diff options
38 files changed, 196 insertions, 170 deletions
diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl index a20be45ae..855ebff4f 100644 --- a/data/templates/https/nginx.default.tmpl +++ b/data/templates/https/nginx.default.tmpl @@ -5,7 +5,7 @@ server { listen 80 default_server; listen [::]:80 default_server; server_name _; - return 301 https://$server_name$request_uri; + return 301 https://$host$request_uri; } {% for server in server_block_list %} diff --git a/interface-definitions/include/interface-mtu-1200-16000.xml.i b/interface-definitions/include/interface-mtu-1200-16000.xml.i new file mode 100644 index 000000000..04b5ec8ac --- /dev/null +++ b/interface-definitions/include/interface-mtu-1200-16000.xml.i @@ -0,0 +1,16 @@ +<!-- included start from interface-mtu-1200-16000.xml.i --> +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>1200-16000</format> + <description>Maximum Transmission Unit in byte</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1200-16000"/> + </constraint> + <constraintErrorMessage>MTU must be between 1200 and 16000</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/interface-mtu-1200-9000.xml.i b/interface-definitions/include/interface-mtu-1200-9000.xml.i deleted file mode 100644 index 387e60fa5..000000000 --- a/interface-definitions/include/interface-mtu-1200-9000.xml.i +++ /dev/null @@ -1,16 +0,0 @@ -<!-- included start from interface-mtu-1200-9000.xml.i --> -<leafNode name="mtu"> - <properties> - <help>Maximum Transmission Unit (MTU)</help> - <valueHelp> - <format>1200-9000</format> - <description>Maximum Transmission Unit</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1200-9000"/> - </constraint> - <constraintErrorMessage>MTU must be between 1200 and 9000</constraintErrorMessage> - </properties> - <defaultValue>1500</defaultValue> -</leafNode> -<!-- included end --> diff --git a/interface-definitions/include/interface-mtu-1450-16000.xml.i b/interface-definitions/include/interface-mtu-1450-16000.xml.i new file mode 100644 index 000000000..41dd5fb00 --- /dev/null +++ b/interface-definitions/include/interface-mtu-1450-16000.xml.i @@ -0,0 +1,16 @@ +<!-- included start from interface-mtu-1450-16000.xml.i --> +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>1450-16000</format> + <description>Maximum Transmission Unit in byte</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1450-16000"/> + </constraint> + <constraintErrorMessage>MTU must be between 1450 and 16000</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/interface-mtu-1450-9000.xml.i b/interface-definitions/include/interface-mtu-1450-9000.xml.i deleted file mode 100644 index 3fc961051..000000000 --- a/interface-definitions/include/interface-mtu-1450-9000.xml.i +++ /dev/null @@ -1,16 +0,0 @@ -<!-- included start from interface-mtu-1450-9000.xml.i --> -<leafNode name="mtu"> - <properties> - <help>Maximum Transmission Unit (MTU)</help> - <valueHelp> - <format>1450-9000</format> - <description>Maximum Transmission Unit</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1450-9000"/> - </constraint> - <constraintErrorMessage>MTU must be between 1450 and 9000</constraintErrorMessage> - </properties> - <defaultValue>1500</defaultValue> -</leafNode> -<!-- included end --> diff --git a/interface-definitions/include/interface-mtu-64-8024.xml.i b/interface-definitions/include/interface-mtu-64-8024.xml.i index f51e098c1..0a455bc64 100644 --- a/interface-definitions/include/interface-mtu-64-8024.xml.i +++ b/interface-definitions/include/interface-mtu-64-8024.xml.i @@ -4,7 +4,7 @@ <help>Maximum Transmission Unit (MTU)</help> <valueHelp> <format>64-8024</format> - <description>Maximum Transmission Unit</description> + <description>Maximum Transmission Unit in byte</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 64-8024"/> diff --git a/interface-definitions/include/interface-mtu-68-1500.xml.i b/interface-definitions/include/interface-mtu-68-1500.xml.i index 0563e0023..78c2c6920 100644 --- a/interface-definitions/include/interface-mtu-68-1500.xml.i +++ b/interface-definitions/include/interface-mtu-68-1500.xml.i @@ -4,7 +4,7 @@ <help>Maximum Transmission Unit (MTU)</help> <valueHelp> <format>68-1500</format> - <description>Maximum Transmission Unit</description> + <description>Maximum Transmission Unit in byte</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 68-1500"/> diff --git a/interface-definitions/include/interface-mtu-68-16000.xml.i b/interface-definitions/include/interface-mtu-68-16000.xml.i new file mode 100644 index 000000000..9f18464bf --- /dev/null +++ b/interface-definitions/include/interface-mtu-68-16000.xml.i @@ -0,0 +1,16 @@ +<!-- included start from interface-mtu-68-16000.xml.i --> +<leafNode name="mtu"> + <properties> + <help>Maximum Transmission Unit (MTU)</help> + <valueHelp> + <format>68-16000</format> + <description>Maximum Transmission Unit in byte</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 68-16000"/> + </constraint> + <constraintErrorMessage>MTU must be between 68 and 16000</constraintErrorMessage> + </properties> + <defaultValue>1500</defaultValue> +</leafNode> +<!-- included end --> diff --git a/interface-definitions/include/interface-mtu-68-9000.xml.i b/interface-definitions/include/interface-mtu-68-9000.xml.i deleted file mode 100644 index 82d0ed82b..000000000 --- a/interface-definitions/include/interface-mtu-68-9000.xml.i +++ /dev/null @@ -1,16 +0,0 @@ -<!-- included start from interface-mtu-68-9000.xml.i --> -<leafNode name="mtu"> - <properties> - <help>Maximum Transmission Unit (MTU)</help> - <valueHelp> - <format>68-9000</format> - <description>Maximum Transmission Unit</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 68-9000"/> - </constraint> - <constraintErrorMessage>MTU must be between 68 and 9000</constraintErrorMessage> - </properties> - <defaultValue>1500</defaultValue> -</leafNode> -<!-- included end --> diff --git a/interface-definitions/include/vif-s.xml.i b/interface-definitions/include/vif-s.xml.i index 3a04b10d9..ab556489f 100644 --- a/interface-definitions/include/vif-s.xml.i +++ b/interface-definitions/include/vif-s.xml.i @@ -44,7 +44,7 @@ </children> </node> #include <include/interface-mac.xml.i> - #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-mtu-68-16000.xml.i> <tagNode name="vif-c"> <properties> <help>QinQ TAG-C Virtual Local Area Network (VLAN) ID</help> @@ -61,7 +61,7 @@ #include <include/interface-disable-link-detect.xml.i> #include <include/interface-disable.xml.i> #include <include/interface-mac.xml.i> - #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-mtu-68-16000.xml.i> #include <include/interface-vrf.xml.i> </children> </tagNode> diff --git a/interface-definitions/include/vif.xml.i b/interface-definitions/include/vif.xml.i index a0f7c0bc8..3369d0d7c 100644 --- a/interface-definitions/include/vif.xml.i +++ b/interface-definitions/include/vif.xml.i @@ -63,7 +63,7 @@ </children> </node> #include <include/interface-mac.xml.i> - #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-mtu-68-16000.xml.i> </children> </tagNode> <!-- included end --> diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in index 4e2c61d07..a72ffa01e 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces-bonding.xml.in @@ -170,7 +170,7 @@ </leafNode> </children> </node> - #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-mtu-68-16000.xml.i> <leafNode name="primary"> <properties> <help>Primary device interface</help> diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in index a19a766d3..8ba09f7c4 100644 --- a/interface-definitions/interfaces-ethernet.xml.in +++ b/interface-definitions/interfaces-ethernet.xml.in @@ -79,7 +79,7 @@ </children> </node> #include <include/interface-mac.xml.i> - #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-mtu-68-16000.xml.i> <node name="offload-options"> <properties> <help>Configurable offload options</help> diff --git a/interface-definitions/interfaces-geneve.xml.in b/interface-definitions/interfaces-geneve.xml.in index 320dfd64d..25bf12bfe 100644 --- a/interface-definitions/interfaces-geneve.xml.in +++ b/interface-definitions/interfaces-geneve.xml.in @@ -35,7 +35,7 @@ </children> </node> #include <include/interface-mac.xml.i> - #include <include/interface-mtu-1450-9000.xml.i> + #include <include/interface-mtu-1450-16000.xml.i> <leafNode name="remote"> <properties> <help>Remote address of GENEVE tunnel</help> diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in index 3a878ad76..c347e0926 100644 --- a/interface-definitions/interfaces-l2tpv3.xml.in +++ b/interface-definitions/interfaces-l2tpv3.xml.in @@ -76,7 +76,7 @@ </constraint> </properties> </leafNode> - #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-mtu-68-16000.xml.i> <leafNode name="peer-session-id"> <properties> <help>Peer session identifier</help> diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in index 068e31449..a4035ea1f 100644 --- a/interface-definitions/interfaces-macsec.xml.in +++ b/interface-definitions/interfaces-macsec.xml.in @@ -107,7 +107,7 @@ </node> #include <include/interface-description.xml.i> #include <include/interface-disable.xml.i> - #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-mtu-68-16000.xml.i> #include <include/source-interface-ethernet.xml.i> #include <include/interface-vrf.xml.i> </children> diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in index 3fceb70b6..cebc244db 100644 --- a/interface-definitions/interfaces-pseudo-ethernet.xml.in +++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in @@ -73,7 +73,7 @@ </properties> <defaultValue>private</defaultValue> </leafNode> - #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-mtu-68-16000.xml.i> #include <include/vif-s.xml.i> #include <include/vif.xml.i> </children> diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in index 7fdead16a..37a35a1f7 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -67,7 +67,7 @@ </leafNode> #include <include/source-interface.xml.i> #include <include/interface-mac.xml.i> - #include <include/interface-mtu-1200-9000.xml.i> + #include <include/interface-mtu-1200-16000.xml.i> <leafNode name="remote"> <properties> <help>Remote address of VXLAN tunnel</help> diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in index 981bce826..aa63e4ac7 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -21,7 +21,7 @@ #include <include/interface-disable.xml.i> #include <include/interface-vrf.xml.i> #include <include/port-number.xml.i> - #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-mtu-68-16000.xml.i> <leafNode name="fwmark"> <properties> <help>A 32-bit fwmark value set on all outgoing packets</help> diff --git a/interface-definitions/interfaces-wirelessmodem.xml.in b/interface-definitions/interfaces-wirelessmodem.xml.in index 96604ff00..a0e78a124 100644 --- a/interface-definitions/interfaces-wirelessmodem.xml.in +++ b/interface-definitions/interfaces-wirelessmodem.xml.in @@ -66,7 +66,7 @@ </properties> </leafNode> #include <include/interface-disable-link-detect.xml.i> - #include <include/interface-mtu-68-9000.xml.i> + #include <include/interface-mtu-68-16000.xml.i> <node name="ipv6"> <children> #include <include/ipv6-address.xml.i> diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index db17c33fc..e43b68f6f 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -18,7 +18,7 @@ A library for retrieving value dicts from VyOS configs in a declarative fashion. """ import os -from vyos.util import vyos_dict_search +from vyos.util import dict_search from vyos.xml import defaults from vyos import ConfigError @@ -174,10 +174,10 @@ def T2665_set_dhcpv6pd_defaults(config_dict): pd_defaults = defaults(['interfaces', 'ethernet', 'dhcpv6-options', 'pd']) # Implant default dictionary for DHCPv6-PD instances - if vyos_dict_search('dhcpv6_options.pd.length', config_dict): + if dict_search('dhcpv6_options.pd.length', config_dict): del config_dict['dhcpv6_options']['pd']['length'] - for pd in (vyos_dict_search('dhcpv6_options.pd', config_dict) or []): + for pd in (dict_search('dhcpv6_options.pd', config_dict) or []): config_dict['dhcpv6_options']['pd'][pd] = dict_merge(pd_defaults, config_dict['dhcpv6_options']['pd'][pd]) @@ -332,7 +332,7 @@ def get_interface_dict(config, base, ifname=''): eui64 = leaf_node_changed(config, ['ipv6', 'address', 'eui64']) if eui64: - tmp = vyos_dict_search('ipv6.address', dict) + tmp = dict_search('ipv6.address', dict) if not tmp: dict.update({'ipv6': {'address': {'eui64_old': eui64}}}) else: @@ -419,12 +419,12 @@ def get_accel_dict(config, base, chap_secrets): # defaults include RADIUS server specifics per TAG node which need to be # added to individual RADIUS servers instead - so we can simply delete them - if vyos_dict_search('authentication.radius.server', default_values): + if dict_search('authentication.radius.server', default_values): del default_values['authentication']['radius']['server'] # defaults include static-ip address per TAG node which need to be added to # individual local users instead - so we can simply delete them - if vyos_dict_search('authentication.local_users.username', default_values): + if dict_search('authentication.local_users.username', default_values): del default_values['authentication']['local_users']['username'] dict = dict_merge(default_values, dict) @@ -448,10 +448,10 @@ def get_accel_dict(config, base, chap_secrets): del dict['name_server'] # Add individual RADIUS server default values - if vyos_dict_search('authentication.radius.server', dict): + if dict_search('authentication.radius.server', dict): default_values = defaults(base + ['authentication', 'radius', 'server']) - for server in vyos_dict_search('authentication.radius.server', dict): + for server in dict_search('authentication.radius.server', dict): dict['authentication']['radius']['server'][server] = dict_merge( default_values, dict['authentication']['radius']['server'][server]) @@ -461,10 +461,10 @@ def get_accel_dict(config, base, chap_secrets): dict['authentication']['radius']['server'][server]['acct_port'] = '0' # Add individual local-user default values - if vyos_dict_search('authentication.local_users.username', dict): + if dict_search('authentication.local_users.username', dict): default_values = defaults(base + ['authentication', 'local-users', 'username']) - for username in vyos_dict_search('authentication.local_users.username', dict): + for username in dict_search('authentication.local_users.username', dict): dict['authentication']['local_users']['username'][username] = dict_merge( default_values, dict['authentication']['local_users']['username'][username]) diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 422483663..833ef3772 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -22,7 +22,7 @@ # makes use of it! from vyos import ConfigError -from vyos.util import vyos_dict_search +from vyos.util import dict_search def verify_mtu(config): """ @@ -60,17 +60,17 @@ def verify_mtu_ipv6(config): error_msg = f'IPv6 address will be configured on interface "{interface}" ' \ f'thus the minimum MTU requirement is {min_mtu}!' - if not vyos_dict_search('ipv6.address.no_default_link_local', config): + if not dict_search('ipv6.address.no_default_link_local', config): raise ConfigError('link-local ' + error_msg) - for address in (vyos_dict_search('address', config) or []): + for address in (dict_search('address', config) or []): if address in ['dhcpv6'] or is_ipv6(address): raise ConfigError(error_msg) - if vyos_dict_search('ipv6.address.autoconf', config): + if dict_search('ipv6.address.autoconf', config): raise ConfigError(error_msg) - if vyos_dict_search('ipv6.address.eui64', config): + if dict_search('ipv6.address.eui64', config): raise ConfigError(error_msg) @@ -154,7 +154,7 @@ def verify_dhcpv6(config): recurring validation of DHCPv6 options which are mutually exclusive. """ if 'dhcpv6_options' in config: - from vyos.util import vyos_dict_search + from vyos.util import dict_search if {'parameters_only', 'temporary'} <= set(config['dhcpv6_options']): raise ConfigError('DHCPv6 temporary and parameters-only options ' @@ -162,15 +162,15 @@ def verify_dhcpv6(config): # It is not allowed to have duplicate SLA-IDs as those identify an # assigned IPv6 subnet from a delegated prefix - for pd in vyos_dict_search('dhcpv6_options.pd', config): + for pd in dict_search('dhcpv6_options.pd', config): sla_ids = [] - if not vyos_dict_search(f'dhcpv6_options.pd.{pd}.interface', config): + if not dict_search(f'dhcpv6_options.pd.{pd}.interface', config): raise ConfigError('DHCPv6-PD requires an interface where to assign ' 'the delegated prefix!') - for interface in vyos_dict_search(f'dhcpv6_options.pd.{pd}.interface', config): - sla_id = vyos_dict_search( + for interface in dict_search(f'dhcpv6_options.pd.{pd}.interface', config): + sla_id = dict_search( f'dhcpv6_options.pd.{pd}.interface.{interface}.sla_id', config) sla_ids.append(sla_id) @@ -211,11 +211,11 @@ def verify_accel_ppp_base_service(config): on get_config_dict() """ # vertify auth settings - if vyos_dict_search('authentication.mode', config) == 'local': - if not vyos_dict_search('authentication.local_users', config): + if dict_search('authentication.mode', config) == 'local': + if not dict_search('authentication.local_users', config): raise ConfigError('PPPoE local auth mode requires local users to be configured!') - for user in vyos_dict_search('authentication.local_users.username', config): + for user in dict_search('authentication.local_users.username', config): user_config = config['authentication']['local_users']['username'][user] if 'password' not in user_config: @@ -227,11 +227,11 @@ def verify_accel_ppp_base_service(config): raise ConfigError(f'User "{user}" has rate-limit configured for only one ' \ 'direction but both upload and download must be given!') - elif vyos_dict_search('authentication.mode', config) == 'radius': - if not vyos_dict_search('authentication.radius.server', config): + elif dict_search('authentication.mode', config) == 'radius': + if not dict_search('authentication.radius.server', config): raise ConfigError('RADIUS authentication requires at least one server') - for server in vyos_dict_search('authentication.radius.server', config): + for server in dict_search('authentication.radius.server', config): radius_config = config['authentication']['radius']['server'][server] if 'key' not in radius_config: raise ConfigError(f'Missing RADIUS secret key for server "{server}"') diff --git a/python/vyos/ifconfig/bond.py b/python/vyos/ifconfig/bond.py index 9108fc180..709222b09 100644 --- a/python/vyos/ifconfig/bond.py +++ b/python/vyos/ifconfig/bond.py @@ -17,7 +17,7 @@ import os from vyos.ifconfig.interface import Interface from vyos.util import cmd -from vyos.util import vyos_dict_search +from vyos.util import dict_search from vyos.validate import assert_list from vyos.validate import assert_positive @@ -360,7 +360,7 @@ class BondIf(Interface): self.set_arp_ip_target('-' + addr) # Add configured ARP target addresses - value = vyos_dict_search('arp_monitor.target', config) + value = dict_search('arp_monitor.target', config) if isinstance(value, str): value = [value] if value: @@ -384,7 +384,7 @@ class BondIf(Interface): # Removing an interface from a bond will always place the underlaying # physical interface in admin-down state! If physical interface is # not disabled, re-enable it. - if not vyos_dict_search(f'member.interface_remove.{interface}.disable', config): + if not dict_search(f'member.interface_remove.{interface}.disable', config): Interface(interface).set_admin_state('up') # Bonding policy/mode @@ -392,7 +392,7 @@ class BondIf(Interface): if value: self.set_mode(value) # Add (enslave) interfaces to bond - value = vyos_dict_search('member.interface', config) + value = dict_search('member.interface', config) for interface in (value or []): # if we've come here we already verified the interface # does not have an addresses configured so just flush diff --git a/python/vyos/ifconfig/bridge.py b/python/vyos/ifconfig/bridge.py index bf78f8972..f7388b298 100644 --- a/python/vyos/ifconfig/bridge.py +++ b/python/vyos/ifconfig/bridge.py @@ -19,7 +19,7 @@ from vyos.ifconfig.interface import Interface from vyos.validate import assert_boolean from vyos.validate import assert_positive from vyos.util import cmd -from vyos.util import vyos_dict_search +from vyos.util import dict_search @Interface.register class BridgeIf(Interface): @@ -223,17 +223,17 @@ class BridgeIf(Interface): self.set_stp(value) # enable or disable IGMP querier - tmp = vyos_dict_search('igmp.querier', config) + tmp = dict_search('igmp.querier', config) value = '1' if (tmp != None) else '0' self.set_multicast_querier(value) # remove interface from bridge - tmp = vyos_dict_search('member.interface_remove', config) + tmp = dict_search('member.interface_remove', config) for member in (tmp or []): if member in interfaces(): self.del_port(member) - tmp = vyos_dict_search('member.interface', config) + tmp = dict_search('member.interface', config) if tmp: for interface, interface_config in tmp.items(): # if interface does yet not exist bail out early and diff --git a/python/vyos/ifconfig/ethernet.py b/python/vyos/ifconfig/ethernet.py index 1d48941f9..12d1ec265 100644 --- a/python/vyos/ifconfig/ethernet.py +++ b/python/vyos/ifconfig/ethernet.py @@ -19,7 +19,7 @@ import re from vyos.ifconfig.interface import Interface from vyos.validate import assert_list from vyos.util import run -from vyos.util import vyos_dict_search +from vyos.util import dict_search @Interface.register class EthernetIf(Interface): @@ -282,27 +282,27 @@ class EthernetIf(Interface): self.set_flow_control(value) # GRO (generic receive offload) - tmp = vyos_dict_search('offload_options.generic_receive', config) + tmp = dict_search('offload_options.generic_receive', config) value = tmp if (tmp != None) else 'off' self.set_gro(value) # GSO (generic segmentation offload) - tmp = vyos_dict_search('offload_options.generic_segmentation', config) + tmp = dict_search('offload_options.generic_segmentation', config) value = tmp if (tmp != None) else 'off' self.set_gso(value) # scatter-gather option - tmp = vyos_dict_search('offload_options.scatter_gather', config) + tmp = dict_search('offload_options.scatter_gather', config) value = tmp if (tmp != None) else 'off' self.set_sg(value) # TSO (TCP segmentation offloading) - tmp = vyos_dict_search('offload_options.udp_fragmentation', config) + tmp = dict_search('offload_options.udp_fragmentation', config) value = tmp if (tmp != None) else 'off' self.set_tso(value) # UDP fragmentation offloading - tmp = vyos_dict_search('offload_options.udp_fragmentation', config) + tmp = dict_search('offload_options.udp_fragmentation', config) value = tmp if (tmp != None) else 'off' self.set_ufo(value) diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index ae747e87c..894410871 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -34,7 +34,7 @@ from vyos.configdict import list_diff from vyos.configdict import dict_merge from vyos.template import render from vyos.util import mac2eui64 -from vyos.util import vyos_dict_search +from vyos.util import dict_search from vyos.validate import is_ipv4 from vyos.validate import is_ipv6 from vyos.validate import is_intf_addr_assigned @@ -880,7 +880,7 @@ class Interface(Control): lease_file = f'{config_base}_{ifname}.leases' if enable and 'disable' not in self._config: - if vyos_dict_search('dhcp_options.host_name', self._config) == None: + if dict_search('dhcp_options.host_name', self._config) == None: # read configured system hostname. # maybe change to vyos hostd client ??? hostname = 'vyos' @@ -959,7 +959,7 @@ class Interface(Control): # always ensure DHCPv6 client is stopped (when not configured as client # for IPv6 address or prefix delegation - dhcpv6pd = vyos_dict_search('dhcpv6_options.pd', config) + dhcpv6pd = dict_search('dhcpv6_options.pd', config) if 'dhcpv6' not in new_addr or dhcpv6pd == None: self.del_addr('dhcpv6') @@ -987,64 +987,64 @@ class Interface(Control): self.set_vrf(config.get('vrf', '')) # Configure ARP cache timeout in milliseconds - has default value - tmp = vyos_dict_search('ip.arp_cache_timeout', config) + tmp = dict_search('ip.arp_cache_timeout', config) value = tmp if (tmp != None) else '30' self.set_arp_cache_tmo(value) # Configure ARP filter configuration - tmp = vyos_dict_search('ip.disable_arp_filter', config) + tmp = dict_search('ip.disable_arp_filter', config) value = '0' if (tmp != None) else '1' self.set_arp_filter(value) # Configure ARP accept - tmp = vyos_dict_search('ip.enable_arp_accept', config) + tmp = dict_search('ip.enable_arp_accept', config) value = '1' if (tmp != None) else '0' self.set_arp_accept(value) # Configure ARP announce - tmp = vyos_dict_search('ip.enable_arp_announce', config) + tmp = dict_search('ip.enable_arp_announce', config) value = '1' if (tmp != None) else '0' self.set_arp_announce(value) # Configure ARP ignore - tmp = vyos_dict_search('ip.enable_arp_ignore', config) + tmp = dict_search('ip.enable_arp_ignore', config) value = '1' if (tmp != None) else '0' self.set_arp_ignore(value) # Enable proxy-arp on this interface - tmp = vyos_dict_search('ip.enable_proxy_arp', config) + tmp = dict_search('ip.enable_proxy_arp', config) value = '1' if (tmp != None) else '0' self.set_proxy_arp(value) # Enable private VLAN proxy ARP on this interface - tmp = vyos_dict_search('ip.proxy_arp_pvlan', config) + tmp = dict_search('ip.proxy_arp_pvlan', config) value = '1' if (tmp != None) else '0' self.set_proxy_arp_pvlan(value) # IPv4 forwarding - tmp = vyos_dict_search('ip.disable_forwarding', config) + tmp = dict_search('ip.disable_forwarding', config) value = '0' if (tmp != None) else '1' self.set_ipv4_forwarding(value) # IPv6 forwarding - tmp = vyos_dict_search('ipv6.disable_forwarding', config) + tmp = dict_search('ipv6.disable_forwarding', config) value = '0' if (tmp != None) else '1' self.set_ipv6_forwarding(value) # IPv6 router advertisements - tmp = vyos_dict_search('ipv6.address.autoconf', config) + tmp = dict_search('ipv6.address.autoconf', config) value = '2' if (tmp != None) else '1' if 'dhcpv6' in new_addr: value = '2' self.set_ipv6_accept_ra(value) # IPv6 address autoconfiguration - tmp = vyos_dict_search('ipv6.address.autoconf', config) + tmp = dict_search('ipv6.address.autoconf', config) value = '1' if (tmp != None) else '0' self.set_ipv6_autoconf(value) # IPv6 Duplicate Address Detection (DAD) tries - tmp = vyos_dict_search('ipv6.dup_addr_detect_transmits', config) + tmp = dict_search('ipv6.dup_addr_detect_transmits', config) value = tmp if (tmp != None) else '1' self.set_ipv6_dad_messages(value) @@ -1053,7 +1053,7 @@ class Interface(Control): self.set_mtu(config.get('mtu')) # Delete old IPv6 EUI64 addresses before changing MAC - tmp = vyos_dict_search('ipv6.address.eui64_old', config) + tmp = dict_search('ipv6.address.eui64_old', config) if tmp: for addr in tmp: self.del_ipv6_eui64_address(addr) @@ -1068,7 +1068,7 @@ class Interface(Control): self.set_mac(mac) # Manage IPv6 link-local addresses - tmp = vyos_dict_search('ipv6.address.no_default_link_local', config) + tmp = dict_search('ipv6.address.no_default_link_local', config) # we must check explicitly for None type as if the key is set we will # get an empty dict (<class 'dict'>) if tmp is not None: @@ -1077,7 +1077,7 @@ class Interface(Control): self.add_ipv6_eui64_address('fe80::/64') # Add IPv6 EUI-based addresses - tmp = vyos_dict_search('ipv6.address.eui64', config) + tmp = dict_search('ipv6.address.eui64', config) if tmp: for addr in tmp: self.add_ipv6_eui64_address(addr) diff --git a/python/vyos/util.py b/python/vyos/util.py index e3e389baf..fc6915687 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -603,7 +603,7 @@ def find_device_file(device): return None -def vyos_dict_search(path, dict): +def dict_search(path, dict): """ Traverse Python dictionary (dict) delimited by dot (.). Return value of key if found, None otherwise. diff --git a/smoketest/scripts/cli/base_accel_ppp_test.py b/smoketest/scripts/cli/base_accel_ppp_test.py index 56cbf1dd4..e3e5071c1 100644 --- a/smoketest/scripts/cli/base_accel_ppp_test.py +++ b/smoketest/scripts/cli/base_accel_ppp_test.py @@ -192,3 +192,23 @@ class BasicAccelPPPTest: # Check for running process self.assertTrue(process_named_running(self._process_name)) + + # + # Disable Radius Accounting + # + self.delete(['authentication', 'radius', 'server', radius_server, 'acct-port']) + self.set(['authentication', 'radius', 'server', radius_server, 'disable-accounting']) + + # commit changes + self.session.commit() + + conf.read(self._config_file) + + server = conf['radius']['server'].split(',') + self.assertEqual(radius_server, server[0]) + self.assertEqual(radius_key, server[1]) + self.assertEqual(f'auth-port={radius_port}', server[2]) + self.assertEqual(f'acct-port=0', server[3]) + self.assertEqual(f'req-limit=0', server[4]) + self.assertEqual(f'fail-time=0', server[5]) + diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py index c6bb5bd1a..7dc92feb5 100644 --- a/smoketest/scripts/cli/base_interfaces_test.py +++ b/smoketest/scripts/cli/base_interfaces_test.py @@ -22,7 +22,7 @@ from vyos.configsession import ConfigSession from vyos.ifconfig import Interface from vyos.util import read_file from vyos.util import cmd -from vyos.util import vyos_dict_search +from vyos.util import dict_search from vyos.validate import is_intf_addr_assigned, is_ipv6_link_local class BasicInterfaceTest: @@ -219,7 +219,7 @@ class BasicInterfaceTest: for interface in self._interfaces: for vif_s in self._qinq_range: tmp = json.loads(cmd(f'ip -d -j link show dev {interface}.{vif_s}'))[0] - self.assertEqual(vyos_dict_search('linkinfo.info_data.protocol', tmp), '802.1ad') + self.assertEqual(dict_search('linkinfo.info_data.protocol', tmp), '802.1ad') for vif_c in self._vlan_range: vif = f'{interface}.{vif_s}.{vif_c}' diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py index b5bde743b..43392bde3 100755 --- a/smoketest/scripts/cli/test_nat.py +++ b/smoketest/scripts/cli/test_nat.py @@ -22,7 +22,7 @@ import unittest from vyos.configsession import ConfigSession from vyos.configsession import ConfigSessionError from vyos.util import cmd -from vyos.util import vyos_dict_search +from vyos.util import dict_search base_path = ['nat'] src_path = base_path + ['source'] @@ -73,10 +73,10 @@ class TestNAT(unittest.TestCase): self.assertEqual(data['family'], 'ip') self.assertEqual(data['table'], 'nat') - iface = vyos_dict_search('match.right', data['expr'][0]) - direction = vyos_dict_search('match.left.payload.field', data['expr'][1]) - address = vyos_dict_search('match.right.prefix.addr', data['expr'][1]) - mask = vyos_dict_search('match.right.prefix.len', data['expr'][1]) + iface = dict_search('match.right', data['expr'][0]) + direction = dict_search('match.left.payload.field', data['expr'][1]) + address = dict_search('match.right.prefix.addr', data['expr'][1]) + mask = dict_search('match.right.prefix.len', data['expr'][1]) if int(rule) < 200: self.assertEqual(direction, 'saddr') @@ -127,11 +127,11 @@ class TestNAT(unittest.TestCase): self.assertEqual(data['family'], 'ip') self.assertEqual(data['table'], 'nat') - iface = vyos_dict_search('match.right', data['expr'][0]) - direction = vyos_dict_search('match.left.payload.field', data['expr'][1]) - protocol = vyos_dict_search('match.left.payload.protocol', data['expr'][1]) - dnat_addr = vyos_dict_search('dnat.addr', data['expr'][3]) - dnat_port = vyos_dict_search('dnat.port', data['expr'][3]) + iface = dict_search('match.right', data['expr'][0]) + direction = dict_search('match.left.payload.field', data['expr'][1]) + protocol = dict_search('match.left.payload.protocol', data['expr'][1]) + dnat_addr = dict_search('dnat.addr', data['expr'][3]) + dnat_port = dict_search('dnat.port', data['expr'][3]) self.assertEqual(direction, 'sport') self.assertEqual(dnat_addr, '192.0.2.1') diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py index 2187b3c73..d0c2dd252 100755 --- a/src/conf_mode/dns_forwarding.py +++ b/src/conf_mode/dns_forwarding.py @@ -23,7 +23,7 @@ from vyos.configdict import dict_merge from vyos.hostsd_client import Client as hostsd_client from vyos.util import call from vyos.util import chown -from vyos.util import vyos_dict_search +from vyos.util import dict_search from vyos.template import render from vyos.xml import defaults from vyos.validate import is_ipv6 @@ -94,7 +94,7 @@ def verify(dns): if 'allow_from' not in dns: raise ConfigError('DNS forwarding requires an allow-from network') - # we can not use vyos_dict_search() when testing for domain servers + # we can not use dict_search() when testing for domain servers # as a domain will contains dot's which is out dictionary delimiter. if 'domain' in dns: for domain in dns['domain']: diff --git a/src/conf_mode/intel_qat.py b/src/conf_mode/intel_qat.py index ab98cbc03..dd04a002d 100755 --- a/src/conf_mode/intel_qat.py +++ b/src/conf_mode/intel_qat.py @@ -66,8 +66,14 @@ def verify(qat): # Check if QAT device exist output, err = popen('lspci -nn', decode='utf-8') if not err: + # PCI id | Chipset + # 19e2 -> C3xx + # 37c8 -> C62x + # 0435 -> DH895 + # 6f54 -> D15xx + # 18ee -> QAT_200XX data = re.findall( - '(8086:19e2)|(8086:37c8)|(8086:0435)|(8086:6f54)|(8086:1f18)', output) + '(8086:19e2)|(8086:37c8)|(8086:0435)|(8086:6f54)|(8086:18ee)', output) # If QAT devices found if not data: raise ConfigError('No QAT acceleration device found') diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index ea9bd54d4..1a549f27d 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -33,7 +33,7 @@ from vyos.configverify import verify_vlan_config from vyos.configverify import verify_vrf from vyos.ifconfig import BondIf from vyos.ifconfig import Section -from vyos.util import vyos_dict_search +from vyos.util import dict_search from vyos.validate import has_address_configured from vyos import ConfigError from vyos import airbag @@ -101,7 +101,7 @@ def get_config(config=None): # also present the interfaces to be removed from the bond as dictionary bond['member'].update({'interface_remove': tmp}) - if vyos_dict_search('member.interface', bond): + if dict_search('member.interface', bond): for interface, interface_config in bond['member']['interface'].items(): # Check if member interface is already member of another bridge tmp = is_member(conf, interface, 'bridge') @@ -151,7 +151,7 @@ def verify(bond): verify_vlan_config(bond) bond_name = bond['ifname'] - if vyos_dict_search('member.interface', bond): + if dict_search('member.interface', bond): for interface, interface_config in bond['member']['interface'].items(): error_msg = f'Can not add interface "{interface}" to bond, ' diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index 4aeb8fc67..258f9ec79 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -32,7 +32,7 @@ from vyos.validate import has_address_configured from vyos.xml import defaults from vyos.util import cmd -from vyos.util import vyos_dict_search +from vyos.util import dict_search from vyos import ConfigError from vyos import airbag @@ -58,7 +58,7 @@ def get_config(config=None): else: bridge.update({'member': {'interface_remove': tmp }}) - if vyos_dict_search('member.interface', bridge): + if dict_search('member.interface', bridge): # XXX: T2665: we need a copy of the dict keys for iteration, else we will get: # RuntimeError: dictionary changed size during iteration for interface in list(bridge['member']['interface']): @@ -100,7 +100,7 @@ def verify(bridge): verify_dhcpv6(bridge) verify_vrf(bridge) - if vyos_dict_search('member.interface', bridge): + if dict_search('member.interface', bridge): for interface, interface_config in bridge['member']['interface'].items(): error_msg = f'Can not add interface "{interface}" to bridge, ' diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index c1770771e..a18a21b83 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -32,7 +32,7 @@ from vyos.configverify import verify_vrf from vyos.ifconfig import WiFiIf from vyos.template import render from vyos.util import call -from vyos.util import vyos_dict_search +from vyos.util import dict_search from vyos import ConfigError from vyos import airbag airbag.enable() @@ -80,13 +80,13 @@ def get_config(config=None): # Cleanup "delete" default values when required user selectable values are # not defined at all tmp = conf.get_config_dict([], key_mangling=('-', '_'), get_first_key=True) - if not (vyos_dict_search('security.wpa.passphrase', tmp) or - vyos_dict_search('security.wpa.radius', tmp)): + if not (dict_search('security.wpa.passphrase', tmp) or + dict_search('security.wpa.radius', tmp)): del wifi['security']['wpa'] # defaults include RADIUS server specifics per TAG node which need to be # added to individual RADIUS servers instead - so we can simply delete them - if vyos_dict_search('security.wpa.radius.server.port', wifi): + if dict_search('security.wpa.radius.server.port', wifi): del wifi['security']['wpa']['radius']['server']['port'] if not len(wifi['security']['wpa']['radius']['server']): del wifi['security']['wpa']['radius'] @@ -119,10 +119,10 @@ def get_config(config=None): if tmp: wifi['station_interfaces'] = tmp # Add individual RADIUS server default values - if vyos_dict_search('security.wpa.radius.server', wifi): + if dict_search('security.wpa.radius.server', wifi): default_values = defaults(base + ['security', 'wpa', 'radius', 'server']) - for server in vyos_dict_search('security.wpa.radius.server', wifi): + for server in dict_search('security.wpa.radius.server', wifi): wifi['security']['wpa']['radius']['server'][server] = dict_merge( default_values, wifi['security']['wpa']['radius']['server'][server]) @@ -241,7 +241,7 @@ def generate(wifi): wifi['mac'] = str(mac) # XXX: Jinja2 can not operate on a dictionary key when it starts of with a number - if '40mhz_incapable' in (vyos_dict_search('capabilities.ht', wifi) or []): + if '40mhz_incapable' in (dict_search('capabilities.ht', wifi) or []): wifi['capabilities']['ht']['fourtymhz_incapable'] = wifi['capabilities']['ht']['40mhz_incapable'] del wifi['capabilities']['ht']['40mhz_incapable'] diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index a520120f8..2260b3fe1 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -23,7 +23,7 @@ from vyos.configdict import get_accel_dict from vyos.configverify import verify_accel_ppp_base_service from vyos.template import render from vyos.util import call -from vyos.util import vyos_dict_search +from vyos.util import dict_search from vyos import ConfigError from vyos import airbag airbag.enable() @@ -57,13 +57,13 @@ def verify(pppoe): raise ConfigError('At least one listen interface must be defined!') # local ippool and gateway settings config checks - if not (vyos_dict_search('client_ip_pool.subnet', pppoe) or - (vyos_dict_search('client_ip_pool.start', pppoe) and - vyos_dict_search('client_ip_pool.stop', pppoe))): + if not (dict_search('client_ip_pool.subnet', pppoe) or + (dict_search('client_ip_pool.start', pppoe) and + dict_search('client_ip_pool.stop', pppoe))): print('Warning: No PPPoE client pool defined') - if vyos_dict_search('authentication.radius.dynamic_author.server', pppoe): - if not vyos_dict_search('authentication.radius.dynamic_author.key', pppoe): + if dict_search('authentication.radius.dynamic_author.server', pppoe): + if not dict_search('authentication.radius.dynamic_author.key', pppoe): raise ConfigError('DA/CoE server key required!') return None @@ -75,7 +75,7 @@ def generate(pppoe): render(pppoe_conf, 'accel-ppp/pppoe.config.tmpl', pppoe, trim_blocks=True) - if vyos_dict_search('authentication.mode', pppoe) == 'local': + if dict_search('authentication.mode', pppoe) == 'local': render(pppoe_chap_secrets, 'accel-ppp/chap-secrets.config_dict.tmpl', pppoe, trim_blocks=True, permission=0o640) else: diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index 2597ba42f..1b2b80ce5 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -23,7 +23,7 @@ from vyos.configdict import get_accel_dict from vyos.configverify import verify_accel_ppp_base_service from vyos.template import render from vyos.util import call -from vyos.util import vyos_dict_search +from vyos.util import dict_search from vyos import ConfigError from vyos import airbag airbag.enable() @@ -56,21 +56,21 @@ def verify(sstp): # # SSL certificate checks # - tmp = vyos_dict_search('ssl.ca_cert_file', sstp) + tmp = dict_search('ssl.ca_cert_file', sstp) if not tmp: raise ConfigError(f'SSL CA certificate file required!') else: if not os.path.isfile(tmp): raise ConfigError(f'SSL CA certificate "{tmp}" does not exist!') - tmp = vyos_dict_search('ssl.cert_file', sstp) + tmp = dict_search('ssl.cert_file', sstp) if not tmp: raise ConfigError(f'SSL public key file required!') else: if not os.path.isfile(tmp): raise ConfigError(f'SSL public key "{tmp}" does not exist!') - tmp = vyos_dict_search('ssl.key_file', sstp) + tmp = dict_search('ssl.key_file', sstp) if not tmp: raise ConfigError(f'SSL private key file required!') else: @@ -84,7 +84,7 @@ def generate(sstp): # accel-cmd reload doesn't work so any change results in a restart of the daemon render(sstp_conf, 'accel-ppp/sstp.config.tmpl', sstp, trim_blocks=True) - if vyos_dict_search('authentication.mode', sstp) == 'local': + if dict_search('authentication.mode', sstp) == 'local': render(sstp_chap_secrets, 'accel-ppp/chap-secrets.config_dict.tmpl', sstp, trim_blocks=True, permission=0o640) else: diff --git a/src/tests/test_vyos_dict_search.py b/src/tests/test_vyos_dict_search.py index cba6562da..f12aac64e 100644 --- a/src/tests/test_vyos_dict_search.py +++ b/src/tests/test_vyos_dict_search.py @@ -15,7 +15,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from unittest import TestCase -from vyos.util import vyos_dict_search +from vyos.util import dict_search data = { 'string': 'fooo', @@ -30,28 +30,28 @@ class TestDictSearch(TestCase): def test_non_existing_keys(self): """ TestDictSearch: Return False when querying for non-existent key """ - self.assertFalse(vyos_dict_search('non_existing', data)) + self.assertFalse(dict_search('non_existing', data)) def test_string(self): """ TestDictSearch: Return value when querying string """ - self.assertEqual(vyos_dict_search('string', data), data['string']) + self.assertEqual(dict_search('string', data), data['string']) def test_list(self): """ TestDictSearch: Return list items when querying list """ - self.assertEqual(vyos_dict_search('list', data), data['list']) + self.assertEqual(dict_search('list', data), data['list']) def test_dict_key_value(self): """ TestDictSearch: Return dictionary keys value when value is present """ - self.assertEqual(vyos_dict_search('dict.key_2', data), data['dict']['key_2']) + self.assertEqual(dict_search('dict.key_2', data), data['dict']['key_2']) def test_nested_dict_key_value(self): """ TestDictSearch: Return string value of last key when querying for a nested string """ - self.assertEqual(vyos_dict_search('nested.string', data), data['nested']['string']) + self.assertEqual(dict_search('nested.string', data), data['nested']['string']) def test_nested_dict_key_empty(self): """ TestDictSearch: Return False when querying for a nested string whose last key is empty """ - self.assertFalse(vyos_dict_search('nested.empty', data)) + self.assertFalse(dict_search('nested.empty', data)) def test_nested_list(self): """ TestDictSearch: Return list items when querying nested list """ - self.assertEqual(vyos_dict_search('nested.list', data), data['nested']['list']) + self.assertEqual(dict_search('nested.list', data), data['nested']['list']) |