summaryrefslogtreecommitdiff
path: root/python/vyos/ifconfig_vlan.py
diff options
context:
space:
mode:
Diffstat (limited to 'python/vyos/ifconfig_vlan.py')
-rw-r--r--python/vyos/ifconfig_vlan.py159
1 files changed, 136 insertions, 23 deletions
diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py
index 899fd17da..a53136ebf 100644
--- a/python/vyos/ifconfig_vlan.py
+++ b/python/vyos/ifconfig_vlan.py
@@ -16,6 +16,53 @@
from netifaces import interfaces
from vyos import ConfigError
+def apply_all_vlans(intf, intfconfig):
+ """
+ Function applies all VLANs to the passed interface.
+
+ intf: object of Interface class
+ intfconfig: dict with interface configuration
+ """
+ # remove no longer required service VLAN interfaces (vif-s)
+ for vif_s in intfconfig['vif_s_remove']:
+ intf.del_vlan(vif_s)
+
+ # create service VLAN interfaces (vif-s)
+ for vif_s_id, vif_s in intfconfig['vif_s'].items():
+ s_vlan = intf.add_vlan(vif_s_id, ethertype=vif_s['ethertype'])
+ apply_vlan_config(s_vlan, vif_s)
+
+ # remove no longer required client VLAN interfaces (vif-c)
+ # on lower service VLAN interface
+ for vif_c in intfconfig['vif_c_remove']:
+ s_vlan.del_vlan(vif_c)
+
+ # create client VLAN interfaces (vif-c)
+ # on lower service VLAN interface
+ for vif_c_id, vif_c in vif_s['vif_c'].items():
+ c_vlan = s_vlan.add_vlan(vif_c_id)
+ apply_vlan_config(c_vlan, vif_c)
+
+ # remove no longer required VLAN interfaces (vif)
+ for vif in intfconfig['vif_remove']:
+ intf.del_vlan(vif)
+
+ # create VLAN interfaces (vif)
+ for vif_id, vif in intfconfig['vif'].items():
+ # QoS priority mapping can only be set during interface creation
+ # so we delete the interface first if required.
+ if vif['egress_qos_changed'] or vif['ingress_qos_changed']:
+ try:
+ # on system bootup the above condition is true but the interface
+ # does not exists, which throws an exception, but that's legal
+ intf.del_vlan(vif_id)
+ except:
+ pass
+
+ vlan = intf.add_vlan(vif_id, ingress_qos=vif['ingress_qos'], egress_qos=vif['egress_qos'])
+ apply_vlan_config(vlan, vif)
+
+
def apply_vlan_config(vlan, config):
"""
Generic function to apply a VLAN configuration from a dictionary
@@ -40,6 +87,9 @@ def apply_vlan_config(vlan, config):
if config['dhcpv6_temporary']:
vlan.dhcp.v6.options['dhcpv6_temporary'] = True
+ if config['dhcpv6_pd']:
+ vlan.dhcp.v6.options['dhcpv6_pd'] = config['dhcpv6_pd']
+
# update interface description used e.g. within SNMP
vlan.set_alias(config['description'])
# ignore link state changes
@@ -54,6 +104,8 @@ def apply_vlan_config(vlan, config):
vlan.set_arp_ignore(config['ip_enable_arp_ignore'])
# configure Proxy ARP
vlan.set_proxy_arp(config['ip_proxy_arp'])
+ # IPv6 accept RA
+ vlan.set_ipv6_accept_ra(config['ipv6_accept_ra'])
# IPv6 address autoconfiguration
vlan.set_ipv6_autoconf(config['ipv6_autoconf'])
# IPv6 forwarding
@@ -63,13 +115,23 @@ def apply_vlan_config(vlan, config):
# Maximum Transmission Unit (MTU)
vlan.set_mtu(config['mtu'])
- # assign/remove VRF
- vlan.set_vrf(config['vrf'])
+ # assign/remove VRF (ONLY when not a member of a bridge,
+ # otherwise 'nomaster' removes it from it)
+ if not config['is_bridge_member']:
+ vlan.set_vrf(config['vrf'])
+
+ # Delete old IPv6 EUI64 addresses before changing MAC
+ for addr in config['ipv6_eui64_prefix_remove']:
+ vlan.del_ipv6_eui64_address(addr)
# Change VLAN interface MAC address
if config['mac']:
vlan.set_mac(config['mac'])
+ # Add IPv6 EUI-based addresses
+ for addr in config['ipv6_eui64_prefix']:
+ vlan.add_ipv6_eui64_address(addr)
+
# enable/disable VLAN interface
if config['disable']:
vlan.set_admin_state('down')
@@ -84,46 +146,97 @@ def apply_vlan_config(vlan, config):
for addr in config['address']:
vlan.add_addr(addr)
+ # re-add ourselves to any bridge we might have fallen out of
+ if config['is_bridge_member']:
+ vlan.add_to_bridge(config['is_bridge_member'])
+
def verify_vlan_config(config):
"""
Generic function to verify VLAN config consistency. Instead of re-
implementing this function in multiple places use single source \o/
"""
- for vif in config['vif']:
+ # config['vif'] is a dict with ids as keys and config dicts as values
+ for vif in config['vif'].values():
# DHCPv6 parameters-only and temporary address are mutually exclusive
if vif['dhcpv6_prm_only'] and vif['dhcpv6_temporary']:
raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!')
- vrf_name = vif['vrf']
- if vrf_name and vrf_name not in interfaces():
- raise ConfigError(f'VRF "{vrf_name}" does not exist')
+ if ( vif['is_bridge_member']
+ and ( vif['address']
+ or vif['ipv6_eui64_prefix']
+ or vif['ipv6_autoconf'] ) ):
+ raise ConfigError((
+ f'Cannot assign address to vif interface {vif["intf"]} '
+ f'which is a member of bridge {vif["is_bridge_member"]}'))
+
+ if vif['vrf']:
+ if vif['vrf'] not in interfaces():
+ raise ConfigError(f'VRF "{vif["vrf"]}" does not exist')
+
+ if vif['is_bridge_member']:
+ raise ConfigError((
+ f'vif {vif["intf"]} cannot be member of VRF {vif["vrf"]} '
+ f'and bridge {vif["is_bridge_member"]} at the same time!'))
# e.g. wireless interface has no vif_s support
# thus we bail out eraly.
if 'vif_s' not in config.keys():
return
- for vif_s in config['vif_s']:
- for vif in config['vif']:
- if vif['id'] == vif_s['id']:
- raise ConfigError('Can not use identical ID on vif and vif-s interface')
+ # config['vif_s'] is a dict with ids as keys and config dicts as values
+ for vif_s_id, vif_s in config['vif_s'].items():
+ for vif_id, vif in config['vif'].items():
+ if vif_id == vif_s_id:
+ raise ConfigError((
+ f'Cannot use identical ID on vif "{vif["intf"]}" '
+ f'and vif-s "{vif_s["intf"]}"'))
# DHCPv6 parameters-only and temporary address are mutually exclusive
if vif_s['dhcpv6_prm_only'] and vif_s['dhcpv6_temporary']:
- raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!')
-
- vrf_name = vif_s['vrf']
- if vrf_name and vrf_name not in interfaces():
- raise ConfigError(f'VRF "{vrf_name}" does not exist')
-
- for vif_c in vif_s['vif_c']:
+ raise ConfigError((
+ 'DHCPv6 temporary and parameters-only options are mutually '
+ 'exclusive!'))
+
+ if ( vif_s['is_bridge_member']
+ and ( vif_s['address']
+ or vif_s['ipv6_eui64_prefix']
+ or vif_s['ipv6_autoconf'] ) ):
+ raise ConfigError((
+ f'Cannot assign address to vif-s interface {vif_s["intf"]} '
+ f'which is a member of bridge {vif_s["is_bridge_member"]}'))
+
+ if vif_s['vrf']:
+ if vif_s['vrf'] not in interfaces():
+ raise ConfigError(f'VRF "{vif_s["vrf"]}" does not exist')
+
+ if vif_s['is_bridge_member']:
+ raise ConfigError((
+ f'vif-s {vif_s["intf"]} cannot be member of VRF {vif_s["vrf"]} '
+ f'and bridge {vif_s["is_bridge_member"]} at the same time!'))
+
+ # vif_c is a dict with ids as keys and config dicts as values
+ for vif_c in vif_s['vif_c'].values():
# DHCPv6 parameters-only and temporary address are mutually exclusive
if vif_c['dhcpv6_prm_only'] and vif_c['dhcpv6_temporary']:
- raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!')
-
- vrf_name = vif_c['vrf']
- if vrf_name and vrf_name not in interfaces():
- raise ConfigError(f'VRF "{vrf_name}" does not exist')
-
+ raise ConfigError((
+ 'DHCPv6 temporary and parameters-only options are '
+ 'mutually exclusive!'))
+
+ if ( vif_c['is_bridge_member']
+ and ( vif_c['address']
+ or vif_c['ipv6_eui64_prefix']
+ or vif_c['ipv6_autoconf'] ) ):
+ raise ConfigError((
+ f'Cannot assign address to vif-c interface {vif_c["intf"]} '
+ f'which is a member of bridge {vif_c["is_bridge_member"]}'))
+
+ if vif_c['vrf']:
+ if vif_c['vrf'] not in interfaces():
+ raise ConfigError(f'VRF "{vif_c["vrf"]}" does not exist')
+
+ if vif_c['is_bridge_member']:
+ raise ConfigError((
+ f'vif-c {vif_c["intf"]} cannot be member of VRF {vif_c["vrf"]} '
+ f'and bridge {vif_c["is_bridge_member"]} at the same time!'))