1 files changed, 41 insertions, 12 deletions

diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index d238ddb57..84fe3dfc8 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019 VyOS maintainers and contributors
+# Copyright (C) 2019-2020 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -22,7 +22,7 @@ from netifaces import interfaces
 
 from vyos.config import Config
 from vyos.ifconfig import VXLANIf, Interface
-from vyos.validate import is_bridge_member
+from vyos.validate import is_member
 from vyos import ConfigError
 
 default_config_data = {
@@ -38,8 +38,9 @@ default_config_data = {
     'ip_enable_arp_announce': 0,
     'ip_enable_arp_ignore': 0,
     'ip_proxy_arp': 0,
+    'ipv6_accept_ra': 1,
     'ipv6_autoconf': 0,
-    'ipv6_eui64_prefix': '',
+    'ipv6_eui64_prefix': [],
     'ipv6_forwarding': 1,
     'ipv6_dup_addr_detect': 1,
     'is_bridge_member': False,
@@ -62,11 +63,12 @@ def get_config():
 
     vxlan['intf'] = os.environ['VYOS_TAGNODE_VALUE']
 
+    # check if interface is member if a bridge
+    vxlan['is_bridge_member'] = is_member(conf, vxlan['intf'], 'bridge')
+
     # Check if interface has been removed
     if not conf.exists('interfaces vxlan ' + vxlan['intf']):
         vxlan['deleted'] = True
-        # check if interface is member if a bridge
-        vxlan['is_bridge_member'] = is_bridge_member(conf, vxlan['intf'])
         return vxlan
 
     # set new configuration level
@@ -116,9 +118,15 @@ def get_config():
     if conf.exists('ipv6 address autoconf'):
         vxlan['ipv6_autoconf'] = 1
 
-    # Get prefix for IPv6 addressing based on MAC address (EUI-64)
+    # Get prefixes for IPv6 addressing based on MAC address (EUI-64)
     if conf.exists('ipv6 address eui64'):
-        vxlan['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64')
+        vxlan['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64')
+
+    # Remove the default link-local address if set.
+    if not ( conf.exists('ipv6 address no-default-link-local')
+            or vxlan['is_bridge_member'] ):
+        # add the link-local by default to make IPv6 work
+        vxlan['ipv6_eui64_prefix'].append('fe80::/64')
 
     # Disable IPv6 forwarding on this interface
     if conf.exists('ipv6 disable-forwarding'):
@@ -128,6 +136,11 @@ def get_config():
     if conf.exists('ipv6 dup-addr-detect-transmits'):
         vxlan['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits'))
 
+    # to make IPv6 SLAAC and DHCPv6 work with forwarding=1,
+    # accept_ra must be 2
+    if vxlan['ipv6_autoconf'] or 'dhcpv6' in vxlan['address']:
+        vxlan['ipv6_accept_ra'] = 2
+
     # VXLAN source address
     if conf.exists('source-address'):
         vxlan['source_address'] = conf.return_value('source-address')
@@ -158,9 +171,9 @@ def get_config():
 def verify(vxlan):
     if vxlan['deleted']:
         if vxlan['is_bridge_member']:
-            interface = vxlan['intf']
-            bridge = vxlan['is_bridge_member']
-            raise ConfigError(f'Interface "{interface}" can not be deleted as it belongs to bridge "{bridge}"!')
+            raise ConfigError((
+                f'Cannot delete interface "{vxlan["intf"]}" as it is a '
+                f'member of bridge "{vxlan["is_bridge_member"]}"!'))
 
         return None
 
@@ -188,6 +201,14 @@ def verify(vxlan):
             raise ConfigError('VXLAN has a 50 byte overhead, underlaying device ' \
                               'MTU is to small ({})'.format(underlay_mtu))
 
+    if ( vxlan['is_bridge_member']
+            and ( vxlan['address']
+                or vxlan['ipv6_eui64_prefix']
+                or vxlan['ipv6_autoconf'] ) ):
+        raise ConfigError((
+            f'Cannot assign address to interface "{vxlan["intf"]}" '
+            f'as it is a member of bridge "{vxlan["is_bridge_member"]}"!'))
+
     return None
 
 
@@ -236,10 +257,10 @@ def apply(vxlan):
         v.set_arp_ignore(vxlan['ip_enable_arp_ignore'])
         # Enable proxy-arp on this interface
         v.set_proxy_arp(vxlan['ip_proxy_arp'])
+        # IPv6 accept RA
+        v.set_ipv6_accept_ra(vxlan['ipv6_accept_ra'])
         # IPv6 address autoconfiguration
         v.set_ipv6_autoconf(vxlan['ipv6_autoconf'])
-        # IPv6 EUI-based address
-        v.set_ipv6_eui64_address(vxlan['ipv6_eui64_prefix'])
         # IPv6 forwarding
         v.set_ipv6_forwarding(vxlan['ipv6_forwarding'])
         # IPv6 Duplicate Address Detection (DAD) tries
@@ -251,12 +272,20 @@ def apply(vxlan):
         for addr in vxlan['address']:
             v.add_addr(addr)
 
+        # IPv6 EUI-based addresses
+        for addr in vxlan['ipv6_eui64_prefix']:
+            v.add_ipv6_eui64_address(addr)
+
         # As the VXLAN interface is always disabled first when changing
         # parameters we will only re-enable the interface if it is not
         # administratively disabled
         if not vxlan['disable']:
             v.set_admin_state('up')
 
+        # re-add ourselves to any bridge we might have fallen out of
+        if vxlan['is_bridge_member']:
+            v.add_to_bridge(vxlan['is_bridge_member'])
+
     return None