diff options
Diffstat (limited to 'python/vyos/configdict.py')
| -rw-r--r-- | python/vyos/configdict.py | 425 |
1 files changed, 309 insertions, 116 deletions
diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 24fe174d2..eec64e964 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -18,7 +18,13 @@ A library for retrieving value dicts from VyOS configs in a declarative fashion. """ +from enum import Enum +from copy import deepcopy + from vyos import ConfigError +from vyos.ifconfig import Interface +from vyos.validate import is_member +from vyos.util import ifname_from_config def retrieve_config(path_hash, base_path, config): """ @@ -97,172 +103,359 @@ def get_ethertype(ethertype_val): else: raise ConfigError('invalid ethertype "{}"'.format(ethertype_val)) +interface_default_data = { + 'address': [], + 'address_remove': [], + 'description': '', + 'dhcp_client_id': '', + 'dhcp_hostname': '', + 'dhcp_vendor_class_id': '', + 'dhcpv6_prm_only': False, + 'dhcpv6_temporary': False, + 'dhcpv6_pd': [], + 'disable': False, + 'disable_link_detect': 1, + 'ip_disable_arp_filter': 1, + 'ip_enable_arp_accept': 0, + 'ip_enable_arp_announce': 0, + 'ip_enable_arp_ignore': 0, + 'ip_proxy_arp': 0, + 'ipv6_accept_ra': 1, + 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': [], + 'ipv6_eui64_prefix_remove': [], + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, + 'is_bridge_member': False, + 'mac': '', + 'mtu': 1500, + 'vrf': '' +} + +vlan_default = { + **interface_default_data, + 'egress_qos': '', + 'egress_qos_changed': False, + 'ingress_qos': '', + 'ingress_qos_changed': False, + 'vif_c': {}, + 'vif_c_remove': [] +} + +# see: https://docs.python.org/3/library/enum.html#functional-api +disable = Enum('disable','none was now both') + +def disable_state(conf, check=[3,5,7]): + """ + return if and how a particual section of the configuration is has disable'd + using "disable" including if it was disabled by one of its parent. + + check: a list of the level we should check, here 7,5 and 3 + interfaces ethernet eth1 vif-s 1 vif-c 2 disable + interfaces ethernet eth1 vif 1 disable + interfaces ethernet eth1 disable + + it returns an enum (none, was, now, both) + """ + + # save where we are in the config + current_level = conf.get_level() + + # logic to figure out if the interface (or one of it parent is disabled) + eff_disable = False + act_disable = False + + levels = check[:] + working_level = current_level[:] + + while levels: + position = len(working_level) + if not position: + break + if position not in levels: + working_level = working_level[:-1] + continue + + levels.remove(position) + conf.set_level(working_level) + working_level = working_level[:-1] + + eff_disable = eff_disable or conf.exists_effective('disable') + act_disable = act_disable or conf.exists('disable') -def vlan_to_dict(conf): + conf.set_level(current_level) + + # how the disabling changed + if eff_disable and act_disable: + return disable.both + if eff_disable and not eff_disable: + return disable.was + if not eff_disable and act_disable: + return disable.now + return disable.none + + +def intf_to_dict(conf, default): """ Common used function which will extract VLAN related information from config and represent the result as Python dictionary. Function call's itself recursively if a vif-s/vif-c pair is detected. """ - vlan = { - 'id': conf.get_level()[-1], # get the '100' in 'interfaces bonding bond0 vif-s 100' - 'address': [], - 'address_remove': [], - 'description': '', - 'dhcp_client_id': '', - 'dhcp_hostname': '', - 'dhcp_vendor_class_id': '', - 'dhcpv6_prm_only': False, - 'dhcpv6_temporary': False, - 'disable': False, - 'disable_link_detect': 1, - 'egress_qos': '', - 'egress_qos_changed': False, - 'ip_disable_arp_filter': 1, - 'ip_enable_arp_accept': 0, - 'ip_enable_arp_announce': 0, - 'ip_enable_arp_ignore': 0, - 'ip_proxy_arp': 0, - 'ipv6_autoconf': 0, - 'ipv6_forwarding': 1, - 'ipv6_dup_addr_detect': 1, - 'ingress_qos': '', - 'ingress_qos_changed': False, - 'mac': '', - 'mtu': 1500, - 'vrf': '' - } - # retrieve configured interface addresses - if conf.exists('address'): - vlan['address'] = conf.return_values('address') - - # Determine interface addresses (currently effective) - to determine which - # address is no longer valid and needs to be removed from the bond - eff_addr = conf.return_effective_values('address') - act_addr = conf.return_values('address') - vlan['address_remove'] = list_diff(eff_addr, act_addr) + + intf = deepcopy(default) + intf['intf'] = ifname_from_config(conf) # retrieve interface description - if conf.exists('description'): - vlan['description'] = conf.return_value('description') + if conf.exists(['description']): + intf['description'] = conf.return_value(['description']) # get DHCP client identifier - if conf.exists('dhcp-options client-id'): - vlan['dhcp_client_id'] = conf.return_value('dhcp-options client-id') + if conf.exists(['dhcp-options', 'client-id']): + intf['dhcp_client_id'] = conf.return_value(['dhcp-options', 'client-id']) # DHCP client host name (overrides the system host name) - if conf.exists('dhcp-options host-name'): - vlan['dhcp_hostname'] = conf.return_value('dhcp-options host-name') + if conf.exists(['dhcp-options', 'host-name']): + intf['dhcp_hostname'] = conf.return_value(['dhcp-options', 'host-name']) # DHCP client vendor identifier - if conf.exists('dhcp-options vendor-class-id'): - vlan['dhcp_vendor_class_id'] = conf.return_value('dhcp-options vendor-class-id') + if conf.exists(['dhcp-options', 'vendor-class-id']): + intf['dhcp_vendor_class_id'] = conf.return_value( + ['dhcp-options', 'vendor-class-id']) # DHCPv6 only acquire config parameters, no address - if conf.exists('dhcpv6-options parameters-only'): - vlan['dhcpv6_prm_only'] = True + if conf.exists(['dhcpv6-options', 'parameters-only']): + intf['dhcpv6_prm_only'] = True + + # DHCPv6 prefix delegation (RFC3633) + current_level = conf.get_level() + if conf.exists(['dhcpv6-options', 'delegate']): + for interface in conf.list_nodes(['dhcpv6-options', 'delegate']): + conf.set_level(current_level + ['dhcpv6-options', 'delegate', interface]) + pd = { + 'ifname': interface, + 'sla_id': '', + 'sla_len': '', + 'if_id': '' + } + + if conf.exists(['sla-id']): + pd['sla_id'] = conf.return_value(['sla-id']) + + if conf.exists(['sla-len']): + pd['sla_len'] = conf.return_value(['sla-len']) + + if conf.exists(['interface-id']): + pd['if_id'] = conf.return_value(['interface-id']) + + intf['dhcpv6_pd'].append(pd) + + # re-set config level + conf.set_level(current_level) # DHCPv6 temporary IPv6 address - if conf.exists('dhcpv6-options temporary'): - vlan['dhcpv6_temporary'] = True + if conf.exists(['dhcpv6-options', 'temporary']): + intf['dhcpv6_temporary'] = True # ignore link state changes - if conf.exists('disable-link-detect'): - vlan['disable_link_detect'] = 2 - - # disable VLAN interface - if conf.exists('disable'): - vlan['disable'] = True + if conf.exists(['disable-link-detect']): + intf['disable_link_detect'] = 2 # ARP filter configuration - if conf.exists('ip disable-arp-filter'): - vlan['ip_disable_arp_filter'] = 0 + if conf.exists(['ip', 'disable-arp-filter']): + intf['ip_disable_arp_filter'] = 0 # ARP enable accept - if conf.exists('ip enable-arp-accept'): - vlan['ip_enable_arp_accept'] = 1 + if conf.exists(['ip', 'enable-arp-accept']): + intf['ip_enable_arp_accept'] = 1 # ARP enable announce - if conf.exists('ip enable-arp-announce'): - vlan['ip_enable_arp_announce'] = 1 + if conf.exists(['ip', 'enable-arp-announce']): + intf['ip_enable_arp_announce'] = 1 # ARP enable ignore - if conf.exists('ip enable-arp-ignore'): - vlan['ip_enable_arp_ignore'] = 1 + if conf.exists(['ip', 'enable-arp-ignore']): + intf['ip_enable_arp_ignore'] = 1 # Enable Proxy ARP - if conf.exists('ip enable-proxy-arp'): - vlan['ip_proxy_arp'] = 1 + if conf.exists(['ip', 'enable-proxy-arp']): + intf['ip_proxy_arp'] = 1 # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) - if conf.exists('ipv6 address autoconf'): - vlan['ipv6_autoconf'] = 1 + if conf.exists(['ipv6', 'address', 'autoconf']): + intf['ipv6_autoconf'] = 1 # Disable IPv6 forwarding on this interface - if conf.exists('ipv6 disable-forwarding'): - vlan['ipv6_forwarding'] = 0 + if conf.exists(['ipv6', 'disable-forwarding']): + intf['ipv6_forwarding'] = 0 + + # check if interface is member of a bridge + intf['is_bridge_member'] = is_member(conf, intf['intf'], 'bridge') # IPv6 Duplicate Address Detection (DAD) tries - if conf.exists('ipv6 dup-addr-detect-transmits'): - vlan['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) + if conf.exists(['ipv6', 'dup-addr-detect-transmits']): + intf['ipv6_dup_addr_detect'] = int( + conf.return_value(['ipv6', 'dup-addr-detect-transmits'])) # Media Access Control (MAC) address - if conf.exists('mac'): - vlan['mac'] = conf.return_value('mac') + if conf.exists(['mac']): + intf['mac'] = conf.return_value(['mac']) # Maximum Transmission Unit (MTU) - if conf.exists('mtu'): - vlan['mtu'] = int(conf.return_value('mtu')) + if conf.exists(['mtu']): + intf['mtu'] = int(conf.return_value(['mtu'])) # retrieve VRF instance - if conf.exists('vrf'): - vlan['vrf'] = conf.return_value('vrf') + if conf.exists(['vrf']): + intf['vrf'] = conf.return_value(['vrf']) - # VLAN egress QoS - if conf.exists('egress-qos'): - vlan['egress_qos'] = conf.return_value('egress-qos') + # egress QoS + if conf.exists(['egress-qos']): + intf['egress_qos'] = conf.return_value(['egress-qos']) # egress changes QoS require VLAN interface recreation - if conf.return_effective_value('egress-qos'): - if vlan['egress_qos'] != conf.return_effective_value('egress-qos'): - vlan['egress_qos_changed'] = True + if conf.return_effective_value(['egress-qos']): + if intf['egress_qos'] != conf.return_effective_value(['egress-qos']): + intf['egress_qos_changed'] = True - # VLAN ingress QoS - if conf.exists('ingress-qos'): - vlan['ingress_qos'] = conf.return_value('ingress-qos') + # ingress QoS + if conf.exists(['ingress-qos']): + intf['ingress_qos'] = conf.return_value(['ingress-qos']) # ingress changes QoS require VLAN interface recreation - if conf.return_effective_value('ingress-qos'): - if vlan['ingress_qos'] != conf.return_effective_value('ingress-qos'): - vlan['ingress_qos_changed'] = True + if conf.return_effective_value(['ingress-qos']): + if intf['ingress_qos'] != conf.return_effective_value(['ingress-qos']): + intf['ingress_qos_changed'] = True + + # Get the interface addresses + intf['address'] = conf.return_values(['address']) + + # addresses to remove - difference between effective and working config + intf['address_remove'] = list_diff( + conf.return_effective_values(['address']), intf['address']) + + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) + intf['ipv6_eui64_prefix'] = conf.return_values(['ipv6', 'address', 'eui64']) + + # EUI64 to remove - difference between effective and working config + intf['ipv6_eui64_prefix_remove'] = list_diff( + conf.return_effective_values(['ipv6', 'address', 'eui64']), + intf['ipv6_eui64_prefix']) + + # Determine if the interface should be disabled + disabled = disable_state(conf) + if disabled == disable.both: + # was and is still disabled + intf['disable'] = True + elif disabled == disable.now: + # it is now disable but was not before + intf['disable'] = True + elif disabled == disable.was: + # it was disable but not anymore + intf['disable'] = False + else: + # normal change + intf['disable'] = False + + # Remove the default link-local address if no-default-link-local is set, + # if member of a bridge or if disabled (it may not have a MAC if it's down) + if ( conf.exists(['ipv6', 'address', 'no-default-link-local']) + or intf.get('is_bridge_member') or intf['disable'] ): + intf['ipv6_eui64_prefix_remove'].append('fe80::/64') + else: + # add the link-local by default to make IPv6 work + intf['ipv6_eui64_prefix'].append('fe80::/64') - # ethertype is mandatory on vif-s nodes and only exists here! - # check if this is a vif-s node at all: - if conf.get_level()[-2] == 'vif-s': - vlan['vif_c'] = [] - vlan['vif_c_remove'] = [] - - # ethertype uses a default of 0x88A8 - tmp = '0x88A8' - if conf.exists('ethertype'): - tmp = conf.return_value('ethertype') - vlan['ethertype'] = get_ethertype(tmp) - - # get vif-c interfaces (currently effective) - to determine which vif-c + # If MAC has changed, remove and re-add all IPv6 EUI64 addresses + try: + interface = Interface(intf['intf'], create=False) + if intf['mac'] and intf['mac'] != interface.get_mac(): + intf['ipv6_eui64_prefix_remove'] += intf['ipv6_eui64_prefix'] + except Exception: + # If the interface does not exist, it could not have changed + pass + + # to make IPv6 SLAAC and DHCPv6 work with forwarding=1, + # accept_ra must be 2 + if intf['ipv6_autoconf'] or 'dhcpv6' in intf['address']: + intf['ipv6_accept_ra'] = 2 + + return intf, disable + + + +def add_to_dict(conf, disabled, ifdict, section, key): + """ + parse a section of vif/vif-s/vif-c and add them to the dict + follow the convention to: + * use the "key" for what to add + * use the "key" what what to remove + + conf: is the Config() already at the level we need to parse + disabled: is a disable enum so we know how to handle to data + intf: if the interface dictionary + section: is the section name to parse (vif/vif-s/vif-c) + key: is the dict key to use (vif/vifs/vifc) + """ + + if not conf.exists(section): + return ifdict + + effect = conf.list_effective_nodes(section) + active = conf.list_nodes(section) + + # the section to parse for vlan + sections = [] + + # determine which interfaces to add or remove based on disable state + if disabled == disable.both: + # was and is still disabled + ifdict[f'{key}_remove'] = [] + elif disabled == disable.now: + # it is now disable but was not before + ifdict[f'{key}_remove'] = effect + elif disabled == disable.was: + # it was disable but not anymore + ifdict[f'{key}_remove'] = [] + sections = active + else: + # normal change + # get interfaces (currently effective) - to determine which # interface is no longer present and needs to be removed - eff_intf = conf.list_effective_nodes('vif-c') - act_intf = conf.list_nodes('vif-c') - vlan['vif_c_remove'] = list_diff(eff_intf, act_intf) - - # check if there is a Q-in-Q vlan customer interface - # and call this function recursively - if conf.exists('vif-c'): - cfg_level = conf.get_level() - # add new key (vif-c) to dictionary - for vif in conf.list_nodes('vif-c'): - # set config level to vif interface - conf.set_level(cfg_level + ['vif-c', vif]) - vlan['vif_c'].append(vlan_to_dict(conf)) + ifdict[f'{key}_remove'] = list_diff(effect, active) + sections = active + + current_level = conf.get_level() + + # add each section, the key must already exists + for s in sections: + # set config level to vif interface + conf.set_level(current_level + [section, s]) + # add the vlan config as a key (vlan id) - value (config) pair + ifdict[key][s] = vlan_to_dict(conf) + + # re-set configuration level to leave things as found + conf.set_level(current_level) + + return ifdict + + +def vlan_to_dict(conf, default=vlan_default): + vlan, disabled = intf_to_dict(conf, default) + + # if this is a not within vif-s node, we are done + if conf.get_level()[-2] != 'vif-s': + return vlan + + # ethertype is mandatory on vif-s nodes and only exists here! + # ethertype uses a default of 0x88A8 + tmp = '0x88A8' + if conf.exists('ethertype'): + tmp = conf.return_value('ethertype') + vlan['ethertype'] = get_ethertype(tmp) + + # check if there is a Q-in-Q vlan customer interface + # and call this function recursively + add_to_dict(conf, disable, vlan, 'vif-c', 'vif_c') return vlan |