vlan.get_dhcp_options() + + if config['dhcp_client_id']: + opt['client_id'] = config['dhcp_client_id'] + + if config['dhcp_hostname']: + opt['hostname'] = config['dhcp_hostname'] + + if config['dhcp_vendor_class_id']: + opt['vendor_class_id'] = config['dhcp_vendor_class_id'] + + # store DHCP config dictionary - used later on when addresses are aquired + vlan.set_dhcp_options(opt) + + # get DHCPv6 config dictionary and update values + opt = vlan.get_dhcpv6_options() + + if config['dhcpv6_prm_only']: + opt['dhcpv6_prm_only'] = True + + if config['dhcpv6_temporary']: + opt['dhcpv6_temporary'] = True + + # store DHCPv6 config dictionary - used later on when addresses are aquired + vlan.set_dhcpv6_options(opt) + # update interface description used e.g. within SNMP vlan.set_alias(config['description']) # ignore link state changes @@ -171,11 +198,11 @@ def get_config(): # DHCPv6 only acquire config parameters, no address if conf.exists('dhcpv6-options parameters-only'): - bond['dhcpv6_prm_only'] = conf.return_value('dhcpv6-options parameters-only') + bond['dhcpv6_prm_only'] = True # DHCPv6 temporary IPv6 address if conf.exists('dhcpv6-options temporary'): - bond['dhcpv6_temporary'] = conf.return_value('dhcpv6-options temporary') + bond['dhcpv6_temporary'] = True # ignore link state changes if conf.exists('disable-link-detect'): @@ -221,7 +248,7 @@ def get_config(): if conf.exists('primary'): bond['primary'] = conf.return_value('primary') - # re-set configuration level and retrieve vif-s interfaces + # re-set configuration level to parse new nodes conf.set_level(cfg_base) # get vif-s interfaces (currently effective) - to determine which vif-s # interface is no longer present and needs to be removed @@ -235,7 +262,7 @@ def get_config(): conf.set_level(cfg_base + ' vif-s ' + vif_s) bond['vif_s'].append(vlan_to_dict(conf)) - # re-set configuration level and retrieve vif-s interfaces + # re-set configuration level to parse new nodes conf.set_level(cfg_base) # Determine vif interfaces (currently effective) - to determine which # vif interface is no longer present and needs to be removed @@ -265,6 +292,21 @@ def verify(bond): raise ConfigError('Interface "{}" is not part of the bond' \ .format(bond['primary'])) + + # DHCPv6 parameters-only and temporary address are mutually exclusive + for vif_s in bond['vif_s']: + if vif_s['dhcpv6_prm_only'] and vif_s['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + + for vif_c in vif_s['vif_c']: + if vif_c['dhcpv6_prm_only'] and vif_c['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + + for vif in bond['vif']: + if vif['dhcpv6_prm_only'] and vif['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + + for vif_s in bond['vif_s']: for vif in bond['vif']: if vif['id'] == vif_s['id']: @@ -385,10 +427,21 @@ def apply(bond): if bond['dhcp_vendor_class_id']: opt['vendor_class_id'] = bond['dhcp_vendor_class_id'] - # store DHCP config dictionary - used later on when addresses - # are requested + # store DHCP config dictionary - used later on when addresses are aquired b.set_dhcp_options(opt) + # get DHCPv6 config dictionary and update values + opt = b.get_dhcpv6_options() + + if bond['dhcpv6_prm_only']: + opt['dhcpv6_prm_only'] = True + + if bond['dhcpv6_temporary']: + opt['dhcpv6_temporary'] = True + + # store DHCPv6 config dictionary - used later on when addresses are aquired + b.set_dhcpv6_options(opt) + # ignore link state changes b.set_link_detect(bond['disable_link_detect']) # Bonding transmit hash policy diff --git a/src/conf_mode/interface-bridge.py b/src/conf_mode/interfaces-bridge.py index 57ac98444..70bf4f528 100755 --- a/src/conf_mode/interface-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -100,11 +100,11 @@ def get_config(): # DHCPv6 only acquire config parameters, no address if conf.exists('dhcpv6-options parameters-only'): - bridge['dhcpv6_prm_only'] = conf.return_value('dhcpv6-options parameters-only') + bridge['dhcpv6_prm_only'] = True # DHCPv6 temporary IPv6 address if conf.exists('dhcpv6-options temporary'): - bridge['dhcpv6_temporary'] = conf.return_value('dhcpv6-options temporary') + bridge['dhcpv6_temporary'] = True # Disable this bridge interface if conf.exists('disable'): @@ -174,6 +174,9 @@ def get_config(): return bridge def verify(bridge): + if bridge['dhcpv6_prm_only'] and bridge['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + conf = Config() for br in conf.list_nodes('interfaces bridge'): # it makes no sense to verify ourself in this case @@ -240,10 +243,21 @@ def apply(bridge): if bridge['dhcp_vendor_class_id']: opt['vendor_class_id'] = bridge['dhcp_vendor_class_id'] - # store DHCP config dictionary - used later on when addresses - # are requested + # store DHCPv6 config dictionary - used later on when addresses are aquired br.set_dhcp_options(opt) + # get DHCPv6 config dictionary and update values + opt = br.get_dhcpv6_options() + + if bridge['dhcpv6_prm_only']: + opt['dhcpv6_prm_only'] = True + + if bridge['dhcpv6_temporary']: + opt['dhcpv6_temporary'] = True + + # store DHCPv6 config dictionary - used later on when addresses are aquired + br.set_dhcpv6_options(opt) + # Change interface MAC address if bridge['mac']: br.set_mac(bridge['mac']) diff --git a/src/conf_mode/interface-dummy.py b/src/conf_mode/interfaces-dummy.py index eb0145f65..eb0145f65 100755 --- a/src/conf_mode/interface-dummy.py +++ b/src/conf_mode/interfaces-dummy.py diff --git a/src/conf_mode/interface-ethernet.py b/src/conf_mode/interfaces-ethernet.py index 3cdc03ce5..cd40aff3e 100755 --- a/src/conf_mode/interface-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -79,10 +79,21 @@ def apply_vlan_config(vlan, config): if config['dhcp_vendor_class_id']: opt['vendor_class_id'] = config['dhcp_vendor_class_id'] - # store DHCP config dictionary - used later on when addresses - # are requested + # store DHCP config dictionary - used later on when addresses are aquired vlan.set_dhcp_options(opt) + # get DHCPv6 config dictionary and update values + opt = vlan.get_dhcpv6_options() + + if config['dhcpv6_prm_only']: + opt['dhcpv6_prm_only'] = True + + if config['dhcpv6_temporary']: + opt['dhcpv6_temporary'] = True + + # store DHCPv6 config dictionary - used later on when addresses are aquired + vlan.set_dhcpv6_options(opt) + # update interface description used e.g. within SNMP vlan.set_alias(config['description']) # ignore link state changes @@ -157,11 +168,11 @@ def get_config(): # DHCPv6 only acquire config parameters, no address if conf.exists('dhcpv6-options parameters-only'): - eth['dhcpv6_prm_only'] = conf.return_value('dhcpv6-options parameters-only') + eth['dhcpv6_prm_only'] = True # DHCPv6 temporary IPv6 address if conf.exists('dhcpv6-options temporary'): - eth['dhcpv6_temporary'] = conf.return_value('dhcpv6-options temporary') + eth['dhcpv6_temporary'] = True # ignore link state changes if conf.exists('disable-link-detect'): @@ -227,7 +238,7 @@ def get_config(): if conf.exists('speed'): eth['speed'] = conf.return_value('speed') - # re-set configuration level and retrieve vif-s interfaces + # re-set configuration level to parse new nodes conf.set_level(cfg_base) # get vif-s interfaces (currently effective) - to determine which vif-s # interface is no longer present and needs to be removed @@ -241,7 +252,7 @@ def get_config(): conf.set_level(cfg_base + ' vif-s ' + vif_s) eth['vif_s'].append(vlan_to_dict(conf)) - # re-set configuration level and retrieve vif-s interfaces + # re-set configuration level to parse new nodes conf.set_level(cfg_base) # Determine vif interfaces (currently effective) - to determine which # vif interface is no longer present and needs to be removed @@ -270,6 +281,9 @@ def verify(eth): if eth['speed'] != 'auto': raise ConfigError('If duplex is hardcoded, speed must be hardcoded, too') + if eth['dhcpv6_prm_only'] and eth['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + conf = Config() # some options can not be changed when interface is enslaved to a bond for bond in conf.list_nodes('interfaces bonding'): @@ -279,6 +293,18 @@ def verify(eth): if eth['address']: raise ConfigError('Can not assign address to interface {} which is a member of {}').format(eth['intf'], bond) + # DHCPv6 parameters-only and temporary address are mutually exclusive + for vif_s in eth['vif_s']: + if vif_s['dhcpv6_prm_only'] and vif_s['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + + for vif_c in vif_s['vif_c']: + if vif_c['dhcpv6_prm_only'] and vif_c['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + + for vif in eth['vif']: + if vif['dhcpv6_prm_only'] and vif['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') return None @@ -306,10 +332,21 @@ def apply(eth): if eth['dhcp_vendor_class_id']: opt['vendor_class_id'] = eth['dhcp_vendor_class_id'] - # store DHCP config dictionary - used later on when addresses - # are requested + # store DHCP config dictionary - used later on when addresses are aquired e.set_dhcp_options(opt) + # get DHCPv6 config dictionary and update values + opt = e.get_dhcpv6_options() + + if eth['dhcpv6_prm_only']: + opt['dhcpv6_prm_only'] = True + + if eth['dhcpv6_temporary']: + opt['dhcpv6_temporary'] = True + + # store DHCPv6 config dictionary - used later on when addresses are aquired + e.set_dhcpv6_options(opt) + # ignore link state changes e.set_link_detect(eth['disable_link_detect']) # disable ethernet flow control (pause frames) diff --git a/src/conf_mode/interface-loopback.py b/src/conf_mode/interfaces-loopback.py index 10722d137..10722d137 100755 --- a/src/conf_mode/interface-loopback.py +++ b/src/conf_mode/interfaces-loopback.py diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 5345bf7a2..5345bf7a2 100755 --- a/src/conf_mode/interface-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py diff --git a/src/conf_mode/interface-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 1097ae4d0..1097ae4d0 100755 --- a/src/conf_mode/interface-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py diff --git a/src/conf_mode/interface-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 7a684bafa..7a684bafa 100755 --- a/src/conf_mode/interface-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py |