summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/pki.py8
-rwxr-xr-xsrc/conf_mode/vrf.py14
-rwxr-xr-xsrc/op_mode/openvpn.py7
3 files changed, 25 insertions, 4 deletions
diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py
index 6228ff0d2..8deec0e85 100755
--- a/src/conf_mode/pki.py
+++ b/src/conf_mode/pki.py
@@ -25,6 +25,7 @@ from vyos.configdep import set_dependents
from vyos.configdep import call_dependents
from vyos.configdict import node_changed
from vyos.configdiff import Diff
+from vyos.configdiff import get_config_diff
from vyos.defaults import directories
from vyos.pki import is_ca_certificate
from vyos.pki import load_certificate
@@ -199,6 +200,7 @@ def get_config(config=None):
pki['system'] = conf.get_config_dict([], key_mangling=('-', '_'),
get_first_key=True,
no_tag_node_value_mangle=True)
+ D = get_config_diff(conf)
for search in sync_search:
for key in search['keys']:
@@ -230,9 +232,11 @@ def get_config(config=None):
if path[0] == 'interfaces':
ifname = found_path[0]
- set_dependents(path[1], conf, ifname)
+ if not D.node_changed_presence(path + [ifname]):
+ set_dependents(path[1], conf, ifname)
else:
- set_dependents(path[1], conf)
+ if not D.node_changed_presence(path):
+ set_dependents(path[1], conf)
return pki
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index 1fc813189..587309005 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -315,6 +315,20 @@ def apply(vrf):
for chain, rule in nftables_rules.items():
cmd(f'nft flush chain inet vrf_zones {chain}')
+ # Return default ip rule values
+ if 'name' not in vrf:
+ for afi in ['-4', '-6']:
+ # move lookup local to pref 0 (from 32765)
+ if not has_rule(afi, 0, 'local'):
+ call(f'ip {afi} rule add pref 0 from all lookup local')
+ if has_rule(afi, 32765, 'local'):
+ call(f'ip {afi} rule del pref 32765 table local')
+
+ if has_rule(afi, 1000, 'l3mdev'):
+ call(f'ip {afi} rule del pref 1000 l3mdev protocol kernel')
+ if has_rule(afi, 2000, 'l3mdev'):
+ call(f'ip {afi} rule del pref 2000 l3mdev unreachable')
+
# Apply FRR filters
zebra_daemon = 'zebra'
# Save original configuration prior to starting any commit actions
diff --git a/src/op_mode/openvpn.py b/src/op_mode/openvpn.py
index d54a67199..092873909 100755
--- a/src/op_mode/openvpn.py
+++ b/src/op_mode/openvpn.py
@@ -48,9 +48,12 @@ def _get_tunnel_address(peer_host, peer_port, status_file):
# 10.10.2.0/25,client1,...
lst = [l for l in lst[1:] if '/' not in l.split(',')[0]]
- tunnel_ip = lst[0].split(',')[0]
+ if lst:
+ tunnel_ip = lst[0].split(',')[0]
- return tunnel_ip
+ return tunnel_ip
+
+ return 'n/a'
def _get_interface_status(mode: str, interface: str) -> dict:
status_file = f'/run/openvpn/{interface}.status'