7 files changed, 52 insertions, 48 deletions
diff --git a/src/conf_mode/dhcp_relay.py b/src/conf_mode/dhcp_relay.py
index 73e0153df..a1af2575f 100755
--- a/src/conf_mode/dhcp_relay.py
+++ b/src/conf_mode/dhcp_relay.py
@@ -105,11 +105,6 @@ def verify(relay):
     if relay is None:
         return None
 
-    if len(relay['interface']) < 2:
-        # We can only issue a warning otherwise old configurations might break
-        print('WARNING: At least two interfaces are required for DHCP relay\n' \
-              'to work\n')
-
     if 'lo' in relay['interface']:
         raise ConfigError('DHCP relay does not support the loopback interface.')
 
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index 7f1ac6c31..efdc21f89 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -189,13 +189,13 @@ def apply(vxlan):
         # configure ARP cache timeout in milliseconds
         v.set_arp_cache_tmo(vxlan['ip_arp_cache_tmo'])
         # configure ARP filter configuration
-        v.set_arp_filter(bond['ip_disable_arp_filter'])
+        v.set_arp_filter(vxlan['ip_disable_arp_filter'])
         # configure ARP accept
-        v.set_arp_accept(bond['ip_enable_arp_accept'])
+        v.set_arp_accept(vxlan['ip_enable_arp_accept'])
         # configure ARP announce
-        v.set_arp_announce(bond['ip_enable_arp_announce'])
+        v.set_arp_announce(vxlan['ip_enable_arp_announce'])
         # configure ARP ignore
-        v.set_arp_ignore(bond['ip_enable_arp_ignore'])
+        v.set_arp_ignore(vxlan['ip_enable_arp_ignore'])
         # Enable proxy-arp on this interface
         v.set_proxy_arp(vxlan['ip_proxy_arp'])
 
diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py
index aab3e9734..e80c6caf0 100755
--- a/src/conf_mode/ipsec-settings.py
+++ b/src/conf_mode/ipsec-settings.py
@@ -248,7 +248,8 @@ def generate(data):
         write_ipsec_ra_conn(data)
         append_ipsec_conf(data)
     else:
-        remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_ra_conn_file)
+        if os.path.exists(ipsec_ra_conn_file):
+            remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_ra_conn_file)
         remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_secrets_flie)
         remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie)
 
diff --git a/src/conf_mode/protocols_bfd.py b/src/conf_mode/protocols_bfd.py
index 9ca194edd..58f5b5a0e 100755
--- a/src/conf_mode/protocols_bfd.py
+++ b/src/conf_mode/protocols_bfd.py
@@ -163,10 +163,15 @@ def verify(bfd):
     conf = Config()
 
     for peer in bfd['new_peers']:
-        # IPv6 peers require an explicit local address/interface combination
-        if vyos.validate.is_ipv6(peer['remote']):
+        # IPv6 link local peers require an explicit local address/interface
+        if vyos.validate.is_ipv6_link_local(peer['remote']):
             if not (peer['src_if'] and peer['src_addr']):
-                raise ConfigError('BFD IPv6 peers require explicit local address and interface setting')
+                raise ConfigError('BFD IPv6 link-local peers require explicit local address and interface setting')
+
+        # IPv6 peers require an explicit local address
+        if vyos.validate.is_ipv6(peer['remote']):
+            if not peer['src_addr']:
+                raise ConfigError('BFD IPv6 peers require explicit local address setting')
 
         # multihop require source address
         if peer['multihop'] and not peer['src_addr']:
diff --git a/src/conf_mode/vrrp.py b/src/conf_mode/vrrp.py
index d31be4cfb..a09e55a2f 100755
--- a/src/conf_mode/vrrp.py
+++ b/src/conf_mode/vrrp.py
@@ -27,7 +27,7 @@ import vyos.keepalived
 
 from vyos import ConfigError
 
-
+daemon_file = "/etc/default/keepalived"
 config_file = "/etc/keepalived/keepalived.conf"
 
 config_tmpl = """
@@ -37,6 +37,7 @@ config_tmpl = """
 
 global_defs {
     dynamic_interfaces
+    script_user root
 }
 
 {% for group in groups -%}
@@ -117,6 +118,10 @@ vrrp_instance {{ group.name }} {
     {% if group.fault_script -%}
         notify_fault "/usr/libexec/vyos/system/vrrp-script-wrapper.py --state fault --group {{ group.name }} --interface {{ group.interface }} {{ group.fault_script }}"
     {% endif -%}
+
+    {% if group.stop_script -%}
+        notify_stop "/usr/libexec/vyos/system/vrrp-script-wrapper.py --state stop --group {{ group.name }} --interface {{ group.interface }} {{ group.stop_script }}"
+    {% endif -%}
 }
 
 {% endfor -%}
@@ -140,6 +145,14 @@ vrrp_sync_group {{ sync_group.name }} {
 
 """
 
+daemon_tmpl = """
+# Autogenerated by VyOS
+# Options to pass to keepalived
+
+# DAEMON_ARGS are appended to the keepalived command-line
+DAEMON_ARGS="--snmp"
+"""
+
 def get_config():
     vrrp_groups = []
     sync_groups = []
@@ -178,6 +191,7 @@ def get_config():
         group["master_script"] = config.return_value("transition-script master")
         group["backup_script"] = config.return_value("transition-script backup")
         group["fault_script"] = config.return_value("transition-script fault")
+        group["stop_script"] = config.return_value("transition-script stop")
 
         if config.exists("no-preempt"):
             group["preempt"] = False
@@ -308,9 +322,12 @@ def generate(data):
 
     tmpl = jinja2.Template(config_tmpl)
     config_text = tmpl.render({"groups": vrrp_groups, "sync_groups": sync_groups})
-    
     with open(config_file, 'w') as f:
         f.write(config_text)
+
+    with open(daemon_file, 'w') as f:
+        f.write(daemon_tmpl)
+
     return None
 
 def apply(data):
diff --git a/src/op_mode/vrrp.py b/src/op_mode/vrrp.py
index 54e1bfb57..8d1369823 100755
--- a/src/op_mode/vrrp.py
+++ b/src/op_mode/vrrp.py
@@ -32,6 +32,7 @@ def print_summary():
         # Replace with inotify or similar if it proves problematic
         time.sleep(0.2)
         json_data = vyos.keepalived.get_json_data()
+        vyos.keepalived.remove_vrrp_data("json")
     except:
         print("VRRP information is not available")
         sys.exit(1)
@@ -63,6 +64,7 @@ def print_statistics():
         time.sleep(0.2)
         output = vyos.keepalived.get_statistics()
         print(output)
+        vyos.keepalived.remove_vrrp_data("stats")
     except:
         print("VRRP statistics are not available")
         sys.exit(1)
@@ -73,6 +75,7 @@ def print_state_data():
         time.sleep(0.2)
         output = vyos.keepalived.get_state_data()
         print(output)
+        vyos.keepalived.remove_vrrp_data("state")
     except:
         print("VRRP information is not available")
         sys.exit(1)
diff --git a/src/system/vrrp-script-wrapper.py b/src/system/vrrp-script-wrapper.py
index ccd640128..c28ecba55 100755
--- a/src/system/vrrp-script-wrapper.py
+++ b/src/system/vrrp-script-wrapper.py
@@ -23,7 +23,6 @@ import argparse
 import syslog
 
 import vyos.util
-import vyos.keepalived
 
 
 parser = argparse.ArgumentParser()
@@ -44,38 +43,22 @@ if not args.script or not args.state or not args.group \
 # to pass arguments to the script
 args.script = " ".join(args.script)
 
-# Get the old state if it exists and compare it to the current state received
-# in command line options to avoid executing scripts if no real transition occured.
-# This is necessary because keepalived does not keep persistent state data even between
-# config reloads and will cheerfully execute everything whether it's required or not.
-
-old_state = vyos.keepalived.get_old_state(args.group)
-
-if (old_state is None) or (old_state != args.state):
-    exitcode = 0
-
-    # Run the script and save the new state
-
-    # Change the process GID to the config owners group to avoid screwing up
-    # running config permissions
-    os.setgid(vyos.util.get_cfg_group_id())
-
-    syslog.syslog(syslog.LOG_NOTICE, 'Running transition script {0} for VRRP group {1}'.format(args.script, args.group))
-    try:
-       ret = subprocess.call("%s %s %s %s" % ( args.script, args.state, args.interface, args.group), shell=True)
-       if ret != 0:
-           syslog.syslog(syslog.LOG_ERR, "Transition script {0} failed, exit status: {1}".format(args.script, ret))
-           exitcode = ret
-    except Exception as e:
-        syslog.syslog(syslog.LOG_ERR, "Failed to execute transition script {0}: {1}".format(args.script, e))
-        exitcode = 1
-
-    if exitcode == 0:
-        syslog.syslog(syslog.LOG_NOTICE, "Transition script {0} executed successfully".format(args.script))
-
-    vyos.keepalived.save_state(args.group, args.state)
-else:
-    syslog.syslog(syslog.LOG_NOTICE, "State of the group {0} has not changed, not running transition script".format(args.group))
+exitcode = 0
+# Change the process GID to the config owners group to avoid screwing up
+# running config permissions
+os.setgid(vyos.util.get_cfg_group_id())
+syslog.syslog(syslog.LOG_NOTICE, 'Running transition script {0} for VRRP group {1}'.format(args.script, args.group))
+try:
+    ret = subprocess.call("%s %s %s %s" % ( args.script, args.state, args.interface, args.group), shell=True)
+    if ret != 0:
+        syslog.syslog(syslog.LOG_ERR, "Transition script {0} failed, exit status: {1}".format(args.script, ret))
+        exitcode = ret
+except Exception as e:
+    syslog.syslog(syslog.LOG_ERR, "Failed to execute transition script {0}: {1}".format(args.script, e))
+    exitcode = 1
+
+if exitcode == 0:
+    syslog.syslog(syslog.LOG_NOTICE, "Transition script {0} executed successfully".format(args.script))
 
 syslog.closelog()
 sys.exit(exitcode)