diff options
Diffstat (limited to 'python')
39 files changed, 3997 insertions, 2171 deletions
diff --git a/python/setup.py b/python/setup.py index 304ea5cb7..ac7d0b573 100644 --- a/python/setup.py +++ b/python/setup.py @@ -10,7 +10,7 @@ setup( license = "LGPLv2+", keywords = "vyos", url = "http://www.vyos.io", - packages=['vyos'], + packages=["vyos","vyos.ifconfig"], long_description="VyOS configuration libraries", classifiers=[ "Development Status :: 4 - Beta", diff --git a/python/vyos/__init__.py b/python/vyos/__init__.py index 9b5ed21c9..e3e14fdd8 100644 --- a/python/vyos/__init__.py +++ b/python/vyos/__init__.py @@ -1 +1 @@ -from .base import * +from .base import ConfigError diff --git a/python/vyos/airbag.py b/python/vyos/airbag.py new file mode 100644 index 000000000..664974d5f --- /dev/null +++ b/python/vyos/airbag.py @@ -0,0 +1,169 @@ +# Copyright 2019-2020 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +import os +import sys +import logging +import logging.handlers +from datetime import datetime + +from vyos.config import Config +from vyos.version import get_version +from vyos.util import run +from vyos.util import debug + + +# we allow to disable the extra logging +DISABLE = False + + +# emulate a file object +class _IO(object): + def __init__(self, std, log): + self.std = std + self.log = log + + def write(self, message): + self.std.write(message) + if DISABLE: + return + for line in message.split('\n'): + s = line.rstrip() + if s: + self.log(s) + + def flush(self): + self.std.flush() + + def close(self): + pass + + +# The function which will be used to report information +# to users when an exception is unhandled +def bug_report(dtype, value, trace): + from traceback import format_exception + + sys.stdout.flush() + sys.stderr.flush() + + information = { + 'date': datetime.now().strftime('%Y-%m-%d %H:%M:%S'), + 'version': get_version(), + 'trace': format_exception(dtype, value, trace), + 'instructions': COMMUNITY if 'rolling' in get_version() else SUPPORTED, + } + + sys.stdout.write(INTRO.format(**information)) + sys.stdout.flush() + + sys.stderr.write(FAULT.format(**information)) + sys.stderr.flush() + + +# define an exception handler to be run when an exception +# reach the end of __main__ and was not intercepted +def intercepter(dtype, value, trace): + bug_report(dtype, value, trace) + # debug returns either '' or 'developer' if debuging is enabled + if debug('developer'): + import pdb + pdb.pm() + + +def InterceptingLogger(address, _singleton=[False]): + skip = _singleton.pop() + _singleton.append(True) + if skip: + return + + logger = logging.getLogger('VyOS') + logger.setLevel(logging.DEBUG) + handler = logging.handlers.SysLogHandler(address='/dev/log', facility='syslog') + logger.addHandler(handler) + + # log to syslog any message sent to stderr + sys.stderr = _IO(sys.stderr, logger.critical) + + +# lists as default arguments in function is normally dangerous +# as they will keep any modification performed, unless this is +# what you want to do (in that case to only run the code once) +def InterceptingException(excepthook,_singleton=[False]): + skip = _singleton.pop() + _singleton.append(True) + if skip: + return + + # install the handler to replace the default behaviour + # which just prints the exception trace on screen + sys.excepthook = excepthook + + +# Do not attempt the extra logging for operational commands +try: + # This fails during boot + insession = Config().in_session() +except: + # we save info on boot to help debugging + insession = True + + +# Installing the interception, it currently does not work when +# running testing so we are checking that we are on the router +# as otherwise it prevents dpkg-buildpackage to work +if get_version() and insession: + InterceptingLogger('/run/systemd/journal/dev-log') + InterceptingException(intercepter) + + +# Messages to print + +FAULT = """\ +Date: {date} +VyOS image: {version} + +{trace} +""" + +INTRO = """\ +VyOS had an issue completing a command. + +We are sorry that you encountered a problem with VyOS. +There are a few things you can do to help us (and yourself): +{instructions} + +PLEASE, when reporting, do include as much information as you can: +- do not obfuscate any data (feel free to send us a private communication with + the extra information if your business policy is strict on information sharing) +- and include all the information presented below + +""" + +COMMUNITY = """\ +- Make sure you are running the latest version of the code available at + https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso +- Consult the forum to see how to handle this issue + https://forum.vyos.io +- Join our community on slack where our users exchange help and advice + https://vyos.slack.com +""".strip() + +SUPPORTED = """\ +- Make sure you are running the latest stable version of VyOS + the code is available at https://downloads.vyos.io/?dir=release/current +- Contact us on our online help desk + https://support.vyos.io/ +""".strip() diff --git a/python/vyos/authutils.py b/python/vyos/authutils.py index 234294649..90a46ffb4 100644 --- a/python/vyos/authutils.py +++ b/python/vyos/authutils.py @@ -15,16 +15,14 @@ import re -from subprocess import Popen, PIPE, STDOUT +from vyos.util import cmd def make_password_hash(password): """ Makes a password hash for /etc/shadow using mkpasswd """ - mkpasswd = Popen(['mkpasswd', '--method=sha-512', '--stdin'], stdout=PIPE, stdin=PIPE, stderr=PIPE) - hash = mkpasswd.communicate(input=password.encode(), timeout=5)[0].decode().strip() - - return hash + mkpassword = 'mkpasswd --method=sha-512 --stdin' + return cmd(mkpassword, input=password.encode(), timeout=5) def split_ssh_public_key(key_string, defaultname=""): """ Splits an SSH public key into its components """ diff --git a/python/vyos/config.py b/python/vyos/config.py index 2342f7021..75055a603 100644 --- a/python/vyos/config.py +++ b/python/vyos/config.py @@ -238,6 +238,19 @@ class Config(object): str: working configuration """ + # show_config should be independent of CLI edit level. + # Set the CLI edit environment to the top level, and + # restore original on exit. + save_env = self.__session_env + + env_str = self._run(self._make_command('getEditResetEnv', '')) + env_list = re.findall(r'([A-Z_]+)=\'([^;\s]+)\'', env_str) + root_env = os.environ + for k, v in env_list: + root_env[k] = v + + self.__session_env = root_env + # FIXUP: by default, showConfig will give you a diff # if there are uncommitted changes. # The config parser obviously cannot work with diffs, @@ -253,8 +266,10 @@ class Config(object): path = " ".join(path) try: out = self._run(self._make_command('showConfig', path)) + self.__session_env = save_env return out except VyOSError: + self.__session_env = save_env return(default) def get_config_dict(self, path=[], effective=False): diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 80e199907..24fe174d2 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -123,10 +123,15 @@ def vlan_to_dict(conf): 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, + 'ip_proxy_arp': 0, + 'ipv6_autoconf': 0, + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, 'ingress_qos': '', 'ingress_qos_changed': False, 'mac': '', - 'mtu': 1500 + 'mtu': 1500, + 'vrf': '' } # retrieve configured interface addresses if conf.exists('address'): @@ -186,6 +191,22 @@ def vlan_to_dict(conf): if conf.exists('ip enable-arp-ignore'): vlan['ip_enable_arp_ignore'] = 1 + # Enable Proxy ARP + if conf.exists('ip enable-proxy-arp'): + vlan['ip_proxy_arp'] = 1 + + # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + if conf.exists('ipv6 address autoconf'): + vlan['ipv6_autoconf'] = 1 + + # Disable IPv6 forwarding on this interface + if conf.exists('ipv6 disable-forwarding'): + vlan['ipv6_forwarding'] = 0 + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + vlan['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) + # Media Access Control (MAC) address if conf.exists('mac'): vlan['mac'] = conf.return_value('mac') @@ -194,6 +215,10 @@ def vlan_to_dict(conf): if conf.exists('mtu'): vlan['mtu'] = int(conf.return_value('mtu')) + # retrieve VRF instance + if conf.exists('vrf'): + vlan['vrf'] = conf.return_value('vrf') + # VLAN egress QoS if conf.exists('egress-qos'): vlan['egress_qos'] = conf.return_value('egress-qos') diff --git a/python/vyos/configsession.py b/python/vyos/configsession.py index d326b3b11..aaf08e726 100644 --- a/python/vyos/configsession.py +++ b/python/vyos/configsession.py @@ -29,6 +29,7 @@ SAVE_CONFIG = ['/opt/vyatta/sbin/vyatta-save-config.pl'] INSTALL_IMAGE = ['/opt/vyatta/sbin/install-image'] REMOVE_IMAGE = ['/opt/vyatta/bin/vyatta-boot-image.pl', '--del'] GENERATE = ['/opt/vyatta/bin/vyatta-op-cmd-wrapper', 'generate'] +SHOW = ['/opt/vyatta/bin/vyatta-op-cmd-wrapper', 'show'] # Default "commit via" string APP = "vyos-http-api" @@ -181,5 +182,10 @@ class ConfigSession(object): return out def generate(self, cmd): - out = self.__run_command(GENERATE + cmd) + out = self.__run_command(GENERATE + cmd.split()) return out + + def show(self, cmd): + out = self.__run_command(SHOW + cmd.split()) + return out + diff --git a/python/vyos/configtree.py b/python/vyos/configtree.py index 0274f3573..a0b0eb3c1 100644 --- a/python/vyos/configtree.py +++ b/python/vyos/configtree.py @@ -24,58 +24,10 @@ def escape_backslash(string: str) -> str: result = p.sub(r'\\\\', string) return result -def strip_comments(s): - """ Split a config string into the config section and the trailing comments """ - INITIAL = 0 - IN_COMMENT = 1 - - i = len(s) - 1 - - state = INITIAL - - config_end = 0 - - # Find the first character of the comments section at the end, - # if it exists - while (i >= 0): - c = s[i] - - if (state == INITIAL) and re.match(r'\s', c): - # Ignore whitespace - if (i != 0): - i -= 1 - else: - config_end = 0 - break - elif (state == INITIAL) and not re.match(r'(\s|\/)', c): - # Assume there are no (more) trailing comments, - # this is an end of a node: either a brace of the last character - # of a leaf node value - config_end = i + 1 - break - elif (state == INITIAL) and (c == '/'): - # A comment begins, or it's a stray slash - if (s[i-1] == '*'): - state = IN_COMMENT - i -= 2 - else: - raise ValueError("Invalid syntax: stray slash at character {0}".format(i + 1)) - elif (state == IN_COMMENT) and (c == '*'): - # A comment ends here - try: - if (s[i-1] == '/'): - state = INITIAL - i -= 2 - except: - raise ValueError("Invalid syntax: malformed commend end at character {0}".format(i + 1)) - elif (state == IN_COMMENT) and (c != '*'): - # Ignore everything inside comments, including braces - i -= 1 - else: - # Shouldn't happen - raise ValueError("Invalid syntax at character {0}: invalid character {1}".format(i + 1, c)) - - return (s[0:config_end], s[config_end+1:]) +def extract_version(s): + """ Extract the version string from the config string """ + t = re.split('(^//)', s, maxsplit=1, flags=re.MULTILINE) + return (s, ''.join(t[1:])) def check_path(path): # Necessary type checking @@ -174,7 +126,7 @@ class ConfigTree(object): self.__destroy = self.__lib.destroy self.__destroy.argtypes = [c_void_p] - config_section, comments_section = strip_comments(config_string) + config_section, version_section = extract_version(config_string) config_section = escape_backslash(config_section) config = self.__from_string(config_section.encode()) if config is None: @@ -182,7 +134,7 @@ class ConfigTree(object): raise ValueError("Failed to parse config: {0}".format(msg)) else: self.__config = config - self.__comments = comments_section + self.__version = version_section def __del__(self): if self.__config is not None: @@ -193,7 +145,7 @@ class ConfigTree(object): def to_string(self): config_string = self.__to_string(self.__config).decode() - config_string = "{0}\n{1}".format(config_string, self.__comments) + config_string = "{0}\n{1}".format(config_string, self.__version) return config_string def to_commands(self): diff --git a/python/vyos/ifconfig.py b/python/vyos/ifconfig.py deleted file mode 100644 index 81867d086..000000000 --- a/python/vyos/ifconfig.py +++ /dev/null @@ -1,1920 +0,0 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library. If not, see <http://www.gnu.org/licenses/>. - -import os -import re -import jinja2 -import json -import glob -import time - -import vyos.interfaces - -from vyos.validate import * -from vyos.config import Config -from vyos import ConfigError - -from ipaddress import IPv4Network, IPv6Address -from netifaces import ifaddresses, AF_INET, AF_INET6 -from subprocess import Popen, PIPE, STDOUT -from time import sleep -from os.path import isfile -from tabulate import tabulate -from hurry.filesize import size,alternative -from datetime import timedelta - -dhclient_base = r'/var/lib/dhcp/dhclient_' -dhcp_cfg = """ -# generated by ifconfig.py -option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; -timeout 60; -retry 300; - -interface "{{ intf }}" { - send host-name "{{ hostname }}"; - {% if client_id -%} - send dhcp-client-identifier "{{ client_id }}"; - {% endif -%} - {% if vendor_class_id -%} - send vendor-class-identifier "{{ vendor_class_id }}"; - {% endif -%} - request subnet-mask, broadcast-address, routers, domain-name-servers, - rfc3442-classless-static-routes, domain-name, interface-mtu; - require subnet-mask; -} - -""" - -dhcpv6_cfg = """ -# generated by ifconfig.py -interface "{{ intf }}" { - request routers, domain-name-servers, domain-name; -} - -""" - -class Interface: - def __init__(self, ifname, type=None): - """ - This is the base interface class which supports basic IP/MAC address - operations as well as DHCP(v6). Other interface which represent e.g. - and ethernet bridge are implemented as derived classes adding all - additional functionality. - - DEBUG: - This class has embedded debugging (print) which can be enabled by - creating the following file: - vyos@vyos# touch /tmp/vyos.ifconfig.debug - - Example: - >>> from vyos.ifconfig import Interface - >>> i = Interface('eth0') - """ - self._ifname = str(ifname) - - if not os.path.exists('/sys/class/net/{}'.format(ifname)) and not type: - raise Exception('interface "{}" not found'.format(self._ifname)) - - if not os.path.exists('/sys/class/net/{}'.format(self._ifname)): - cmd = 'ip link add dev {} type {}'.format(self._ifname, type) - self._cmd(cmd) - - # per interface DHCP config files - self._dhcp_cfg_file = dhclient_base + self._ifname + '.conf' - self._dhcp_pid_file = dhclient_base + self._ifname + '.pid' - self._dhcp_lease_file = dhclient_base + self._ifname + '.leases' - - # per interface DHCPv6 config files - self._dhcpv6_cfg_file = dhclient_base + self._ifname + '.v6conf' - self._dhcpv6_pid_file = dhclient_base + self._ifname + '.v6pid' - self._dhcpv6_lease_file = dhclient_base + self._ifname + '.v6leases' - - # DHCP options - self._dhcp_options = { - 'intf' : self._ifname, - 'hostname' : '', - 'client_id' : '', - 'vendor_class_id' : '' - } - - # DHCPv6 options - self._dhcpv6_options = { - 'intf' : self._ifname, - 'dhcpv6_prm_only' : False, - 'dhcpv6_temporary' : False - } - - # list of assigned IP addresses - self._addr = [] - - def _debug_msg(self, msg): - if os.path.isfile('/tmp/vyos.ifconfig.debug'): - print('DEBUG/{:<6} {}'.format(self._ifname, msg)) - - def _cmd(self, command): - p = Popen(command, stdout=PIPE, stderr=STDOUT, shell=True) - tmp = p.communicate()[0].strip() - self._debug_msg("cmd '{}'".format(command)) - if tmp.decode(): - self._debug_msg("returned:\n{}".format(tmp.decode())) - - # do we need some error checking code here? - return tmp.decode() - - def _read_sysfs(self, filename): - """ - Provide a single primitive w/ error checking for reading from sysfs. - """ - value = None - with open(filename, 'r') as f: - value = f.read().rstrip('\n') - - self._debug_msg("read '{}' < '{}'".format(value, filename)) - return value - - def _write_sysfs(self, filename, value): - """ - Provide a single primitive w/ error checking for writing to sysfs. - """ - self._debug_msg("write '{}' > '{}'".format(value, filename)) - with open(filename, 'w') as f: - f.write(str(value)) - - return None - - def remove(self): - """ - Remove interface from operating system. Removing the interface - deconfigures all assigned IP addresses and clear possible DHCP(v6) - client processes. - - Example: - >>> from vyos.ifconfig import Interface - >>> i = Interface('eth0') - >>> i.remove() - """ - # stop DHCP(v6) if running - self._del_dhcp() - self._del_dhcpv6() - - # remove all assigned IP addresses from interface - this is a bit redundant - # as the kernel will remove all addresses on interface deletion, but we - # can not delete ALL interfaces, see below - for addr in self.get_addr(): - self.del_addr(addr) - - # Ethernet interfaces can not be removed - if type(self) == type(EthernetIf(self._ifname)): - return - - # NOTE (Improvement): - # after interface removal no other commands should be allowed - # to be called and instead should raise an Exception: - cmd = 'ip link del dev {}'.format(self._ifname) - return self._cmd(cmd) - - def get_mtu(self): - """ - Get/set interface mtu in bytes. - - Example: - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').get_mtu() - '1500' - """ - return self._read_sysfs('/sys/class/net/{}/mtu' - .format(self._ifname)) - - def set_mtu(self, mtu): - """ - Get/set interface mtu in bytes. - - Example: - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').set_mtu(1400) - >>> Interface('eth0').get_mtu() - '1400' - """ - if mtu < 68 or mtu > 9000: - raise ValueError('Invalid MTU size: "{}"'.format(mru)) - - return self._write_sysfs('/sys/class/net/{}/mtu' - .format(self._ifname), mtu) - - def set_mac(self, mac): - """ - Set interface MAC (Media Access Contrl) address to given value. - - Example: - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').set_mac('00:50:ab:cd:ef:01') - """ - # on interface removal (ethernet) an empty string is passed - ignore it - if not mac: - return None - - # a mac address consits out of 6 octets - octets = len(mac.split(':')) - if octets != 6: - raise ValueError('wrong number of MAC octets: {} '.format(octets)) - - # validate against the first mac address byte if it's a multicast - # address - if int(mac.split(':')[0], 16) & 1: - raise ValueError('{} is a multicast MAC address'.format(mac)) - - # overall mac address is not allowed to be 00:00:00:00:00:00 - if sum(int(i, 16) for i in mac.split(':')) == 0: - raise ValueError('00:00:00:00:00:00 is not a valid MAC address') - - # check for VRRP mac address - if mac.split(':')[0] == '0' and addr.split(':')[1] == '0' and mac.split(':')[2] == '94' and mac.split(':')[3] == '0' and mac.split(':')[4] == '1': - raise ValueError('{} is a VRRP MAC address'.format(mac)) - - # Assemble command executed on system. Unfortunately there is no way - # of altering the MAC address via sysfs - cmd = 'ip link set dev {} address {}'.format(self._ifname, mac) - return self._cmd(cmd) - - - def set_arp_cache_tmo(self, tmo): - """ - Set ARP cache timeout value in seconds. Internal Kernel representation - is in milliseconds. - - Example: - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').set_arp_cache_tmo(40) - """ - return self._write_sysfs('/proc/sys/net/ipv4/neigh/{0}/base_reachable_time_ms' - .format(self._ifname), (int(tmo) * 1000)) - - def set_arp_filter(self, arp_filter): - """ - Filter ARP requests - - 1 - Allows you to have multiple network interfaces on the same - subnet, and have the ARPs for each interface be answered - based on whether or not the kernel would route a packet from - the ARP'd IP out that interface (therefore you must use source - based routing for this to work). In other words it allows control - of which cards (usually 1) will respond to an arp request. - - 0 - (default) The kernel can respond to arp requests with addresses - from other interfaces. This may seem wrong but it usually makes - sense, because it increases the chance of successful communication. - IP addresses are owned by the complete host on Linux, not by - particular interfaces. Only for more complex setups like load- - balancing, does this behaviour cause problems. - """ - if int(arp_filter) >= 0 and int(arp_filter) <= 1: - return self._write_sysfs('/proc/sys/net/ipv4/conf/{0}/arp_filter' - .format(self._ifname), arp_filter) - else: - raise ValueError("Value out of range") - - def set_arp_accept(self, arp_accept): - """ - Define behavior for gratuitous ARP frames who's IP is not - already present in the ARP table: - 0 - don't create new entries in the ARP table - 1 - create new entries in the ARP table - - Both replies and requests type gratuitous arp will trigger the - ARP table to be updated, if this setting is on. - - If the ARP table already contains the IP address of the - gratuitous arp frame, the arp table will be updated regardless - if this setting is on or off. - """ - if int(arp_accept) >= 0 and int(arp_accept) <= 1: - return self._write_sysfs('/proc/sys/net/ipv4/conf/{0}/arp_accept' - .format(self._ifname), arp_accept) - else: - raise ValueError("Value out of range") - - def set_arp_announce(self, arp_announce): - """ - Define different restriction levels for announcing the local - source IP address from IP packets in ARP requests sent on - interface: - 0 - (default) Use any local address, configured on any interface - 1 - Try to avoid local addresses that are not in the target's - subnet for this interface. This mode is useful when target - hosts reachable via this interface require the source IP - address in ARP requests to be part of their logical network - configured on the receiving interface. When we generate the - request we will check all our subnets that include the - target IP and will preserve the source address if it is from - such subnet. - - Increasing the restriction level gives more chance for - receiving answer from the resolved target while decreasing - the level announces more valid sender's information. - """ - if int(arp_announce) >= 0 and int(arp_announce) <= 1: - return self._write_sysfs('/proc/sys/net/ipv4/conf/{0}/arp_announce' - .format(self._ifname), arp_announce) - else: - raise ValueError("Value out of range") - - def set_arp_ignore(self, arp_ignore): - """ - Define different modes for sending replies in response to received ARP - requests that resolve local target IP addresses: - - 0 - (default): reply for any local target IP address, configured - on any interface - 1 - reply only if the target IP address is local address - configured on the incoming interface - """ - if int(arp_ignore) >= 0 and int(arp_ignore) <= 1: - return self._write_sysfs('/proc/sys/net/ipv4/conf/{0}/arp_ignore' - .format(self._ifname), arp_ignore) - else: - raise ValueError("Value out of range") - - def set_link_detect(self, link_filter): - """ - Configure kernel response in packets received on interfaces that are 'down' - - 0 - Allow packets to be received for the address on this interface - even if interface is disabled or no carrier. - - 1 - Ignore packets received if interface associated with the incoming - address is down. - - 2 - Ignore packets received if interface associated with the incoming - address is down or has no carrier. - - Default value is 0. Note that some distributions enable it in startup - scripts. - - Example: - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').set_link_detect(1) - """ - if int(link_filter) >= 0 and int(link_filter) <= 2: - return self._write_sysfs('/proc/sys/net/ipv4/conf/{0}/link_filter' - .format(self._ifname), link_filter) - else: - raise ValueError("Value out of range") - - def set_alias(self, ifalias=None): - """ - Set interface alias name used by e.g. SNMP - - Example: - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').set_alias('VyOS upstream interface') - - to clear alias e.g. delete it use: - - >>> Interface('eth0').set_ifalias('') - """ - if not ifalias: - # clear interface alias - ifalias = '\0' - - self._write_sysfs('/sys/class/net/{}/ifalias' - .format(self._ifname), ifalias) - - def get_state(self): - """ - Enable (up) / Disable (down) an interface - - Example: - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').get_state() - 'up' - """ - cmd = 'ip -json link show dev {}'.format(self._ifname) - tmp = self._cmd(cmd) - out = json.loads(tmp) - return out[0]['operstate'].lower() - - def set_state(self, state): - """ - Enable (up) / Disable (down) an interface - - Example: - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').set_state('down') - >>> Interface('eth0').get_state() - 'down' - """ - if state not in ['up', 'down']: - raise ValueError('state must be "up" or "down"') - - # Assemble command executed on system. Unfortunately there is no way - # to up/down an interface via sysfs - cmd = 'ip link set dev {} {}'.format(self._ifname, state) - return self._cmd(cmd) - - def set_proxy_arp(self, enable): - """ - Set per interface proxy ARP configuration - - Example: - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').set_proxy_arp(1) - """ - if int(enable) >= 0 and int(enable) <= 1: - return self._write_sysfs('/proc/sys/net/ipv4/conf/{}/proxy_arp' - .format(self._ifname), enable) - else: - raise ValueError("Value out of range") - - def set_proxy_arp_pvlan(self, enable): - """ - Private VLAN proxy arp. - Basically allow proxy arp replies back to the same interface - (from which the ARP request/solicitation was received). - - This is done to support (ethernet) switch features, like RFC - 3069, where the individual ports are NOT allowed to - communicate with each other, but they are allowed to talk to - the upstream router. As described in RFC 3069, it is possible - to allow these hosts to communicate through the upstream - router by proxy_arp'ing. Don't need to be used together with - proxy_arp. - - This technology is known by different names: - In RFC 3069 it is called VLAN Aggregation. - Cisco and Allied Telesyn call it Private VLAN. - Hewlett-Packard call it Source-Port filtering or port-isolation. - Ericsson call it MAC-Forced Forwarding (RFC Draft). - - Example: - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').set_proxy_arp_pvlan(1) - """ - if int(enable) >= 0 and int(enable) <= 1: - return self._write_sysfs('/proc/sys/net/ipv4/conf/{}/proxy_arp_pvlan' - .format(self._ifname), enable) - else: - raise ValueError("Value out of range") - - def get_addr(self): - """ - Retrieve assigned IPv4 and IPv6 addresses from given interface. - This is done using the netifaces and ipaddress python modules. - - Example: - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').get_addrs() - ['172.16.33.30/24', 'fe80::20c:29ff:fe11:a174/64'] - """ - - ipv4 = [] - ipv6 = [] - - if AF_INET in ifaddresses(self._ifname).keys(): - for v4_addr in ifaddresses(self._ifname)[AF_INET]: - # we need to manually assemble a list of IPv4 address/prefix - prefix = '/' + \ - str(IPv4Network('0.0.0.0/' + v4_addr['netmask']).prefixlen) - ipv4.append(v4_addr['addr'] + prefix) - - if AF_INET6 in ifaddresses(self._ifname).keys(): - for v6_addr in ifaddresses(self._ifname)[AF_INET6]: - # Note that currently expanded netmasks are not supported. That means - # 2001:db00::0/24 is a valid argument while 2001:db00::0/ffff:ff00:: not. - # see https://docs.python.org/3/library/ipaddress.html - bits = bin( - int(v6_addr['netmask'].replace(':', ''), 16)).count('1') - prefix = '/' + str(bits) - - # we alsoneed to remove the interface suffix on link local - # addresses - v6_addr['addr'] = v6_addr['addr'].split('%')[0] - ipv6.append(v6_addr['addr'] + prefix) - - return ipv4 + ipv6 - - def add_addr(self, addr): - """ - Add IP(v6) address to interface. Address is only added if it is not - already assigned to that interface. - - addr: can be an IPv4 address, IPv6 address, dhcp or dhcpv6! - IPv4: add IPv4 address to interface - IPv6: add IPv6 address to interface - dhcp: start dhclient (IPv4) on interface - dhcpv6: start dhclient (IPv6) on interface - - Example: - >>> from vyos.ifconfig import Interface - >>> j = Interface('eth0') - >>> j.add_addr('192.0.2.1/24') - >>> j.add_addr('2001:db8::ffff/64') - >>> j.get_addr() - ['192.0.2.1/24', '2001:db8::ffff/64'] - """ - - # cache new IP address which is assigned to interface - self._addr.append(addr) - - # we can not have both DHCP and static IPv4 addresses assigned to an interface - if 'dhcp' in self._addr: - for addr in self._addr: - # do not change below 'if' ordering esle you will get an exception as: - # ValueError: 'dhcp' does not appear to be an IPv4 or IPv6 address - if addr != 'dhcp' and is_ipv4(addr): - raise ConfigError("Can't configure both static IPv4 and DHCP address on the same interface") - - if addr == 'dhcp': - self._set_dhcp() - elif addr == 'dhcpv6': - self._set_dhcpv6() - else: - if not is_intf_addr_assigned(self._ifname, addr): - cmd = 'ip addr add "{}" dev "{}"'.format(addr, self._ifname) - return self._cmd(cmd) - - def del_addr(self, addr): - """ - Delete IP(v6) address to interface. Address is only added if it is - assigned to that interface. - - addr: can be an IPv4 address, IPv6 address, dhcp or dhcpv6! - IPv4: delete IPv4 address from interface - IPv6: delete IPv6 address from interface - dhcp: stop dhclient (IPv4) on interface - dhcpv6: stop dhclient (IPv6) on interface - - Example: - >>> from vyos.ifconfig import Interface - >>> j = Interface('eth0') - >>> j.add_addr('2001:db8::ffff/64') - >>> j.add_addr('192.0.2.1/24') - >>> j.get_addr() - ['192.0.2.1/24', '2001:db8::ffff/64'] - >>> j.del_addr('192.0.2.1/24') - >>> j.get_addr() - ['2001:db8::ffff/64'] - """ - if addr == 'dhcp': - self._del_dhcp() - elif addr == 'dhcpv6': - self._del_dhcpv6() - else: - if is_intf_addr_assigned(self._ifname, addr): - cmd = 'ip addr del "{}" dev "{}"'.format(addr, self._ifname) - return self._cmd(cmd) - - - def get_dhcp_options(self): - """ - Return dictionary with supported DHCP options. - - Dictionary should be altered and send back via set_dhcp_options() - so those options are applied when DHCP is run. - """ - return self._dhcp_options - - def set_dhcp_options(self, options): - """ - Store new DHCP options used by next run of DHCP client. - """ - self._dhcp_options = options - - def get_dhcpv6_options(self): - """ - Return dictionary with supported DHCPv6 options. - - Dictionary should be altered and send back via set_dhcp_options() - so those options are applied when DHCP is run. - """ - return self._dhcpv6_options - - def set_dhcpv6_options(self, options): - """ - Store new DHCP options used by next run of DHCP client. - """ - self._dhcpv6_options = options - - # replace dhcpv4/v6 with systemd.networkd? - def _set_dhcp(self): - """ - Configure interface as DHCP client. The dhclient binary is automatically - started in background! - - Example: - - >>> from vyos.ifconfig import Interface - >>> j = Interface('eth0') - >>> j.set_dhcp() - """ - - dhcp = self.get_dhcp_options() - if not dhcp['hostname']: - # read configured system hostname. - # maybe change to vyos hostd client ??? - with open('/etc/hostname', 'r') as f: - dhcp['hostname'] = f.read().rstrip('\n') - - # render DHCP configuration - tmpl = jinja2.Template(dhcp_cfg) - dhcp_text = tmpl.render(dhcp) - with open(self._dhcp_cfg_file, 'w') as f: - f.write(dhcp_text) - - cmd = 'start-stop-daemon --start --quiet --pidfile ' + \ - self._dhcp_pid_file - cmd += ' --exec /sbin/dhclient --' - # now pass arguments to dhclient binary - cmd += ' -4 -nw -cf {} -pf {} -lf {} {}'.format( - self._dhcp_cfg_file, self._dhcp_pid_file, self._dhcp_lease_file, self._ifname) - return self._cmd(cmd) - - - def _del_dhcp(self): - """ - De-configure interface as DHCP clinet. All auto generated files like - pid, config and lease will be removed. - - Example: - - >>> from vyos.ifconfig import Interface - >>> j = Interface('eth0') - >>> j.del_dhcp() - """ - pid = 0 - if os.path.isfile(self._dhcp_pid_file): - with open(self._dhcp_pid_file, 'r') as f: - pid = int(f.read()) - else: - self._debug_msg('No DHCP client PID found') - return None - - # stop dhclient, we need to call dhclient and tell it should release the - # aquired IP address. tcpdump tells me: - # 172.16.35.103.68 > 172.16.35.254.67: [bad udp cksum 0xa0cb -> 0xb943!] BOOTP/DHCP, Request from 00:50:56:9d:11:df, length 300, xid 0x620e6946, Flags [none] (0x0000) - # Client-IP 172.16.35.103 - # Client-Ethernet-Address 00:50:56:9d:11:df - # Vendor-rfc1048 Extensions - # Magic Cookie 0x63825363 - # DHCP-Message Option 53, length 1: Release - # Server-ID Option 54, length 4: 172.16.35.254 - # Hostname Option 12, length 10: "vyos" - # - cmd = '/sbin/dhclient -cf {} -pf {} -lf {} -r {}'.format( - self._dhcp_cfg_file, self._dhcp_pid_file, self._dhcp_lease_file, self._ifname) - self._cmd(cmd) - - # cleanup old config file - if os.path.isfile(self._dhcp_cfg_file): - os.remove(self._dhcp_cfg_file) - - # cleanup old pid file - if os.path.isfile(self._dhcp_pid_file): - os.remove(self._dhcp_pid_file) - - # cleanup old lease file - if os.path.isfile(self._dhcp_lease_file): - os.remove(self._dhcp_lease_file) - - - def _set_dhcpv6(self): - """ - Configure interface as DHCPv6 client. The dhclient binary is automatically - started in background! - - Example: - - >>> from vyos.ifconfig import Interface - >>> j = Interface('eth0') - >>> j.set_dhcpv6() - """ - dhcpv6 = self.get_dhcpv6_options() - - # better save then sorry .. should be checked in interface script - # but if you missed it we are safe! - if dhcpv6['dhcpv6_prm_only'] and dhcpv6['dhcpv6_temporary']: - raise Exception('DHCPv6 temporary and parameters-only options are mutually exclusive!') - - # render DHCP configuration - tmpl = jinja2.Template(dhcpv6_cfg) - dhcpv6_text = tmpl.render(dhcpv6) - with open(self._dhcpv6_cfg_file, 'w') as f: - f.write(dhcpv6_text) - - # https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1447715 - # - # wee need to wait for IPv6 DAD to finish once and interface is added - # this suxx :-( - sleep(5) - - # no longer accept router announcements on this interface - self._write_sysfs('/proc/sys/net/ipv6/conf/{}/accept_ra' - .format(self._ifname), 0) - - # assemble command-line to start DHCPv6 client (dhclient) - cmd = 'start-stop-daemon --start --quiet --pidfile ' + \ - self._dhcpv6_pid_file - cmd += ' --exec /sbin/dhclient --' - # now pass arguments to dhclient binary - cmd += ' -6 -nw -cf {} -pf {} -lf {}'.format( - self._dhcpv6_cfg_file, self._dhcpv6_pid_file, self._dhcpv6_lease_file) - - # add optional arguments - if dhcpv6['dhcpv6_prm_only']: - cmd += ' -S' - if dhcpv6['dhcpv6_temporary']: - cmd += ' -T' - - cmd += ' {}'.format(self._ifname) - return self._cmd(cmd) - - - def _del_dhcpv6(self): - """ - De-configure interface as DHCPv6 clinet. All auto generated files like - pid, config and lease will be removed. - - Example: - - >>> from vyos.ifconfig import Interface - >>> j = Interface('eth0') - >>> j.del_dhcpv6() - """ - pid = 0 - if os.path.isfile(self._dhcpv6_pid_file): - with open(self._dhcpv6_pid_file, 'r') as f: - pid = int(f.read()) - else: - self._debug_msg('No DHCPv6 client PID found') - return None - - # stop dhclient - cmd = 'start-stop-daemon --stop --quiet --pidfile {}'.format(self._dhcpv6_pid_file) - self._cmd(cmd) - - # accept router announcements on this interface - self._write_sysfs('/proc/sys/net/ipv6/conf/{}/accept_ra' - .format(self._ifname), 1) - - # cleanup old config file - if os.path.isfile(self._dhcpv6_cfg_file): - os.remove(self._dhcpv6_cfg_file) - - # cleanup old pid file - if os.path.isfile(self._dhcpv6_pid_file): - os.remove(self._dhcpv6_pid_file) - - # cleanup old lease file - if os.path.isfile(self._dhcpv6_lease_file): - os.remove(self._dhcpv6_lease_file) - - def op_show_interface_stats(self): - stats = self.get_interface_stats() - rx = [['bytes','packets','errors','dropped','overrun','mcast'],[stats['rx_bytes'],stats['rx_packets'],stats['rx_errors'],stats['rx_dropped'],stats['rx_over_errors'],stats['multicast']]] - tx = [['bytes','packets','errors','dropped','carrier','collisions'],[stats['tx_bytes'],stats['tx_packets'],stats['tx_errors'],stats['tx_dropped'],stats['tx_carrier_errors'],stats['collisions']]] - output = "RX: \n" - output += tabulate(rx,headers="firstrow",numalign="right",tablefmt="plain") - output += "\n\nTX: \n" - output += tabulate(tx,headers="firstrow",numalign="right",tablefmt="plain") - print(' '.join(('\n'+output.lstrip()).splitlines(True))) - - def get_interface_stats(self): - interface_stats = dict() - devices = [f for f in glob.glob("/sys/class/net/**/statistics")] - for dev_path in devices: - metrics = [f for f in glob.glob(dev_path +"/**")] - dev = re.findall(r"/sys/class/net/(.*)/statistics",dev_path)[0] - dev_dict = dict() - for metric_path in metrics: - metric = metric_path.replace(dev_path+"/","") - if isfile(metric_path): - data = open(metric_path, 'r').read()[:-1] - dev_dict[metric] = int(data) - interface_stats[dev] = dev_dict - - return interface_stats[self._ifname] - -class LoopbackIf(Interface): - - """ - The loopback device is a special, virtual network interface that your router - uses to communicate with itself. - """ - - def __init__(self, ifname): - super().__init__(ifname, type='loopback') - - def remove(self): - """ - Loopback interface can not be deleted from operating system. We can - only remove all assigned IP addresses. - - Example: - >>> from vyos.ifconfig import Interface - >>> i = LoopbackIf('lo').remove() - """ - # remove all assigned IP addresses from interface - for addr in self.get_addr(): - if addr in ["127.0.0.1/8", "::1/128"]: - # Do not allow deletion of the default loopback addresses as - # this will cause weird system behavior like snmp/ssh no longer - # operating as expected, see https://phabricator.vyos.net/T2034. - continue - - self.del_addr(addr) - -class DummyIf(Interface): - - """ - A dummy interface is entirely virtual like, for example, the loopback - interface. The purpose of a dummy interface is to provide a device to route - packets through without actually transmitting them. - """ - - def __init__(self, ifname): - super().__init__(ifname, type='dummy') - - -class STPIf(Interface): - """ - A spanning-tree capable interface. This applies only to bridge port member - interfaces! - """ - def __init__(self, ifname): - super().__init__(ifname) - - def set_path_cost(self, cost): - """ - Set interface path cost, only relevant for STP enabled interfaces - - Example: - - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').set_path_cost(4) - """ - if not os.path.isfile('/sys/class/net/{}/brport/path_cost' - .format(self._ifname)): - raise TypeError('{} is not a bridge port member'.format(self._ifname)) - - return self._write_sysfs('/sys/class/net/{}/brport/path_cost' - .format(self._ifname), cost) - - def set_path_priority(self, priority): - """ - Set interface path priority, only relevant for STP enabled interfaces - - Example: - - >>> from vyos.ifconfig import Interface - >>> Interface('eth0').set_path_priority(4) - """ - if not os.path.isfile('/sys/class/net/{}/brport/priority' - .format(self._ifname)): - raise TypeError('{} is not a bridge port member'.format(self._ifname)) - - return self._write_sysfs('/sys/class/net/{}/brport/priority' - .format(self._ifname), priority) - - -class BridgeIf(Interface): - - """ - A bridge is a way to connect two Ethernet segments together in a protocol - independent way. Packets are forwarded based on Ethernet address, rather - than IP address (like a router). Since forwarding is done at Layer 2, all - protocols can go transparently through a bridge. - - The Linux bridge code implements a subset of the ANSI/IEEE 802.1d standard. - """ - - def __init__(self, ifname): - super().__init__(ifname, type='bridge') - - def set_ageing_time(self, time): - """ - Set bridge interface MAC address aging time in seconds. Internal kernel - representation is in centiseconds. Kernel default is 300 seconds. - - Example: - >>> from vyos.ifconfig import BridgeIf - >>> BridgeIf('br0').ageing_time(2) - """ - time = int(time) * 100 - return self._write_sysfs('/sys/class/net/{}/bridge/ageing_time' - .format(self._ifname), time) - - def set_forward_delay(self, time): - """ - Set bridge forwarding delay in seconds. Internal Kernel representation - is in centiseconds. - - Example: - >>> from vyos.ifconfig import BridgeIf - >>> BridgeIf('br0').forward_delay(15) - """ - return self._write_sysfs('/sys/class/net/{}/bridge/forward_delay' - .format(self._ifname), (int(time) * 100)) - - def set_hello_time(self, time): - """ - Set bridge hello time in seconds. Internal Kernel representation - is in centiseconds. - - Example: - >>> from vyos.ifconfig import BridgeIf - >>> BridgeIf('br0').set_hello_time(2) - """ - return self._write_sysfs('/sys/class/net/{}/bridge/hello_time' - .format(self._ifname), (int(time) * 100)) - - def set_max_age(self, time): - """ - Set bridge max message age in seconds. Internal Kernel representation - is in centiseconds. - - Example: - >>> from vyos.ifconfig import Interface - >>> BridgeIf('br0').set_max_age(30) - """ - return self._write_sysfs('/sys/class/net/{}/bridge/max_age' - .format(self._ifname), (int(time) * 100)) - - def set_priority(self, priority): - """ - Set bridge max aging time in seconds. - - Example: - >>> from vyos.ifconfig import BridgeIf - >>> BridgeIf('br0').set_priority(8192) - """ - return self._write_sysfs('/sys/class/net/{}/bridge/priority' - .format(self._ifname), priority) - - def set_stp(self, state): - """ - Set bridge STP (Spanning Tree) state. 0 -> STP disabled, 1 -> STP enabled - - Example: - >>> from vyos.ifconfig import BridgeIf - >>> BridgeIf('br0').set_stp(1) - """ - - if int(state) >= 0 and int(state) <= 1: - return self._write_sysfs('/sys/class/net/{}/bridge/stp_state' - .format(self._ifname), state) - else: - raise ValueError("Value out of range") - - - def set_multicast_querier(self, enable): - """ - Sets whether the bridge actively runs a multicast querier or not. When a - bridge receives a 'multicast host membership' query from another network - host, that host is tracked based on the time that the query was received - plus the multicast query interval time. - - Use enable=1 to enable or enable=0 to disable - - Example: - >>> from vyos.ifconfig import Interface - >>> BridgeIf('br0').set_multicast_querier(1) - """ - if int(enable) >= 0 and int(enable) <= 1: - return self._write_sysfs('/sys/class/net/{}/bridge/multicast_querier' - .format(self._ifname), enable) - else: - raise ValueError("Value out of range") - - - def add_port(self, interface): - """ - Add physical interface to bridge (member port) - - Example: - >>> from vyos.ifconfig import Interface - >>> BridgeIf('br0').add_port('eth0') - >>> BridgeIf('br0').add_port('eth1') - """ - cmd = 'ip link set dev {} master {}'.format(interface, self._ifname) - return self._cmd(cmd) - - def del_port(self, interface): - """ - Remove member port from bridge instance. - - Example: - >>> from vyos.ifconfig import Interface - >>> BridgeIf('br0').del_port('eth1') - """ - cmd = 'ip link set dev {} nomaster'.format(interface) - return self._cmd(cmd) - -class VLANIf(Interface): - """ - This class handels the creation and removal of a VLAN interface. It serves - as base class for BondIf and EthernetIf. - """ - def __init__(self, ifname, type=None): - super().__init__(ifname, type) - - def remove(self): - """ - Remove interface from operating system. Removing the interface - deconfigures all assigned IP addresses and clear possible DHCP(v6) - client processes. - - Example: - >>> from vyos.ifconfig import Interface - >>> i = Interface('eth0') - >>> i.remove() - """ - # Do we have sub interfaces (VLANs)? We apply a regex matching - # subinterfaces (indicated by a .) of a parent interface. - # - # As interfaces need to be deleted "in order" starting from Q-in-Q - # we delete them first. - vlan_ifs = [f for f in os.listdir(r'/sys/class/net') \ - if re.match(self._ifname + r'(?:\.\d+)(?:\.\d+)', f)] - - for vlan in vlan_ifs: - Interface(vlan).remove() - - # After deleting all Q-in-Q interfaces delete other VLAN interfaces - # which probably acted as parent to Q-in-Q or have been regular 802.1q - # interface. - vlan_ifs = [f for f in os.listdir(r'/sys/class/net') \ - if re.match(self._ifname + r'(?:\.\d+)', f)] - - for vlan in vlan_ifs: - Interface(vlan).remove() - - # All subinterfaces are now removed, continue on the physical interface - super().remove() - - - def add_vlan(self, vlan_id, ethertype='', ingress_qos='', egress_qos=''): - """ - A virtual LAN (VLAN) is any broadcast domain that is partitioned and - isolated in a computer network at the data link layer (OSI layer 2). - Use this function to create a new VLAN interface on a given physical - interface. - - This function creates both 802.1q and 802.1ad (Q-in-Q) interfaces. Proto - parameter is used to indicate VLAN type. - - A new object of type VLANIf is returned once the interface has been - created. - - @param ethertype: If specified, create 802.1ad or 802.1q Q-in-Q VLAN - interface - @param ingress_qos: Defines a mapping of VLAN header prio field to the - Linux internal packet priority on incoming frames. - @param ingress_qos: Defines a mapping of Linux internal packet priority - to VLAN header prio field but for outgoing frames. - - Example: - >>> from vyos.ifconfig import VLANIf - >>> i = VLANIf('eth0') - >>> i.add_vlan(10) - """ - vlan_ifname = self._ifname + '.' + str(vlan_id) - if not os.path.exists('/sys/class/net/{}'.format(vlan_ifname)): - self._vlan_id = int(vlan_id) - - if ethertype: - self._ethertype = ethertype - ethertype = 'proto {}'.format(ethertype) - - # Optional ingress QOS mapping - opt_i = '' - if ingress_qos: - opt_i = 'ingress-qos-map ' + ingress_qos - # Optional egress QOS mapping - opt_e = '' - if egress_qos: - opt_e = 'egress-qos-map ' + egress_qos - - # create interface in the system - cmd = 'ip link add link {intf} name {intf}.{vlan} type vlan {proto} id {vlan} {opt_e} {opt_i}' \ - .format(intf=self._ifname, vlan=self._vlan_id, proto=ethertype, opt_e=opt_e, opt_i=opt_i) - self._cmd(cmd) - - # return new object mapping to the newly created interface - # we can now work on this object for e.g. IP address setting - # or interface description and so on - return VLANIf(vlan_ifname) - - - def del_vlan(self, vlan_id): - """ - Remove VLAN interface from operating system. Removing the interface - deconfigures all assigned IP addresses and clear possible DHCP(v6) - client processes. - - Example: - >>> from vyos.ifconfig import VLANIf - >>> i = VLANIf('eth0.10') - >>> i.del_vlan() - """ - vlan_ifname = self._ifname + '.' + str(vlan_id) - VLANIf(vlan_ifname).remove() - - -class EthernetIf(VLANIf): - """ - Abstraction of a Linux Ethernet Interface - """ - def __init__(self, ifname): - super().__init__(ifname) - - def get_driver_name(self): - """ - Return the driver name used by NIC. Some NICs don't support all - features e.g. changing link-speed, duplex - - Example: - >>> from vyos.ifconfig import EthernetIf - >>> i = EthernetIf('eth0') - >>> i.get_driver_name() - 'vmxnet3' - """ - link = os.readlink('/sys/class/net/{}/device/driver/module'.format(self._ifname)) - return os.path.basename(link) - - def set_flow_control(self, enable): - """ - Changes the pause parameters of the specified Ethernet device. - - @param enable: true -> enable pause frames, false -> disable pause frames - - Example: - >>> from vyos.ifconfig import EthernetIf - >>> i = EthernetIf('eth0') - >>> i.set_flow_control(True) - """ - if enable not in ['on', 'off']: - raise ValueError("Value out of range") - - if self.get_driver_name() in ['vmxnet3', 'virtio_net']: - self._debug_msg('{} driver does not support changing flow control settings!' - .format(self.get_driver_name())) - return - - # Get current flow control settings: - cmd = '/sbin/ethtool --show-pause {0}'.format(self._ifname) - tmp = self._cmd(cmd) - - # The above command returns - with tabs: - # - # Pause parameters for eth0: - # Autonegotiate: on - # RX: off - # TX: off - if re.search("Autonegotiate:\ton", tmp): - if enable == "on": - # flowcontrol is already enabled - no need to re-enable it again - # this will prevent the interface from flapping as applying the - # flow-control settings will take the interface down and bring - # it back up every time. - return - - # Assemble command executed on system. Unfortunately there is no way - # to change this setting via sysfs - cmd = '/sbin/ethtool --pause {0} autoneg {1} tx {1} rx {1}'.format( - self._ifname, enable) - try: - # An exception will be thrown if the settings are not changed - return self._cmd(cmd) - except CalledProcessError: - pass - - - def set_speed_duplex(self, speed, duplex): - """ - Set link speed in Mbit/s and duplex. - - @speed can be any link speed in MBit/s, e.g. 10, 100, 1000 auto - @duplex can be half, full, auto - - Example: - >>> from vyos.ifconfig import EthernetIf - >>> i = EthernetIf('eth0') - >>> i.set_speed_duplex('auto', 'auto') - """ - - if speed not in ['auto', '10', '100', '1000', '2500', '5000', '10000', '25000', '40000', '50000', '100000', '400000']: - raise ValueError("Value out of range (speed)") - - if duplex not in ['auto', 'full', 'half']: - raise ValueError("Value out of range (duplex)") - - if self.get_driver_name() in ['vmxnet3', 'virtio_net']: - self._debug_msg('{} driver does not support changing speed/duplex settings!' - .format(self.get_driver_name())) - return - - # Get current speed and duplex settings: - cmd = '/sbin/ethtool {0}'.format(self._ifname) - tmp = self._cmd(cmd) - - if re.search("\tAuto-negotiation: on", tmp): - if speed == 'auto' and duplex == 'auto': - # bail out early as nothing is to change - return - else: - # read in current speed and duplex settings - cur_speed = 0 - cur_duplex = '' - for line in tmp.splitlines(): - if line.lstrip().startswith("Speed:"): - non_decimal = re.compile(r'[^\d.]+') - cur_speed = non_decimal.sub('', line) - continue - - if line.lstrip().startswith("Duplex:"): - cur_duplex = line.split()[-1].lower() - break - - if (cur_speed == speed) and (cur_duplex == duplex): - # bail out early as nothing is to change - return - - cmd = '/sbin/ethtool -s {}'.format(self._ifname) - if speed == 'auto' or duplex == 'auto': - cmd += ' autoneg on' - else: - cmd += ' speed {} duplex {} autoneg off'.format(speed, duplex) - - return self._cmd(cmd) - - - def set_gro(self, state): - """ - Example: - >>> from vyos.ifconfig import EthernetIf - >>> i = EthernetIf('eth0') - >>> i.set_gro('on') - """ - if state not in ['on', 'off']: - raise ValueError('state must be "on" or "off"') - - cmd = '/sbin/ethtool -K {} gro {}'.format(self._ifname, state) - return self._cmd(cmd) - - - def set_gso(self, state): - """ - Example: - >>> from vyos.ifconfig import EthernetIf - >>> i = EthernetIf('eth0') - >>> i.set_gso('on') - """ - if state not in ['on', 'off']: - raise ValueError('state must be "on" or "off"') - - cmd = '/sbin/ethtool -K {} gso {}'.format(self._ifname, state) - return self._cmd(cmd) - - - def set_sg(self, state): - """ - Example: - >>> from vyos.ifconfig import EthernetIf - >>> i = EthernetIf('eth0') - >>> i.set_sg('on') - """ - if state not in ['on', 'off']: - raise ValueError('state must be "on" or "off"') - - cmd = '/sbin/ethtool -K {} sg {}'.format(self._ifname, state) - return self._cmd(cmd) - - - def set_tso(self, state): - """ - Example: - >>> from vyos.ifconfig import EthernetIf - >>> i = EthernetIf('eth0') - >>> i.set_tso('on') - """ - if state not in ['on', 'off']: - raise ValueError('state must be "on" or "off"') - - cmd = '/sbin/ethtool -K {} tso {}'.format(self._ifname, state) - return self._cmd(cmd) - - - def set_ufo(self, state): - """ - Example: - >>> from vyos.ifconfig import EthernetIf - >>> i = EthernetIf('eth0') - >>> i.set_udp_offload('on') - """ - if state not in ['on', 'off']: - raise ValueError('state must be "on" or "off"') - - cmd = '/sbin/ethtool -K {} ufo {}'.format(self._ifname, state) - return self._cmd(cmd) - -class MACVLANIf(VLANIf): - """ - Abstraction of a Linux MACvlan interface - """ - def __init__(self, ifname, config=''): - self._ifname = ifname - - if not os.path.exists('/sys/class/net/{}'.format(self._ifname)) and config: - cmd = 'ip link add {intf} link {link} type macvlan mode {mode}' \ - .format(intf=self._ifname, link=config['link'], mode=config['mode']) - self._cmd(cmd) - - super().__init__(ifname, type='macvlan') - - @staticmethod - def get_config(): - """ - VXLAN interfaces require a configuration when they are added using - iproute2. This static method will provide the configuration dictionary - used by this class. - - Example: - >> dict = MACVLANIf().get_config() - """ - config = { - 'address': '', - 'link': 0, - 'mode': '' - } - return config - - def set_mode(self, mode): - """ - """ - - cmd = 'ip link set dev {} type macvlan mode {}'.format(self._ifname, mode) - return self._cmd(cmd) - - -class BondIf(VLANIf): - """ - The Linux bonding driver provides a method for aggregating multiple network - interfaces into a single logical "bonded" interface. The behavior of the - bonded interfaces depends upon the mode; generally speaking, modes provide - either hot standby or load balancing services. Additionally, link integrity - monitoring may be performed. - """ - def __init__(self, ifname): - super().__init__(ifname, type='bond') - - def remove(self): - """ - Remove interface from operating system. Removing the interface - deconfigures all assigned IP addresses and clear possible DHCP(v6) - client processes. - Example: - >>> from vyos.ifconfig import Interface - >>> i = Interface('eth0') - >>> i.remove() - """ - # when a bond member gets deleted, all members are placed in A/D state - # even when they are enabled inside CLI. This will make the config - # and system look async. - slave_list = [] - for s in self.get_slaves(): - slave = { - 'ifname' : s, - 'state': Interface(s).get_state() - } - slave_list.append(slave) - - # remove bond master which places members in disabled state - super().remove() - - # replicate previous interface state before bond destruction back to - # physical interface - for slave in slave_list: - i = Interface(slave['ifname']) - i.set_state(slave['state']) - - - def set_hash_policy(self, mode): - """ - Selects the transmit hash policy to use for slave selection in - balance-xor, 802.3ad, and tlb modes. Possible values are: layer2, - layer2+3, layer3+4, encap2+3, encap3+4. - - The default value is layer2 - - Example: - >>> from vyos.ifconfig import BondIf - >>> BondIf('bond0').set_hash_policy('layer2+3') - """ - if not mode in ['layer2', 'layer2+3', 'layer3+4', 'encap2+3', 'encap3+4']: - raise ValueError("Value out of range") - return self._write_sysfs('/sys/class/net/{}/bonding/xmit_hash_policy' - .format(self._ifname), mode) - - def set_arp_interval(self, interval): - """ - Specifies the ARP link monitoring frequency in milliseconds. - - The ARP monitor works by periodically checking the slave devices - to determine whether they have sent or received traffic recently - (the precise criteria depends upon the bonding mode, and the - state of the slave). Regular traffic is generated via ARP probes - issued for the addresses specified by the arp_ip_target option. - - If ARP monitoring is used in an etherchannel compatible mode - (modes 0 and 2), the switch should be configured in a mode that - evenly distributes packets across all links. If the switch is - configured to distribute the packets in an XOR fashion, all - replies from the ARP targets will be received on the same link - which could cause the other team members to fail. - - value of 0 disables ARP monitoring. The default value is 0. - - Example: - >>> from vyos.ifconfig import BondIf - >>> BondIf('bond0').set_arp_interval('100') - """ - if int(interval) == 0: - """ - Specifies the MII link monitoring frequency in milliseconds. - This determines how often the link state of each slave is - inspected for link failures. A value of zero disables MII - link monitoring. A value of 100 is a good starting point. - """ - return self._write_sysfs('/sys/class/net/{}/bonding/miimon' - .format(self._ifname), interval) - else: - return self._write_sysfs('/sys/class/net/{}/bonding/arp_interval' - .format(self._ifname), interval) - - def get_arp_ip_target(self): - """ - Specifies the IP addresses to use as ARP monitoring peers when - arp_interval is > 0. These are the targets of the ARP request sent to - determine the health of the link to the targets. Specify these values - in ddd.ddd.ddd.ddd format. Multiple IP addresses must be separated by - a comma. At least one IP address must be given for ARP monitoring to - function. The maximum number of targets that can be specified is 16. - - The default value is no IP addresses. - - Example: - >>> from vyos.ifconfig import BondIf - >>> BondIf('bond0').get_arp_ip_target() - '192.0.2.1' - """ - return self._read_sysfs('/sys/class/net/{}/bonding/arp_ip_target' - .format(self._ifname)) - - def set_arp_ip_target(self, target): - """ - Specifies the IP addresses to use as ARP monitoring peers when - arp_interval is > 0. These are the targets of the ARP request sent to - determine the health of the link to the targets. Specify these values - in ddd.ddd.ddd.ddd format. Multiple IP addresses must be separated by - a comma. At least one IP address must be given for ARP monitoring to - function. The maximum number of targets that can be specified is 16. - - The default value is no IP addresses. - - Example: - >>> from vyos.ifconfig import BondIf - >>> BondIf('bond0').set_arp_ip_target('192.0.2.1') - >>> BondIf('bond0').get_arp_ip_target() - '192.0.2.1' - """ - return self._write_sysfs('/sys/class/net/{}/bonding/arp_ip_target' - .format(self._ifname), target) - - def add_port(self, interface): - """ - Enslave physical interface to bond. - - Example: - >>> from vyos.ifconfig import BondIf - >>> BondIf('bond0').add_port('eth0') - >>> BondIf('bond0').add_port('eth1') - """ - # An interface can only be added to a bond if it is in 'down' state. If - # interface is in 'up' state, the following Kernel error will be thrown: - # bond0: eth1 is up - this may be due to an out of date ifenslave. - Interface(interface).set_state('down') - - return self._write_sysfs('/sys/class/net/{}/bonding/slaves' - .format(self._ifname), '+' + interface) - - def del_port(self, interface): - """ - Remove physical port from bond - - Example: - >>> from vyos.ifconfig import BondIf - >>> BondIf('bond0').del_port('eth1') - """ - return self._write_sysfs('/sys/class/net/{}/bonding/slaves' - .format(self._ifname), '-' + interface) - - def get_slaves(self): - """ - Return a list with all configured slave interfaces on this bond. - - Example: - >>> from vyos.ifconfig import BondIf - >>> BondIf('bond0').get_slaves() - ['eth1', 'eth2'] - """ - enslaved_ifs = [] - # retrieve real enslaved interfaces from OS kernel - sysfs_bond = '/sys/class/net/{}'.format(self._ifname) - if os.path.isdir(sysfs_bond): - for directory in os.listdir(sysfs_bond): - if 'lower_' in directory: - enslaved_ifs.append(directory.replace('lower_','')) - - return enslaved_ifs - - - def set_primary(self, interface): - """ - A string (eth0, eth2, etc) specifying which slave is the primary - device. The specified device will always be the active slave while it - is available. Only when the primary is off-line will alternate devices - be used. This is useful when one slave is preferred over another, e.g., - when one slave has higher throughput than another. - - The primary option is only valid for active-backup, balance-tlb and - balance-alb mode. - - Example: - >>> from vyos.ifconfig import BondIf - >>> BondIf('bond0').set_primary('eth2') - """ - if not interface: - # reset primary interface - interface = '\0' - - return self._write_sysfs('/sys/class/net/{}/bonding/primary' - .format(self._ifname), interface) - - def set_mode(self, mode): - """ - Specifies one of the bonding policies. The default is balance-rr - (round robin). - - Possible values are: balance-rr, active-backup, balance-xor, - broadcast, 802.3ad, balance-tlb, balance-alb - - NOTE: the bonding mode can not be changed when the bond itself has - slaves - - Example: - >>> from vyos.ifconfig import BondIf - >>> BondIf('bond0').set_mode('802.3ad') - """ - if not mode in [ - 'balance-rr', 'active-backup', 'balance-xor', 'broadcast', - '802.3ad', 'balance-tlb', 'balance-alb']: - raise ValueError("Value out of range") - - return self._write_sysfs('/sys/class/net/{}/bonding/mode' - .format(self._ifname), mode) - -class WireGuardIf(Interface): - """ - Wireguard interface class, contains a comnfig dictionary since - wireguard VPN is being comnfigured via the wg command rather than - writing the config into a file. Otherwise if a pre-shared key is used - (symetric enryption key), it would we exposed within multiple files. - Currently it's only within the config.boot if the config was saved. - - Example: - >>> from vyos.ifconfig import WireGuardIf as wg_if - >>> wg_intfc = wg_if("wg01") - >>> print (wg_intfc.wg_config) - {'private-key': None, 'keepalive': 0, 'endpoint': None, 'port': 0, - 'allowed-ips': [], 'pubkey': None, 'fwmark': 0, 'psk': '/dev/null'} - >>> wg_intfc.wg_config['keepalive'] = 100 - >>> print (wg_intfc.wg_config) - {'private-key': None, 'keepalive': 100, 'endpoint': None, 'port': 0, - 'allowed-ips': [], 'pubkey': None, 'fwmark': 0, 'psk': '/dev/null'} - """ - - def __init__(self, ifname): - super().__init__(ifname, type='wireguard') - - self.config = { - 'port': 0, - 'private-key': None, - 'pubkey': None, - 'psk': '/dev/null', - 'allowed-ips': [], - 'fwmark': 0x00, - 'endpoint': None, - 'keepalive': 0 - } - - def update(self): - if not self.config['private-key']: - raise ValueError("private key required") - else: - # fmask permission check? - pass - - cmd = "wg set {} ".format(self._ifname) - cmd += "listen-port {} ".format(self.config['port']) - cmd += "fwmark {} ".format(str(self.config['fwmark'])) - cmd += "private-key {} ".format(self.config['private-key']) - cmd += "peer {} ".format(self.config['pubkey']) - cmd += " preshared-key {} ".format(self.config['psk']) - cmd += " allowed-ips " - for aip in self.config['allowed-ips']: - if aip != self.config['allowed-ips'][-1]: - cmd += aip + "," - else: - cmd += aip - if self.config['endpoint']: - cmd += " endpoint {}".format(self.config['endpoint']) - cmd += " persistent-keepalive {}".format(self.config['keepalive']) - - self._cmd(cmd) - - # remove psk since it isn't required anymore and is saved in the cli - # config only !! - if self.config['psk'] != '/dev/null': - if os.path.exists(self.config['psk']): - os.remove(self.config['psk']) - - - def remove_peer(self, peerkey): - """ - Remove a peer of an interface, peers are identified by their public key. - Giving it a readable name is a vyos feature, to remove a peer the pubkey - and the interface is needed, to remove the entry. - """ - cmd = "wg set {0} peer {1} remove".format( - self._ifname, str(peerkey)) - return self._cmd(cmd) - - def op_show_interface(self): - wgdump = vyos.interfaces.wireguard_dump().get(self._ifname,None) - - c = Config() - c.set_level(["interfaces","wireguard",self._ifname]) - description = c.return_effective_value(["description"]) - ips = c.return_effective_values(["address"]) - - print ("interface: {}".format(self._ifname)) - if (description): - print (" description: {}".format(description)) - - if (ips): - print (" address: {}".format(", ".join(ips))) - print (" public key: {}".format(wgdump['public_key'])) - print (" private key: (hidden)") - print (" listening port: {}".format(wgdump['listen_port'])) - print () - - for peer in c.list_effective_nodes(["peer"]): - if wgdump['peers']: - pubkey = c.return_effective_value(["peer",peer,"pubkey"]) - if pubkey in wgdump['peers']: - wgpeer = wgdump['peers'][pubkey] - - print (" peer: {}".format(peer)) - print (" public key: {}".format(pubkey)) - - """ figure out if the tunnel is recently active or not """ - status = "inactive" - if (wgpeer['latest_handshake'] is None): - """ no handshake ever """ - status = "inactive" - else: - if int(wgpeer['latest_handshake']) > 0: - delta = timedelta(seconds=int(time.time() - wgpeer['latest_handshake'])) - print (" latest handshake: {}".format(delta)) - if (time.time() - int(wgpeer['latest_handshake']) < (60*5)): - """ Five minutes and the tunnel is still active """ - status = "active" - else: - """ it's been longer than 5 minutes """ - status = "inactive" - elif int(wgpeer['latest_handshake']) == 0: - """ no handshake ever """ - status = "inactive" - print (" status: {}".format(status)) - - if wgpeer['endpoint'] is not None: - print (" endpoint: {}".format(wgpeer['endpoint'])) - - if wgpeer['allowed_ips'] is not None: - print (" allowed ips: {}".format(",".join(wgpeer['allowed_ips']).replace(",",", "))) - - if wgpeer['transfer_rx'] > 0 or wgpeer['transfer_tx'] > 0: - rx_size =size(wgpeer['transfer_rx'],system=alternative) - tx_size =size(wgpeer['transfer_tx'],system=alternative) - print (" transfer: {} received, {} sent".format(rx_size,tx_size)) - - if wgpeer['persistent_keepalive'] is not None: - print (" persistent keepalive: every {} seconds".format(wgpeer['persistent_keepalive'])) - print() - super().op_show_interface_stats() - - -class VXLANIf(Interface): - """ - The VXLAN protocol is a tunnelling protocol designed to solve the - problem of limited VLAN IDs (4096) in IEEE 802.1q. With VXLAN the - size of the identifier is expanded to 24 bits (16777216). - - VXLAN is described by IETF RFC 7348, and has been implemented by a - number of vendors. The protocol runs over UDP using a single - destination port. This document describes the Linux kernel tunnel - device, there is also a separate implementation of VXLAN for - Openvswitch. - - Unlike most tunnels, a VXLAN is a 1 to N network, not just point to - point. A VXLAN device can learn the IP address of the other endpoint - either dynamically in a manner similar to a learning bridge, or make - use of statically-configured forwarding entries. - - For more information please refer to: - https://www.kernel.org/doc/Documentation/networking/vxlan.txt - """ - def __init__(self, ifname, config=''): - if config: - self._ifname = ifname - - if not os.path.exists('/sys/class/net/{}'.format(self._ifname)): - # we assume that by default a multicast interface is created - group = 'group {}'.format(config['group']) - - # if remote host is specified we ignore the multicast address - if config['remote']: - group = 'remote {}'.format(config['remote']) - - # an underlay device is not always specified - dev = '' - if config['dev']: - dev = 'dev {}'.format(config['dev']) - - cmd = 'ip link add {intf} type vxlan id {vni} {grp_rem} {dev} dstport {port}' \ - .format(intf=self._ifname, vni=config['vni'], grp_rem=group, dev=dev, port=config['port']) - self._cmd(cmd) - - super().__init__(ifname, type='vxlan') - - @staticmethod - def get_config(): - """ - VXLAN interfaces require a configuration when they are added using - iproute2. This static method will provide the configuration dictionary - used by this class. - - Example: - >> dict = VXLANIf().get_config() - """ - config = { - 'vni': 0, - 'dev': '', - 'group': '', - 'port': 8472, # The Linux implementation of VXLAN pre-dates - # the IANA's selection of a standard destination port - 'remote': '' - } - return config - -class GeneveIf(Interface): - """ - Geneve: Generic Network Virtualization Encapsulation - - For more information please refer to: - https://tools.ietf.org/html/draft-gross-geneve-00 - https://www.redhat.com/en/blog/what-geneve - https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels/#geneve - https://lwn.net/Articles/644938/ - """ - def __init__(self, ifname, config=''): - if config: - self._ifname = ifname - if not os.path.exists('/sys/class/net/{}'.format(self._ifname)): - cmd = 'ip link add name {} type geneve id {} remote {}' \ - .format(self._ifname, config['vni'], config['remote']) - self._cmd(cmd) - - # interface is always A/D down. It needs to be enabled explicitly - self.set_state('down') - - super().__init__(ifname, type='geneve') - - @staticmethod - def get_config(): - """ - GENEVE interfaces require a configuration when they are added using - iproute2. This static method will provide the configuration dictionary - used by this class. - - Example: - >> dict = GeneveIf().get_config() - """ - config = { - 'vni': 0, - 'remote': '' - } - return config - -class L2TPv3If(Interface): - """ - The Linux bonding driver provides a method for aggregating multiple network - interfaces into a single logical "bonded" interface. The behavior of the - bonded interfaces depends upon the mode; generally speaking, modes provide - either hot standby or load balancing services. Additionally, link integrity - monitoring may be performed. - """ - def __init__(self, ifname, config=''): - self._config = {} - if config: - self._ifname = ifname - self._config = config - if not os.path.exists('/sys/class/net/{}'.format(self._ifname)): - # create tunnel interface - cmd = 'ip l2tp add tunnel tunnel_id {} '.format(config['tunnel_id']) - cmd += 'peer_tunnel_id {} '.format(config['peer_tunnel_id']) - cmd += 'udp_sport {} '.format(config['local_port']) - cmd += 'udp_dport {} '.format(config['remote_port']) - cmd += 'encap {} '.format(config['encapsulation']) - cmd += 'local {} '.format(config['local_address']) - cmd += 'remote {} '.format(config['remote_address']) - self._cmd(cmd) - - # setup session - cmd = 'ip l2tp add session name {} '.format(self._ifname) - cmd += 'tunnel_id {} '.format(config['tunnel_id']) - cmd += 'session_id {} '.format(config['session_id']) - cmd += 'peer_session_id {} '.format(config['peer_session_id']) - self._cmd(cmd) - - # interface is always A/D down. It needs to be enabled explicitly - self.set_state('down') - - super().__init__(ifname, type='l2tp') - - def remove(self): - """ - Remove interface from operating system. Removing the interface - deconfigures all assigned IP addresses. - Example: - >>> from vyos.ifconfig import L2TPv3If - >>> i = L2TPv3If('l2tpeth0') - >>> i.remove() - """ - - if os.path.exists('/sys/class/net/{}'.format(self._ifname)): - # interface is always A/D down. It needs to be enabled explicitly - self.set_state('down') - - if self._config['tunnel_id'] and self._config['session_id']: - cmd = 'ip l2tp del session tunnel_id {} '.format(self._config['tunnel_id']) - cmd += 'session_id {} '.format(self._config['session_id']) - self._cmd(cmd) - - if self._config['tunnel_id']: - cmd = 'ip l2tp del tunnel tunnel_id {} '.format(self._config['tunnel_id']) - self._cmd(cmd) - - @staticmethod - def get_config(): - """ - L2TPv3 interfaces require a configuration when they are added using - iproute2. This static method will provide the configuration dictionary - used by this class. - - Example: - >> dict = L2TPv3If().get_config() - """ - config = { - 'peer_tunnel_id': '', - 'local_port': 0, - 'remote_port': 0, - 'encapsulation': 'udp', - 'local_address': '', - 'remote_address': '', - 'session_id': '', - 'tunnel_id': '', - 'peer_session_id': '' - } - return config diff --git a/python/vyos/ifconfig/__init__.py b/python/vyos/ifconfig/__init__.py new file mode 100644 index 000000000..1f9956af0 --- /dev/null +++ b/python/vyos/ifconfig/__init__.py @@ -0,0 +1,39 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +from vyos.ifconfig.interface import Interface + +from vyos.ifconfig.bond import BondIf +from vyos.ifconfig.bridge import BridgeIf +from vyos.ifconfig.dummy import DummyIf +from vyos.ifconfig.ethernet import EthernetIf +from vyos.ifconfig.geneve import GeneveIf +from vyos.ifconfig.loopback import LoopbackIf +from vyos.ifconfig.macvlan import MACVLANIf +from vyos.ifconfig.vxlan import VXLANIf +from vyos.ifconfig.wireguard import WireGuardIf +from vyos.ifconfig.vtun import VTunIf +from vyos.ifconfig.pppoe import PPPoEIf +from vyos.ifconfig.tunnel import GREIf +from vyos.ifconfig.tunnel import GRETapIf +from vyos.ifconfig.tunnel import IP6GREIf +from vyos.ifconfig.tunnel import IPIPIf +from vyos.ifconfig.tunnel import IPIP6If +from vyos.ifconfig.tunnel import IP6IP6If +from vyos.ifconfig.tunnel import SitIf +from vyos.ifconfig.tunnel import Sit6RDIf +from vyos.ifconfig.wireless import WiFiIf +from vyos.ifconfig.l2tpv3 import L2TPv3If diff --git a/python/vyos/ifconfig/afi.py b/python/vyos/ifconfig/afi.py new file mode 100644 index 000000000..fd263d220 --- /dev/null +++ b/python/vyos/ifconfig/afi.py @@ -0,0 +1,19 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +# https://www.iana.org/assignments/address-family-numbers/address-family-numbers.xhtml + +IP4 = 1 +IP6 = 2 diff --git a/python/vyos/ifconfig/bond.py b/python/vyos/ifconfig/bond.py new file mode 100644 index 000000000..47dd4ff34 --- /dev/null +++ b/python/vyos/ifconfig/bond.py @@ -0,0 +1,279 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +import os + +from vyos.ifconfig.interface import Interface +from vyos.ifconfig.vlan import VLAN + +from vyos.validate import assert_list +from vyos.validate import assert_positive + + +@Interface.register +@VLAN.enable +class BondIf(Interface): + """ + The Linux bonding driver provides a method for aggregating multiple network + interfaces into a single logical "bonded" interface. The behavior of the + bonded interfaces depends upon the mode; generally speaking, modes provide + either hot standby or load balancing services. Additionally, link integrity + monitoring may be performed. + """ + + default = { + 'type': 'bond', + } + definition = { + **Interface.definition, + ** { + 'section': 'bonding', + 'prefixes': ['bond', ], + 'broadcast': True, + 'bridgeable': True, + }, + } + + _sysfs_set = {**Interface._sysfs_set, **{ + 'bond_hash_policy': { + 'validate': lambda v: assert_list(v, ['layer2', 'layer2+3', 'layer3+4', 'encap2+3', 'encap3+4']), + 'location': '/sys/class/net/{ifname}/bonding/xmit_hash_policy', + }, + 'bond_miimon': { + 'validate': assert_positive, + 'location': '/sys/class/net/{ifname}/bonding/miimon' + }, + 'bond_arp_interval': { + 'validate': assert_positive, + 'location': '/sys/class/net/{ifname}/bonding/arp_interval' + }, + 'bond_arp_ip_target': { + # XXX: no validation of the IP + 'location': '/sys/class/net/{ifname}/bonding/arp_ip_target', + }, + 'bond_add_port': { + 'location': '/sys/class/net/{ifname}/bonding/slaves', + }, + 'bond_del_port': { + 'location': '/sys/class/net/{ifname}/bonding/slaves', + }, + 'bond_primary': { + 'convert': lambda name: name if name else '\0', + 'location': '/sys/class/net/{ifname}/bonding/primary', + }, + 'bond_mode': { + 'validate': lambda v: assert_list(v, ['balance-rr', 'active-backup', 'balance-xor', 'broadcast', '802.3ad', 'balance-tlb', 'balance-alb']), + 'location': '/sys/class/net/{ifname}/bonding/mode', + }, + }} + + _sysfs_get = {**Interface._sysfs_get, **{ + 'bond_arp_ip_target': { + 'location': '/sys/class/net/{ifname}/bonding/arp_ip_target', + } + }} + + def remove(self): + """ + Remove interface from operating system. Removing the interface + deconfigures all assigned IP addresses and clear possible DHCP(v6) + client processes. + Example: + >>> from vyos.ifconfig import Interface + >>> i = Interface('eth0') + >>> i.remove() + """ + # when a bond member gets deleted, all members are placed in A/D state + # even when they are enabled inside CLI. This will make the config + # and system look async. + slave_list = [] + for s in self.get_slaves(): + slave = { + 'ifname': s, + 'state': Interface(s).get_admin_state() + } + slave_list.append(slave) + + # remove bond master which places members in disabled state + super().remove() + + # replicate previous interface state before bond destruction back to + # physical interface + for slave in slave_list: + i = Interface(slave['ifname']) + i.set_admin_state(slave['state']) + + def set_hash_policy(self, mode): + """ + Selects the transmit hash policy to use for slave selection in + balance-xor, 802.3ad, and tlb modes. Possible values are: layer2, + layer2+3, layer3+4, encap2+3, encap3+4. + + The default value is layer2 + + Example: + >>> from vyos.ifconfig import BondIf + >>> BondIf('bond0').set_hash_policy('layer2+3') + """ + self.set_interface('bond_hash_policy', mode) + + def set_arp_interval(self, interval): + """ + Specifies the ARP link monitoring frequency in milliseconds. + + The ARP monitor works by periodically checking the slave devices + to determine whether they have sent or received traffic recently + (the precise criteria depends upon the bonding mode, and the + state of the slave). Regular traffic is generated via ARP probes + issued for the addresses specified by the arp_ip_target option. + + If ARP monitoring is used in an etherchannel compatible mode + (modes 0 and 2), the switch should be configured in a mode that + evenly distributes packets across all links. If the switch is + configured to distribute the packets in an XOR fashion, all + replies from the ARP targets will be received on the same link + which could cause the other team members to fail. + + value of 0 disables ARP monitoring. The default value is 0. + + Example: + >>> from vyos.ifconfig import BondIf + >>> BondIf('bond0').set_arp_interval('100') + """ + if int(interval) == 0: + """ + Specifies the MII link monitoring frequency in milliseconds. + This determines how often the link state of each slave is + inspected for link failures. A value of zero disables MII + link monitoring. A value of 100 is a good starting point. + """ + return self.set_interface('bond_miimon', interval) + else: + return self.set_interface('bond_arp_interval', interval) + + def get_arp_ip_target(self): + """ + Specifies the IP addresses to use as ARP monitoring peers when + arp_interval is > 0. These are the targets of the ARP request sent to + determine the health of the link to the targets. Specify these values + in ddd.ddd.ddd.ddd format. Multiple IP addresses must be separated by + a comma. At least one IP address must be given for ARP monitoring to + function. The maximum number of targets that can be specified is 16. + + The default value is no IP addresses. + + Example: + >>> from vyos.ifconfig import BondIf + >>> BondIf('bond0').get_arp_ip_target() + '192.0.2.1' + """ + return self.get_interface('bond_arp_ip_target') + + def set_arp_ip_target(self, target): + """ + Specifies the IP addresses to use as ARP monitoring peers when + arp_interval is > 0. These are the targets of the ARP request sent to + determine the health of the link to the targets. Specify these values + in ddd.ddd.ddd.ddd format. Multiple IP addresses must be separated by + a comma. At least one IP address must be given for ARP monitoring to + function. The maximum number of targets that can be specified is 16. + + The default value is no IP addresses. + + Example: + >>> from vyos.ifconfig import BondIf + >>> BondIf('bond0').set_arp_ip_target('192.0.2.1') + >>> BondIf('bond0').get_arp_ip_target() + '192.0.2.1' + """ + return self.set_interface('bond_arp_ip_target', target) + + def add_port(self, interface): + """ + Enslave physical interface to bond. + + Example: + >>> from vyos.ifconfig import BondIf + >>> BondIf('bond0').add_port('eth0') + >>> BondIf('bond0').add_port('eth1') + """ + # An interface can only be added to a bond if it is in 'down' state. If + # interface is in 'up' state, the following Kernel error will be thrown: + # bond0: eth1 is up - this may be due to an out of date ifenslave. + Interface(interface).set_admin_state('down') + return self.set_interface('bond_add_port', f'+{interface}') + + def del_port(self, interface): + """ + Remove physical port from bond + + Example: + >>> from vyos.ifconfig import BondIf + >>> BondIf('bond0').del_port('eth1') + """ + return self.set_interface('bond_del_port', f'-{interface}') + + def get_slaves(self): + """ + Return a list with all configured slave interfaces on this bond. + + Example: + >>> from vyos.ifconfig import BondIf + >>> BondIf('bond0').get_slaves() + ['eth1', 'eth2'] + """ + enslaved_ifs = [] + # retrieve real enslaved interfaces from OS kernel + sysfs_bond = '/sys/class/net/{}'.format(self.config['ifname']) + if os.path.isdir(sysfs_bond): + for directory in os.listdir(sysfs_bond): + if 'lower_' in directory: + enslaved_ifs.append(directory.replace('lower_', '')) + + return enslaved_ifs + + def set_primary(self, interface): + """ + A string (eth0, eth2, etc) specifying which slave is the primary + device. The specified device will always be the active slave while it + is available. Only when the primary is off-line will alternate devices + be used. This is useful when one slave is preferred over another, e.g., + when one slave has higher throughput than another. + + The primary option is only valid for active-backup, balance-tlb and + balance-alb mode. + + Example: + >>> from vyos.ifconfig import BondIf + >>> BondIf('bond0').set_primary('eth2') + """ + return self.set_interface('bond_primary', interface) + + def set_mode(self, mode): + """ + Specifies one of the bonding policies. The default is balance-rr + (round robin). + + Possible values are: balance-rr, active-backup, balance-xor, + broadcast, 802.3ad, balance-tlb, balance-alb + + NOTE: the bonding mode can not be changed when the bond itself has + slaves + + Example: + >>> from vyos.ifconfig import BondIf + >>> BondIf('bond0').set_mode('802.3ad') + """ + return self.set_interface('bond_mode', mode) diff --git a/python/vyos/ifconfig/bridge.py b/python/vyos/ifconfig/bridge.py new file mode 100644 index 000000000..44b92c1db --- /dev/null +++ b/python/vyos/ifconfig/bridge.py @@ -0,0 +1,189 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +from vyos.ifconfig.interface import Interface + +from vyos.validate import assert_boolean +from vyos.validate import assert_positive + + +@Interface.register +class BridgeIf(Interface): + """ + A bridge is a way to connect two Ethernet segments together in a protocol + independent way. Packets are forwarded based on Ethernet address, rather + than IP address (like a router). Since forwarding is done at Layer 2, all + protocols can go transparently through a bridge. + + The Linux bridge code implements a subset of the ANSI/IEEE 802.1d standard. + """ + + default = { + 'type': 'bridge', + } + definition = { + **Interface.definition, + **{ + 'section': 'bridge', + 'prefixes': ['br', ], + 'broadcast': True, + }, + } + + _sysfs_set = {**Interface._sysfs_set, **{ + 'ageing_time': { + 'validate': assert_positive, + 'convert': lambda t: int(t) * 100, + 'location': '/sys/class/net/{ifname}/bridge/ageing_time', + }, + 'forward_delay': { + 'validate': assert_positive, + 'convert': lambda t: int(t) * 100, + 'location': '/sys/class/net/{ifname}/bridge/forward_delay', + }, + 'hello_time': { + 'validate': assert_positive, + 'convert': lambda t: int(t) * 100, + 'location': '/sys/class/net/{ifname}/bridge/hello_time', + }, + 'max_age': { + 'validate': assert_positive, + 'convert': lambda t: int(t) * 100, + 'location': '/sys/class/net/{ifname}/bridge/max_age', + }, + 'priority': { + 'validate': assert_positive, + 'location': '/sys/class/net/{ifname}/bridge/priority', + }, + 'stp': { + 'validate': assert_boolean, + 'location': '/sys/class/net/{ifname}/bridge/stp_state', + }, + 'multicast_querier': { + 'validate': assert_boolean, + 'location': '/sys/class/net/{ifname}/bridge/multicast_querier', + }, + }} + + _command_set = {**Interface._command_set, **{ + 'add_port': { + 'shellcmd': 'ip link set dev {value} master {ifname}', + }, + 'del_port': { + 'shellcmd': 'ip link set dev {value} nomaster', + }, + }} + + + def set_ageing_time(self, time): + """ + Set bridge interface MAC address aging time in seconds. Internal kernel + representation is in centiseconds. Kernel default is 300 seconds. + + Example: + >>> from vyos.ifconfig import BridgeIf + >>> BridgeIf('br0').ageing_time(2) + """ + self.set_interface('ageing_time', time) + + def set_forward_delay(self, time): + """ + Set bridge forwarding delay in seconds. Internal Kernel representation + is in centiseconds. + + Example: + >>> from vyos.ifconfig import BridgeIf + >>> BridgeIf('br0').forward_delay(15) + """ + self.set_interface('forward_delay', time) + + def set_hello_time(self, time): + """ + Set bridge hello time in seconds. Internal Kernel representation + is in centiseconds. + + Example: + >>> from vyos.ifconfig import BridgeIf + >>> BridgeIf('br0').set_hello_time(2) + """ + self.set_interface('hello_time', time) + + def set_max_age(self, time): + """ + Set bridge max message age in seconds. Internal Kernel representation + is in centiseconds. + + Example: + >>> from vyos.ifconfig import Interface + >>> BridgeIf('br0').set_max_age(30) + """ + self.set_interface('max_age', time) + + def set_priority(self, priority): + """ + Set bridge max aging time in seconds. + + Example: + >>> from vyos.ifconfig import BridgeIf + >>> BridgeIf('br0').set_priority(8192) + """ + self.set_interface('priority', priority) + + def set_stp(self, state): + """ + Set bridge STP (Spanning Tree) state. 0 -> STP disabled, 1 -> STP enabled + + Example: + >>> from vyos.ifconfig import BridgeIf + >>> BridgeIf('br0').set_stp(1) + """ + self.set_interface('stp', state) + + def set_multicast_querier(self, enable): + """ + Sets whether the bridge actively runs a multicast querier or not. When a + bridge receives a 'multicast host membership' query from another network + host, that host is tracked based on the time that the query was received + plus the multicast query interval time. + + Use enable=1 to enable or enable=0 to disable + + Example: + >>> from vyos.ifconfig import Interface + >>> BridgeIf('br0').set_multicast_querier(1) + """ + self.set_interface('multicast_querier', enable) + + def add_port(self, interface): + """ + Add physical interface to bridge (member port) + + Example: + >>> from vyos.ifconfig import Interface + >>> BridgeIf('br0').add_port('eth0') + >>> BridgeIf('br0').add_port('eth1') + """ + return self.set_interface('add_port', interface) + + def del_port(self, interface): + """ + Remove member port from bridge instance. + + Example: + >>> from vyos.ifconfig import Interface + >>> BridgeIf('br0').del_port('eth1') + """ + return self.set_interface('del_port', interface) diff --git a/python/vyos/ifconfig/control.py b/python/vyos/ifconfig/control.py new file mode 100644 index 000000000..c7a2fa2d6 --- /dev/null +++ b/python/vyos/ifconfig/control.py @@ -0,0 +1,154 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +import os + +from vyos.util import debug, debug_msg +from vyos.util import popen, cmd +from vyos.ifconfig.register import Register + + +class Control(Register): + _command_get = {} + _command_set = {} + + def __init__(self, **kargs): + # some commands (such as operation comands - show interfaces, etc.) + # need to query the interface statistics. If the interface + # code is used and the debugging is enabled, the screen output + # will include both the command but also the debugging for that command + # to prevent this, debugging can be explicitely disabled + + # if debug is not explicitely disabled the the config, enable it + self.debug = '' + if kargs.get('debug', True): + self.debug = debug('ifconfig') + + def _debug_msg (self, message): + return debug_msg(message, self.debug) + + def _popen(self, command): + return popen(command, self.debug) + + def _cmd(self, command): + return cmd(command, self.debug) + + def _get_command(self, config, name): + """ + Using the defined names, set data write to sysfs. + """ + cmd = self._command_get[name]['shellcmd'].format(**config) + return self._command_get[name].get('format', lambda _: _)(self._cmd(cmd)) + + def _set_command(self, config, name, value): + """ + Using the defined names, set data write to sysfs. + """ + # the code can pass int as int + value = str(value) + + validate = self._command_set[name].get('validate', None) + if validate: + try: + validate(value) + except Exception as e: + raise e.__class__(f'Could not set {name}. {e}') + + convert = self._command_set[name].get('convert', None) + if convert: + value = convert(value) + + possible = self._command_set[name].get('possible', None) + if possible and not possible(config['ifname'], value): + return False + + config = {**config, **{'value': value}} + + cmd = self._command_set[name]['shellcmd'].format(**config) + return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd)) + + _sysfs_get = {} + _sysfs_set = {} + + def _read_sysfs(self, filename): + """ + Provide a single primitive w/ error checking for reading from sysfs. + """ + value = None + with open(filename, 'r') as f: + value = f.read().rstrip('\n') + + self._debug_msg("read '{}' < '{}'".format(value, filename)) + return value + + def _write_sysfs(self, filename, value): + """ + Provide a single primitive w/ error checking for writing to sysfs. + """ + self._debug_msg("write '{}' > '{}'".format(value, filename)) + if os.path.isfile(filename): + with open(filename, 'w') as f: + f.write(str(value)) + return True + return False + + def _get_sysfs(self, config, name): + """ + Using the defined names, get data write from sysfs. + """ + filename = self._sysfs_get[name]['location'].format(**config) + if not filename: + return None + return self._read_sysfs(filename) + + def _set_sysfs(self, config, name, value): + """ + Using the defined names, set data write to sysfs. + """ + # the code can pass int as int + value = str(value) + + validate = self._sysfs_set[name].get('validate', None) + if validate: + validate(value) + + config = {**config, **{'value': value}} + + convert = self._sysfs_set[name].get('convert', None) + if convert: + value = convert(value) + + commited = self._write_sysfs( + self._sysfs_set[name]['location'].format(**config), value) + if not commited: + errmsg = self._sysfs_set.get('errormsg', '') + if errmsg: + raise TypeError(errmsg.format(**config)) + return commited + + def get_interface(self, name): + if name in self._sysfs_get: + return self._get_sysfs(self.config, name) + if name in self._command_get: + return self._get_command(self.config, name) + raise KeyError(f'{name} is not a attribute of the interface we can get') + + def set_interface(self, name, value): + if name in self._sysfs_set: + return self._set_sysfs(self.config, name, value) + if name in self._command_set: + return self._set_command(self.config, name, value) + raise KeyError(f'{name} is not a attribute of the interface we can set') diff --git a/python/vyos/ifconfig/dhcp.py b/python/vyos/ifconfig/dhcp.py new file mode 100644 index 000000000..8ec8263b5 --- /dev/null +++ b/python/vyos/ifconfig/dhcp.py @@ -0,0 +1,268 @@ +# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +import os +import jinja2 + +from vyos.ifconfig.control import Control + +template_v4 = """ +# generated by ifconfig.py +option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; +timeout 60; +retry 300; + +interface "{{ intf }}" { + send host-name "{{ hostname }}"; + {% if client_id -%} + send dhcp-client-identifier "{{ client_id }}"; + {% endif -%} + {% if vendor_class_id -%} + send vendor-class-identifier "{{ vendor_class_id }}"; + {% endif -%} + request subnet-mask, broadcast-address, routers, domain-name-servers, + rfc3442-classless-static-routes, domain-name, interface-mtu; + require subnet-mask; +} + +""" + +template_v6 = """ +# generated by ifconfig.py +interface "{{ intf }}" { + request routers, domain-name-servers, domain-name; +} + +""" + +class DHCP (Control): + client_base = r'/var/lib/dhcp/dhclient_' + + def __init__ (self, ifname, **kargs): + super().__init__(**kargs) + + # per interface DHCP config files + self._dhcp = { + 4: { + 'ifname': ifname, + 'conf': self.client_base + ifname + '.conf', + 'pid': self.client_base + ifname + '.pid', + 'lease': self.client_base + ifname + '.leases', + 'options': { + 'intf': ifname, + 'hostname': '', + 'client_id': '', + 'vendor_class_id': '' + }, + }, + 6: { + 'ifname': ifname, + 'conf': self.client_base + ifname + '.v6conf', + 'pid': self.client_base + ifname + '.v6pid', + 'lease': self.client_base + ifname + '.v6leases', + 'accept_ra': f'/proc/sys/net/ipv6/conf/{ifname}/accept_ra', + 'options': { + 'intf': ifname, + 'dhcpv6_prm_only': False, + 'dhcpv6_temporary': False + }, + }, + } + + def get_dhcp_options(self): + """ + Return dictionary with supported DHCP options. + + Dictionary should be altered and send back via set_dhcp_options() + so those options are applied when DHCP is run. + """ + return self._dhcp[4]['options'] + + def set_dhcp_options(self, options): + """ + Store new DHCP options used by next run of DHCP client. + """ + self._dhcp[4]['options'] = options + + def get_dhcpv6_options(self): + """ + Return dictionary with supported DHCPv6 options. + + Dictionary should be altered and send back via set_dhcp_options() + so those options are applied when DHCP is run. + """ + return self._dhcp[6]['options'] + + def set_dhcpv6_options(self, options): + """ + Store new DHCP options used by next run of DHCP client. + """ + self._dhcp[6]['options'] = options + + # replace dhcpv4/v6 with systemd.networkd? + def _set_dhcp(self): + """ + Configure interface as DHCP client. The dhclient binary is automatically + started in background! + + Example: + + >>> from vyos.ifconfig import Interface + >>> j = Interface('eth0') + >>> j.set_dhcp() + """ + + dhcp = self.get_dhcp_options() + if not dhcp['hostname']: + # read configured system hostname. + # maybe change to vyos hostd client ??? + with open('/etc/hostname', 'r') as f: + dhcp['hostname'] = f.read().rstrip('\n') + + # render DHCP configuration + tmpl = jinja2.Template(template_v4) + dhcp_text = tmpl.render(dhcp) + with open(self._dhcp[4]['conf'], 'w') as f: + f.write(dhcp_text) + + cmd = 'start-stop-daemon' + cmd += ' --start' + cmd += ' --oknodo' + cmd += ' --quiet' + cmd += ' --pidfile {pid}' + cmd += ' --exec /sbin/dhclient' + cmd += ' --' + # now pass arguments to dhclient binary + cmd += ' -4 -nw -cf {conf} -pf {pid} -lf {lease} {ifname}' + return self._cmd(cmd.format(**self._dhcp[4])) + + def _del_dhcp(self): + """ + De-configure interface as DHCP clinet. All auto generated files like + pid, config and lease will be removed. + + Example: + + >>> from vyos.ifconfig import Interface + >>> j = Interface('eth0') + >>> j.del_dhcp() + """ + if not os.path.isfile(self._dhcp[4]['pid']): + self._debug_msg('No DHCP client PID found') + return None + + # with open(self._dhcp[4]['pid'], 'r') as f: + # pid = int(f.read()) + + # stop dhclient, we need to call dhclient and tell it should release the + # aquired IP address. tcpdump tells me: + # 172.16.35.103.68 > 172.16.35.254.67: [bad udp cksum 0xa0cb -> 0xb943!] BOOTP/DHCP, Request from 00:50:56:9d:11:df, length 300, xid 0x620e6946, Flags [none] (0x0000) + # Client-IP 172.16.35.103 + # Client-Ethernet-Address 00:50:56:9d:11:df + # Vendor-rfc1048 Extensions + # Magic Cookie 0x63825363 + # DHCP-Message Option 53, length 1: Release + # Server-ID Option 54, length 4: 172.16.35.254 + # Hostname Option 12, length 10: "vyos" + # + cmd = '/sbin/dhclient -cf {conf} -pf {pid} -lf {lease} -r {ifname}' + self._cmd(cmd.format(**self._dhcp[4])) + + # cleanup old config files + for name in ('conf', 'pid', 'lease'): + if os.path.isfile(self._dhcp[4][name]): + os.remove(self._dhcp[4][name]) + + def _set_dhcpv6(self): + """ + Configure interface as DHCPv6 client. The dhclient binary is automatically + started in background! + + Example: + + >>> from vyos.ifconfig import Interface + >>> j = Interface('eth0') + >>> j.set_dhcpv6() + """ + dhcpv6 = self.get_dhcpv6_options() + + # better save then sorry .. should be checked in interface script + # but if you missed it we are safe! + if dhcpv6['dhcpv6_prm_only'] and dhcpv6['dhcpv6_temporary']: + raise Exception( + 'DHCPv6 temporary and parameters-only options are mutually exclusive!') + + # render DHCP configuration + tmpl = jinja2.Template(template_v6) + dhcpv6_text = tmpl.render(dhcpv6) + with open(self._dhcp[6]['conf'], 'w') as f: + f.write(dhcpv6_text) + + # no longer accept router announcements on this interface + self._write_sysfs(self._dhcp[6]['accept_ra'], 0) + + # assemble command-line to start DHCPv6 client (dhclient) + cmd = 'start-stop-daemon' + cmd += ' --start' + cmd += ' --oknodo' + cmd += ' --quiet' + cmd += ' --pidfile {pid}' + cmd += ' --exec /sbin/dhclient' + cmd += ' --' + # now pass arguments to dhclient binary + cmd += ' -6 -nw -cf {conf} -pf {pid} -lf {lease}' + # add optional arguments + if dhcpv6['dhcpv6_prm_only']: + cmd += ' -S' + if dhcpv6['dhcpv6_temporary']: + cmd += ' -T' + cmd += ' {ifname}' + + return self._cmd(cmd.format(**self._dhcp[6])) + + def _del_dhcpv6(self): + """ + De-configure interface as DHCPv6 clinet. All auto generated files like + pid, config and lease will be removed. + + Example: + + >>> from vyos.ifconfig import Interface + >>> j = Interface('eth0') + >>> j.del_dhcpv6() + """ + if not os.path.isfile(self._dhcp[6]['pid']): + self._debug_msg('No DHCPv6 client PID found') + return None + + # with open(self._dhcp[6]['pid'], 'r') as f: + # pid = int(f.read()) + + # stop dhclient + cmd = 'start-stop-daemon' + cmd += ' --start' + cmd += ' --oknodo' + cmd += ' --quiet' + cmd += ' --pidfile {pid}' + self._cmd(cmd.format(**self._dhcp[6])) + + # accept router announcements on this interface + self._write_sysfs(self._dhcp[6]['accept_ra'], 1) + + # cleanup old config files + for name in ('conf', 'pid', 'lease'): + if os.path.isfile(self._dhcp[6][name]): + os.remove(self._dhcp[6][name]) + diff --git a/python/vyos/ifconfig/dummy.py b/python/vyos/ifconfig/dummy.py new file mode 100644 index 000000000..404c490c7 --- /dev/null +++ b/python/vyos/ifconfig/dummy.py @@ -0,0 +1,37 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +from vyos.ifconfig.interface import Interface + + +@Interface.register +class DummyIf(Interface): + """ + A dummy interface is entirely virtual like, for example, the loopback + interface. The purpose of a dummy interface is to provide a device to route + packets through without actually transmitting them. + """ + + default = { + 'type': 'dummy', + } + definition = { + **Interface.definition, + **{ + 'section': 'dummy', + 'prefixes': ['dum', ], + }, + } diff --git a/python/vyos/ifconfig/ethernet.py b/python/vyos/ifconfig/ethernet.py new file mode 100644 index 000000000..542de4f59 --- /dev/null +++ b/python/vyos/ifconfig/ethernet.py @@ -0,0 +1,257 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +import os +import re + +from vyos.ifconfig.interface import Interface +from vyos.ifconfig.vlan import VLAN +from vyos.validate import assert_list +from vyos.util import run + + +@Interface.register +@VLAN.enable +class EthernetIf(Interface): + """ + Abstraction of a Linux Ethernet Interface + """ + + default = { + 'type': 'ethernet', + } + definition = { + **Interface.definition, + **{ + 'section': 'ethernet', + 'prefixes': ['lan', 'eth', 'eno', 'ens', 'enp', 'enx'], + 'bondable': True, + 'broadcast': True, + 'bridgeable': True, + } + } + + @staticmethod + def feature(ifname, option, value): + run(f'/sbin/ethtool -K {ifname} {option} {value}','ifconfig') + return False + + _command_set = {**Interface._command_set, **{ + 'gro': { + 'validate': lambda v: assert_list(v, ['on', 'off']), + 'possible': lambda i, v: EthernetIf.feature(i, 'gro', v), + # 'shellcmd': '/sbin/ethtool -K {ifname} gro {value}', + }, + 'gso': { + 'validate': lambda v: assert_list(v, ['on', 'off']), + 'possible': lambda i, v: EthernetIf.feature(i, 'gso', v), + # 'shellcmd': '/sbin/ethtool -K {ifname} gso {value}', + }, + 'sg': { + 'validate': lambda v: assert_list(v, ['on', 'off']), + 'possible': lambda i, v: EthernetIf.feature(i, 'sg', v), + # 'shellcmd': '/sbin/ethtool -K {ifname} sg {value}', + }, + 'tso': { + 'validate': lambda v: assert_list(v, ['on', 'off']), + 'possible': lambda i, v: EthernetIf.feature(i, 'tso', v), + # 'shellcmd': '/sbin/ethtool -K {ifname} tso {value}', + }, + 'ufo': { + 'validate': lambda v: assert_list(v, ['on', 'off']), + 'possible': lambda i, v: EthernetIf.feature(i, 'ufo', v), + # 'shellcmd': '/sbin/ethtool -K {ifname} ufo {value}', + }, + }} + + def _delete(self): + # Ethernet interfaces can not be removed + pass + + def get_driver_name(self): + """ + Return the driver name used by NIC. Some NICs don't support all + features e.g. changing link-speed, duplex + + Example: + >>> from vyos.ifconfig import EthernetIf + >>> i = EthernetIf('eth0') + >>> i.get_driver_name() + 'vmxnet3' + """ + sysfs_file = '/sys/class/net/{}/device/driver/module'.format( + self.config['ifname']) + if os.path.exists(sysfs_file): + link = os.readlink(sysfs_file) + return os.path.basename(link) + else: + return None + + def set_flow_control(self, enable): + """ + Changes the pause parameters of the specified Ethernet device. + + @param enable: true -> enable pause frames, false -> disable pause frames + + Example: + >>> from vyos.ifconfig import EthernetIf + >>> i = EthernetIf('eth0') + >>> i.set_flow_control(True) + """ + ifname = self.config['ifname'] + + if enable not in ['on', 'off']: + raise ValueError("Value out of range") + + if self.get_driver_name() in ['vmxnet3', 'virtio_net', 'xen_netfront']: + self._debug_msg('{} driver does not support changing flow control settings!' + .format(self.get_driver_name())) + return + + # Get current flow control settings: + cmd = f'/sbin/ethtool --show-pause {ifname}' + output, code = self._popen(cmd) + if code == 76: + # the interface does not support it + return '' + if code: + # never fail here as it prevent vyos to boot + print(f'unexpected return code {code} from {cmd}') + return '' + + # The above command returns - with tabs: + # + # Pause parameters for eth0: + # Autonegotiate: on + # RX: off + # TX: off + if re.search("Autonegotiate:\ton", output): + if enable == "on": + # flowcontrol is already enabled - no need to re-enable it again + # this will prevent the interface from flapping as applying the + # flow-control settings will take the interface down and bring + # it back up every time. + return '' + + # Assemble command executed on system. Unfortunately there is no way + # to change this setting via sysfs + cmd = f'/sbin/ethtool --pause {ifname} autoneg {enable} tx {enable} rx {enable}' + output, code = self._popen(cmd) + if code: + print(f'could not set flowcontrol for {ifname}') + return output + + def set_speed_duplex(self, speed, duplex): + """ + Set link speed in Mbit/s and duplex. + + @speed can be any link speed in MBit/s, e.g. 10, 100, 1000 auto + @duplex can be half, full, auto + + Example: + >>> from vyos.ifconfig import EthernetIf + >>> i = EthernetIf('eth0') + >>> i.set_speed_duplex('auto', 'auto') + """ + + if speed not in ['auto', '10', '100', '1000', '2500', '5000', '10000', '25000', '40000', '50000', '100000', '400000']: + raise ValueError("Value out of range (speed)") + + if duplex not in ['auto', 'full', 'half']: + raise ValueError("Value out of range (duplex)") + + if self.get_driver_name() in ['vmxnet3', 'virtio_net', 'xen_netfront']: + self._debug_msg('{} driver does not support changing speed/duplex settings!' + .format(self.get_driver_name())) + return + + # Get current speed and duplex settings: + cmd = '/sbin/ethtool {0}'.format(self.config['ifname']) + tmp = self._cmd(cmd) + + if re.search("\tAuto-negotiation: on", tmp): + if speed == 'auto' and duplex == 'auto': + # bail out early as nothing is to change + return + else: + # read in current speed and duplex settings + cur_speed = 0 + cur_duplex = '' + for line in tmp.splitlines(): + if line.lstrip().startswith("Speed:"): + non_decimal = re.compile(r'[^\d.]+') + cur_speed = non_decimal.sub('', line) + continue + + if line.lstrip().startswith("Duplex:"): + cur_duplex = line.split()[-1].lower() + break + + if (cur_speed == speed) and (cur_duplex == duplex): + # bail out early as nothing is to change + return + + cmd = '/sbin/ethtool -s {}'.format(self.config['ifname']) + if speed == 'auto' or duplex == 'auto': + cmd += ' autoneg on' + else: + cmd += ' speed {} duplex {} autoneg off'.format(speed, duplex) + + return self._cmd(cmd) + + def set_gro(self, state): + """ + Example: + >>> from vyos.ifconfig import EthernetIf + >>> i = EthernetIf('eth0') + >>> i.set_gro('on') + """ + return self.set_interface('gro', state) + + def set_gso(self, state): + """ + Example: + >>> from vyos.ifconfig import EthernetIf + >>> i = EthernetIf('eth0') + >>> i.set_gso('on') + """ + return self.set_interface('gso', state) + + def set_sg(self, state): + """ + Example: + >>> from vyos.ifconfig import EthernetIf + >>> i = EthernetIf('eth0') + >>> i.set_sg('on') + """ + return self.set_interface('sg', state) + + def set_tso(self, state): + """ + Example: + >>> from vyos.ifconfig import EthernetIf + >>> i = EthernetIf('eth0') + >>> i.set_tso('on') + """ + return self.set_interface('tso', state) + + def set_ufo(self, state): + """ + Example: + >>> from vyos.ifconfig import EthernetIf + >>> i = EthernetIf('eth0') + >>> i.set_udp_offload('on') + """ + return self.set_interface('ufo', state) diff --git a/python/vyos/ifconfig/geneve.py b/python/vyos/ifconfig/geneve.py new file mode 100644 index 000000000..0c1cdade9 --- /dev/null +++ b/python/vyos/ifconfig/geneve.py @@ -0,0 +1,64 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +from copy import deepcopy + +from vyos.ifconfig.interface import Interface + + +@Interface.register +class GeneveIf(Interface): + """ + Geneve: Generic Network Virtualization Encapsulation + + For more information please refer to: + https://tools.ietf.org/html/draft-gross-geneve-00 + https://www.redhat.com/en/blog/what-geneve + https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels/#geneve + https://lwn.net/Articles/644938/ + """ + + default = { + 'type': 'geneve', + 'vni': 0, + 'remote': '', + } + definition = { + **Interface.definition, + **{ + 'section': 'geneve', + 'prefixes': ['gnv', ], + 'bridgeable': True, + } + } + + def _create(self): + cmd = 'ip link add name {ifname} type geneve id {vni} remote {remote}'.format(**self.config) + self._cmd(cmd) + + # interface is always A/D down. It needs to be enabled explicitly + self.set_admin_state('down') + + @classmethod + def get_config(cls): + """ + GENEVE interfaces require a configuration when they are added using + iproute2. This static method will provide the configuration dictionary + used by this class. + + Example: + >> dict = GeneveIf().get_config() + """ + return deepcopy(cls.default) diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py new file mode 100644 index 000000000..22c71a464 --- /dev/null +++ b/python/vyos/ifconfig/interface.py @@ -0,0 +1,738 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +import os +import re +import json +import glob +import time +from time import sleep +from os.path import isfile +from copy import deepcopy +from datetime import timedelta + +from hurry.filesize import size, alternative +from ipaddress import IPv4Network, IPv6Address, IPv6Network +from netifaces import ifaddresses, AF_INET, AF_INET6 +from tabulate import tabulate + +from vyos.util import mac2eui64 +from vyos import ConfigError +from vyos.ifconfig.dhcp import DHCP +from vyos.validate import is_ipv4 +from vyos.validate import is_ipv6 +from vyos.validate import is_intf_addr_assigned +from vyos.validate import assert_boolean +from vyos.validate import assert_list +from vyos.validate import assert_mac +from vyos.validate import assert_mtu +from vyos.validate import assert_positive +from vyos.validate import assert_range + + +class Interface(DHCP): + options = [] + required = [] + default = { + 'type': '', + 'debug': True, + 'create': True, + } + definition = { + 'section': '', + 'prefixes': [], + 'vlan': False, + 'bondable': False, + 'broadcast': False, + 'bridgeable': False, + } + + _command_get = { + 'admin_state': { + 'shellcmd': 'ip -json link show dev {ifname}', + 'format': lambda j: 'up' if 'UP' in json.loads(j)[0]['flags'] else 'down', + } + } + + _command_set = { + 'admin_state': { + 'validate': lambda v: assert_list(v, ['up', 'down']), + 'shellcmd': 'ip link set dev {ifname} {value}', + }, + 'mac': { + 'validate': assert_mac, + 'shellcmd': 'ip link set dev {ifname} address {value}', + }, + 'vrf': { + 'convert': lambda v: f'master {v}' if v else 'nomaster', + 'shellcmd': 'ip link set dev {ifname} {value}', + }, + } + + _sysfs_get = { + 'alias': { + 'location': '/sys/class/net/{ifname}/ifalias', + }, + 'mac': { + 'location': '/sys/class/net/{ifname}/address', + }, + 'mtu': { + 'location': '/sys/class/net/{ifname}/mtu', + }, + 'oper_state':{ + 'location': '/sys/class/net/{ifname}/operstate', + }, + } + + _sysfs_set = { + 'alias': { + 'convert': lambda name: name if name else '\0', + 'location': '/sys/class/net/{ifname}/ifalias', + }, + 'mtu': { + 'validate': assert_mtu, + 'location': '/sys/class/net/{ifname}/mtu', + }, + 'arp_cache_tmo': { + 'convert': lambda tmo: (int(tmo) * 1000), + 'location': '/proc/sys/net/ipv4/neigh/{ifname}/base_reachable_time_ms', + }, + 'arp_filter': { + 'validate': assert_boolean, + 'location': '/proc/sys/net/ipv4/conf/{ifname}/arp_filter', + }, + 'arp_accept': { + 'validate': lambda arp: assert_range(arp,0,2), + 'location': '/proc/sys/net/ipv4/conf/{ifname}/arp_accept', + }, + 'arp_announce': { + 'validate': assert_boolean, + 'location': '/proc/sys/net/ipv4/conf/{ifname}/arp_announce', + }, + 'arp_ignore': { + 'validate': assert_boolean, + 'location': '/proc/sys/net/ipv4/conf/{ifname}/arp_ignore', + }, + 'ipv6_autoconf': { + 'validate': lambda fwd: assert_range(fwd,0,2), + 'location': '/proc/sys/net/ipv6/conf/{ifname}/autoconf', + }, + 'ipv6_forwarding': { + 'validate': lambda fwd: assert_range(fwd,0,2), + 'location': '/proc/sys/net/ipv6/conf/{ifname}/forwarding', + }, + 'ipv6_dad_transmits': { + 'validate': assert_positive, + 'location': '/proc/sys/net/ipv6/conf/{ifname}/dad_transmits', + }, + 'proxy_arp': { + 'validate': assert_boolean, + 'location': '/proc/sys/net/ipv4/conf/{ifname}/proxy_arp', + }, + 'proxy_arp_pvlan': { + 'validate': assert_boolean, + 'location': '/proc/sys/net/ipv4/conf/{ifname}/proxy_arp_pvlan', + }, + # link_detect vs link_filter name weirdness + 'link_detect': { + 'validate': lambda link: assert_range(link,0,3), + 'location': '/proc/sys/net/ipv4/conf/{ifname}/link_filter', + }, + } + + def __init__(self, ifname, **kargs): + """ + This is the base interface class which supports basic IP/MAC address + operations as well as DHCP(v6). Other interface which represent e.g. + and ethernet bridge are implemented as derived classes adding all + additional functionality. + + For creation you will need to provide the interface type, otherwise + the existing interface is used + + DEBUG: + This class has embedded debugging (print) which can be enabled by + creating the following file: + vyos@vyos# touch /tmp/vyos.ifconfig.debug + + Example: + >>> from vyos.ifconfig import Interface + >>> i = Interface('eth0') + """ + + self.config = deepcopy(self.default) + for k in self.options: + if k in kargs: + self.config[k] = kargs[k] + + # make sure the ifname is the first argument and not from the dict + self.config['ifname'] = ifname + + # we must have updated config before initialising the Interface + super().__init__(ifname, **kargs) + + if not os.path.exists('/sys/class/net/{}'.format(self.config['ifname'])): + # Any instance of Interface, such as Interface('eth0') + # can be used safely to access the generic function in this class + # as 'type' is unset, the class can not be created + if not self.config['type']: + raise Exception('interface "{}" not found'.format(self.config['ifname'])) + + # Should an Instance of a child class (EthernetIf, DummyIf, ..) + # be required, then create should be set to False to not accidentally create it. + # In case a subclass does not define it, we use get to set the default to True + if self.config.get('create',True): + for k in self.required: + if k not in kargs: + name = self.default['type'] + raise ConfigError(f'missing required option {k} for {name} {ifname} creation') + + self._create() + # If we can not connect to the interface then let the caller know + # as the class could not be correctly initialised + else: + raise Exception('interface "{}" not found'.format(self.config['ifname'])) + + # list of assigned IP addresses + self._addr = [] + + def _create(self): + cmd = 'ip link add dev {ifname} type {type}'.format(**self.config) + self._cmd(cmd) + + def remove(self): + """ + Remove interface from operating system. Removing the interface + deconfigures all assigned IP addresses and clear possible DHCP(v6) + client processes. + + Example: + >>> from vyos.ifconfig import Interface + >>> i = Interface('eth0') + >>> i.remove() + """ + # stop DHCP(v6) if running + self._del_dhcp() + self._del_dhcpv6() + + # remove all assigned IP addresses from interface - this is a bit redundant + # as the kernel will remove all addresses on interface deletion, but we + # can not delete ALL interfaces, see below + for addr in self.get_addr(): + self.del_addr(addr) + + # --------------------------------------------------------------------- + # A code refactoring is required as this type check is present as + # Interface implement behaviour for one of it's sub-class. + + # It is required as the current pattern for vlan is: + # Interface('name').remove() to delete an interface + # The code should be modified to have a class method called connect and + # have Interface.connect('name').remove() + + # each subclass should register within Interface the pattern for that + # interface ie: (ethX, etc.) and use this to create an instance of + # the right class (EthernetIf, ...) + + # Ethernet interfaces can not be removed + + # Commented out as nowhere in the code do we call Interface() + # This would also cause an import loop + # if self.__class__ == EthernetIf: + # return + + # --------------------------------------------------------------------- + + self._delete() + + def _delete(self): + # NOTE (Improvement): + # after interface removal no other commands should be allowed + # to be called and instead should raise an Exception: + cmd = 'ip link del dev {}'.format(self.config['ifname']) + return self._cmd(cmd) + + def get_mtu(self): + """ + Get/set interface mtu in bytes. + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').get_mtu() + '1500' + """ + return self.get_interface('mtu') + + def set_mtu(self, mtu): + """ + Get/set interface mtu in bytes. + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_mtu(1400) + >>> Interface('eth0').get_mtu() + '1400' + """ + return self.set_interface('mtu', mtu) + + def get_mac(self): + """ + Get current interface MAC (Media Access Contrl) address used. + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').get_mac() + '00:50:ab:cd:ef:00' + """ + return self.get_interface('mac') + + def set_mac(self, mac): + """ + Set interface MAC (Media Access Contrl) address to given value. + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_mac('00:50:ab:cd:ef:01') + """ + + # If MAC is unchanged, bail out early + if mac == self.get_mac(): + return None + + # MAC address can only be changed if interface is in 'down' state + prev_state = self.get_admin_state() + if prev_state == 'up': + self.set_admin_state('down') + + self.set_interface('mac', mac) + + def set_vrf(self, vrf=''): + """ + Add/Remove interface from given VRF instance. + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_vrf('foo') + >>> Interface('eth0').set_vrf() + """ + self.set_interface('vrf', vrf) + + def set_arp_cache_tmo(self, tmo): + """ + Set ARP cache timeout value in seconds. Internal Kernel representation + is in milliseconds. + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_arp_cache_tmo(40) + """ + return self.set_interface('arp_cache_tmo', tmo) + + def set_arp_filter(self, arp_filter): + """ + Filter ARP requests + + 1 - Allows you to have multiple network interfaces on the same + subnet, and have the ARPs for each interface be answered + based on whether or not the kernel would route a packet from + the ARP'd IP out that interface (therefore you must use source + based routing for this to work). In other words it allows control + of which cards (usually 1) will respond to an arp request. + + 0 - (default) The kernel can respond to arp requests with addresses + from other interfaces. This may seem wrong but it usually makes + sense, because it increases the chance of successful communication. + IP addresses are owned by the complete host on Linux, not by + particular interfaces. Only for more complex setups like load- + balancing, does this behaviour cause problems. + """ + return self.set_interface('arp_filter', arp_filter) + + def set_arp_accept(self, arp_accept): + """ + Define behavior for gratuitous ARP frames who's IP is not + already present in the ARP table: + 0 - don't create new entries in the ARP table + 1 - create new entries in the ARP table + + Both replies and requests type gratuitous arp will trigger the + ARP table to be updated, if this setting is on. + + If the ARP table already contains the IP address of the + gratuitous arp frame, the arp table will be updated regardless + if this setting is on or off. + """ + return self.set_interface('arp_accept', arp_accept) + + def set_arp_announce(self, arp_announce): + """ + Define different restriction levels for announcing the local + source IP address from IP packets in ARP requests sent on + interface: + 0 - (default) Use any local address, configured on any interface + 1 - Try to avoid local addresses that are not in the target's + subnet for this interface. This mode is useful when target + hosts reachable via this interface require the source IP + address in ARP requests to be part of their logical network + configured on the receiving interface. When we generate the + request we will check all our subnets that include the + target IP and will preserve the source address if it is from + such subnet. + + Increasing the restriction level gives more chance for + receiving answer from the resolved target while decreasing + the level announces more valid sender's information. + """ + return self.set_interface('arp_announce', arp_announce) + + def set_arp_ignore(self, arp_ignore): + """ + Define different modes for sending replies in response to received ARP + requests that resolve local target IP addresses: + + 0 - (default): reply for any local target IP address, configured + on any interface + 1 - reply only if the target IP address is local address + configured on the incoming interface + """ + return self.set_interface('arp_ignore', arp_ignore) + + def set_ipv6_autoconf(self, autoconf): + """ + Autoconfigure addresses using Prefix Information in Router + Advertisements. + """ + return self.set_interface('ipv6_autoconf', autoconf) + + def set_ipv6_eui64_address(self, prefix): + """ + Extended Unique Identifier (EUI), as per RFC2373, allows a host to + assign iteslf a unique IPv6 address based on a given IPv6 prefix. + + If prefix is passed address is assigned, if prefix is '' address is + removed from interface. + """ + # if prefix is an empty string convert it to None so mac2eui64 works + # as expected + if not prefix: + prefix = None + + eui64 = mac2eui64(self.get_mac(), prefix) + + if not prefix: + # if prefix is empty - thus removed - we need to walk through all + # interface IPv6 addresses and find the one with the calculated + # EUI-64 identifier. The address is then removed + for addr in self.get_addr(): + addr_wo_prefix = addr.split('/')[0] + if is_ipv6(addr_wo_prefix): + if eui64 in IPv6Address(addr_wo_prefix).exploded: + self.del_addr(addr) + + return None + + # calculate and add EUI-64 IPv6 address + if IPv6Network(prefix): + # we also need to take the subnet length into account + prefix = prefix.split('/')[1] + eui64 = f'{eui64}/{prefix}' + self.add_addr(eui64 ) + + def set_ipv6_forwarding(self, forwarding): + """ + Configure IPv6 interface-specific Host/Router behaviour. + + False: + + By default, Host behaviour is assumed. This means: + + 1. IsRouter flag is not set in Neighbour Advertisements. + 2. If accept_ra is TRUE (default), transmit Router + Solicitations. + 3. If accept_ra is TRUE (default), accept Router + Advertisements (and do autoconfiguration). + 4. If accept_redirects is TRUE (default), accept Redirects. + + True: + + If local forwarding is enabled, Router behaviour is assumed. + This means exactly the reverse from the above: + + 1. IsRouter flag is set in Neighbour Advertisements. + 2. Router Solicitations are not sent unless accept_ra is 2. + 3. Router Advertisements are ignored unless accept_ra is 2. + 4. Redirects are ignored. + """ + return self.set_interface('ipv6_forwarding', forwarding) + + def set_ipv6_dad_messages(self, dad): + """ + The amount of Duplicate Address Detection probes to send. + Default: 1 + """ + return self.set_interface('ipv6_dad_transmits', dad) + + def set_link_detect(self, link_filter): + """ + Configure kernel response in packets received on interfaces that are 'down' + + 0 - Allow packets to be received for the address on this interface + even if interface is disabled or no carrier. + + 1 - Ignore packets received if interface associated with the incoming + address is down. + + 2 - Ignore packets received if interface associated with the incoming + address is down or has no carrier. + + Default value is 0. Note that some distributions enable it in startup + scripts. + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_link_detect(1) + """ + return self.set_interface('link_detect', link_filter) + + def get_alias(self): + """ + Get interface alias name used by e.g. SNMP + + Example: + >>> Interface('eth0').get_alias() + 'interface description as set by user' + """ + return self.get_interface('alias') + + def set_alias(self, ifalias=''): + """ + Set interface alias name used by e.g. SNMP + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_alias('VyOS upstream interface') + + to clear alias e.g. delete it use: + + >>> Interface('eth0').set_ifalias('') + """ + self.set_interface('alias', ifalias) + + def get_admin_state(self): + """ + Get interface administrative state. Function will return 'up' or 'down' + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').get_admin_state() + 'up' + """ + return self.get_interface('admin_state') + + def set_admin_state(self, state): + """ + Set interface administrative state to be 'up' or 'down' + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_admin_state('down') + >>> Interface('eth0').get_admin_state() + 'down' + """ + return self.set_interface('admin_state', state) + + def get_oper_state(self): + """ + Get interface operational state + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').get_oper_sate() + 'up' + """ + # https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-net + # "unknown", "notpresent", "down", "lowerlayerdown", "testing", "dormant", "up" + return self.get_interface('oper_state') + + def set_proxy_arp(self, enable): + """ + Set per interface proxy ARP configuration + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_proxy_arp(1) + """ + self.set_interface('proxy_arp', enable) + + def set_proxy_arp_pvlan(self, enable): + """ + Private VLAN proxy arp. + Basically allow proxy arp replies back to the same interface + (from which the ARP request/solicitation was received). + + This is done to support (ethernet) switch features, like RFC + 3069, where the individual ports are NOT allowed to + communicate with each other, but they are allowed to talk to + the upstream router. As described in RFC 3069, it is possible + to allow these hosts to communicate through the upstream + router by proxy_arp'ing. Don't need to be used together with + proxy_arp. + + This technology is known by different names: + In RFC 3069 it is called VLAN Aggregation. + Cisco and Allied Telesyn call it Private VLAN. + Hewlett-Packard call it Source-Port filtering or port-isolation. + Ericsson call it MAC-Forced Forwarding (RFC Draft). + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_proxy_arp_pvlan(1) + """ + self.set_interface('proxy_arp_pvlan', enable) + + def get_addr(self): + """ + Retrieve assigned IPv4 and IPv6 addresses from given interface. + This is done using the netifaces and ipaddress python modules. + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').get_addrs() + ['172.16.33.30/24', 'fe80::20c:29ff:fe11:a174/64'] + """ + + ipv4 = [] + ipv6 = [] + + if AF_INET in ifaddresses(self.config['ifname']).keys(): + for v4_addr in ifaddresses(self.config['ifname'])[AF_INET]: + # we need to manually assemble a list of IPv4 address/prefix + prefix = '/' + \ + str(IPv4Network('0.0.0.0/' + v4_addr['netmask']).prefixlen) + ipv4.append(v4_addr['addr'] + prefix) + + if AF_INET6 in ifaddresses(self.config['ifname']).keys(): + for v6_addr in ifaddresses(self.config['ifname'])[AF_INET6]: + # Note that currently expanded netmasks are not supported. That means + # 2001:db00::0/24 is a valid argument while 2001:db00::0/ffff:ff00:: not. + # see https://docs.python.org/3/library/ipaddress.html + bits = bin( + int(v6_addr['netmask'].replace(':', ''), 16)).count('1') + prefix = '/' + str(bits) + + # we alsoneed to remove the interface suffix on link local + # addresses + v6_addr['addr'] = v6_addr['addr'].split('%')[0] + ipv6.append(v6_addr['addr'] + prefix) + + return ipv4 + ipv6 + + def add_addr(self, addr): + """ + Add IP(v6) address to interface. Address is only added if it is not + already assigned to that interface. + + addr: can be an IPv4 address, IPv6 address, dhcp or dhcpv6! + IPv4: add IPv4 address to interface + IPv6: add IPv6 address to interface + dhcp: start dhclient (IPv4) on interface + dhcpv6: start dhclient (IPv6) on interface + + Example: + >>> from vyos.ifconfig import Interface + >>> j = Interface('eth0') + >>> j.add_addr('192.0.2.1/24') + >>> j.add_addr('2001:db8::ffff/64') + >>> j.get_addr() + ['192.0.2.1/24', '2001:db8::ffff/64'] + """ + + # cache new IP address which is assigned to interface + self._addr.append(addr) + + # we can not have both DHCP and static IPv4 addresses assigned to an interface + if 'dhcp' in self._addr: + for addr in self._addr: + # do not change below 'if' ordering esle you will get an exception as: + # ValueError: 'dhcp' does not appear to be an IPv4 or IPv6 address + if addr != 'dhcp' and is_ipv4(addr): + raise ConfigError("Can't configure both static IPv4 and DHCP address on the same interface") + + if addr == 'dhcp': + self._set_dhcp() + elif addr == 'dhcpv6': + self._set_dhcpv6() + else: + if not is_intf_addr_assigned(self.config['ifname'], addr): + cmd = 'ip addr add "{}" dev "{}"'.format(addr, self.config['ifname']) + return self._cmd(cmd) + + def del_addr(self, addr): + """ + Delete IP(v6) address to interface. Address is only added if it is + assigned to that interface. + + addr: can be an IPv4 address, IPv6 address, dhcp or dhcpv6! + IPv4: delete IPv4 address from interface + IPv6: delete IPv6 address from interface + dhcp: stop dhclient (IPv4) on interface + dhcpv6: stop dhclient (IPv6) on interface + + Example: + >>> from vyos.ifconfig import Interface + >>> j = Interface('eth0') + >>> j.add_addr('2001:db8::ffff/64') + >>> j.add_addr('192.0.2.1/24') + >>> j.get_addr() + ['192.0.2.1/24', '2001:db8::ffff/64'] + >>> j.del_addr('192.0.2.1/24') + >>> j.get_addr() + ['2001:db8::ffff/64'] + """ + if addr == 'dhcp': + self._del_dhcp() + elif addr == 'dhcpv6': + self._del_dhcpv6() + else: + if is_intf_addr_assigned(self.config['ifname'], addr): + cmd = 'ip addr del "{}" dev "{}"'.format(addr, self.config['ifname']) + return self._cmd(cmd) + + def op_show_interface_stats(self): + stats = self.get_interface_stats() + rx = [['bytes','packets','errors','dropped','overrun','mcast'],[stats['rx_bytes'],stats['rx_packets'],stats['rx_errors'],stats['rx_dropped'],stats['rx_over_errors'],stats['multicast']]] + tx = [['bytes','packets','errors','dropped','carrier','collisions'],[stats['tx_bytes'],stats['tx_packets'],stats['tx_errors'],stats['tx_dropped'],stats['tx_carrier_errors'],stats['collisions']]] + output = "RX: \n" + output += tabulate(rx,headers="firstrow",numalign="right",tablefmt="plain") + output += "\n\nTX: \n" + output += tabulate(tx,headers="firstrow",numalign="right",tablefmt="plain") + print(' '.join(('\n'+output.lstrip()).splitlines(True))) + + def get_interface_stats(self): + interface_stats = dict() + devices = [f for f in glob.glob("/sys/class/net/**/statistics")] + for dev_path in devices: + metrics = [f for f in glob.glob(dev_path +"/**")] + dev = re.findall(r"/sys/class/net/(.*)/statistics",dev_path)[0] + dev_dict = dict() + for metric_path in metrics: + metric = metric_path.replace(dev_path+"/","") + if isfile(metric_path): + data = open(metric_path, 'r').read()[:-1] + dev_dict[metric] = int(data) + interface_stats[dev] = dev_dict + + return interface_stats[self.config['ifname']] + diff --git a/python/vyos/ifconfig/l2tpv3.py b/python/vyos/ifconfig/l2tpv3.py new file mode 100644 index 000000000..34147eb38 --- /dev/null +++ b/python/vyos/ifconfig/l2tpv3.py @@ -0,0 +1,113 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +import os + +from vyos.ifconfig.interface import Interface + + +@Interface.register +class L2TPv3If(Interface): + """ + The Linux bonding driver provides a method for aggregating multiple network + interfaces into a single logical "bonded" interface. The behavior of the + bonded interfaces depends upon the mode; generally speaking, modes provide + either hot standby or load balancing services. Additionally, link integrity + monitoring may be performed. + """ + + default = { + 'type': 'l2tp', + } + definition = { + **Interface.definition, + **{ + 'section': 'l2tpeth', + 'prefixes': ['l2tpeth', ], + 'bridgeable': True, + } + } + options = Interface.options + \ + ['tunnel_id', 'peer_tunnel_id', 'local_port', 'remote_port', + 'encapsulation', 'local_address', 'remote_address', 'session_id', + 'peer_session_id'] + + def _create(self): + # create tunnel interface + cmd = 'ip l2tp add tunnel tunnel_id {tunnel_id}' + cmd += ' peer_tunnel_id {peer_tunnel_id}' + cmd += ' udp_sport {local_port}' + cmd += ' udp_dport {remote_port}' + cmd += ' encap {encapsulation}' + cmd += ' local {local_address}' + cmd += ' remote {remote_address}' + self._cmd(cmd.format(**self.config)) + + # setup session + cmd = 'ip l2tp add session name {ifname}' + cmd += ' tunnel_id {tunnel_id}' + cmd += ' session_id {session_id}' + cmd += ' peer_session_id {peer_session_id}' + self._cmd(cmd.format(**self.config)) + + # interface is always A/D down. It needs to be enabled explicitly + self.set_admin_state('down') + + def remove(self): + """ + Remove interface from operating system. Removing the interface + deconfigures all assigned IP addresses. + Example: + >>> from vyos.ifconfig import L2TPv3If + >>> i = L2TPv3If('l2tpeth0') + >>> i.remove() + """ + + if os.path.exists('/sys/class/net/{}'.format(self.config['ifname'])): + # interface is always A/D down. It needs to be enabled explicitly + self.set_admin_state('down') + + if self.config['tunnel_id'] and self.config['session_id']: + cmd = 'ip l2tp del session tunnel_id {tunnel_id}' + cmd += ' session_id {session_id}' + self._cmd(cmd.format(**self.config)) + + if self.config['tunnel_id']: + cmd = 'ip l2tp del tunnel tunnel_id {tunnel_id}' + self._cmd(cmd.format(**self.config)) + + @staticmethod + def get_config(): + """ + L2TPv3 interfaces require a configuration when they are added using + iproute2. This static method will provide the configuration dictionary + used by this class. + + Example: + >> dict = L2TPv3If().get_config() + """ + config = { + 'peer_tunnel_id': '', + 'local_port': 0, + 'remote_port': 0, + 'encapsulation': 'udp', + 'local_address': '', + 'remote_address': '', + 'session_id': '', + 'tunnel_id': '', + 'peer_session_id': '' + } + return config diff --git a/python/vyos/ifconfig/loopback.py b/python/vyos/ifconfig/loopback.py new file mode 100644 index 000000000..8e4438662 --- /dev/null +++ b/python/vyos/ifconfig/loopback.py @@ -0,0 +1,58 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +from vyos.ifconfig.interface import Interface + + +@Interface.register +class LoopbackIf(Interface): + """ + The loopback device is a special, virtual network interface that your router + uses to communicate with itself. + """ + + default = { + 'type': 'loopback', + } + definition = { + **Interface.definition, + **{ + 'section': 'loopback', + 'prefixes': ['lo', ], + 'bridgeable': True, + } + } + + name = 'loopback' + + def remove(self): + """ + Loopback interface can not be deleted from operating system. We can + only remove all assigned IP addresses. + + Example: + >>> from vyos.ifconfig import Interface + >>> i = LoopbackIf('lo').remove() + """ + # remove all assigned IP addresses from interface + for addr in self.get_addr(): + if addr in ["127.0.0.1/8", "::1/128"]: + # Do not allow deletion of the default loopback addresses as + # this will cause weird system behavior like snmp/ssh no longer + # operating as expected, see https://phabricator.vyos.net/T2034. + continue + + self.del_addr(addr) diff --git a/python/vyos/ifconfig/macvlan.py b/python/vyos/ifconfig/macvlan.py new file mode 100644 index 000000000..55b1a3e91 --- /dev/null +++ b/python/vyos/ifconfig/macvlan.py @@ -0,0 +1,67 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +from vyos.ifconfig.interface import Interface +from vyos.ifconfig.vlan import VLAN + + +@Interface.register +@VLAN.enable +class MACVLANIf(Interface): + """ + Abstraction of a Linux MACvlan interface + """ + + default = { + 'type': 'macvlan', + } + definition = { + **Interface.definition, + **{ + 'section': 'pseudo-ethernet', + 'prefixes': ['peth', ], + }, + } + options = Interface.options + ['source_interface', 'mode'] + + def _create(self): + cmd = 'ip link add {ifname} link {source_interface} type macvlan mode {mode}'.format( + **self.config) + self._cmd(cmd) + + @staticmethod + def get_config(): + """ + VXLAN interfaces require a configuration when they are added using + iproute2. This static method will provide the configuration dictionary + used by this class. + + Example: + >> dict = MACVLANIf().get_config() + """ + config = { + 'address': '', + 'source_interface': '', + 'mode': '' + } + return config + + def set_mode(self, mode): + """ + """ + ifname = self.config['ifname'] + cmd = f'ip link set dev {ifname} type macvlan mode {mode}' + return self._cmd(cmd) diff --git a/python/vyos/ifconfig/pppoe.py b/python/vyos/ifconfig/pppoe.py new file mode 100644 index 000000000..7504408cf --- /dev/null +++ b/python/vyos/ifconfig/pppoe.py @@ -0,0 +1,33 @@ +# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +from vyos.ifconfig.interface import Interface + + +@Interface.register +class PPPoEIf(Interface): + default = { + 'type': 'pppoe', + } + definition = { + **Interface.definition, + **{ + 'section': 'pppoe', + 'prefixes': ['pppoe', ], + }, + } + + # The _create and _delete need to be moved from interface-ppoe to here diff --git a/python/vyos/ifconfig/register.py b/python/vyos/ifconfig/register.py new file mode 100644 index 000000000..c90782b70 --- /dev/null +++ b/python/vyos/ifconfig/register.py @@ -0,0 +1,95 @@ +# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +import netifaces + + +class Register: + # the known interface prefixes + _prefixes = {} + + # class need to define: definition['prefixes'] + # the interface prefixes declared by a class used to name interface with + # prefix[0-9]*(\.[0-9]+)?(\.[0-9]+)?, such as lo, eth0 or eth0.1.2 + + @classmethod + def register(cls, klass): + if not klass.definition.get('prefixes',[]): + raise RuntimeError(f'valid interface prefixes not defined for {klass.__name__}') + + for ifprefix in klass.definition['prefixes']: + if ifprefix in cls._prefixes: + raise RuntimeError(f'only one class can be registered for prefix "{ifprefix}" type') + cls._prefixes[ifprefix] = klass + + return klass + + @classmethod + def _basename (cls, name, vlan): + # remove number from interface name + name = name.rstrip('0123456789') + name = name.rstrip('.') + if vlan: + name = name.rstrip('0123456789') + return name + + @classmethod + def section(cls, name, vlan=True): + # return the name of a section an interface should be under + name = cls._basename(name, vlan) + + # XXX: To leave as long as vti and input are not moved to vyos + if name == 'vti': + return 'vti' + if name == 'ifb': + return 'input' + + if name in cls._prefixes: + return cls._prefixes[name].definition['section'] + return '' + + @classmethod + def klass(cls, name, vlan=True): + name = cls._basename(name, vlan) + if name in cls._prefixes: + return cls._prefixes[name] + raise ValueError(f'No type found for interface name: {name}') + + @classmethod + def _listing (cls,section=''): + interfaces = netifaces.interfaces() + + for ifname in interfaces: + # XXX: Temporary hack as vti and input are not yet moved from vyatta to vyos + if ifname.startswith('vti') or ifname.startswith('input'): + yield ifname + continue + + ifsection = cls.section(ifname) + if not ifsection: + continue + + if section and ifsection != section: + continue + + yield ifname + + @classmethod + def listing(cls, section=''): + return list(cls._listing(section)) + + +# XXX: TODO - limit name for VRF interfaces + diff --git a/python/vyos/ifconfig/stp.py b/python/vyos/ifconfig/stp.py new file mode 100644 index 000000000..5e83206c2 --- /dev/null +++ b/python/vyos/ifconfig/stp.py @@ -0,0 +1,70 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +from vyos.ifconfig.interface import Interface + +from vyos.validate import assert_positive + + +class STP: + """ + A spanning-tree capable interface. This applies only to bridge port member + interfaces! + """ + + @classmethod + def enable (cls, adaptee): + adaptee._sysfs_set = {**adaptee._sysfs_set, **cls._sysfs_set} + adaptee.set_path_cost = cls.set_path_cost + adaptee.set_path_priority = cls.set_path_priority + return adaptee + + _sysfs_set = { + 'path_cost': { + # XXX: we should set a maximum + 'validate': assert_positive, + 'location': '/sys/class/net/{ifname}/brport/path_cost', + 'errormsg': '{ifname} is not a bridge port member' + }, + 'path_priority': { + # XXX: we should set a maximum + 'validate': assert_positive, + 'location': '/sys/class/net/{ifname}/brport/priority', + 'errormsg': '{ifname} is not a bridge port member' + }, + } + + def set_path_cost(self, cost): + """ + Set interface path cost, only relevant for STP enabled interfaces + + Example: + + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_path_cost(4) + """ + self.set_interface('path_cost', cost) + + def set_path_priority(self, priority): + """ + Set interface path priority, only relevant for STP enabled interfaces + + Example: + + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_path_priority(4) + """ + self.set_interface('path_priority', priority) diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py new file mode 100644 index 000000000..05060669a --- /dev/null +++ b/python/vyos/ifconfig/tunnel.py @@ -0,0 +1,324 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +# https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels/ +# https://community.hetzner.com/tutorials/linux-setup-gre-tunnel + + +from copy import deepcopy + +from vyos.ifconfig.interface import Interface +from vyos.ifconfig.afi import IP4, IP6 +from vyos.validate import assert_list + +def enable_to_on(value): + if value == 'enable': + return 'on' + if value == 'disable': + return 'off' + raise ValueError(f'expect enable or disable but got "{value}"') + + +@Interface.register +class _Tunnel(Interface): + """ + _Tunnel: private base class for tunnels + https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/tunnel.c + https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/ip6tunnel.c + """ + definition = { + **Interface.definition, + **{ + 'section': 'tunnel', + 'prefixes': ['tun',], + 'bridgeable': True, + }, + } + + # TODO: This is surely used for more than tunnels + # TODO: could be refactored elsewhere + _command_set = {**Interface._command_set, **{ + 'multicast': { + 'validate': lambda v: assert_list(v, ['enable', 'disable']), + 'convert': enable_to_on, + 'shellcmd': 'ip link set dev {ifname} multicast {value}', + }, + 'allmulticast': { + 'validate': lambda v: assert_list(v, ['enable', 'disable']), + 'convert': enable_to_on, + 'shellcmd': 'ip link set dev {ifname} allmulticast {value}', + }, + }} + + # use for "options" and "updates" + # If an key is only in the options list, it can only be set at creation time + # the create comand will only be make using the key in options + + # If an option is in the updates list, it can be updated + # upon, the creation, all key not yet applied will be updated + + # multicast/allmulticast can not be part of the create command + + # options matrix: + # with ip = 4, we have multicast + # wiht ip = 6, nothing + # with tunnel = 4, we have tos, ttl, key + # with tunnel = 6, we have encaplimit, hoplimit, tclass, flowlabel + + # TODO: For multicast, it is allowed on IP6IP6 and Sit6RD + # TODO: to match vyatta but it should be checked for correctness + + updates = [] + + create = '' + change = '' + delete = '' + + ip = [] # AFI of the families which can be used in the tunnel + tunnel = 0 # invalid - need to be set by subclasses + + def __init__(self, ifname, **config): + self.config = deepcopy(config) if config else {} + super().__init__(ifname, **config) + + def _create(self): + # add " option-name option-name-value ..." for all options set + options = " ".join(["{} {}".format(k, self.config[k]) + for k in self.options if k in self.config and self.config[k]]) + self._cmd('{} {}'.format(self.create.format(**self.config), options)) + self.set_admin_state('down') + + def _delete(self): + self.set_admin_state('down') + cmd = self.delete.format(**self.config) + return self._cmd(cmd) + + def set_interface(self, option, value): + try: + return Interface.set_interface(self, option, value) + except Exception: + pass + + if value == '': + # remove the value so that it is not used + self.config.pop(option, '') + + if self.change: + self._cmd('{} {} {}'.format( + self.change.format(**self.config), option, value)) + return True + + @classmethod + def get_config(cls): + return dict(zip(cls.options, ['']*len(cls.options))) + + +class GREIf(_Tunnel): + """ + GRE: Generic Routing Encapsulation + + For more information please refer to: + RFC1701, RFC1702, RFC2784 + https://tools.ietf.org/html/rfc2784 + https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/link_gre.c + """ + + ip = [IP4, IP6] + tunnel = IP4 + + default = {'type': 'gre'} + required = ['local', ] # mGRE is a GRE without remote endpoint + + options = ['local', 'remote', 'ttl', 'tos', 'key'] + updates = ['local', 'remote', 'ttl', 'tos', + 'multicast', 'allmulticast'] + + create = 'ip tunnel add {ifname} mode {type}' + change = 'ip tunnel cha {ifname}' + delete = 'ip tunnel del {ifname}' + + +# GreTap also called GRE Bridge +class GRETapIf(_Tunnel): + """ + GRETapIF: GreIF using TAP instead of TUN + + https://en.wikipedia.org/wiki/TUN/TAP + """ + + # no multicast, ttl or tos for gretap + + ip = [IP4, ] + tunnel = IP4 + + default = {'type': 'gretap'} + required = ['local', ] + + options = ['local', 'remote', ] + updates = [] + + create = 'ip link add {ifname} type {type}' + change = '' + delete = 'ip link del {ifname}' + + +class IP6GREIf(_Tunnel): + """ + IP6Gre: IPv6 Support for Generic Routing Encapsulation (GRE) + + For more information please refer to: + https://tools.ietf.org/html/rfc7676 + https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/link_gre6.c + """ + + ip = [IP4, IP6] + tunnel = IP6 + + default = {'type': 'ip6gre'} + required = ['local', 'remote'] + + options = ['local', 'remote', 'encaplimit', + 'hoplimit', 'tclass', 'flowlabel'] + updates = ['local', 'remote', 'encaplimit', + 'hoplimit', 'tclass', 'flowlabel', + 'multicast', 'allmulticast'] + + create = 'ip tunnel add {ifname} mode {type}' + change = 'ip tunnel cha {ifname} mode {type}' + delete = 'ip tunnel del {ifname}' + + # using "ip tunnel change" without using "mode" causes errors + # sudo ip tunnel add tun100 mode ip6gre local ::1 remote 1::1 + # sudo ip tunnel cha tun100 hoplimit 100 + # *** stack smashing detected ** *: < unknown > terminated + # sudo ip tunnel cha tun100 local: : 2 + # Error: an IP address is expected rather than "::2" + # works if mode is explicit + + +class IPIPIf(_Tunnel): + """ + IPIP: IP Encapsulation within IP + + For more information please refer to: + https://tools.ietf.org/html/rfc2003 + """ + + # IPIP does not allow to pass multicast, unlike GRE + # but the interface itself can be set with multicast + + ip = [IP4,] + tunnel = IP4 + + default = {'type': 'ipip'} + required = ['local', 'remote'] + + options = ['local', 'remote', 'ttl', 'tos', 'key'] + updates = ['local', 'remote', 'ttl', 'tos', + 'multicast', 'allmulticast'] + + create = 'ip tunnel add {ifname} mode {type}' + change = 'ip tunnel cha {ifname}' + delete = 'ip tunnel del {ifname}' + + +class IPIP6If(_Tunnel): + """ + IPIP6: IPv4 over IPv6 tunnel + + For more information please refer to: + https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/link_ip6tnl.c + """ + + ip = [IP4,] + tunnel = IP6 + + default = {'type': 'ipip6'} + required = ['local', 'remote'] + + options = ['local', 'remote', 'encaplimit', + 'hoplimit', 'tclass', 'flowlabel'] + updates = ['local', 'remote', 'encaplimit', + 'hoplimit', 'tclass', 'flowlabel', + 'multicast', 'allmulticast'] + + create = 'ip -6 tunnel add {ifname} mode {type}' + change = 'ip -6 tunnel cha {ifname}' + delete = 'ip -6 tunnel del {ifname}' + + +class IP6IP6If(IPIP6If): + """ + IP6IP6: IPv6 over IPv6 tunnel + + For more information please refer to: + https://tools.ietf.org/html/rfc2473 + """ + + ip = [IP6,] + + default = {'type': 'ip6ip6'} + + +class SitIf(_Tunnel): + """ + Sit: Simple Internet Transition + + For more information please refer to: + https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/link_iptnl.c + """ + + ip = [IP6, IP4] + tunnel = IP4 + + default = {'type': 'sit'} + required = ['local', 'remote'] + + options = ['local', 'remote', 'ttl', 'tos', 'key'] + updates = ['local', 'remote', 'ttl', 'tos', + 'multicast', 'allmulticast'] + + create = 'ip tunnel add {ifname} mode {type}' + change = 'ip tunnel cha {ifname}' + delete = 'ip tunnel del {ifname}' + + +class Sit6RDIf(SitIf): + """ + Sit6RDIf: Simple Internet Transition with 6RD + + https://en.wikipedia.org/wiki/IPv6_rapid_deployment + """ + + ip = [IP6,] + + required = ['remote', '6rd-prefix'] + + # TODO: check if key can really be used with 6RD + options = ['remote', 'ttl', 'tos', 'key', '6rd-prefix', '6rd-relay-prefix'] + updates = ['remote', 'ttl', 'tos', + 'multicast', 'allmulticast'] + + def _create(self): + # do not call _Tunnel.create, building fully here + + create = 'ip tunnel add {ifname} mode {type} remote {remote}' + self._cmd(create.format(**self.config)) + self.set_interface('state','down') + + set6rd = 'ip tunnel 6rd dev {ifname} 6rd-prefix {6rd-prefix}' + if '6rd-relay-prefix' in self.config: + set6rd += ' 6rd-relay-prefix {6rd-relay-prefix}' + self._cmd(set6rd.format(**self.config)) diff --git a/python/vyos/ifconfig/vlan.py b/python/vyos/ifconfig/vlan.py new file mode 100644 index 000000000..7b1e00d87 --- /dev/null +++ b/python/vyos/ifconfig/vlan.py @@ -0,0 +1,142 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +import os +import re + +from vyos.ifconfig.interface import Interface + + +# This is an internal implementation class +class VLAN: + """ + This class handels the creation and removal of a VLAN interface. It serves + as base class for BondIf and EthernetIf. + """ + + _novlan_remove = lambda : None + + @classmethod + def enable (cls,adaptee): + adaptee._novlan_remove = adaptee.remove + adaptee.remove = cls.remove + adaptee.add_vlan = cls.add_vlan + adaptee.del_vlan = cls.del_vlan + adaptee.definition['vlan'] = True + return adaptee + + def remove(self): + """ + Remove interface from operating system. Removing the interface + deconfigures all assigned IP addresses and clear possible DHCP(v6) + client processes. + + Example: + >>> from vyos.ifconfig import Interface + >>> i = Interface('eth0') + >>> i.remove() + """ + ifname = self.config['ifname'] + + # Do we have sub interfaces (VLANs)? We apply a regex matching + # subinterfaces (indicated by a .) of a parent interface. + # + # As interfaces need to be deleted "in order" starting from Q-in-Q + # we delete them first. + vlan_ifs = [f for f in os.listdir(r'/sys/class/net') + if re.match(ifname + r'(?:\.\d+)(?:\.\d+)', f)] + + for vlan in vlan_ifs: + Interface(vlan).remove() + + # After deleting all Q-in-Q interfaces delete other VLAN interfaces + # which probably acted as parent to Q-in-Q or have been regular 802.1q + # interface. + vlan_ifs = [f for f in os.listdir(r'/sys/class/net') + if re.match(ifname + r'(?:\.\d+)', f)] + + for vlan in vlan_ifs: + # self.__class__ is already VLAN.enabled + self.__class__(vlan)._novlan_remove() + + # All subinterfaces are now removed, continue on the physical interface + self._novlan_remove() + + def add_vlan(self, vlan_id, ethertype='', ingress_qos='', egress_qos=''): + """ + A virtual LAN (VLAN) is any broadcast domain that is partitioned and + isolated in a computer network at the data link layer (OSI layer 2). + Use this function to create a new VLAN interface on a given physical + interface. + + This function creates both 802.1q and 802.1ad (Q-in-Q) interfaces. Proto + parameter is used to indicate VLAN type. + + A new object of type VLANIf is returned once the interface has been + created. + + @param ethertype: If specified, create 802.1ad or 802.1q Q-in-Q VLAN + interface + @param ingress_qos: Defines a mapping of VLAN header prio field to the + Linux internal packet priority on incoming frames. + @param ingress_qos: Defines a mapping of Linux internal packet priority + to VLAN header prio field but for outgoing frames. + + Example: + >>> from vyos.ifconfig import MACVLANIf + >>> i = MACVLANIf('eth0') + >>> i.add_vlan(10) + """ + vlan_ifname = self.config['ifname'] + '.' + str(vlan_id) + if not os.path.exists(f'/sys/class/net/{vlan_ifname}'): + self._vlan_id = int(vlan_id) + + if ethertype: + self._ethertype = ethertype + ethertype = 'proto {}'.format(ethertype) + + # Optional ingress QOS mapping + opt_i = '' + if ingress_qos: + opt_i = 'ingress-qos-map ' + ingress_qos + # Optional egress QOS mapping + opt_e = '' + if egress_qos: + opt_e = 'egress-qos-map ' + egress_qos + + # create interface in the system + cmd = 'ip link add link {ifname} name {ifname}.{vlan} type vlan {proto} id {vlan} {opt_e} {opt_i}' \ + .format(ifname=self.config['ifname'], vlan=self._vlan_id, proto=ethertype, opt_e=opt_e, opt_i=opt_i) + self._cmd(cmd) + + # return new object mapping to the newly created interface + # we can now work on this object for e.g. IP address setting + # or interface description and so on + return self.__class__(vlan_ifname) + + def del_vlan(self, vlan_id): + """ + Remove VLAN interface from operating system. Removing the interface + deconfigures all assigned IP addresses and clear possible DHCP(v6) + client processes. + + Example: + >>> from vyos.ifconfig import MACVLANIf + >>> i = MACVLANIf('eth0.10') + >>> i.del_vlan() + """ + ifname = self.config['ifname'] + self.__class__(f'{ifname}.{vlan_id}')._novlan_remove() diff --git a/python/vyos/ifconfig/vtun.py b/python/vyos/ifconfig/vtun.py new file mode 100644 index 000000000..07d39fcbb --- /dev/null +++ b/python/vyos/ifconfig/vtun.py @@ -0,0 +1,34 @@ +# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +from vyos.ifconfig.interface import Interface + + +@Interface.register +class VTunIf(Interface): + default = { + 'type': 'vtun', + } + definition = { + **Interface.definition, + **{ + 'section': 'openvpn', + 'prefixes': ['vtun', ], + 'bridgeable': True, + }, + } + + # The _create and _delete need to be moved from interface-ppoe to here diff --git a/python/vyos/ifconfig/vxlan.py b/python/vyos/ifconfig/vxlan.py new file mode 100644 index 000000000..f47ae17cc --- /dev/null +++ b/python/vyos/ifconfig/vxlan.py @@ -0,0 +1,106 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +from copy import deepcopy + +from vyos import ConfigError +from vyos.ifconfig.interface import Interface + + +@Interface.register +class VXLANIf(Interface): + """ + The VXLAN protocol is a tunnelling protocol designed to solve the + problem of limited VLAN IDs (4096) in IEEE 802.1q. With VXLAN the + size of the identifier is expanded to 24 bits (16777216). + + VXLAN is described by IETF RFC 7348, and has been implemented by a + number of vendors. The protocol runs over UDP using a single + destination port. This document describes the Linux kernel tunnel + device, there is also a separate implementation of VXLAN for + Openvswitch. + + Unlike most tunnels, a VXLAN is a 1 to N network, not just point to + point. A VXLAN device can learn the IP address of the other endpoint + either dynamically in a manner similar to a learning bridge, or make + use of statically-configured forwarding entries. + + For more information please refer to: + https://www.kernel.org/doc/Documentation/networking/vxlan.txt + """ + + default = { + 'type': 'vxlan', + 'group': '', + 'port': 8472, # The Linux implementation of VXLAN pre-dates + # the IANA's selection of a standard destination port + 'remote': '', + 'src_address': '', + 'src_interface': '', + 'vni': 0 + } + definition = { + **Interface.definition, + **{ + 'section': 'vxlan', + 'prefixes': ['vxlan', ], + 'bridgeable': True, + } + } + options = ['group', 'remote', 'src_interface', 'port', 'vni', 'src_address'] + + mapping = { + 'ifname': 'add', + 'vni': 'id', + 'port': 'dstport', + 'src_address': 'nolearning local', + } + + def _create(self): + cmdline = set() + if self.config['remote']: + cmdline = ('ifname', 'type', 'remote', 'src_interface', 'vni', 'port') + + elif self.config['src_address']: + cmdline = ('ifname', 'type', 'src_address', 'vni', 'port') + + elif self.config['group'] and self.config['src_interface']: + cmdline = ('ifname', 'type', 'group', 'src_interface', 'vni', 'port') + + else: + ifname = self.config['ifname'] + raise ConfigError( + f'VXLAN "{ifname}" is missing mandatory underlay interface for a multicast network.') + + cmd = 'ip link' + for key in cmdline: + value = self.config.get(key, '') + if not value: + continue + cmd += ' {} {}'.format(self.mapping.get(key, key), value) + + self._cmd(cmd) + + @classmethod + def get_config(cls): + """ + VXLAN interfaces require a configuration when they are added using + iproute2. This static method will provide the configuration dictionary + used by this class. + + Example: + >> dict = VXLANIf().get_config() + """ + return deepcopy(cls.default) diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py new file mode 100644 index 000000000..e2b8a5924 --- /dev/null +++ b/python/vyos/ifconfig/wireguard.py @@ -0,0 +1,222 @@ +# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + + +import os +import time +from datetime import timedelta + +from vyos.config import Config +from vyos.ifconfig.interface import Interface +from hurry.filesize import size,alternative + + +@Interface.register +class WireGuardIf(Interface): + default = { + 'type': 'wireguard', + 'port': 0, + 'private-key': None, + 'pubkey': None, + 'psk': '/dev/null', + 'allowed-ips': [], + 'fwmark': 0x00, + 'endpoint': None, + 'keepalive': 0 + } + definition = { + **Interface.definition, + **{ + 'section': 'wireguard', + 'prefixes': ['wg', ], + 'bridgeable': True, + } + } + options = ['port', 'private-key', 'pubkey', 'psk', + 'allowed-ips', 'fwmark', 'endpoint', 'keepalive'] + + """ + Wireguard interface class, contains a comnfig dictionary since + wireguard VPN is being comnfigured via the wg command rather than + writing the config into a file. Otherwise if a pre-shared key is used + (symetric enryption key), it would we exposed within multiple files. + Currently it's only within the config.boot if the config was saved. + + Example: + >>> from vyos.ifconfig import WireGuardIf as wg_if + >>> wg_intfc = wg_if("wg01") + >>> print (wg_intfc.wg_config) + {'private-key': None, 'keepalive': 0, 'endpoint': None, 'port': 0, + 'allowed-ips': [], 'pubkey': None, 'fwmark': 0, 'psk': '/dev/null'} + >>> wg_intfc.wg_config['keepalive'] = 100 + >>> print (wg_intfc.wg_config) + {'private-key': None, 'keepalive': 100, 'endpoint': None, 'port': 0, + 'allowed-ips': [], 'pubkey': None, 'fwmark': 0, 'psk': '/dev/null'} + """ + + def update(self): + if not self.config['private-key']: + raise ValueError("private key required") + else: + # fmask permission check? + pass + + cmd = "wg set {} ".format(self.config['ifname']) + cmd += "listen-port {} ".format(self.config['port']) + cmd += "fwmark {} ".format(str(self.config['fwmark'])) + cmd += "private-key {} ".format(self.config['private-key']) + cmd += "peer {} ".format(self.config['pubkey']) + cmd += " preshared-key {} ".format(self.config['psk']) + cmd += " allowed-ips " + for aip in self.config['allowed-ips']: + if aip != self.config['allowed-ips'][-1]: + cmd += aip + "," + else: + cmd += aip + if self.config['endpoint']: + cmd += " endpoint {}".format(self.config['endpoint']) + cmd += " persistent-keepalive {}".format(self.config['keepalive']) + + self._cmd(cmd) + + # remove psk since it isn't required anymore and is saved in the cli + # config only !! + if self.config['psk'] != '/dev/null': + if os.path.exists(self.config['psk']): + os.remove(self.config['psk']) + + def remove_peer(self, peerkey): + """ + Remove a peer of an interface, peers are identified by their public key. + Giving it a readable name is a vyos feature, to remove a peer the pubkey + and the interface is needed, to remove the entry. + """ + cmd = "wg set {0} peer {1} remove".format( + self.config['ifname'], str(peerkey)) + return self._cmd(cmd) + + def op_show_interface(self): + wgdump = self._dump().get( + self.config['ifname'], None) + + c = Config() + c.set_level(["interfaces", "wireguard", self.config['ifname']]) + description = c.return_effective_value(["description"]) + ips = c.return_effective_values(["address"]) + + print ("interface: {}".format(self.config['ifname'])) + if (description): + print (" description: {}".format(description)) + + if (ips): + print (" address: {}".format(", ".join(ips))) + print (" public key: {}".format(wgdump['public_key'])) + print (" private key: (hidden)") + print (" listening port: {}".format(wgdump['listen_port'])) + print () + + for peer in c.list_effective_nodes(["peer"]): + if wgdump['peers']: + pubkey = c.return_effective_value(["peer", peer, "pubkey"]) + if pubkey in wgdump['peers']: + wgpeer = wgdump['peers'][pubkey] + + print (" peer: {}".format(peer)) + print (" public key: {}".format(pubkey)) + + """ figure out if the tunnel is recently active or not """ + status = "inactive" + if (wgpeer['latest_handshake'] is None): + """ no handshake ever """ + status = "inactive" + else: + if int(wgpeer['latest_handshake']) > 0: + delta = timedelta(seconds=int( + time.time() - wgpeer['latest_handshake'])) + print (" latest handshake: {}".format(delta)) + if (time.time() - int(wgpeer['latest_handshake']) < (60*5)): + """ Five minutes and the tunnel is still active """ + status = "active" + else: + """ it's been longer than 5 minutes """ + status = "inactive" + elif int(wgpeer['latest_handshake']) == 0: + """ no handshake ever """ + status = "inactive" + print (" status: {}".format(status)) + + if wgpeer['endpoint'] is not None: + print (" endpoint: {}".format(wgpeer['endpoint'])) + + if wgpeer['allowed_ips'] is not None: + print (" allowed ips: {}".format( + ",".join(wgpeer['allowed_ips']).replace(",", ", "))) + + if wgpeer['transfer_rx'] > 0 or wgpeer['transfer_tx'] > 0: + rx_size = size( + wgpeer['transfer_rx'], system=alternative) + tx_size = size( + wgpeer['transfer_tx'], system=alternative) + print (" transfer: {} received, {} sent".format( + rx_size, tx_size)) + + if wgpeer['persistent_keepalive'] is not None: + print (" persistent keepalive: every {} seconds".format( + wgpeer['persistent_keepalive'])) + print() + super().op_show_interface_stats() + + def _dump(self): + """Dump wireguard data in a python friendly way.""" + last_device = None + output = {} + + # Dump wireguard connection data + _f = self._cmd('wg show all dump') + for line in _f.split('\n'): + if not line: + # Skip empty lines and last line + continue + items = line.split('\t') + + if last_device != items[0]: + # We are currently entering a new node + device, private_key, public_key, listen_port, fw_mark = items + last_device = device + + output[device] = { + 'private_key': None if private_key == '(none)' else private_key, + 'public_key': None if public_key == '(none)' else public_key, + 'listen_port': int(listen_port), + 'fw_mark': None if fw_mark == 'off' else int(fw_mark), + 'peers': {}, + } + else: + # We are entering a peer + device, public_key, preshared_key, endpoint, allowed_ips, latest_handshake, transfer_rx, transfer_tx, persistent_keepalive = items + if allowed_ips == '(none)': + allowed_ips = [] + else: + allowed_ips = allowed_ips.split('\t') + output[device]['peers'][public_key] = { + 'preshared_key': None if preshared_key == '(none)' else preshared_key, + 'endpoint': None if endpoint == '(none)' else endpoint, + 'allowed_ips': allowed_ips, + 'latest_handshake': None if latest_handshake == '0' else int(latest_handshake), + 'transfer_rx': int(transfer_rx), + 'transfer_tx': int(transfer_tx), + 'persistent_keepalive': None if persistent_keepalive == 'off' else int(persistent_keepalive), + } + return output diff --git a/python/vyos/ifconfig/wireless.py b/python/vyos/ifconfig/wireless.py new file mode 100644 index 000000000..946ae1642 --- /dev/null +++ b/python/vyos/ifconfig/wireless.py @@ -0,0 +1,82 @@ +# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +import os + +from vyos.ifconfig.interface import Interface +from vyos.ifconfig.vlan import VLAN + + +@Interface.register +@VLAN.enable +class WiFiIf(Interface): + """ + Handle WIFI/WLAN interfaces. + """ + + default = { + 'type': 'wifi', + 'phy': 'phy0' + } + definition = { + **Interface.definition, + **{ + 'section': 'wireless', + 'prefixes': ['wlan', ], + 'bridgeable': True, + } + } + options = ['phy', 'op_mode'] + + def _create(self): + # all interfaces will be added in monitor mode + cmd = 'iw phy {phy} interface add {ifname} type monitor' \ + .format(**self.config) + self._cmd(cmd) + + # wireless interface is administratively down by default + self.set_admin_state('down') + + def _delete(self): + cmd = 'iw dev {ifname} del' \ + .format(**self.config) + self._cmd(cmd) + + @staticmethod + def get_config(): + """ + WiFi interfaces require a configuration when they are added using + iw (type/phy). This static method will provide the configuration + ictionary used by this class. + + Example: + >> conf = WiFiIf().get_config() + """ + config = { + 'phy': 'phy0' + } + return config + + + +@Interface.register +class WiFiModemIf(WiFiIf): + definition = { + **WiFiIf.definition, + **{ + 'section': 'wirelessmodem', + 'prefixes': ['wlm', ], + } + } diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py index 8e09db95a..ed22646c1 100644 --- a/python/vyos/ifconfig_vlan.py +++ b/python/vyos/ifconfig_vlan.py @@ -13,7 +13,8 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. -from vyos.ifconfig import VLANIf +from netifaces import interfaces +from vyos import ConfigError def apply_vlan_config(vlan, config): """ @@ -21,7 +22,7 @@ def apply_vlan_config(vlan, config): to a VLAN interface """ - if type(vlan) != type(VLANIf("lo")): + if not vlan.definition['vlan']: raise TypeError() # get DHCP config dictionary and update values @@ -63,17 +64,29 @@ def apply_vlan_config(vlan, config): vlan.set_arp_announce(config['ip_enable_arp_announce']) # configure ARP ignore vlan.set_arp_ignore(config['ip_enable_arp_ignore']) + # configure Proxy ARP + vlan.set_proxy_arp(config['ip_proxy_arp']) + # IPv6 address autoconfiguration + vlan.set_ipv6_autoconf(config['ipv6_autoconf']) + # IPv6 forwarding + vlan.set_ipv6_forwarding(config['ipv6_forwarding']) + # IPv6 Duplicate Address Detection (DAD) tries + vlan.set_ipv6_dad_messages(config['ipv6_dup_addr_detect']) # Maximum Transmission Unit (MTU) vlan.set_mtu(config['mtu']) + + # assign/remove VRF + vlan.set_vrf(config['vrf']) + # Change VLAN interface MAC address if config['mac']: vlan.set_mac(config['mac']) # enable/disable VLAN interface if config['disable']: - vlan.set_state('down') + vlan.set_admin_state('down') else: - vlan.set_state('up') + vlan.set_admin_state('up') # Configure interface address(es) # - not longer required addresses get removed first @@ -83,3 +96,46 @@ def apply_vlan_config(vlan, config): for addr in config['address']: vlan.add_addr(addr) +def verify_vlan_config(config): + """ + Generic function to verify VLAN config consistency. Instead of re- + implementing this function in multiple places use single source \o/ + """ + + for vif in config['vif']: + # DHCPv6 parameters-only and temporary address are mutually exclusive + if vif['dhcpv6_prm_only'] and vif['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + + vrf_name = vif['vrf'] + if vrf_name and vrf_name not in interfaces(): + raise ConfigError(f'VRF "{vrf_name}" does not exist') + + # e.g. wireless interface has no vif_s support + # thus we bail out eraly. + if 'vif_s' not in config.keys(): + return + + for vif_s in config['vif_s']: + for vif in config['vif']: + if vif['id'] == vif_s['id']: + raise ConfigError('Can not use identical ID on vif and vif-s interface') + + # DHCPv6 parameters-only and temporary address are mutually exclusive + if vif_s['dhcpv6_prm_only'] and vif_s['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + + vrf_name = vif_s['vrf'] + if vrf_name and vrf_name not in interfaces(): + raise ConfigError(f'VRF "{vrf_name}" does not exist') + + for vif_c in vif_s['vif_c']: + # DHCPv6 parameters-only and temporary address are mutually exclusive + if vif_c['dhcpv6_prm_only'] and vif_c['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + + vrf_name = vif_c['vrf'] + if vrf_name and vrf_name not in interfaces(): + raise ConfigError(f'VRF "{vrf_name}" does not exist') + + diff --git a/python/vyos/interfaces.py b/python/vyos/interfaces.py deleted file mode 100644 index 37c093aca..000000000 --- a/python/vyos/interfaces.py +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright 2018 VyOS maintainers and contributors <maintainers@vyos.io> -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library. If not, see <http://www.gnu.org/licenses/>. - -import re -import json - -import subprocess -import netifaces - -intf_type_data_file = '/usr/share/vyos/interface-types.json' - -def list_interfaces(): - interfaces = netifaces.interfaces() - - # Remove "fake" interfaces associated with drivers - for i in ["dummy0", "ip6tnl0", "tunl0", "ip_vti0", "ip6_vti0"]: - try: - interfaces.remove(i) - except ValueError: - pass - - return interfaces - -def list_interfaces_of_type(typ): - with open(intf_type_data_file, 'r') as f: - types_data = json.load(f) - - all_intfs = list_interfaces() - if not (typ in types_data.keys()): - raise ValueError("Unknown interface type: {0}".format(typ)) - else: - r = re.compile('^{0}\d+'.format(types_data[typ])) - return list(filter(lambda i: re.match(r, i), all_intfs)) - -def get_type_of_interface(intf): - with open(intf_type_data_file, 'r') as f: - types_data = json.load(f) - - for key,val in types_data.items(): - r = re.compile('^{0}\d+'.format(val)) - if re.match(r, intf): - return key - - raise ValueError("No type found for interface name: {0}".format(intf)) - -def wireguard_dump(): - """Dump wireguard data in a python friendly way.""" - last_device=None - output = {} - - # Dump wireguard connection data - _f = subprocess.check_output(["wg", "show", "all", "dump"]).decode() - for line in _f.split('\n'): - if not line: - # Skip empty lines and last line - continue - items = line.split('\t') - - if last_device != items[0]: - # We are currently entering a new node - device, private_key, public_key, listen_port, fw_mark = items - last_device = device - - output[device] = { - 'private_key': None if private_key == '(none)' else private_key, - 'public_key': None if public_key == '(none)' else public_key, - 'listen_port': int(listen_port), - 'fw_mark': None if fw_mark == 'off' else int(fw_mark), - 'peers': {}, - } - else: - # We are entering a peer - device, public_key, preshared_key, endpoint, allowed_ips, latest_handshake, transfer_rx, transfer_tx, persistent_keepalive = items - if allowed_ips == '(none)': - allowed_ips = [] - else: - allowed_ips = allowed_ips.split('\t') - output[device]['peers'][public_key] = { - 'preshared_key': None if preshared_key == '(none)' else preshared_key, - 'endpoint': None if endpoint == '(none)' else endpoint, - 'allowed_ips': allowed_ips, - 'latest_handshake': None if latest_handshake == '0' else int(latest_handshake), - 'transfer_rx': int(transfer_rx), - 'transfer_tx': int(transfer_tx), - 'persistent_keepalive': None if persistent_keepalive == 'off' else int(persistent_keepalive), - } - return output diff --git a/python/vyos/ioctl.py b/python/vyos/ioctl.py index e57d261e4..cfa75aac6 100644 --- a/python/vyos/ioctl.py +++ b/python/vyos/ioctl.py @@ -13,9 +13,11 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. +import sys import os -import fcntl, struct, sys -from socket import * +import socket +import fcntl +import struct SIOCGIFFLAGS = 0x8913 @@ -28,7 +30,7 @@ def get_terminal_size(): def get_interface_flags(intf): """ Pull the SIOCGIFFLAGS """ nullif = '\0'*256 - sock = socket(AF_INET, SOCK_DGRAM) + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) raw = fcntl.ioctl(sock.fileno(), SIOCGIFFLAGS, intf + nullif) flags, = struct.unpack('H', raw[16:18]) return flags diff --git a/python/vyos/migrator.py b/python/vyos/migrator.py index f05228041..9a5fdef2f 100644 --- a/python/vyos/migrator.py +++ b/python/vyos/migrator.py @@ -25,7 +25,7 @@ class MigratorError(Exception): pass class Migrator(object): - def __init__(self, config_file, force=False, set_vintage=None): + def __init__(self, config_file, force=False, set_vintage='vyos'): self._config_file = config_file self._force = force self._set_vintage = set_vintage @@ -61,9 +61,6 @@ class Migrator(object): if self._set_vintage: self._config_file_vintage = self._set_vintage - if not self._config_file_vintage: - self._config_file_vintage = vyos.defaults.cfg_vintage - if self._config_file_vintage not in ['vyatta', 'vyos']: raise MigratorError("Unknown vintage.") @@ -204,16 +201,12 @@ class Migrator(object): return self._changed class VirtualMigrator(Migrator): - def __init__(self, config_file, vintage='vyos'): - super().__init__(config_file, set_vintage = vintage) - def run(self): cfg_file = self._config_file cfg_versions = self.read_config_file_versions() if not cfg_versions: - raise MigratorError("Config file has no version information;" - " virtual migration not possible.") + return if self.update_vintage(): self._changed = True diff --git a/python/vyos/remote.py b/python/vyos/remote.py index f8a21f068..f918461d1 100644 --- a/python/vyos/remote.py +++ b/python/vyos/remote.py @@ -17,7 +17,8 @@ import sys import os import re import fileinput -import subprocess + +from vyos.util import cmd, DEVNULL def check_and_add_host_key(host_name): @@ -33,10 +34,8 @@ def check_and_add_host_key(host_name): keyscan_cmd = 'ssh-keyscan -t rsa {} 2>/dev/null'.format(host_name) try: - host_key = subprocess.check_output(keyscan_cmd, shell=True, - stderr=subprocess.DEVNULL, - universal_newlines=True) - except subprocess.CalledProcessError as err: + host_key = cmd(keyscan_cmd, shell=True, stderr=DEVNULL) + except OSError: sys.exit("Can not get RSA host key") # libssh2 (jessie; stretch) does not recognize ec host keys, and curl @@ -64,10 +63,8 @@ def check_and_add_host_key(host_name): fingerprint_cmd = 'ssh-keygen -lf /dev/stdin <<< "{}"'.format(host_key) try: - fingerprint = subprocess.check_output(fingerprint_cmd, shell=True, - stderr=subprocess.DEVNULL, - universal_newlines=True) - except subprocess.CalledProcessError as err: + fingerprint = cmd(fingerprint_cmd, shell=True, stderr=DEVNULL) + except OSError: sys.exit("Can not get RSA host key fingerprint.") print("RSA host key fingerprint is {}".format(fingerprint.split()[1])) @@ -128,9 +125,8 @@ def get_remote_config(remote_file): # Try header first, and look for 'OK' or 'Moved' codes: curl_cmd = 'curl {0} -q -I {1}'.format(redirect_opt, remote_file) try: - curl_output = subprocess.check_output(curl_cmd, shell=True, - universal_newlines=True) - except subprocess.CalledProcessError: + curl_output = cmd(curl_cmd, shell=True) + except OSError: sys.exit(1) return_vals = re.findall(r'^HTTP\/\d+\.?\d\s+(\d+)\s+(.*)$', @@ -146,9 +142,6 @@ def get_remote_config(remote_file): curl_cmd = 'curl {0} -# {1}'.format(redirect_opt, remote_file) try: - config_file = subprocess.check_output(curl_cmd, shell=True, - universal_newlines=True) - except subprocess.CalledProcessError: - config_file = None - - return config_file + return cmd(curl_cmd, shell=True, stderr=None) + except OSError: + return None diff --git a/python/vyos/util.py b/python/vyos/util.py index 67a602f7a..291ce64ea 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -15,15 +15,96 @@ import os import re -import getpass -import grp -import time -import subprocess import sys +from subprocess import Popen, PIPE, STDOUT, DEVNULL + +def debug(flag): + # this is to force all new flags to be registered here so that + # they can be documented: + # - developer: the code will drop into PBD on un-handled exception + # - ifconfig: prints command and sysfs access on stdout for interface + if flag not in ['developer', 'ifconfig']: + return '' + return flag if os.path.isfile(f'/tmp/vyos.{flag}.debug') else '' + + +def debug_msg(message, section=''): + if debug(section): + print(f'DEBUG/{section:<6} {message}') + + +def popen(command, section='', shell=None, input=None, timeout=None, env=None, + universal_newlines=None, stdout=PIPE, stderr=STDOUT, decode=None): + """ popen does not raise, returns the output and error code of command """ + use_shell = shell + if shell is None: + use_shell = True if ' ' in command else False + p = Popen( + command, + stdout=stdout, stderr=stderr, + env=env, shell=use_shell, + universal_newlines=universal_newlines, + ) + tmp = p.communicate(input, timeout)[0].strip() + debug_msg(f"cmd '{command}'", section) + decoded = tmp.decode(decode) if decode else tmp.decode() + if decoded: + debug_msg(f"returned:\n{decoded}", section) + return decoded, p.returncode + + +def run(command, section='', shell=None, input=None, timeout=None, env=None, + universal_newlines=None, stdout=PIPE, stderr=STDOUT, decode=None): + """ does not raise exception on error, returns error code """ + _, code = popen( + command, section, + stdout=stdout, stderr=stderr, + input=input, timeout=timeout, + env=env, shell=shell, + universal_newlines=universal_newlines, + decode=decode, + ) + return code + + +def cmd(command, section='', shell=None, input=None, timeout=None, env=None, + universal_newlines=None, stdout=PIPE, stderr=STDOUT, decode=None, + raising=None, message=''): + """ does raise exception, returns output of command """ + decoded, code = popen( + command, section, + stdout=stdout, stderr=stderr, + input=input, timeout=timeout, + env=env, shell=shell, + universal_newlines=universal_newlines, + decode=decode, + ) + if code != 0: + feedback = message + '\n' if message else '' + feedback += f'failed to run command: {command}\n' + feedback += f'returned: {decoded}\n' + feedback += f'exit code: {code}' + if raising is None: + # error code can be recovered with .errno + raise OSError(code, feedback) + else: + raise raising(feedback) + return decoded -import psutil -import vyos.defaults +def call(command, section='', shell=None, input=None, timeout=None, env=None, + universal_newlines=None, stdout=PIPE, stderr=STDOUT, decode=None): + """ does not raise exception on error, returns error code, print output """ + out, code = popen( + command, section, + stdout=stdout, stderr=stderr, + input=input, timeout=timeout, + env=env, shell=shell, + universal_newlines=universal_newlines, + decode=decode, + ) + print(out) + return code def read_file(path): @@ -32,6 +113,36 @@ def read_file(path): data = f.read().strip() return data + +def chown(path, user, group): + """ change file/directory owner """ + from pwd import getpwnam + from grp import getgrnam + + if os.path.exists(path): + uid = getpwnam(user).pw_uid + gid = getgrnam(group).gr_gid + os.chown(path, uid, gid) + +def chmod_750(path): + """ make file/directory only executable to user and group """ + from stat import S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IXGRP + + if os.path.exists(path): + bitmask = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP + os.chmod(path, bitmask) + + +def chmod_x(path): + """ make file executable """ + from stat import S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IXGRP, S_IROTH, S_IXOTH + + if os.path.exists(path): + bitmask = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP | \ + S_IROTH | S_IXOTH + os.chmod(path, bitmask) + + def colon_separated_to_dict(data_string, uniquekeys=False): """ Converts a string containing newline-separated entries of colon-separated key-value pairs into a dict. @@ -80,11 +191,16 @@ def colon_separated_to_dict(data_string, uniquekeys=False): return data + def process_running(pid_file): """ Checks if a process with PID in pid_file is running """ + from psutil import pid_exists + if not os.path.isfile(pid_file): + return False with open(pid_file, 'r') as f: pid = f.read().strip() - return psutil.pid_exists(int(pid)) + return pid_exists(int(pid)) + def seconds_to_human(s, separator=""): """ Converts number of seconds passed to a human-readable @@ -125,10 +241,15 @@ def seconds_to_human(s, separator=""): return result + def get_cfg_group_id(): - group_data = grp.getgrnam(vyos.defaults.cfg_group) + from grp import getgrnam + from vyos.defaults import cfg_group + + group_data = getgrnam(cfg_group) return group_data.gr_gid + def file_is_persistent(path): if not re.match(r'^(/config|/opt/vyatta/etc/config)', os.path.dirname(path)): warning = "Warning: file {0} is outside the /config directory\n".format(path) @@ -137,6 +258,7 @@ def file_is_persistent(path): else: return (True, None) + def commit_in_progress(): """ Not to be used in normal op mode scripts! """ @@ -154,29 +276,34 @@ def commit_in_progress(): # Since this will be used in scripts that modify the config outside of the CLI # framework, those knowingly have root permissions. # For everything else, we add a safeguard. - id = subprocess.check_output(['/usr/bin/id', '-u']).decode().strip() - if id != '0': + from psutil import process_iter, NoSuchProcess + from vyos.defaults import commit_lock + + idu = cmd('/usr/bin/id -u') + if idu != '0': raise OSError("This functions needs root permissions to return correct results") - for proc in psutil.process_iter(): + for proc in process_iter(): try: files = proc.open_files() if files: for f in files: - if f.path == vyos.defaults.commit_lock: + if f.path == commit_lock: return True - except psutil.NoSuchProcess as err: + except NoSuchProcess as err: # Process died before we could examine it pass # Default case return False + def wait_for_commit_lock(): """ Not to be used in normal op mode scripts! """ - + from time import sleep # Very synchronous approach to multiprocessing while commit_in_progress(): - time.sleep(1) + sleep(1) + def ask_yes_no(question, default=False) -> bool: """Ask a yes/no question via input() and return their answer.""" @@ -196,6 +323,50 @@ def ask_yes_no(question, default=False) -> bool: def is_admin() -> bool: """Look if current user is in sudo group""" - current_user = getpass.getuser() - (_, _, _, admin_group_members) = grp.getgrnam('sudo') + from getpass import getuser + from grp import getgrnam + current_user = getuser() + (_, _, _, admin_group_members) = getgrnam('sudo') return current_user in admin_group_members + + +def mac2eui64(mac, prefix=None): + """ + Convert a MAC address to a EUI64 address or, with prefix provided, a full + IPv6 address. + Thankfully copied from https://gist.github.com/wido/f5e32576bb57b5cc6f934e177a37a0d3 + """ + from ipaddress import ip_network + # http://tools.ietf.org/html/rfc4291#section-2.5.1 + eui64 = re.sub(r'[.:-]', '', mac).lower() + eui64 = eui64[0:6] + 'fffe' + eui64[6:] + eui64 = hex(int(eui64[0:2], 16) ^ 2)[2:].zfill(2) + eui64[2:] + + if prefix is None: + return ':'.join(re.findall(r'.{4}', eui64)) + else: + try: + net = ip_network(prefix, strict=False) + euil = int('0x{0}'.format(eui64), 16) + return str(net[euil]) + except: # pylint: disable=bare-except + return + +def is_bridge_member(interface): + """ + Checks if passed interfaces is part of a bridge device or not. + + Returns a tuple: + False, None -> Not part of a bridge + True, bridge-name -> If it is assigned to a bridge + """ + from vyos.config import Config + c = Config() + base = ['interfaces', 'bridge'] + for bridge in c.list_nodes(base): + members = c.list_nodes(base + [bridge, 'member', 'interface']) + if interface in members: + return (True, bridge) + + return False, None + diff --git a/python/vyos/validate.py b/python/vyos/validate.py index 33c495d91..9d413ffab 100644 --- a/python/vyos/validate.py +++ b/python/vyos/validate.py @@ -13,6 +13,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. +import socket import netifaces import ipaddress @@ -64,51 +65,61 @@ def is_ipv6_link_local(addr): return False +def _are_same_ip(one, two): + # compare the binary representation of the IP + f_one = socket.AF_INET if is_ipv4(one) else socket.AF_INET6 + s_two = socket.AF_INET if is_ipv4(two) else socket.AF_INET6 + return socket.inet_pton(f_one, one) == socket.inet_pton(f_one, two) + def is_intf_addr_assigned(intf, addr): + if '/' in addr: + ip,mask = addr.split('/') + return _is_intf_addr_assigned(intf, ip, mask) + return _is_intf_addr_assigned(intf, addr) + +def _is_intf_addr_assigned(intf, address, netmask=''): """ Verify if the given IPv4/IPv6 address is assigned to specific interface. It can check both a single IP address (e.g. 192.0.2.1 or a assigned CIDR address 192.0.2.1/24. """ - # determine IP version (AF_INET or AF_INET6) depending on passed address - addr_type = netifaces.AF_INET - if is_ipv6(addr): - addr_type = netifaces.AF_INET6 - # check if the requested address type is configured at all + # { + # 17: [{'addr': '08:00:27:d9:5b:04', 'broadcast': 'ff:ff:ff:ff:ff:ff'}], + # 2: [{'addr': '10.0.2.15', 'netmask': '255.255.255.0', 'broadcast': '10.0.2.255'}], + # 10: [{'addr': 'fe80::a00:27ff:fed9:5b04%eth0', 'netmask': 'ffff:ffff:ffff:ffff::'}] + # } try: - netifaces.ifaddresses(intf) + ifaces = netifaces.ifaddresses(intf) except ValueError as e: print(e) return False - if addr_type in netifaces.ifaddresses(intf).keys(): - # Check every IP address on this interface for a match - for ip in netifaces.ifaddresses(intf)[addr_type]: - # Check if it matches to the address requested - # If passed address contains a '/' indicating a normalized IP - # address we have to take this into account, too - if r'/' in addr: - prefixlen = '' - if is_ipv6(addr): - # Note that currently expanded netmasks are not supported. That means - # 2001:db00::0/24 is a valid argument while 2001:db00::0/ffff:ff00:: not. - # see https://docs.python.org/3/library/ipaddress.html - bits = bin( int(ip['netmask'].replace(':',''), 16) ).count('1') - prefixlen = '/' + str(bits) - - else: - prefixlen = '/' + str(ipaddress.IPv4Network('0.0.0.0/' + ip['netmask']).prefixlen) - - # construct temporary variable holding IPv6 address and netmask - # in CIDR notation - tmp = ip['addr'] + prefixlen - if addr == tmp: - return True + # determine IP version (AF_INET or AF_INET6) depending on passed address + addr_type = netifaces.AF_INET if is_ipv4(address) else netifaces.AF_INET6 - elif ip['addr'] == addr: - return True + # Check every IP address on this interface for a match + for ip in ifaces.get(addr_type,[]): + # ip can have the interface name in the 'addr' field, we need to remove it + # {'addr': 'fe80::a00:27ff:fec5:f821%eth2', 'netmask': 'ffff:ffff:ffff:ffff::'} + ip_addr = ip['addr'].split('%')[0] + + if not _are_same_ip(address, ip_addr): + continue + + # we do not have a netmask to compare against, they are the same + if netmask == '': + return True + + prefixlen = '' + if is_ipv4(ip_addr): + prefixlen = sum([bin(int(_)).count('1') for _ in ip['netmask'].split('.')]) + else: + prefixlen = sum([bin(int(_,16)).count('1') for _ in ip['netmask'].split(':') if _]) + + if str(prefixlen) == netmask: + return True return False @@ -168,3 +179,64 @@ def is_subnet_connected(subnet, primary=False): return True return False + + +def assert_boolean(b): + if int(b) not in (0, 1): + raise ValueError(f'Value {b} out of range') + + +def assert_range(value, lower=0, count=3): + if int(value) not in range(lower,lower+count): + raise ValueError("Value out of range") + + +def assert_list(s, l): + if s not in l: + o = ' or '.join([f'"{n}"' for n in l]) + raise ValueError(f'state must be {o}, got {s}') + + +def assert_number(n): + if not str(n).isnumeric(): + raise ValueError(f'{n} must be a number') + + +def assert_positive(n, smaller=0): + assert_number(n) + if int(n) < smaller: + raise ValueError(f'{n} is smaller than {limit}') + + +def assert_mtu(mtu, min=68, max=9000): + assert_number(mtu) + if int(mtu) < min or int(mtu) > max: + raise ValueError(f'Invalid MTU size: "{mtu}"') + + +def assert_mac(m): + split = m.split(':') + size = len(split) + + # a mac address consits out of 6 octets + if size != 6: + raise ValueError(f'wrong number of MAC octets ({size}): {m}') + + octets = [] + try: + for octet in split: + octets.append(int(octet, 16)) + except ValueError: + raise ValueError(f'invalid hex number "{octet}" in : {m}') + + # validate against the first mac address byte if it's a multicast + # address + if octets[0] & 1: + raise ValueError(f'{m} is a multicast MAC address') + + # overall mac address is not allowed to be 00:00:00:00:00:00 + if sum(octets) == 0: + raise ValueError('00:00:00:00:00:00 is not a valid MAC address') + + if octets[:5] == (0, 0, 94, 0, 1): + raise ValueError(f'{m} is a VRRP MAC address') diff --git a/python/vyos/version.py b/python/vyos/version.py index 383efbc1e..d51a940d6 100644 --- a/python/vyos/version.py +++ b/python/vyos/version.py @@ -44,7 +44,7 @@ def get_version_data(file=version_file): file (str): path to the version file Returns: - dict: version data + dict: version data, if it can not be found and empty dict The optional ``file`` argument comes in handy in upgrade scripts that need to retrieve information from images other than the running image. @@ -52,17 +52,20 @@ def get_version_data(file=version_file): is an implementation detail and may change in the future, while the interface of this module will stay the same. """ - with open(file, 'r') as f: - version_data = json.load(f) - return version_data + try: + with open(file, 'r') as f: + version_data = json.load(f) + return version_data + except FileNotFoundError: + return {} def get_version(file=None): """ - Get the version number + Get the version number, or an empty string if it could not be determined """ version_data = None if file: version_data = get_version_data(file=file) else: version_data = get_version_data() - return version_data["version"] + return version_data.get('version','') |