1 files changed, 40 insertions, 12 deletions

diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py
index 22441d1d2..555494f80 100755..100644
--- a/python/vyos/ifconfig/interface.py
+++ b/python/vyos/ifconfig/interface.py
@@ -168,6 +168,10 @@ class Interface(Control):
             'validate': assert_boolean,
             'location': '/proc/sys/net/ipv4/conf/{ifname}/forwarding',
         },
+        'ipv4_directed_broadcast': {
+            'validate': assert_boolean,
+            'location': '/proc/sys/net/ipv4/conf/{ifname}/bc_forwarding',
+        },
         'rp_filter': {
             'validate': lambda flt: assert_range(flt,0,3),
             'location': '/proc/sys/net/ipv4/conf/{ifname}/rp_filter',
@@ -234,6 +238,9 @@ class Interface(Control):
         'ipv4_forwarding': {
             'location': '/proc/sys/net/ipv4/conf/{ifname}/forwarding',
         },
+        'ipv4_directed_broadcast': {
+            'location': '/proc/sys/net/ipv4/conf/{ifname}/bc_forwarding',
+        },
         'rp_filter': {
             'location': '/proc/sys/net/ipv4/conf/{ifname}/rp_filter',
         },
@@ -713,6 +720,13 @@ class Interface(Control):
             return None
         return self.set_interface('ipv4_forwarding', forwarding)
 
+    def set_ipv4_directed_broadcast(self, forwarding):
+        """ Configure IPv4 directed broadcast forwarding. """
+        tmp = self.get_interface('ipv4_directed_broadcast')
+        if tmp == forwarding:
+            return None
+        return self.set_interface('ipv4_directed_broadcast', forwarding)
+
     def set_ipv4_source_validation(self, value):
         """
         Help prevent attacks used by Spoofing IP Addresses. Reverse path
@@ -1305,8 +1319,9 @@ class Interface(Control):
 
         # clear existing ingess - ignore errors (e.g. "Error: Cannot find specified
         # qdisc on specified device") - we simply cleanup all stuff here
-        self._popen(f'tc qdisc del dev {source_if} parent ffff: 2>/dev/null');
-        self._popen(f'tc qdisc del dev {source_if} parent 1: 2>/dev/null');
+        if not 'traffic_policy' in self._config:
+            self._popen(f'tc qdisc del dev {source_if} parent ffff: 2>/dev/null');
+            self._popen(f'tc qdisc del dev {source_if} parent 1: 2>/dev/null');
 
         # Apply interface mirror policy
         if mirror_config:
@@ -1439,14 +1454,22 @@ class Interface(Control):
         if dhcpv6pd:
             self.set_dhcpv6(True)
 
-        # There are some items in the configuration which can only be applied
-        # if this instance is not bound to a bridge. This should be checked
-        # by the caller but better save then sorry!
-        if not any(k in ['is_bond_member', 'is_bridge_member'] for k in config):
-            # Bind interface to given VRF or unbind it if vrf node is not set.
-            # unbinding will call 'ip link set dev eth0 nomaster' which will
-            # also drop the interface out of a bridge or bond - thus this is
-            # checked before
+        # XXX: Bind interface to given VRF or unbind it if vrf is not set. Unbinding
+        # will call 'ip link set dev eth0 nomaster' which will also drop the
+        # interface out of any bridge or bond - thus this is checked before.
+        if 'is_bond_member' in config:
+            bond_if = next(iter(config['is_bond_member']))
+            tmp = get_interface_config(config['ifname'])
+            if 'master' in tmp and tmp['master'] != bond_if:
+                self.set_vrf('')
+
+        elif 'is_bridge_member' in config:
+            bridge_if = next(iter(config['is_bridge_member']))
+            tmp = get_interface_config(config['ifname'])
+            if 'master' in tmp and tmp['master'] != bridge_if:
+                self.set_vrf('')
+
+        else:
             self.set_vrf(config.get('vrf', ''))
 
         # Add this section after vrf T4331
@@ -1498,6 +1521,11 @@ class Interface(Control):
         value = '0' if (tmp != None) else '1'
         self.set_ipv4_forwarding(value)
 
+        # IPv4 directed broadcast forwarding
+        tmp = dict_search('ip.enable_directed_broadcast', config)
+        value = '1' if (tmp != None) else '0'
+        self.set_ipv4_directed_broadcast(value)
+
         # IPv4 source-validation
         tmp = dict_search('ip.source_validation', config)
         value = tmp if (tmp != None) else '0'
@@ -1555,8 +1583,8 @@ class Interface(Control):
 
         # re-add ourselves to any bridge we might have fallen out of
         if 'is_bridge_member' in config:
-            bridge_dict = config.get('is_bridge_member')
-            self.add_to_bridge(bridge_dict)
+            tmp = config.get('is_bridge_member')
+            self.add_to_bridge(tmp)
 
         # eXpress Data Path - highly experimental
         self.set_xdp('xdp' in config)