summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/arp.py2
-rwxr-xr-xsrc/conf_mode/interfaces-ethernet.py23
-rwxr-xr-xsrc/conf_mode/service_upnp.py19
-rw-r--r--src/etc/systemd/system/wpa_supplicant-wired@.service.d/override.conf11
4 files changed, 39 insertions, 16 deletions
diff --git a/src/conf_mode/arp.py b/src/conf_mode/arp.py
index 1cd8f5451..7dc5206e0 100755
--- a/src/conf_mode/arp.py
+++ b/src/conf_mode/arp.py
@@ -61,7 +61,7 @@ def apply(arp):
continue
for address, address_config in interface_config['address'].items():
mac = address_config['mac']
- call(f'ip neigh add {address} lladdr {mac} dev {interface}')
+ call(f'ip neigh replace {address} lladdr {mac} dev {interface}')
if __name__ == '__main__':
try:
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index 30e7a2af7..e02841831 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -153,11 +153,20 @@ def verify(ethernet):
return None
def generate(ethernet):
- if 'eapol' in ethernet:
- render(wpa_suppl_conf.format(**ethernet),
- 'ethernet/wpa_supplicant.conf.j2', ethernet)
+ # render real configuration file once
+ wpa_supplicant_conf = wpa_suppl_conf.format(**ethernet)
+
+ if 'deleted' in ethernet:
+ # delete configuration on interface removal
+ if os.path.isfile(wpa_supplicant_conf):
+ os.unlink(wpa_supplicant_conf)
+ return None
+ if 'eapol' in ethernet:
ifname = ethernet['ifname']
+
+ render(wpa_supplicant_conf, 'ethernet/wpa_supplicant.conf.j2', ethernet)
+
cert_file_path = os.path.join(cfg_dir, f'{ifname}_cert.pem')
cert_key_path = os.path.join(cfg_dir, f'{ifname}_cert.key')
@@ -184,10 +193,6 @@ def generate(ethernet):
write_file(ca_cert_file_path,
'\n'.join(encode_certificate(c) for c in ca_full_chain))
- else:
- # delete configuration on interface removal
- if os.path.isfile(wpa_suppl_conf.format(**ethernet)):
- os.unlink(wpa_suppl_conf.format(**ethernet))
return None
@@ -203,9 +208,9 @@ def apply(ethernet):
else:
e.update(ethernet)
if 'eapol' in ethernet:
- eapol_action='restart'
+ eapol_action='reload-or-restart'
- call(f'systemctl {eapol_action} wpa_supplicant-macsec@{ifname}')
+ call(f'systemctl {eapol_action} wpa_supplicant-wired@{ifname}')
if __name__ == '__main__':
try:
diff --git a/src/conf_mode/service_upnp.py b/src/conf_mode/service_upnp.py
index 36f3e18a7..c798fd515 100755
--- a/src/conf_mode/service_upnp.py
+++ b/src/conf_mode/service_upnp.py
@@ -24,8 +24,6 @@ from ipaddress import IPv6Network
from vyos.config import Config
from vyos.configdict import dict_merge
-from vyos.configdict import get_interface_dict
-from vyos.configverify import verify_vrf
from vyos.util import call
from vyos.template import render
from vyos.template import is_ipv4
@@ -113,19 +111,28 @@ def verify(upnpd):
listen_dev = []
system_addrs_cidr = get_all_interface_addr(True, [], [netifaces.AF_INET, netifaces.AF_INET6])
system_addrs = get_all_interface_addr(False, [], [netifaces.AF_INET, netifaces.AF_INET6])
+ if 'listen' not in upnpd:
+ raise ConfigError(f'Listen address or interface is required!')
for listen_if_or_addr in upnpd['listen']:
if listen_if_or_addr not in netifaces.interfaces():
listen_dev.append(listen_if_or_addr)
- if (listen_if_or_addr not in system_addrs) and (listen_if_or_addr not in system_addrs_cidr) and (listen_if_or_addr not in netifaces.interfaces()):
+ if (listen_if_or_addr not in system_addrs) and (listen_if_or_addr not in system_addrs_cidr) and \
+ (listen_if_or_addr not in netifaces.interfaces()):
if is_ipv4(listen_if_or_addr) and IPv4Network(listen_if_or_addr).is_multicast:
- raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed to listen on. It is not an interface address nor a multicast address!')
+ raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed'
+ f'to listen on. It is not an interface address nor a multicast address!')
if is_ipv6(listen_if_or_addr) and IPv6Network(listen_if_or_addr).is_multicast:
- raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed to listen on. It is not an interface address nor a multicast address!')
+ raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed'
+ f'to listen on. It is not an interface address nor a multicast address!')
system_listening_dev_addrs_cidr = get_all_interface_addr(True, listen_dev, [netifaces.AF_INET6])
system_listening_dev_addrs = get_all_interface_addr(False, listen_dev, [netifaces.AF_INET6])
for listen_if_or_addr in upnpd['listen']:
- if listen_if_or_addr not in netifaces.interfaces() and (listen_if_or_addr not in system_listening_dev_addrs_cidr) and (listen_if_or_addr not in system_listening_dev_addrs) and is_ipv6(listen_if_or_addr) and (not IPv6Network(listen_if_or_addr).is_multicast):
+ if listen_if_or_addr not in netifaces.interfaces() and \
+ (listen_if_or_addr not in system_listening_dev_addrs_cidr) and \
+ (listen_if_or_addr not in system_listening_dev_addrs) and \
+ is_ipv6(listen_if_or_addr) and \
+ (not IPv6Network(listen_if_or_addr).is_multicast):
raise ConfigError(f'{listen_if_or_addr} must listen on the interface of the network card')
def generate(upnpd):
diff --git a/src/etc/systemd/system/wpa_supplicant-wired@.service.d/override.conf b/src/etc/systemd/system/wpa_supplicant-wired@.service.d/override.conf
new file mode 100644
index 000000000..030b89a2b
--- /dev/null
+++ b/src/etc/systemd/system/wpa_supplicant-wired@.service.d/override.conf
@@ -0,0 +1,11 @@
+[Unit]
+After=
+After=vyos-router.service
+
+[Service]
+WorkingDirectory=
+WorkingDirectory=/run/wpa_supplicant
+PIDFile=/run/wpa_supplicant/%I.pid
+ExecStart=
+ExecStart=/sbin/wpa_supplicant -c/run/wpa_supplicant/%I.conf -Dwired -P/run/wpa_supplicant/%I.pid -i%I
+ExecReload=/bin/kill -HUP $MAINPID