diff options
Diffstat (limited to 'src/conf_mode/interfaces-wireless.py')
| -rwxr-xr-x | src/conf_mode/interfaces-wireless.py | 212 |
1 files changed, 57 insertions, 155 deletions
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 42842f9bd..f13408fa2 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -24,17 +24,16 @@ from netifaces import interfaces from netaddr import EUI, mac_unix_expanded from vyos.config import Config -from vyos.configdict import list_diff, vlan_to_dict -from vyos.ifconfig import WiFiIf -from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config +from vyos.configdict import list_diff, intf_to_dict, add_to_dict, interface_default_data +from vyos.ifconfig import WiFiIf, Section +from vyos.ifconfig_vlan import apply_all_vlans, verify_vlan_config from vyos.template import render from vyos.util import chown, call -from vyos.validate import is_bridge_member +from vyos.validate import is_member from vyos import ConfigError default_config_data = { - 'address': [], - 'address_remove': [], + **interface_default_data, 'cap_ht' : False, 'cap_ht_40mhz_incapable' : False, 'cap_ht_powersave' : False, @@ -69,30 +68,13 @@ default_config_data = { 'cap_vht_vht_cf' : False, 'channel': '', 'country_code': '', - 'description': '', 'deleted': False, - 'dhcp_client_id': '', - 'dhcp_hostname': '', - 'dhcp_vendor_class_id': '', - 'dhcpv6_prm_only': False, - 'dhcpv6_temporary': False, - 'disable': False, 'disable_broadcast_ssid' : False, 'disable_link_detect' : 1, 'expunge_failing_stations' : False, 'hw_id' : '', 'intf': '', 'isolate_stations' : False, - 'ip_disable_arp_filter': 1, - 'ip_enable_arp_accept': 0, - 'ip_enable_arp_announce': 0, - 'ip_enable_arp_ignore': 0, - 'ipv6_autoconf': 0, - 'ipv6_eui64_prefix': '', - 'ipv6_forwarding': 1, - 'ipv6_dup_addr_detect': 1, - 'is_bridge_member': False, - 'mac' : '', 'max_stations' : '', 'mgmt_frame_protection' : 'disabled', 'mode' : 'g', @@ -107,9 +89,10 @@ default_config_data = { 'sec_wpa_radius' : [], 'ssid' : '', 'op_mode' : 'monitor', - 'vif': [], + 'vif': {}, 'vif_remove': [], - 'vrf': '' + 'vif_s': {}, + 'vif_s_remove': [] } def get_conf_file(conf_type, intf): @@ -124,21 +107,21 @@ def get_conf_file(conf_type, intf): return cfg_file def get_config(): - wifi = deepcopy(default_config_data) - conf = Config() - # determine tagNode instance if 'VYOS_TAGNODE_VALUE' not in os.environ: raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') - wifi['intf'] = os.environ['VYOS_TAGNODE_VALUE'] + ifname = os.environ['VYOS_TAGNODE_VALUE'] + conf = Config() # check if wireless interface has been removed - cfg_base = 'interfaces wireless ' + wifi['intf'] + cfg_base = ['interfaces', 'wireless ', ifname] if not conf.exists(cfg_base): + wifi = deepcopy(default_config_data) + wifi['intf'] = ifname wifi['deleted'] = True - # check if interface is member if a bridge - wifi['is_bridge_member'] = is_bridge_member(conf, wifi['intf']) + # we need to know if we're a bridge member so we can refuse deletion + wifi['is_bridge_member'] = is_member(conf, wifi['intf'], 'bridge') # we can not bail out early as wireless interface can not be removed # Kernel will complain with: RTNETLINK answers: Operation not supported. # Thus we need to remove individual settings @@ -147,14 +130,8 @@ def get_config(): # set new configuration level conf.set_level(cfg_base) - # retrieve configured interface addresses - if conf.exists('address'): - wifi['address'] = conf.return_values('address') - - # get interface addresses (currently effective) - to determine which - # address is no longer valid and needs to be removed - eff_addr = conf.return_effective_values('address') - wifi['address_remove'] = list_diff(eff_addr, wifi['address']) + # get common interface settings + wifi, disabled = intf_to_dict(conf, default_config_data) # 40MHz intolerance, use 20MHz only if conf.exists('capabilities ht 40mhz-incapable'): @@ -308,38 +285,10 @@ def get_config(): if conf.exists('channel'): wifi['channel'] = conf.return_value('channel') - # retrieve interface description - if conf.exists('description'): - wifi['description'] = conf.return_value('description') - - # get DHCP client identifier - if conf.exists('dhcp-options client-id'): - wifi['dhcp_client_id'] = conf.return_value('dhcp-options client-id') - - # DHCP client host name (overrides the system host name) - if conf.exists('dhcp-options host-name'): - wifi['dhcp_hostname'] = conf.return_value('dhcp-options host-name') - - # DHCP client vendor identifier - if conf.exists('dhcp-options vendor-class-id'): - wifi['dhcp_vendor_class_id'] = conf.return_value('dhcp-options vendor-class-id') - - # DHCPv6 only acquire config parameters, no address - if conf.exists('dhcpv6-options parameters-only'): - wifi['dhcpv6_prm_only'] = conf.return_value('dhcpv6-options parameters-only') - - # DHCPv6 temporary IPv6 address - if conf.exists('dhcpv6-options temporary'): - wifi['dhcpv6_temporary'] = conf.return_value('dhcpv6-options temporary') - # Disable broadcast of SSID from access-point if conf.exists('disable-broadcast-ssid'): wifi['disable_broadcast_ssid'] = True - # ignore link state changes on this interface - if conf.exists('disable-link-detect'): - wifi['disable_link_detect'] = 2 - # Disassociate stations based on excessive transmission failures if conf.exists('expunge-failing-stations'): wifi['expunge_failing_stations'] = True @@ -352,46 +301,10 @@ def get_config(): if conf.exists('isolate-stations'): wifi['isolate_stations'] = True - # ARP filter configuration - if conf.exists('ip disable-arp-filter'): - wifi['ip_disable_arp_filter'] = 0 - - # ARP enable accept - if conf.exists('ip enable-arp-accept'): - wifi['ip_enable_arp_accept'] = 1 - - # ARP enable announce - if conf.exists('ip enable-arp-announce'): - wifi['ip_enable_arp_announce'] = 1 - - # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) - if conf.exists('ipv6 address autoconf'): - wifi['ipv6_autoconf'] = 1 - - # Get prefix for IPv6 addressing based on MAC address (EUI-64) - if conf.exists('ipv6 address eui64'): - wifi['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') - - # ARP enable ignore - if conf.exists('ip enable-arp-ignore'): - wifi['ip_enable_arp_ignore'] = 1 - - # Disable IPv6 forwarding on this interface - if conf.exists('ipv6 disable-forwarding'): - wifi['ipv6_forwarding'] = 0 - - # IPv6 Duplicate Address Detection (DAD) tries - if conf.exists('ipv6 dup-addr-detect-transmits'): - wifi['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) - # Wireless physical device if conf.exists('physical-device'): wifi['phy'] = conf.return_value('physical-device') - # Media Access Control (MAC) address - if conf.exists('mac'): - wifi['mac'] = conf.return_value('mac') - # Maximum number of wireless radio stations if conf.exists('max-stations'): wifi['max_stations'] = conf.return_value('max-stations') @@ -404,10 +317,6 @@ def get_config(): if conf.exists('mode'): wifi['mode'] = conf.return_value('mode') - # retrieve VRF instance - if conf.exists('vrf'): - wifi['vrf'] = conf.return_value('vrf') - # Transmission power reduction in dBm if conf.exists('reduce-transmit-power'): wifi['reduce_transmit_power'] = conf.return_value('reduce-transmit-power') @@ -503,24 +412,6 @@ def get_config(): wifi['op_mode'] = tmp - # re-set configuration level to parse new nodes - conf.set_level(cfg_base) - # Determine vif interfaces (currently effective) - to determine which - # vif interface is no longer present and needs to be removed - eff_intf = conf.list_effective_nodes('vif') - act_intf = conf.list_nodes('vif') - wifi['vif_remove'] = list_diff(eff_intf, act_intf) - - if conf.exists('vif'): - for vif in conf.list_nodes('vif'): - # set config level to vif interface - conf.set_level(cfg_base + ' vif ' + vif) - wifi['vif'].append(vlan_to_dict(conf)) - - # disable interface - if conf.exists('disable'): - wifi['disable'] = True - # retrieve configured regulatory domain conf.set_level('system') if conf.exists('wifi-regulatory-domain'): @@ -532,9 +423,9 @@ def get_config(): def verify(wifi): if wifi['deleted']: if wifi['is_bridge_member']: - interface = wifi['intf'] - bridge = wifi['is_bridge_member'] - raise ConfigError(f'Interface "{interface}" can not be deleted as it belongs to bridge "{bridge}"!') + raise ConfigError(( + f'Cannot delete interface "{wifi["intf"]}" as it is a ' + f'member of bridge "{wifi["is_bridge_member"]}"!')) return None @@ -579,9 +470,23 @@ def verify(wifi): if not radius['key']: raise ConfigError('Misssing RADIUS shared secret key for server: {}'.format(radius['server'])) - vrf_name = wifi['vrf'] - if vrf_name and vrf_name not in interfaces(): - raise ConfigError(f'VRF "{vrf_name}" does not exist') + if ( wifi['is_bridge_member'] + and ( wifi['address'] + or wifi['ipv6_eui64_prefix'] + or wifi['ipv6_autoconf'] ) ): + raise ConfigError(( + f'Cannot assign address to interface "{wifi["intf"]}" ' + f'as it is a member of bridge "{wifi["is_bridge_member"]}"!')) + + if wifi['vrf']: + if wifi['vrf'] not in interfaces(): + raise ConfigError(f'VRF "{wifi["vrf"]}" does not exist') + + if wifi['is_bridge_member']: + raise ConfigError(( + f'Interface "{wifi["intf"]}" cannot be member of VRF ' + f'"{wifi["vrf"]}" and bridge {wifi["is_bridge_member"]} ' + f'at the same time!')) # use common function to verify VLAN configuration verify_vlan_config(wifi) @@ -672,8 +577,10 @@ def apply(wifi): # Finally create the new interface w = WiFiIf(interface, **conf) - # assign/remove VRF - w.set_vrf(wifi['vrf']) + # assign/remove VRF (ONLY when not a member of a bridge, + # otherwise 'nomaster' removes it from it) + if not wifi['is_bridge_member']: + w.set_vrf(wifi['vrf']) # update interface description used e.g. within SNMP w.set_alias(wifi['description']) @@ -693,9 +600,16 @@ def apply(wifi): if wifi['dhcpv6_temporary']: w.dhcp.v6.options['dhcpv6_temporary'] = True + if wifi['dhcpv6_pd']: + w.dhcp.v6.options['dhcpv6_pd'] = wifi['dhcpv6_pd'] + # ignore link state changes w.set_link_detect(wifi['disable_link_detect']) + # Delete old IPv6 EUI64 addresses before changing MAC + for addr in wifi['ipv6_eui64_prefix_remove']: + w.del_ipv6_eui64_address(addr) + # Change interface MAC address - re-set to real hardware address (hw-id) # if custom mac is removed if wifi['mac']: @@ -703,6 +617,10 @@ def apply(wifi): elif wifi['hw_id']: w.set_mac(wifi['hw_id']) + # Add IPv6 EUI-based addresses + for addr in wifi['ipv6_eui64_prefix']: + w.add_ipv6_eui64_address(addr) + # configure ARP filter configuration w.set_arp_filter(wifi['ip_disable_arp_filter']) # configure ARP accept @@ -711,10 +629,10 @@ def apply(wifi): w.set_arp_announce(wifi['ip_enable_arp_announce']) # configure ARP ignore w.set_arp_ignore(wifi['ip_enable_arp_ignore']) + # IPv6 accept RA + w.set_ipv6_accept_ra(wifi['ipv6_accept_ra']) # IPv6 address autoconfiguration w.set_ipv6_autoconf(wifi['ipv6_autoconf']) - # IPv6 EUI-based address - w.set_ipv6_eui64_address(wifi['ipv6_eui64_prefix']) # IPv6 forwarding w.set_ipv6_forwarding(wifi['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries @@ -728,24 +646,8 @@ def apply(wifi): for addr in wifi['address']: w.add_addr(addr) - # remove no longer required VLAN interfaces (vif) - for vif in wifi['vif_remove']: - w.del_vlan(vif) - - # create VLAN interfaces (vif) - for vif in wifi['vif']: - # QoS priority mapping can only be set during interface creation - # so we delete the interface first if required. - if vif['egress_qos_changed'] or vif['ingress_qos_changed']: - try: - # on system bootup the above condition is true but the interface - # does not exists, which throws an exception, but that's legal - w.del_vlan(vif['id']) - except: - pass - - vlan = w.add_vlan(vif['id']) - apply_vlan_config(vlan, vif) + # apply all vlans to interface + apply_all_vlans(w, wifi) # Enable/Disable interface - interface is always placed in # administrative down state in WiFiIf class |