5 files changed, 59 insertions, 191 deletions

diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 718b7445d..99c472582 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -337,18 +337,16 @@ def verify_accel_ppp_base_service(config):
 def verify_diffie_hellman_length(file, min_keysize):
     """ Verify Diffie-Hellamn keypair length given via file. It must be greater
     then or equal to min_keysize """
+    import os
+    import re
+    from vyos.util import cmd
 
     try:
         keysize = str(min_keysize)
     except:
         return False
 
-    import os
-    import re
-    from vyos.util import cmd
-
     if os.path.exists(file):
-
         out = cmd(f'openssl dhparam -inform PEM -in {file} -text')
         prog = re.compile('\d+\s+bit')
         if prog.search(out):
@@ -358,26 +356,55 @@ def verify_diffie_hellman_length(file, min_keysize):
 
     return False
 
-def verify_route_maps(config):
+def verify_common_route_maps(config):
     """
     Common helper function used by routing protocol implementations to perform
     recurring validation if the specified route-map for either zebra to kernel
     installation exists (this is the top-level route_map key) or when a route
     is redistributed with a route-map that it exists!
     """
-    if 'route_map' in config:
-        route_map = config['route_map']
+    # XXX: This function is called in combination with a previous call to:
+    # tmp = conf.get_config_dict(['policy']) - see protocols_ospf.py as example.
+    # We should NOT call this with the key_mangling option as this would rename
+    # route-map hypens '-' to underscores '_' and one could no longer distinguish
+    # what should have been the "proper" route-map name, as foo-bar and foo_bar
+    # are two entire different route-map instances!
+    for route_map in ['route-map', 'route_map']:
+        if route_map not in config:
+            continue
+        tmp = config[route_map]
         # Check if the specified route-map exists, if not error out
-        if dict_search(f'policy.route_map.{route_map}', config) == None:
-            raise ConfigError(f'Specified route-map "{route_map}" does not exist!')
+        if dict_search(f'policy.route-map.{tmp}', config) == None:
+            raise ConfigError(f'Specified route-map "{tmp}" does not exist!')
 
     if 'redistribute' in config:
         for protocol, protocol_config in config['redistribute'].items():
             if 'route_map' in protocol_config:
-                # A hyphen in a route-map name will be converted to _, take care
-                # about this effect during validation
-                route_map = protocol_config['route_map'].replace('-','_')
-                # Check if the specified route-map exists, if not error out
-                if dict_search(f'policy.route_map.{route_map}', config) == None:
-                    raise ConfigError(f'Redistribution route-map "{route_map}" ' \
-                                      f'for "{protocol}" does not exist!')
+                verify_route_map(protocol_config['route_map'], config)
+
+def verify_route_map(route_map_name, config):
+    """
+    Common helper function used by routing protocol implementations to perform
+    recurring validation if a specified route-map exists!
+    """
+    # Check if the specified route-map exists, if not error out
+    if dict_search(f'policy.route-map.{route_map_name}', config) == None:
+        raise ConfigError(f'Specified route-map "{route_map_name}" does not exist!')
+
+def verify_prefix_list(prefix_list, config, version=''):
+    """
+    Common helper function used by routing protocol implementations to perform
+    recurring validation if a specified prefix-list exists!
+    """
+    # Check if the specified prefix-list exists, if not error out
+    if dict_search(f'policy.prefix-list{version}.{prefix_list}', config) == None:
+        raise ConfigError(f'Specified prefix-list{version} "{prefix_list}" does not exist!')
+
+def verify_access_list(access_list, config, version=''):
+    """
+    Common helper function used by routing protocol implementations to perform
+    recurring validation if a specified prefix-list exists!
+    """
+    # Check if the specified ACL exists, if not error out
+    if dict_search(f'policy.access-list{version}.{access_list}', config) == None:
+        raise ConfigError(f'Specified access-list{version} "{access_list}" does not exist!')
diff --git a/python/vyos/ifconfig/__init__.py b/python/vyos/ifconfig/__init__.py
index f5dfa8e05..e9da1e9f5 100644
--- a/python/vyos/ifconfig/__init__.py
+++ b/python/vyos/ifconfig/__init__.py
@@ -32,8 +32,6 @@ from vyos.ifconfig.vtun import VTunIf
 from vyos.ifconfig.vti import VTIIf
 from vyos.ifconfig.pppoe import PPPoEIf
 from vyos.ifconfig.tunnel import TunnelIf
-from vyos.ifconfig.erspan import ERSpanIf
-from vyos.ifconfig.erspan import ER6SpanIf
 from vyos.ifconfig.wireless import WiFiIf
 from vyos.ifconfig.l2tpv3 import L2TPv3If
 from vyos.ifconfig.macsec import MACsecIf
diff --git a/python/vyos/ifconfig/erspan.py b/python/vyos/ifconfig/erspan.py
deleted file mode 100755
index 03b2acdbf..000000000
--- a/python/vyos/ifconfig/erspan.py
+++ /dev/null
@@ -1,170 +0,0 @@
-# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io>
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library.  If not, see <http://www.gnu.org/licenses/>.
-
-# https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels/#erspan
-# http://vger.kernel.org/lpc_net2018_talks/erspan-linux-presentation.pdf
-
-from copy import deepcopy
-
-from netaddr import EUI
-from netaddr import mac_unix_expanded
-from random import getrandbits
-
-from vyos.util import dict_search
-from vyos.ifconfig.interface import Interface
-from vyos.validate import assert_list
-
-@Interface.register
-class _ERSpan(Interface):
-    """
-    _ERSpan: private base class for ERSPAN tunnels
-    """
-    iftype = 'erspan'
-    definition = {
-        **Interface.definition,
-        **{
-            'section': 'erspan',
-            'prefixes': ['ersp',],
-        },
-    }
-
-    def __init__(self,ifname,**config):
-        self.config = deepcopy(config) if config else {}
-        super().__init__(ifname, **self.config)
-
-    def change_options(self):
-        pass
-
-    def _create(self):
-        pass
-
-class ERSpanIf(_ERSpan):
-    """
-    ERSpanIf: private base class for ERSPAN Over GRE and IPv4 tunnels
-    """
-
-    def _create(self):
-        ifname = self.config['ifname']
-        source_address = self.config['source_address']
-        remote = self.config['remote']
-        key = self.config['parameters']['ip']['key']
-        version = self.config['parameters']['version']
-        command = f'ip link add dev {ifname} type erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}'
-
-        if int(version) == 1:
-            idx=dict_search('parameters.erspan.idx',self.config)
-            if idx:
-                command += f' erspan {idx}'
-        elif int(version) == 2:
-            direction=dict_search('parameters.erspan.direction',self.config)
-            if direction:
-                command += f' erspan_dir {direction}'
-            hwid=dict_search('parameters.erspan.hwid',self.config)
-            if hwid:
-                command += f' erspan_hwid {hwid}'
-
-        ttl = dict_search('parameters.ip.ttl',self.config)
-        if ttl:
-            command += f' ttl {ttl}'
-        tos = dict_search('parameters.ip.tos',self.config)
-        if tos:
-            command += f' tos {tos}'
-
-        self._cmd(command)
-
-    def change_options(self):
-        ifname = self.config['ifname']
-        source_address = self.config['source_address']
-        remote = self.config['remote']
-        key = self.config['parameters']['ip']['key']
-        version = self.config['parameters']['version']
-        command = f'ip link set dev {ifname} type erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}'
-
-        if int(version) == 1:
-            idx=dict_search('parameters.erspan.idx',self.config)
-            if idx:
-                command += f' erspan {idx}'
-        elif int(version) == 2:
-            direction=dict_search('parameters.erspan.direction',self.config)
-            if direction:
-                command += f' erspan_dir {direction}'
-            hwid=dict_search('parameters.erspan.hwid',self.config)
-            if hwid:
-                command += f' erspan_hwid {hwid}'
-
-        ttl = dict_search('parameters.ip.ttl',self.config)
-        if ttl:
-            command += f' ttl {ttl}'
-        tos = dict_search('parameters.ip.tos',self.config)
-        if tos:
-            command += f' tos {tos}'
-
-        self._cmd(command)
-
-class ER6SpanIf(_ERSpan):
-    """
-    ER6SpanIf: private base class for ERSPAN Over GRE and IPv6 tunnels
-    """
-
-    def _create(self):
-        ifname = self.config['ifname']
-        source_address = self.config['source_address']
-        remote = self.config['remote']
-        key = self.config['parameters']['ip']['key']
-        version = self.config['parameters']['version']
-        command = f'ip link add dev {ifname} type ip6erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}'
-
-        if int(version) == 1:
-            idx=dict_search('parameters.erspan.idx',self.config)
-            if idx:
-                command += f' erspan {idx}'
-        elif int(version) == 2:
-            direction=dict_search('parameters.erspan.direction',self.config)
-            if direction:
-                command += f' erspan_dir {direction}'
-            hwid=dict_search('parameters.erspan.hwid',self.config)
-            if hwid:
-                command += f' erspan_hwid {hwid}'
-
-        ttl = dict_search('parameters.ip.ttl',self.config)
-        if ttl:
-            command += f' ttl {ttl}'
-        tos = dict_search('parameters.ip.tos',self.config)
-        if tos:
-            command += f' tos {tos}'
-
-        self._cmd(command)
-
-    def change_options(self):
-        ifname = self.config['ifname']
-        source_address = self.config['source_address']
-        remote = self.config['remote']
-        key = self.config['parameters']['ip']['key']
-        version = self.config['parameters']['version']
-        command = f'ip link set dev {ifname} type ip6erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}'
-
-        if int(version) == 1:
-            idx=dict_search('parameters.erspan.idx',self.config)
-            if idx:
-                command += f' erspan {idx}'
-        elif int(version) == 2:
-            direction=dict_search('parameters.erspan.direction',self.config)
-            if direction:
-                command += f' erspan_dir {direction}'
-            hwid=dict_search('parameters.erspan.hwid',self.config)
-            if hwid:
-                command += f' erspan_hwid {hwid}'
-
-        self._cmd(command)
diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py
index e5e1300b2..08854a3b0 100644
--- a/python/vyos/ifconfig/tunnel.py
+++ b/python/vyos/ifconfig/tunnel.py
@@ -63,6 +63,10 @@ class TunnelIf(Interface):
         'parameters.ip.no_pmtu_discovery' : 'nopmtudisc',
         'parameters.ip.tos'               : 'tos',
         'parameters.ip.ttl'               : 'ttl',
+        'parameters.erspan.direction'     : 'erspan_dir',
+        'parameters.erspan.hw_id'         : 'erspan_hwid',
+        'parameters.erspan.index'         : 'erspan',
+        'parameters.erspan.version'       : 'erspan_ver',
     }
     mapping_ipv6 = {
         'parameters.ipv6.encaplimit'      : 'encaplimit',
@@ -113,8 +117,12 @@ class TunnelIf(Interface):
             mapping = { **self.mapping, **self.mapping_ipv4 }
 
         cmd = 'ip tunnel add {ifname} mode {encapsulation}'
-        if self.iftype in ['gretap', 'ip6gretap']:
+        if self.iftype in ['gretap', 'ip6gretap', 'erspan', 'ip6erspan']:
             cmd = 'ip link add name {ifname} type {encapsulation}'
+            # ERSPAN requires the serialisation of packets
+            if self.iftype in ['erspan', 'ip6erspan']:
+                cmd += ' seq'
+
         for vyos_key, iproute2_key in mapping.items():
             # dict_search will return an empty dict "{}" for valueless nodes like
             # "parameters.nolearning" - thus we need to test the nodes existence
@@ -131,7 +139,7 @@ class TunnelIf(Interface):
 
     def _change_options(self):
         # gretap interfaces do not support changing any parameter
-        if self.iftype in ['gretap', 'ip6gretap']:
+        if self.iftype in ['gretap', 'ip6gretap', 'erspan', 'ip6erspan']:
             return
 
         if self.config['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre']:
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 85e4d12b3..7810f5edd 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -207,6 +207,11 @@ def network_from_ipv4(address):
     cidr_prefix = ip_interface(f'{address}/{netmask}').network
     return address_from_cidr(cidr_prefix)
 
+@register_filter('is_interface')
+def is_interface(interface):
+    """ Check if parameter is a valid local interface name """
+    return os.path.exists(f'/sys/class/net/{interface}')
+
 @register_filter('is_ip')
 def is_ip(addr):
     """ Check addr if it is an IPv4 or IPv6 address """