From 44f766a7880e9264487e62f4aacc9f4f635219ed Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 5 Apr 2021 23:23:14 +0200 Subject: tunnel: T3030: move erspan type into regular tunnel interface Instead of having a dedicated ERSPAN interface type, rather move the specifics into "interface tunnel". A migrator is not needed as there is yet no LTS release with this feature and this is considered experimental. --- data/configd-include.json | 1 - interface-definitions/interfaces-erspan.xml.in | 114 ---------------- interface-definitions/interfaces-tunnel.xml.in | 89 ++++++++++++- python/vyos/ifconfig/__init__.py | 2 - python/vyos/ifconfig/erspan.py | 170 ------------------------ python/vyos/ifconfig/tunnel.py | 12 +- smoketest/scripts/cli/test_interfaces_tunnel.py | 86 ++++++++++++ src/conf_mode/interfaces-erspan.py | 108 --------------- src/conf_mode/interfaces-tunnel.py | 30 ++++- 9 files changed, 205 insertions(+), 407 deletions(-) delete mode 100644 interface-definitions/interfaces-erspan.xml.in delete mode 100755 python/vyos/ifconfig/erspan.py delete mode 100755 src/conf_mode/interfaces-erspan.py diff --git a/data/configd-include.json b/data/configd-include.json index eed858363..4959e5020 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -21,7 +21,6 @@ "interfaces-pppoe.py", "interfaces-pseudo-ethernet.py", "interfaces-tunnel.py", -"interfaces-erspan.py", "interfaces-vxlan.py", "interfaces-wireguard.py", "interfaces-wireless.py", diff --git a/interface-definitions/interfaces-erspan.xml.in b/interface-definitions/interfaces-erspan.xml.in deleted file mode 100644 index 769899415..000000000 --- a/interface-definitions/interfaces-erspan.xml.in +++ /dev/null @@ -1,114 +0,0 @@ - - - - - - - Encapsulated Remote SPAN over GRE and IPv4/IPv6 Tunnel Interface - 310 - - ^ersp[0-9]+$ - - ERSPAN tunnel interface must be named erspN - - erspN - ERSPAN Tunnel interface name - - - - #include - #include - #include - #include - #include - #include - - - Encapsulation of this tunnel interface - - erspan ip6erspan - - - erspan - Generic Routing Encapsulation - - - ip6erspan - Generic Routing Encapsulation bridge interface - - - ^(erspan|ip6erspan)$ - - Invalid encapsulation, must be one of: erspan, ip6erspan - - - - - ERSPAN Tunnel parameters - - - - - IPv4 specific tunnel parameters - - - #include - #include - #include - - - - - ERSPAN version number setting(default:1) - - - - The version number of ERSPAN must be 1 or 2 - - 1 - - - - Specifies mirrored traffic direction - - ingress egress - - - ingress - Mirror ingress direction - - - egress - Mirror egress direction - - - ^(ingress|egress)$ - - The mirror direction of ERSPAN must be ingress or egress - - - - - an unique identifier of an ERSPAN v2 engine within a system - - - - ERSPAN hwid must be a number(range:0-1048575) - - - - - specifies the ERSPAN v1 index field - - - - ERSPAN idx must be a number(range:0-63) - - - - - - - - - diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in index e3aad2719..e4bdcb3d7 100644 --- a/interface-definitions/interfaces-tunnel.xml.in +++ b/interface-definitions/interfaces-tunnel.xml.in @@ -80,8 +80,12 @@ Encapsulation of this tunnel interface - gre gretap ip6gre ip6gretap ip6ip6 ipip ipip6 sit + erspan gre gretap ip6erspan ip6gre ip6gretap ip6ip6 ipip ipip6 sit + + erspan + Encapsulated Remote Switched Port Analyzer + gre Generic Routing Encapsulation @@ -90,6 +94,10 @@ gretap Generic Routing Encapsulation (virtual L2 tunnel) + + ip6erspan + Encapsulated Remote Switched Port Analyzer over IPv6 network + ip6gre GRE over IPv6 network @@ -115,9 +123,9 @@ Simple Internet Transition encapsulation - ^(gre|gretap|ip6gre|ip6gretap|ip6ip6|ipip|ipip6|sit)$ + ^(erspan|gre|gretap|ip6erspan|ip6gre|ip6gretap|ip6ip6|ipip|ipip6|sit)$ - Invalid encapsulation, must be one of: gre, gretap, ip6gre, ip6gretap, ipip, sit, ipip6 or ip6ip6 + Invalid encapsulation, must be one of: erspan, gre, gretap, ip6erspan, ip6gre, ip6gretap, ipip, sit, ipip6 or ip6ip6 @@ -145,6 +153,81 @@ Tunnel parameters + + + ERSPAN Tunnel parameters + + + + + + + Specifify ERSPAN version 1 index field + + 0-63 + Platform-depedent field for specifying port number and direction + + + + + + + + + Protocol version + + 1 + ERSPAN Type II + + + + + + + 1 + + + IPv4 specific tunnel parameters diff --git a/python/vyos/ifconfig/__init__.py b/python/vyos/ifconfig/__init__.py index f5dfa8e05..e9da1e9f5 100644 --- a/python/vyos/ifconfig/__init__.py +++ b/python/vyos/ifconfig/__init__.py @@ -32,8 +32,6 @@ from vyos.ifconfig.vtun import VTunIf from vyos.ifconfig.vti import VTIIf from vyos.ifconfig.pppoe import PPPoEIf from vyos.ifconfig.tunnel import TunnelIf -from vyos.ifconfig.erspan import ERSpanIf -from vyos.ifconfig.erspan import ER6SpanIf from vyos.ifconfig.wireless import WiFiIf from vyos.ifconfig.l2tpv3 import L2TPv3If from vyos.ifconfig.macsec import MACsecIf diff --git a/python/vyos/ifconfig/erspan.py b/python/vyos/ifconfig/erspan.py deleted file mode 100755 index 03b2acdbf..000000000 --- a/python/vyos/ifconfig/erspan.py +++ /dev/null @@ -1,170 +0,0 @@ -# Copyright 2019-2021 VyOS maintainers and contributors -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library. If not, see . - -# https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels/#erspan -# http://vger.kernel.org/lpc_net2018_talks/erspan-linux-presentation.pdf - -from copy import deepcopy - -from netaddr import EUI -from netaddr import mac_unix_expanded -from random import getrandbits - -from vyos.util import dict_search -from vyos.ifconfig.interface import Interface -from vyos.validate import assert_list - -@Interface.register -class _ERSpan(Interface): - """ - _ERSpan: private base class for ERSPAN tunnels - """ - iftype = 'erspan' - definition = { - **Interface.definition, - **{ - 'section': 'erspan', - 'prefixes': ['ersp',], - }, - } - - def __init__(self,ifname,**config): - self.config = deepcopy(config) if config else {} - super().__init__(ifname, **self.config) - - def change_options(self): - pass - - def _create(self): - pass - -class ERSpanIf(_ERSpan): - """ - ERSpanIf: private base class for ERSPAN Over GRE and IPv4 tunnels - """ - - def _create(self): - ifname = self.config['ifname'] - source_address = self.config['source_address'] - remote = self.config['remote'] - key = self.config['parameters']['ip']['key'] - version = self.config['parameters']['version'] - command = f'ip link add dev {ifname} type erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}' - - if int(version) == 1: - idx=dict_search('parameters.erspan.idx',self.config) - if idx: - command += f' erspan {idx}' - elif int(version) == 2: - direction=dict_search('parameters.erspan.direction',self.config) - if direction: - command += f' erspan_dir {direction}' - hwid=dict_search('parameters.erspan.hwid',self.config) - if hwid: - command += f' erspan_hwid {hwid}' - - ttl = dict_search('parameters.ip.ttl',self.config) - if ttl: - command += f' ttl {ttl}' - tos = dict_search('parameters.ip.tos',self.config) - if tos: - command += f' tos {tos}' - - self._cmd(command) - - def change_options(self): - ifname = self.config['ifname'] - source_address = self.config['source_address'] - remote = self.config['remote'] - key = self.config['parameters']['ip']['key'] - version = self.config['parameters']['version'] - command = f'ip link set dev {ifname} type erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}' - - if int(version) == 1: - idx=dict_search('parameters.erspan.idx',self.config) - if idx: - command += f' erspan {idx}' - elif int(version) == 2: - direction=dict_search('parameters.erspan.direction',self.config) - if direction: - command += f' erspan_dir {direction}' - hwid=dict_search('parameters.erspan.hwid',self.config) - if hwid: - command += f' erspan_hwid {hwid}' - - ttl = dict_search('parameters.ip.ttl',self.config) - if ttl: - command += f' ttl {ttl}' - tos = dict_search('parameters.ip.tos',self.config) - if tos: - command += f' tos {tos}' - - self._cmd(command) - -class ER6SpanIf(_ERSpan): - """ - ER6SpanIf: private base class for ERSPAN Over GRE and IPv6 tunnels - """ - - def _create(self): - ifname = self.config['ifname'] - source_address = self.config['source_address'] - remote = self.config['remote'] - key = self.config['parameters']['ip']['key'] - version = self.config['parameters']['version'] - command = f'ip link add dev {ifname} type ip6erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}' - - if int(version) == 1: - idx=dict_search('parameters.erspan.idx',self.config) - if idx: - command += f' erspan {idx}' - elif int(version) == 2: - direction=dict_search('parameters.erspan.direction',self.config) - if direction: - command += f' erspan_dir {direction}' - hwid=dict_search('parameters.erspan.hwid',self.config) - if hwid: - command += f' erspan_hwid {hwid}' - - ttl = dict_search('parameters.ip.ttl',self.config) - if ttl: - command += f' ttl {ttl}' - tos = dict_search('parameters.ip.tos',self.config) - if tos: - command += f' tos {tos}' - - self._cmd(command) - - def change_options(self): - ifname = self.config['ifname'] - source_address = self.config['source_address'] - remote = self.config['remote'] - key = self.config['parameters']['ip']['key'] - version = self.config['parameters']['version'] - command = f'ip link set dev {ifname} type ip6erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}' - - if int(version) == 1: - idx=dict_search('parameters.erspan.idx',self.config) - if idx: - command += f' erspan {idx}' - elif int(version) == 2: - direction=dict_search('parameters.erspan.direction',self.config) - if direction: - command += f' erspan_dir {direction}' - hwid=dict_search('parameters.erspan.hwid',self.config) - if hwid: - command += f' erspan_hwid {hwid}' - - self._cmd(command) diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py index e5e1300b2..08854a3b0 100644 --- a/python/vyos/ifconfig/tunnel.py +++ b/python/vyos/ifconfig/tunnel.py @@ -63,6 +63,10 @@ class TunnelIf(Interface): 'parameters.ip.no_pmtu_discovery' : 'nopmtudisc', 'parameters.ip.tos' : 'tos', 'parameters.ip.ttl' : 'ttl', + 'parameters.erspan.direction' : 'erspan_dir', + 'parameters.erspan.hw_id' : 'erspan_hwid', + 'parameters.erspan.index' : 'erspan', + 'parameters.erspan.version' : 'erspan_ver', } mapping_ipv6 = { 'parameters.ipv6.encaplimit' : 'encaplimit', @@ -113,8 +117,12 @@ class TunnelIf(Interface): mapping = { **self.mapping, **self.mapping_ipv4 } cmd = 'ip tunnel add {ifname} mode {encapsulation}' - if self.iftype in ['gretap', 'ip6gretap']: + if self.iftype in ['gretap', 'ip6gretap', 'erspan', 'ip6erspan']: cmd = 'ip link add name {ifname} type {encapsulation}' + # ERSPAN requires the serialisation of packets + if self.iftype in ['erspan', 'ip6erspan']: + cmd += ' seq' + for vyos_key, iproute2_key in mapping.items(): # dict_search will return an empty dict "{}" for valueless nodes like # "parameters.nolearning" - thus we need to test the nodes existence @@ -131,7 +139,7 @@ class TunnelIf(Interface): def _change_options(self): # gretap interfaces do not support changing any parameter - if self.iftype in ['gretap', 'ip6gretap']: + if self.iftype in ['gretap', 'ip6gretap', 'erspan', 'ip6erspan']: return if self.config['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre']: diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py index 6af31ddff..0e021b385 100755 --- a/smoketest/scripts/cli/test_interfaces_tunnel.py +++ b/smoketest/scripts/cli/test_interfaces_tunnel.py @@ -232,5 +232,91 @@ class TunnelInterfaceTest(BasicInterfaceTest.TestCase): conf = get_interface_config(interface) self.assertEqual(new_remote, conf['linkinfo']['info_data']['remote']) + def test_erspan(self): + interface = f'tun1070' + encapsulation = 'erspan' + ip_key = '77' + idx = '20' + + self.cli_set(self._base_path + [interface, 'encapsulation', encapsulation]) + self.cli_set(self._base_path + [interface, 'source-address', self.local_v4]) + self.cli_set(self._base_path + [interface, 'remote', remote_ip4]) + + self.cli_set(self._base_path + [interface, 'parameters', 'erspan', 'index', idx]) + + # ERSPAN requires ip key parameter + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_set(self._base_path + [interface, 'parameters', 'ip', 'key', ip_key]) + + # Check if commit is ok + self.cli_commit() + + conf = get_interface_config(interface) + self.assertEqual(mtu, conf['mtu']) + self.assertEqual(interface, conf['ifname']) + self.assertEqual(encapsulation, conf['linkinfo']['info_kind']) + self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local']) + self.assertEqual(remote_ip4, conf['linkinfo']['info_data']['remote']) + self.assertEqual(0, conf['linkinfo']['info_data']['ttl']) + self.assertEqual(f'0.0.0.{ip_key}', conf['linkinfo']['info_data']['ikey']) + self.assertEqual(f'0.0.0.{ip_key}', conf['linkinfo']['info_data']['okey']) + self.assertEqual(int(idx), conf['linkinfo']['info_data']['erspan_index']) + self.assertEqual(1, conf['linkinfo']['info_data']['erspan_ver']) + self.assertTrue( conf['linkinfo']['info_data']['iseq']) + self.assertTrue( conf['linkinfo']['info_data']['oseq']) + + # Change remote ip address (inc host by 2 + new_remote = inc_ip(remote_ip4, 2) + self.cli_set(self._base_path + [interface, 'remote', new_remote]) + # Check if commit is ok + self.cli_commit() + + conf = get_interface_config(interface) + self.assertEqual(new_remote, conf['linkinfo']['info_data']['remote']) + + def test_ip6erspan(self): + interface = f'tun1070' + encapsulation = 'ip6erspan' + ip_key = '77' + erspan_ver = '2' + direction = 'ingres' + + self.cli_set(self._base_path + [interface, 'encapsulation', encapsulation]) + self.cli_set(self._base_path + [interface, 'source-address', self.local_v6]) + self.cli_set(self._base_path + [interface, 'remote', remote_ip6]) + + self.cli_set(self._base_path + [interface, 'parameters', 'erspan', 'index', '10']) + + # ERSPAN requires ip key parameter + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_set(self._base_path + [interface, 'parameters', 'ip', 'key', ip_key]) + + # Check if commit is ok + self.cli_commit() + + conf = get_interface_config(interface) + self.assertEqual(mtu, conf['mtu']) + self.assertEqual(interface, conf['ifname']) + self.assertEqual(encapsulation, conf['linkinfo']['info_kind']) + self.assertEqual(self.local_v6, conf['linkinfo']['info_data']['local']) + self.assertEqual(remote_ip6, conf['linkinfo']['info_data']['remote']) + self.assertEqual(0, conf['linkinfo']['info_data']['ttl']) + self.assertEqual(f'0.0.0.{ip_key}', conf['linkinfo']['info_data']['ikey']) + self.assertEqual(f'0.0.0.{ip_key}', conf['linkinfo']['info_data']['okey']) + self.assertEqual(1, conf['linkinfo']['info_data']['erspan_ver']) + self.assertTrue( conf['linkinfo']['info_data']['iseq']) + self.assertTrue( conf['linkinfo']['info_data']['oseq']) + + # Change remote ip address (inc host by 2 + new_remote = inc_ip(remote_ip6, 2) + self.cli_set(self._base_path + [interface, 'remote', new_remote]) + # Check if commit is ok + self.cli_commit() + + conf = get_interface_config(interface) + self.assertEqual(new_remote, conf['linkinfo']['info_data']['remote']) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/interfaces-erspan.py b/src/conf_mode/interfaces-erspan.py deleted file mode 100755 index 97ae3cf55..000000000 --- a/src/conf_mode/interfaces-erspan.py +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018-2020 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import os - -from sys import exit -from copy import deepcopy -from netifaces import interfaces - -from vyos.config import Config -from vyos.configdict import dict_merge -from vyos.configdict import get_interface_dict -from vyos.configdict import node_changed -from vyos.configdict import leaf_node_changed -from vyos.configverify import verify_mtu_ipv6 -from vyos.configverify import verify_tunnel -from vyos.ifconfig import Interface -from vyos.ifconfig import ERSpanIf -from vyos.ifconfig import ER6SpanIf -from vyos.template import is_ipv4 -from vyos.template import is_ipv6 -from vyos.util import dict_search -from vyos import ConfigError -from vyos import airbag -airbag.enable() - -def get_config(config=None): - """ - Retrive CLI config as dictionary. Dictionary can never be empty, as at least - the interface name will be added or a deleted flag - """ - if config: - conf = config - else: - conf = Config() - base = ['interfaces', 'erspan'] - erspan = get_interface_dict(conf, base) - - tmp = leaf_node_changed(conf, ['encapsulation']) - if tmp: - erspan.update({'encapsulation_changed': {}}) - - return erspan - -def verify(erspan): - if 'deleted' in erspan: - return None - - if 'encapsulation' not in erspan: - raise ConfigError('Unable to detect the following ERSPAN tunnel encapsulation'\ - '{ifname}!'.format(**erspan)) - - verify_mtu_ipv6(erspan) - verify_tunnel(erspan) - - key = dict_search('parameters.ip.key',erspan) - if key == None: - raise ConfigError('parameters.ip.key is mandatory for ERSPAN tunnel') - - -def generate(erspan): - return None - -def apply(erspan): - if 'deleted' in erspan or 'encapsulation_changed' in erspan: - if erspan['ifname'] in interfaces(): - tmp = Interface(erspan['ifname']) - tmp.remove() - if 'deleted' in erspan: - return None - - dispatch = { - 'erspan': ERSpanIf, - 'ip6erspan': ER6SpanIf - } - - # We need to re-map the tunnel encapsulation proto to a valid interface class - encap = erspan['encapsulation'] - klass = dispatch[encap] - - erspan_tunnel = klass(**erspan) - erspan_tunnel.change_options() - erspan_tunnel.update(erspan) - - return None - -if __name__ == '__main__': - try: - c = get_config() - generate(c) - verify(c) - apply(c) - except ConfigError as e: - print(e) - exit(1) diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index cab94a5b0..4e6c8a9ab 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -61,6 +61,9 @@ def get_config(config=None): nhrp = conf.get_config_dict([], key_mangling=('-', '_'), get_first_key=True) if nhrp: tunnel.update({'nhrp' : list(nhrp.keys())}) + if 'encapsulation' in tunnel and tunnel['encapsulation'] not in ['erspan', 'ip6erspan']: + del tunnel['parameters']['erspan'] + return tunnel def verify(tunnel): @@ -72,14 +75,28 @@ def verify(tunnel): return None - if 'encapsulation' not in tunnel: - error = 'Must configure encapsulation for "{ifname}"!' - raise ConfigError(error.format(**tunnel)) + verify_tunnel(tunnel) + + if tunnel['encapsulation'] in ['erspan', 'ip6erspan']: + if dict_search('parameters.ip.key', tunnel) == None: + raise ConfigError('ERSPAN requires ip key parameter!') + + # this is a default field + ver = int(tunnel['parameters']['erspan']['version']) + if ver == 1: + if 'hw_id' in tunnel['parameters']['erspan']: + raise ConfigError('ERSPAN version 1 does not support hw-id!') + if 'direction' in tunnel['parameters']['erspan']: + raise ConfigError('ERSPAN version 1 does not support direction!') + elif ver == 2: + if 'idx' in tunnel['parameters']['erspan']: + raise ConfigError('ERSPAN version 2 does not index parameter!') + if 'direction' not in tunnel['parameters']['erspan']: + raise ConfigError('ERSPAN version 2 requires direction to be set!') verify_mtu_ipv6(tunnel) verify_address(tunnel) verify_vrf(tunnel) - verify_tunnel(tunnel) if 'source_interface' in tunnel: verify_interface_exists(tunnel['source_interface']) @@ -92,7 +109,6 @@ def verify(tunnel): if tunnel['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre']: raise ConfigError('Can not disable PMTU discovery for given encapsulation') - def generate(tunnel): return None @@ -108,8 +124,8 @@ def apply(tunnel): encap = dict_search('linkinfo.info_kind', tmp) remote = dict_search('linkinfo.info_data.remote', tmp) - if ('deleted' in tunnel or 'encapsulation_changed' in tunnel or - encap in ['gretap', 'ip6gretap'] or remote in ['any']): + if ('deleted' in tunnel or 'encapsulation_changed' in tunnel or encap in + ['gretap', 'ip6gretap', 'erspan', 'ip6erspan'] or remote in ['any']): if interface in interfaces(): tmp = Interface(interface) tmp.remove() -- cgit v1.2.3