1 files changed, 54 insertions, 9 deletions

diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py
index a3213f309..79247ee51 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces-bridge.py
@@ -20,7 +20,8 @@ from copy import deepcopy
 from sys import exit
 from netifaces import interfaces
 
-from vyos.ifconfig import BridgeIf, STPIf
+from vyos.ifconfig import BridgeIf
+from vyos.ifconfig.stp import STP
 from vyos.configdict import list_diff
 from vyos.config import Config
 from vyos import ConfigError
@@ -45,6 +46,10 @@ default_config_data = {
     'ip_enable_arp_accept': 0,
     'ip_enable_arp_announce': 0,
     'ip_enable_arp_ignore': 0,
+    'ipv6_autoconf': 0,
+    'ipv6_eui64_prefix': '',
+    'ipv6_forwarding': 1,
+    'ipv6_dup_addr_detect': 1,
     'igmp_querier': 0,
     'intf': '',
     'mac' : '',
@@ -52,7 +57,8 @@ default_config_data = {
     'member': [],
     'member_remove': [],
     'priority': 32768,
-    'stp': 0
+    'stp': 0,
+    'vrf': ''
 }
 
 def get_config():
@@ -60,10 +66,10 @@ def get_config():
     conf = Config()
 
     # determine tagNode instance
-    try:
-        bridge['intf'] = os.environ['VYOS_TAGNODE_VALUE']
-    except KeyError as E:
-        print("Interface not specified")
+    if 'VYOS_TAGNODE_VALUE' not in os.environ:
+        raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
+
+    bridge['intf'] = os.environ['VYOS_TAGNODE_VALUE']
 
     # Check if bridge has been removed
     if not conf.exists('interfaces bridge ' + bridge['intf']):
@@ -150,6 +156,22 @@ def get_config():
     if conf.exists('ip enable-arp-ignore'):
         bridge['ip_enable_arp_ignore'] = 1
 
+    # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC)
+    if conf.exists('ipv6 address autoconf'):
+        bridge['ipv6_autoconf'] = 1
+
+    # Get prefix for IPv6 addressing based on MAC address (EUI-64)
+    if conf.exists('ipv6 address eui64'):
+        bridge['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64')
+
+    # Disable IPv6 forwarding on this interface
+    if conf.exists('ipv6 disable-forwarding'):
+        bridge['ipv6_forwarding'] = 0
+
+    # IPv6 Duplicate Address Detection (DAD) tries
+    if conf.exists('ipv6 dup-addr-detect-transmits'):
+        bridge['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits'))
+
     # Media Access Control (MAC) address
     if conf.exists('mac'):
         bridge['mac'] = conf.return_value('mac')
@@ -191,12 +213,20 @@ def get_config():
     if conf.exists('stp'):
         bridge['stp'] = 1
 
+    # retrieve VRF instance
+    if conf.exists('vrf'):
+        bridge['vrf'] = conf.return_value('vrf')
+
     return bridge
 
 def verify(bridge):
     if bridge['dhcpv6_prm_only'] and bridge['dhcpv6_temporary']:
         raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!')
 
+    vrf_name = bridge['vrf']
+    if vrf_name and vrf_name not in interfaces():
+        raise ConfigError(f'VRF "{vrf_name}" does not exist')
+
     conf = Config()
     for br in conf.list_nodes('interfaces bridge'):
         # it makes no sense to verify ourself in this case
@@ -213,6 +243,9 @@ def verify(bridge):
         if intf['name'] not in interfaces():
             raise ConfigError('Can not add non existing interface "{}" to bridge "{}"'.format(intf['name'], bridge['intf']))
 
+        if intf['name'] == 'lo':
+            raise ConfigError('Loopback interface "lo" can not be added to a bridge')
+
     # bridge members are not allowed to be bond members, too
     for intf in bridge['member']:
         for bond in conf.list_nodes('interfaces bonding'):
@@ -233,7 +266,7 @@ def apply(bridge):
         br.remove()
     else:
         # enable interface
-        br.set_state('up')
+        br.set_admin_state('up')
         # set ageing time
         br.set_ageing_time(bridge['aging'])
         # set bridge forward delay
@@ -248,6 +281,14 @@ def apply(bridge):
         br.set_arp_announce(bridge['ip_enable_arp_announce'])
         # configure ARP ignore
         br.set_arp_ignore(bridge['ip_enable_arp_ignore'])
+        # IPv6 address autoconfiguration
+        br.set_ipv6_autoconf(bridge['ipv6_autoconf'])
+        # IPv6 EUI-based address
+        br.set_ipv6_eui64_address(bridge['ipv6_eui64_prefix'])
+        # IPv6 forwarding
+        br.set_ipv6_forwarding(bridge['ipv6_forwarding'])
+        # IPv6 Duplicate Address Detection (DAD) tries
+        br.set_ipv6_dad_messages(bridge['ipv6_dup_addr_detect'])
         # set max message age
         br.set_max_age(bridge['max_age'])
         # set bridge priority
@@ -286,6 +327,9 @@ def apply(bridge):
         # store DHCPv6 config dictionary - used later on when addresses are aquired
         br.set_dhcpv6_options(opt)
 
+        # assign/remove VRF
+        br.set_vrf(bridge['vrf'])
+
         # Change interface MAC address
         if bridge['mac']:
             br.set_mac(bridge['mac'])
@@ -300,7 +344,7 @@ def apply(bridge):
 
         # up/down interface
         if bridge['disable']:
-            br.set_state('down')
+            br.set_admin_state('down')
 
         # Configure interface address(es)
         # - not longer required addresses get removed first
@@ -310,9 +354,10 @@ def apply(bridge):
         for addr in bridge['address']:
             br.add_addr(addr)
 
+        STPBridgeIf = STP.enable(BridgeIf)
         # configure additional bridge member options
         for member in bridge['member']:
-            i = STPIf(member['name'])
+            i = STPBridgeIf(member['name'])
             # configure ARP cache timeout
             i.set_arp_cache_tmo(bridge['arp_cache_tmo'])
             # ignore link state changes