From 79d366eed45614f32fb8d44e0034b84cdef7f17f Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Mon, 14 May 2018 12:35:25 +0200 Subject: Mark nodes in SSH and NTP valueless (related to T602). --- interface-definitions/ntp.xml | 4 ++++ interface-definitions/ssh.xml | 1 + 2 files changed, 5 insertions(+) diff --git a/interface-definitions/ntp.xml b/interface-definitions/ntp.xml index c6fd8aa14..d9930a262 100644 --- a/interface-definitions/ntp.xml +++ b/interface-definitions/ntp.xml @@ -19,21 +19,25 @@ Allow server to be configured even if not reachable + Marks the server as unused + Specifies the association as preemptable rather than the default persistent + Marks the server as preferred + diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml index f898f3934..889754849 100644 --- a/interface-definitions/ssh.xml +++ b/interface-definitions/ssh.xml @@ -41,6 +41,7 @@ Enable root login over ssh + -- cgit v1.2.3 From 345ec6803b0bc0a859a90bf659fa3d3eeea3a2f8 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Mon, 14 May 2018 12:50:32 +0200 Subject: Some more valueless fixes. --- interface-definitions/dns-forwarding.xml | 2 ++ interface-definitions/ssh.xml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/interface-definitions/dns-forwarding.xml b/interface-definitions/dns-forwarding.xml index 81aa6063d..60b90c6a7 100644 --- a/interface-definitions/dns-forwarding.xml +++ b/interface-definitions/dns-forwarding.xml @@ -62,6 +62,7 @@ Do not use local /etc/hosts file in name resolution + @@ -94,6 +95,7 @@ DNS forwarding to system nameservers + diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml index 889754849..ba5b887bc 100644 --- a/interface-definitions/ssh.xml +++ b/interface-definitions/ssh.xml @@ -55,11 +55,13 @@ Don't validate the remote host name with DNS + Don't allow unknown user to login with password + -- cgit v1.2.3 From 37aa8753fa67a1a8ad51cdc50539cab83f94ed2b Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Mon, 14 May 2018 13:31:47 +0200 Subject: Fix misplaces ConfigError exception. --- python/vyos/__init__.py | 1 + python/vyos/version.py | 4 ---- src/conf-mode/vyos-config-bcast-relay.py | 2 +- src/conf-mode/vyos-config-dns-forwarding.py | 2 +- src/conf-mode/vyos-config-mdns-repeater.py | 2 +- src/conf-mode/vyos-config-ntp.py | 2 +- src/conf-mode/vyos-config-ssh.py | 2 +- src/conf-mode/vyos-update-crontab.py | 2 +- 8 files changed, 7 insertions(+), 10 deletions(-) diff --git a/python/vyos/__init__.py b/python/vyos/__init__.py index e69de29bb..9b5ed21c9 100644 --- a/python/vyos/__init__.py +++ b/python/vyos/__init__.py @@ -0,0 +1 @@ +from .base import * diff --git a/python/vyos/version.py b/python/vyos/version.py index b3eff3965..5d32d878d 100644 --- a/python/vyos/version.py +++ b/python/vyos/version.py @@ -19,10 +19,6 @@ import json -class ConfigError(Exception): - pass - - def get_version_data(file='/opt/vyatta/etc/version.json'): with open(file, 'r') as f: version_data = json.load(f) diff --git a/src/conf-mode/vyos-config-bcast-relay.py b/src/conf-mode/vyos-config-bcast-relay.py index f60664051..785690d9c 100755 --- a/src/conf-mode/vyos-config-bcast-relay.py +++ b/src/conf-mode/vyos-config-bcast-relay.py @@ -23,7 +23,7 @@ import time import subprocess from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError config_file = r'/etc/default/udp-broadcast-relay' diff --git a/src/conf-mode/vyos-config-dns-forwarding.py b/src/conf-mode/vyos-config-dns-forwarding.py index df273b321..0d265f819 100755 --- a/src/conf-mode/vyos-config-dns-forwarding.py +++ b/src/conf-mode/vyos-config-dns-forwarding.py @@ -23,7 +23,7 @@ import netifaces import jinja2 from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError config_file = r'/etc/powerdns/recursor.conf' diff --git a/src/conf-mode/vyos-config-mdns-repeater.py b/src/conf-mode/vyos-config-mdns-repeater.py index 3b8ca26ad..e648fd64f 100755 --- a/src/conf-mode/vyos-config-mdns-repeater.py +++ b/src/conf-mode/vyos-config-mdns-repeater.py @@ -22,7 +22,7 @@ import netifaces import time from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError config_file = r'/etc/default/mdns-repeater' diff --git a/src/conf-mode/vyos-config-ntp.py b/src/conf-mode/vyos-config-ntp.py index 061e8760e..8be12e44e 100755 --- a/src/conf-mode/vyos-config-ntp.py +++ b/src/conf-mode/vyos-config-ntp.py @@ -23,7 +23,7 @@ import jinja2 import ipaddress from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError config_file = r'/etc/ntp.conf' diff --git a/src/conf-mode/vyos-config-ssh.py b/src/conf-mode/vyos-config-ssh.py index 1605dcd74..4949d6463 100755 --- a/src/conf-mode/vyos-config-ssh.py +++ b/src/conf-mode/vyos-config-ssh.py @@ -22,7 +22,7 @@ import os import jinja2 from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError config_file = r'/etc/ssh/sshd_config' diff --git a/src/conf-mode/vyos-update-crontab.py b/src/conf-mode/vyos-update-crontab.py index 2d15de8ea..c19b88007 100755 --- a/src/conf-mode/vyos-update-crontab.py +++ b/src/conf-mode/vyos-update-crontab.py @@ -21,7 +21,7 @@ import re import sys from vyos.config import Config -from vyos.util import ConfigError +from vyos import ConfigError crontab_file = "/etc/cron.d/vyos-crontab" -- cgit v1.2.3 From 0866859c6189553ce33cb80cad20844b609d5393 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Mon, 14 May 2018 13:37:40 +0200 Subject: Fix cron interval regex to allow single digit values. --- interface-definitions/cron.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interface-definitions/cron.xml b/interface-definitions/cron.xml index 8e4c1294a..65b95c5a4 100644 --- a/interface-definitions/cron.xml +++ b/interface-definitions/cron.xml @@ -45,7 +45,7 @@ Execution interval in days - [1-9]([0-9]+)([mhd]{0,1}) + [1-9]([0-9]*)([mhd]{0,1}) -- cgit v1.2.3 From 48a983cc52421a984ce92f0cbb5e40ce1b4b2310 Mon Sep 17 00:00:00 2001 From: Yuya Kusakabe Date: Tue, 15 May 2018 00:21:16 +0900 Subject: Add missing vyos.base module --- python/vyos/base.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 python/vyos/base.py diff --git a/python/vyos/base.py b/python/vyos/base.py new file mode 100644 index 000000000..6197ed074 --- /dev/null +++ b/python/vyos/base.py @@ -0,0 +1,22 @@ +# Copyright (c) 2018 VyOS maintainers and contributors +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the Software +# is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included +# in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, +# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS +# OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +# IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +class ConfigError(Exception): + pass -- cgit v1.2.3 From ddca0778f36266ce2416a064833410afeeb202d0 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Tue, 15 May 2018 02:51:00 +0200 Subject: Correct the logic of generating tag nodes for op mode. Unlike conf mode tag nodes, op mode "pseudo-tag nodes" have the real node.def inside the node.tag dir rather than at the top level. The required node.def at the top level is populated with the help string from the real one. A side effect is that commands that take arguments now must have their own words, e.g. "run show arp" and "run show arp eth0" is impossible and has to be "run show arp" and "run show arp interface eth0", which is probably a good thing. --- scripts/build-command-op-templates | 61 +++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 28 deletions(-) diff --git a/scripts/build-command-op-templates b/scripts/build-command-op-templates index 72879fe74..865590c2c 100755 --- a/scripts/build-command-op-templates +++ b/scripts/build-command-op-templates @@ -93,7 +93,7 @@ def get_properties(p): try: props["help"] = p.find("help").text except: - pass + props["help"] = "No help available" # Get the completion help strings @@ -113,7 +113,7 @@ def get_properties(p): for i in paths: comp_exprs.append("/bin/cli-shell-api listNodes {0}".format(i.text)) for i in scripts: - comp_exprs.append("sh -c \"{0}\"".format(i.text)) + comp_exprs.append("{0}".format(i.text)) comp_help = " && ".join(comp_exprs) props["comp_help"] = comp_help except: @@ -128,14 +128,6 @@ def make_node_def(props, command): node_def = "" - if "tag" in props: - node_def += "tag:\n" - - - if "type" in props: - node_def += "type: {0}\n".format(props["type"]) - - if "help" in props: node_def += "help: {0}\n".format(props["help"]) @@ -173,32 +165,45 @@ def process_node(n, tmpl_dir): props = get_properties(props_elem) - # Type should not be set for non-tag, non-leaf nodes - if node_type != "node": - props["type"] = "txt" + if node_type == "node": + if debug: + print("Processing node {}".format(name)) + + with open(os.path.join(make_path(my_tmpl_dir), "node.def"), "w") as f: + f.write(make_node_def(props, command)) + + if children is not None: + inner_nodes = children.iterfind("*") + for inner_n in inner_nodes: + process_node(inner_n, my_tmpl_dir) if node_type == "tagNode": - props["tag"] = "True" - + if debug: + print("Processing tag node {}".format(name)) - with open(os.path.join(make_path(my_tmpl_dir), "node.def"), "w") as f: - f.write(make_node_def(props, command)) + os.makedirs(make_path(my_tmpl_dir), exist_ok=True) + with open(os.path.join(make_path(my_tmpl_dir), "node.def"), "w") as f: + f.write('help: {0}\0'.format(props['help'])) - if node_type == "node": - inner_nodes = children.iterfind("*") - for inner_n in inner_nodes: - process_node(inner_n, my_tmpl_dir) - if node_type == "tagNode": my_tmpl_dir.append("node.tag") - if debug: - print("Created path for the tagNode:", end="") os.makedirs(make_path(my_tmpl_dir), exist_ok=True) - inner_nodes = children.iterfind("*") - for inner_n in inner_nodes: - process_node(inner_n, my_tmpl_dir) + if debug: + print("Created path for the tagNode: {}".format(make_path(my_tmpl_dir)), end="") + + with open(os.path.join(make_path(my_tmpl_dir), "node.def"), "w") as f: + f.write(make_node_def(props, command)) + + if children is not None: + inner_nodes = children.iterfind("*") + for inner_n in inner_nodes: + process_node(inner_n, my_tmpl_dir) else: # This is a leaf node - pass + if debug: + print("Processing leaf node {}".format(name)) + + with open(os.path.join(make_path(my_tmpl_dir), "node.def"), "w") as f: + f.write(make_node_def(props, command)) root = xml.getroot() -- cgit v1.2.3 From ae0b5e5d142c03b2df544774aead9887d5610bf2 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Tue, 15 May 2018 02:55:13 +0200 Subject: T637: new op mode for traffic dumps based on tcpdump. --- Makefile | 1 + op-mode-definitions/traffic-dump.xml | 45 ++++++++++++++++++++++++++++ src/op-mode/vyos-list-dumpable-interfaces.py | 14 +++++++++ src/op-mode/vyos-list-interfaces.py | 8 +++++ 4 files changed, 68 insertions(+) create mode 100644 op-mode-definitions/traffic-dump.xml create mode 100755 src/op-mode/vyos-list-dumpable-interfaces.py create mode 100755 src/op-mode/vyos-list-interfaces.py diff --git a/Makefile b/Makefile index c328d6a8d..8a75a91e4 100644 --- a/Makefile +++ b/Makefile @@ -26,6 +26,7 @@ op_mode_definitions: rm -f $(OP_TMPL_DIR)/show/dns/node.def rm -f $(OP_TMPL_DIR)/reset/node.def rm -f $(OP_TMPL_DIR)/restart/node.def + rm -f $(OP_TMPL_DIR)/monitor/node.def .PHONY: all all: interface_definitions op_mode_definitions diff --git a/op-mode-definitions/traffic-dump.xml b/op-mode-definitions/traffic-dump.xml new file mode 100644 index 000000000..be53f866b --- /dev/null +++ b/op-mode-definitions/traffic-dump.xml @@ -0,0 +1,45 @@ + + + + + + + Monitor traffic dumps + + + + tcpdump -i $4 + + Monitor traffic dump from an interface + + + + + + + tcpdump -n -i $4 $6 + + Monitor traffic matching filter conditions + + + + tcpdump -n -i $4 -w $6 + + Save traffic dump from an interface to a file + + + + tcpdump -n -i $4 -w $6 $8 + + Save a dump of traffic matching filter conditions to a file + + + + + + + + + + + diff --git a/src/op-mode/vyos-list-dumpable-interfaces.py b/src/op-mode/vyos-list-dumpable-interfaces.py new file mode 100755 index 000000000..53ee89633 --- /dev/null +++ b/src/op-mode/vyos-list-dumpable-interfaces.py @@ -0,0 +1,14 @@ +#!/usr/bin/env python3 + +# Extract the list of interfaces available for traffic dumps from tcpdump -D + +import re +import subprocess + +if __name__ == '__main__': + out = subprocess.check_output(['/usr/sbin/tcpdump', '-D']).decode().strip() + out = out.split("\n") + + intfs = " ".join(map(lambda s: re.search(r'\d+\.(\S+)\s', s).group(1), out)) + + print(intfs) diff --git a/src/op-mode/vyos-list-interfaces.py b/src/op-mode/vyos-list-interfaces.py new file mode 100755 index 000000000..59c9dffad --- /dev/null +++ b/src/op-mode/vyos-list-interfaces.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python3 + +import netifaces + +if __name__ == '__main__': + interfaces = netifaces.interfaces() + + print(" ".join(interfaces)) -- cgit v1.2.3 From 3ebc8df88c4b6522a57694d0d77d1933ea9db714 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Tue, 15 May 2018 03:25:17 +0200 Subject: T638: new op mode CLI for the bandwidth monitor commands. --- op-mode-definitions/bandwidth-monitor.xml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 op-mode-definitions/bandwidth-monitor.xml diff --git a/op-mode-definitions/bandwidth-monitor.xml b/op-mode-definitions/bandwidth-monitor.xml new file mode 100644 index 000000000..a6ddcfd4b --- /dev/null +++ b/op-mode-definitions/bandwidth-monitor.xml @@ -0,0 +1,23 @@ + + + + + + + Monitor interface bandwidth in real time + + + + bmon -p $4 + + Monitor bandwidth usage on specified interface + + + + + + + + + + -- cgit v1.2.3 From 57cef15b33c6f69c061aee5a78b194bc07b27f9c Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Tue, 15 May 2018 04:51:31 +0200 Subject: T637, T638: add dependencies on tcpdump and bmon. --- debian/control | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/debian/control b/debian/control index 351715c07..9e49cc1a3 100644 --- a/debian/control +++ b/debian/control @@ -2,14 +2,24 @@ Source: vyos-1x Section: contrib/net Priority: extra Maintainer: VyOS Package Maintainers -Build-Depends: debhelper (>= 9), python3, python3-setuptools, quilt, - python3-lxml +Build-Depends: debhelper (>= 9), + quilt, + python3, + python3-setuptools, + quilt, + python3-lxml Standards-Version: 3.9.6 Package: vyos-1x Architecture: all -Depends: python3, ${python3:Depends}, python3-netifaces, - python3-jinja2, ipaddrcheck - ${shlibs:Depends}, ${misc:Depends} +Depends: python3, + ${python3:Depends}, + python3-netifaces, + python3-jinja2, + ipaddrcheck, + tcpdump, + bmon, + ${shlibs:Depends}, + ${misc:Depends} Description: VyOS configuration scripts and data VyOS configuration scripts, interface definitions, and everything -- cgit v1.2.3 From 922ce1a5a75732aed67a79b3b92f900376d649b3 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Tue, 15 May 2018 04:52:43 +0200 Subject: Add dependency on hvinfo, too. --- debian/control | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/control b/debian/control index 9e49cc1a3..77331b050 100644 --- a/debian/control +++ b/debian/control @@ -19,6 +19,7 @@ Depends: python3, ipaddrcheck, tcpdump, bmon, + hvinfo, ${shlibs:Depends}, ${misc:Depends} Description: VyOS configuration scripts and data -- cgit v1.2.3 From 89a4124bf68a1a361a32a6cb1f07d06ff2e160fa Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Tue, 15 May 2018 04:59:04 +0200 Subject: Dependencies on file and pystache, for install and show version scripts.. --- debian/control | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/control b/debian/control index 77331b050..c31c470e9 100644 --- a/debian/control +++ b/debian/control @@ -16,10 +16,12 @@ Depends: python3, ${python3:Depends}, python3-netifaces, python3-jinja2, + python3-pystache, ipaddrcheck, tcpdump, bmon, hvinfo, + file, ${shlibs:Depends}, ${misc:Depends} Description: VyOS configuration scripts and data -- cgit v1.2.3 From 30030cc0cc808b9a1c942e89e8698ee2b522b87f Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Tue, 15 May 2018 08:04:34 +0200 Subject: Do not try to decode data read from /sys files in the show version script, it's already an str. --- src/op-mode/vyos-show-version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/op-mode/vyos-show-version.py b/src/op-mode/vyos-show-version.py index 0990dd648..ce3b3b54f 100755 --- a/src/op-mode/vyos-show-version.py +++ b/src/op-mode/vyos-show-version.py @@ -41,7 +41,7 @@ def read_file(name): try: with open (name, "r") as f: data = f.read() - return data.decode().strip() + return data.strip() except: # This works since we only read /sys/class/* stuff # with this function -- cgit v1.2.3