From cccda3a0768680d1920e408afd44d96855a64e61 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 22 Aug 2021 09:52:04 +0200 Subject: xml: remove superfluous "interface" prefix from interface includes (cherry picked from commit 0a8a0188033d6b27c521f082fdddae9873dd5d3d) --- .../include/interface/arp-cache-timeout.xml.i | 16 +++++++++++ .../include/interface/description.xml.i | 11 ++++++++ .../include/interface/dial-on-demand.xml.i | 8 ++++++ .../include/interface/disable-arp-filter.xml.i | 8 ++++++ .../include/interface/disable-forwarding.xml.i | 8 ++++++ .../include/interface/disable-link-detect.xml.i | 8 ++++++ .../include/interface/disable.xml.i | 8 ++++++ .../include/interface/eapol.xml.i | 12 ++++++++ .../include/interface/enable-arp-accept.xml.i | 8 ++++++ .../include/interface/enable-arp-announce.xml.i | 8 ++++++ .../include/interface/enable-arp-ignore.xml.i | 8 ++++++ .../include/interface/enable-proxy-arp.xml.i | 8 ++++++ .../include/interface/hw-id.xml.i | 14 ++++++++++ .../interface/interface-arp-cache-timeout.xml.i | 16 ----------- .../include/interface/interface-description.xml.i | 11 -------- .../interface/interface-dial-on-demand.xml.i | 8 ------ .../interface/interface-disable-arp-filter.xml.i | 8 ------ .../interface/interface-disable-forwarding.xml.i | 8 ------ .../interface/interface-disable-link-detect.xml.i | 8 ------ .../include/interface/interface-disable.xml.i | 8 ------ .../include/interface/interface-eapol.xml.i | 12 -------- .../interface/interface-enable-arp-accept.xml.i | 8 ------ .../interface/interface-enable-arp-announce.xml.i | 8 ------ .../interface/interface-enable-arp-ignore.xml.i | 8 ------ .../interface/interface-enable-proxy-arp.xml.i | 8 ------ .../include/interface/interface-hw-id.xml.i | 14 ---------- .../include/interface/interface-ipv4-options.xml.i | 18 ------------ .../include/interface/interface-ipv6-options.xml.i | 12 -------- .../include/interface/interface-mac.xml.i | 14 ---------- .../include/interface/interface-mirror.xml.i | 25 ----------------- .../interface/interface-mtu-1200-16000.xml.i | 16 ----------- .../interface/interface-mtu-1450-16000.xml.i | 16 ----------- .../include/interface/interface-mtu-64-8024.xml.i | 16 ----------- .../include/interface/interface-mtu-68-1500.xml.i | 16 ----------- .../include/interface/interface-mtu-68-16000.xml.i | 16 ----------- .../interface/interface-parameters-flowlabel.xml.i | 16 ----------- .../interface/interface-parameters-key.xml.i | 15 ---------- .../interface/interface-parameters-tos.xml.i | 16 ----------- .../interface/interface-parameters-ttl.xml.i | 20 -------------- .../interface/interface-proxy-arp-pvlan.xml.i | 8 ------ .../interface/interface-source-validation.xml.i | 25 ----------------- .../include/interface/interface-vrf.xml.i | 14 ---------- .../include/interface/ipv4-options.xml.i | 18 ++++++++++++ .../include/interface/ipv6-options.xml.i | 12 ++++++++ interface-definitions/include/interface/mac.xml.i | 14 ++++++++++ .../include/interface/mirror.xml.i | 25 +++++++++++++++++ .../include/interface/mtu-1200-16000.xml.i | 16 +++++++++++ .../include/interface/mtu-1450-16000.xml.i | 16 +++++++++++ .../include/interface/mtu-64-8024.xml.i | 16 +++++++++++ .../include/interface/mtu-68-1500.xml.i | 16 +++++++++++ .../include/interface/mtu-68-16000.xml.i | 16 +++++++++++ .../include/interface/parameters-flowlabel.xml.i | 16 +++++++++++ .../include/interface/parameters-key.xml.i | 15 ++++++++++ .../include/interface/parameters-tos.xml.i | 16 +++++++++++ .../include/interface/parameters-ttl.xml.i | 20 ++++++++++++++ .../include/interface/proxy-arp-pvlan.xml.i | 8 ++++++ .../include/interface/source-validation.xml.i | 25 +++++++++++++++++ .../include/interface/vif-s.xml.i | 32 +++++++++++----------- interface-definitions/include/interface/vif.xml.i | 16 +++++------ interface-definitions/include/interface/vrf.xml.i | 14 ++++++++++ 60 files changed, 412 insertions(+), 412 deletions(-) create mode 100644 interface-definitions/include/interface/arp-cache-timeout.xml.i create mode 100644 interface-definitions/include/interface/description.xml.i create mode 100644 interface-definitions/include/interface/dial-on-demand.xml.i create mode 100644 interface-definitions/include/interface/disable-arp-filter.xml.i create mode 100644 interface-definitions/include/interface/disable-forwarding.xml.i create mode 100644 interface-definitions/include/interface/disable-link-detect.xml.i create mode 100644 interface-definitions/include/interface/disable.xml.i create mode 100644 interface-definitions/include/interface/eapol.xml.i create mode 100644 interface-definitions/include/interface/enable-arp-accept.xml.i create mode 100644 interface-definitions/include/interface/enable-arp-announce.xml.i create mode 100644 interface-definitions/include/interface/enable-arp-ignore.xml.i create mode 100644 interface-definitions/include/interface/enable-proxy-arp.xml.i create mode 100644 interface-definitions/include/interface/hw-id.xml.i delete mode 100644 interface-definitions/include/interface/interface-arp-cache-timeout.xml.i delete mode 100644 interface-definitions/include/interface/interface-description.xml.i delete mode 100644 interface-definitions/include/interface/interface-dial-on-demand.xml.i delete mode 100644 interface-definitions/include/interface/interface-disable-arp-filter.xml.i delete mode 100644 interface-definitions/include/interface/interface-disable-forwarding.xml.i delete mode 100644 interface-definitions/include/interface/interface-disable-link-detect.xml.i delete mode 100644 interface-definitions/include/interface/interface-disable.xml.i delete mode 100644 interface-definitions/include/interface/interface-eapol.xml.i delete mode 100644 interface-definitions/include/interface/interface-enable-arp-accept.xml.i delete mode 100644 interface-definitions/include/interface/interface-enable-arp-announce.xml.i delete mode 100644 interface-definitions/include/interface/interface-enable-arp-ignore.xml.i delete mode 100644 interface-definitions/include/interface/interface-enable-proxy-arp.xml.i delete mode 100644 interface-definitions/include/interface/interface-hw-id.xml.i delete mode 100644 interface-definitions/include/interface/interface-ipv4-options.xml.i delete mode 100644 interface-definitions/include/interface/interface-ipv6-options.xml.i delete mode 100644 interface-definitions/include/interface/interface-mac.xml.i delete mode 100644 interface-definitions/include/interface/interface-mirror.xml.i delete mode 100644 interface-definitions/include/interface/interface-mtu-1200-16000.xml.i delete mode 100644 interface-definitions/include/interface/interface-mtu-1450-16000.xml.i delete mode 100644 interface-definitions/include/interface/interface-mtu-64-8024.xml.i delete mode 100644 interface-definitions/include/interface/interface-mtu-68-1500.xml.i delete mode 100644 interface-definitions/include/interface/interface-mtu-68-16000.xml.i delete mode 100644 interface-definitions/include/interface/interface-parameters-flowlabel.xml.i delete mode 100644 interface-definitions/include/interface/interface-parameters-key.xml.i delete mode 100644 interface-definitions/include/interface/interface-parameters-tos.xml.i delete mode 100644 interface-definitions/include/interface/interface-parameters-ttl.xml.i delete mode 100644 interface-definitions/include/interface/interface-proxy-arp-pvlan.xml.i delete mode 100644 interface-definitions/include/interface/interface-source-validation.xml.i delete mode 100644 interface-definitions/include/interface/interface-vrf.xml.i create mode 100644 interface-definitions/include/interface/ipv4-options.xml.i create mode 100644 interface-definitions/include/interface/ipv6-options.xml.i create mode 100644 interface-definitions/include/interface/mac.xml.i create mode 100644 interface-definitions/include/interface/mirror.xml.i create mode 100644 interface-definitions/include/interface/mtu-1200-16000.xml.i create mode 100644 interface-definitions/include/interface/mtu-1450-16000.xml.i create mode 100644 interface-definitions/include/interface/mtu-64-8024.xml.i create mode 100644 interface-definitions/include/interface/mtu-68-1500.xml.i create mode 100644 interface-definitions/include/interface/mtu-68-16000.xml.i create mode 100644 interface-definitions/include/interface/parameters-flowlabel.xml.i create mode 100644 interface-definitions/include/interface/parameters-key.xml.i create mode 100644 interface-definitions/include/interface/parameters-tos.xml.i create mode 100644 interface-definitions/include/interface/parameters-ttl.xml.i create mode 100644 interface-definitions/include/interface/proxy-arp-pvlan.xml.i create mode 100644 interface-definitions/include/interface/source-validation.xml.i create mode 100644 interface-definitions/include/interface/vrf.xml.i (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/interface/arp-cache-timeout.xml.i b/interface-definitions/include/interface/arp-cache-timeout.xml.i new file mode 100644 index 000000000..b269fecd8 --- /dev/null +++ b/interface-definitions/include/interface/arp-cache-timeout.xml.i @@ -0,0 +1,16 @@ + + + + ARP cache entry timeout in seconds + + 1-86400 + ARP cache entry timout in seconds (default 30) + + + + + ARP cache entry timeout must be between 1 and 86400 seconds + + 30 + + diff --git a/interface-definitions/include/interface/description.xml.i b/interface-definitions/include/interface/description.xml.i new file mode 100644 index 000000000..d618b50d2 --- /dev/null +++ b/interface-definitions/include/interface/description.xml.i @@ -0,0 +1,11 @@ + + + + Interface specific description + + .{1,256}$ + + Description too long (limit 256 characters) + + + diff --git a/interface-definitions/include/interface/dial-on-demand.xml.i b/interface-definitions/include/interface/dial-on-demand.xml.i new file mode 100644 index 000000000..66edd9678 --- /dev/null +++ b/interface-definitions/include/interface/dial-on-demand.xml.i @@ -0,0 +1,8 @@ + + + + Establishment connection automatically when traffic is sent + + + + diff --git a/interface-definitions/include/interface/disable-arp-filter.xml.i b/interface-definitions/include/interface/disable-arp-filter.xml.i new file mode 100644 index 000000000..49cddaf76 --- /dev/null +++ b/interface-definitions/include/interface/disable-arp-filter.xml.i @@ -0,0 +1,8 @@ + + + + Disable ARP filter on this interface + + + + diff --git a/interface-definitions/include/interface/disable-forwarding.xml.i b/interface-definitions/include/interface/disable-forwarding.xml.i new file mode 100644 index 000000000..cb6ef0475 --- /dev/null +++ b/interface-definitions/include/interface/disable-forwarding.xml.i @@ -0,0 +1,8 @@ + + + + Disable IPv4 forwarding on this interface + + + + diff --git a/interface-definitions/include/interface/disable-link-detect.xml.i b/interface-definitions/include/interface/disable-link-detect.xml.i new file mode 100644 index 000000000..c528885b2 --- /dev/null +++ b/interface-definitions/include/interface/disable-link-detect.xml.i @@ -0,0 +1,8 @@ + + + + Ignore link state changes + + + + diff --git a/interface-definitions/include/interface/disable.xml.i b/interface-definitions/include/interface/disable.xml.i new file mode 100644 index 000000000..d90e6395b --- /dev/null +++ b/interface-definitions/include/interface/disable.xml.i @@ -0,0 +1,8 @@ + + + + Administratively disable interface + + + + diff --git a/interface-definitions/include/interface/eapol.xml.i b/interface-definitions/include/interface/eapol.xml.i new file mode 100644 index 000000000..92b7a3f35 --- /dev/null +++ b/interface-definitions/include/interface/eapol.xml.i @@ -0,0 +1,12 @@ + + + + Extensible Authentication Protocol over Local Area Network + + + #include + #include + #include + + + diff --git a/interface-definitions/include/interface/enable-arp-accept.xml.i b/interface-definitions/include/interface/enable-arp-accept.xml.i new file mode 100644 index 000000000..7c5d51857 --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-accept.xml.i @@ -0,0 +1,8 @@ + + + + Enable ARP accept on this interface + + + + diff --git a/interface-definitions/include/interface/enable-arp-announce.xml.i b/interface-definitions/include/interface/enable-arp-announce.xml.i new file mode 100644 index 000000000..f44599c54 --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-announce.xml.i @@ -0,0 +1,8 @@ + + + + Enable ARP announce on this interface + + + + diff --git a/interface-definitions/include/interface/enable-arp-ignore.xml.i b/interface-definitions/include/interface/enable-arp-ignore.xml.i new file mode 100644 index 000000000..3ea39613c --- /dev/null +++ b/interface-definitions/include/interface/enable-arp-ignore.xml.i @@ -0,0 +1,8 @@ + + + + Enable ARP ignore on this interface + + + + diff --git a/interface-definitions/include/interface/enable-proxy-arp.xml.i b/interface-definitions/include/interface/enable-proxy-arp.xml.i new file mode 100644 index 000000000..dbdeeb7a7 --- /dev/null +++ b/interface-definitions/include/interface/enable-proxy-arp.xml.i @@ -0,0 +1,8 @@ + + + + Enable proxy-arp on this interface + + + + diff --git a/interface-definitions/include/interface/hw-id.xml.i b/interface-definitions/include/interface/hw-id.xml.i new file mode 100644 index 000000000..989cd9cb7 --- /dev/null +++ b/interface-definitions/include/interface/hw-id.xml.i @@ -0,0 +1,14 @@ + + + + Associate Ethernet Interface with given Media Access Control (MAC) address + + macaddr + Hardware (MAC) address + + + + + + + diff --git a/interface-definitions/include/interface/interface-arp-cache-timeout.xml.i b/interface-definitions/include/interface/interface-arp-cache-timeout.xml.i deleted file mode 100644 index b269fecd8..000000000 --- a/interface-definitions/include/interface/interface-arp-cache-timeout.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - ARP cache entry timeout in seconds - - 1-86400 - ARP cache entry timout in seconds (default 30) - - - - - ARP cache entry timeout must be between 1 and 86400 seconds - - 30 - - diff --git a/interface-definitions/include/interface/interface-description.xml.i b/interface-definitions/include/interface/interface-description.xml.i deleted file mode 100644 index d618b50d2..000000000 --- a/interface-definitions/include/interface/interface-description.xml.i +++ /dev/null @@ -1,11 +0,0 @@ - - - - Interface specific description - - .{1,256}$ - - Description too long (limit 256 characters) - - - diff --git a/interface-definitions/include/interface/interface-dial-on-demand.xml.i b/interface-definitions/include/interface/interface-dial-on-demand.xml.i deleted file mode 100644 index 66edd9678..000000000 --- a/interface-definitions/include/interface/interface-dial-on-demand.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Establishment connection automatically when traffic is sent - - - - diff --git a/interface-definitions/include/interface/interface-disable-arp-filter.xml.i b/interface-definitions/include/interface/interface-disable-arp-filter.xml.i deleted file mode 100644 index 49cddaf76..000000000 --- a/interface-definitions/include/interface/interface-disable-arp-filter.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Disable ARP filter on this interface - - - - diff --git a/interface-definitions/include/interface/interface-disable-forwarding.xml.i b/interface-definitions/include/interface/interface-disable-forwarding.xml.i deleted file mode 100644 index cb6ef0475..000000000 --- a/interface-definitions/include/interface/interface-disable-forwarding.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Disable IPv4 forwarding on this interface - - - - diff --git a/interface-definitions/include/interface/interface-disable-link-detect.xml.i b/interface-definitions/include/interface/interface-disable-link-detect.xml.i deleted file mode 100644 index c528885b2..000000000 --- a/interface-definitions/include/interface/interface-disable-link-detect.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Ignore link state changes - - - - diff --git a/interface-definitions/include/interface/interface-disable.xml.i b/interface-definitions/include/interface/interface-disable.xml.i deleted file mode 100644 index d90e6395b..000000000 --- a/interface-definitions/include/interface/interface-disable.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Administratively disable interface - - - - diff --git a/interface-definitions/include/interface/interface-eapol.xml.i b/interface-definitions/include/interface/interface-eapol.xml.i deleted file mode 100644 index 92b7a3f35..000000000 --- a/interface-definitions/include/interface/interface-eapol.xml.i +++ /dev/null @@ -1,12 +0,0 @@ - - - - Extensible Authentication Protocol over Local Area Network - - - #include - #include - #include - - - diff --git a/interface-definitions/include/interface/interface-enable-arp-accept.xml.i b/interface-definitions/include/interface/interface-enable-arp-accept.xml.i deleted file mode 100644 index 7c5d51857..000000000 --- a/interface-definitions/include/interface/interface-enable-arp-accept.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Enable ARP accept on this interface - - - - diff --git a/interface-definitions/include/interface/interface-enable-arp-announce.xml.i b/interface-definitions/include/interface/interface-enable-arp-announce.xml.i deleted file mode 100644 index f44599c54..000000000 --- a/interface-definitions/include/interface/interface-enable-arp-announce.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Enable ARP announce on this interface - - - - diff --git a/interface-definitions/include/interface/interface-enable-arp-ignore.xml.i b/interface-definitions/include/interface/interface-enable-arp-ignore.xml.i deleted file mode 100644 index 3ea39613c..000000000 --- a/interface-definitions/include/interface/interface-enable-arp-ignore.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Enable ARP ignore on this interface - - - - diff --git a/interface-definitions/include/interface/interface-enable-proxy-arp.xml.i b/interface-definitions/include/interface/interface-enable-proxy-arp.xml.i deleted file mode 100644 index dbdeeb7a7..000000000 --- a/interface-definitions/include/interface/interface-enable-proxy-arp.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Enable proxy-arp on this interface - - - - diff --git a/interface-definitions/include/interface/interface-hw-id.xml.i b/interface-definitions/include/interface/interface-hw-id.xml.i deleted file mode 100644 index 989cd9cb7..000000000 --- a/interface-definitions/include/interface/interface-hw-id.xml.i +++ /dev/null @@ -1,14 +0,0 @@ - - - - Associate Ethernet Interface with given Media Access Control (MAC) address - - macaddr - Hardware (MAC) address - - - - - - - diff --git a/interface-definitions/include/interface/interface-ipv4-options.xml.i b/interface-definitions/include/interface/interface-ipv4-options.xml.i deleted file mode 100644 index c2d0677b7..000000000 --- a/interface-definitions/include/interface/interface-ipv4-options.xml.i +++ /dev/null @@ -1,18 +0,0 @@ - - - - IPv4 routing parameters - - - #include - #include - #include - #include - #include - #include - #include - #include - #include - - - diff --git a/interface-definitions/include/interface/interface-ipv6-options.xml.i b/interface-definitions/include/interface/interface-ipv6-options.xml.i deleted file mode 100644 index dcd5a8710..000000000 --- a/interface-definitions/include/interface/interface-ipv6-options.xml.i +++ /dev/null @@ -1,12 +0,0 @@ - - - - IPv6 routing parameters - - - #include - #include - #include - - - diff --git a/interface-definitions/include/interface/interface-mac.xml.i b/interface-definitions/include/interface/interface-mac.xml.i deleted file mode 100644 index d7107ad23..000000000 --- a/interface-definitions/include/interface/interface-mac.xml.i +++ /dev/null @@ -1,14 +0,0 @@ - - - - Media Access Control (MAC) address - - macaddr - Hardware (MAC) address - - - - - - - diff --git a/interface-definitions/include/interface/interface-mirror.xml.i b/interface-definitions/include/interface/interface-mirror.xml.i deleted file mode 100644 index b3b45fb43..000000000 --- a/interface-definitions/include/interface/interface-mirror.xml.i +++ /dev/null @@ -1,25 +0,0 @@ - - - - Incoming/outgoing packet mirroring destination - - - - - Mirror the ingress traffic of the interface to the destination interface - - - - - - - - Mirror the egress traffic of the interface to the destination interface - - - - - - - - diff --git a/interface-definitions/include/interface/interface-mtu-1200-16000.xml.i b/interface-definitions/include/interface/interface-mtu-1200-16000.xml.i deleted file mode 100644 index 3241ba912..000000000 --- a/interface-definitions/include/interface/interface-mtu-1200-16000.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Maximum Transmission Unit (MTU) - - 1200-16000 - Maximum Transmission Unit in byte - - - - - MTU must be between 1200 and 16000 - - 1500 - - diff --git a/interface-definitions/include/interface/interface-mtu-1450-16000.xml.i b/interface-definitions/include/interface/interface-mtu-1450-16000.xml.i deleted file mode 100644 index 0a35bbbaa..000000000 --- a/interface-definitions/include/interface/interface-mtu-1450-16000.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Maximum Transmission Unit (MTU) - - 1450-16000 - Maximum Transmission Unit in byte - - - - - MTU must be between 1450 and 16000 - - 1500 - - diff --git a/interface-definitions/include/interface/interface-mtu-64-8024.xml.i b/interface-definitions/include/interface/interface-mtu-64-8024.xml.i deleted file mode 100644 index f75de02ba..000000000 --- a/interface-definitions/include/interface/interface-mtu-64-8024.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Maximum Transmission Unit (MTU) - - 64-8024 - Maximum Transmission Unit in byte - - - - - MTU must be between 64 and 8024 - - 1500 - - diff --git a/interface-definitions/include/interface/interface-mtu-68-1500.xml.i b/interface-definitions/include/interface/interface-mtu-68-1500.xml.i deleted file mode 100644 index 9e6fe8760..000000000 --- a/interface-definitions/include/interface/interface-mtu-68-1500.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Maximum Transmission Unit (MTU) - - 68-1500 - Maximum Transmission Unit in byte - - - - - MTU must be between 68 and 1500 - - 1500 - - diff --git a/interface-definitions/include/interface/interface-mtu-68-16000.xml.i b/interface-definitions/include/interface/interface-mtu-68-16000.xml.i deleted file mode 100644 index 83af7bbd4..000000000 --- a/interface-definitions/include/interface/interface-mtu-68-16000.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Maximum Transmission Unit (MTU) - - 68-16000 - Maximum Transmission Unit in byte - - - - - MTU must be between 68 and 16000 - - 1500 - - diff --git a/interface-definitions/include/interface/interface-parameters-flowlabel.xml.i b/interface-definitions/include/interface/interface-parameters-flowlabel.xml.i deleted file mode 100644 index f5e868a64..000000000 --- a/interface-definitions/include/interface/interface-parameters-flowlabel.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Specifies the flow label to use in outgoing packets - - 0x0-0x0FFFFF - Tunnel key, 'inherit' or hex value - - - ^((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit)$ - - Must be 'inherit' or a number - - inherit - - diff --git a/interface-definitions/include/interface/interface-parameters-key.xml.i b/interface-definitions/include/interface/interface-parameters-key.xml.i deleted file mode 100644 index 1b1d67174..000000000 --- a/interface-definitions/include/interface/interface-parameters-key.xml.i +++ /dev/null @@ -1,15 +0,0 @@ - - - - Tunnel key - - u32 - Tunnel key - - - - - key must be between 0-4294967295 - - - diff --git a/interface-definitions/include/interface/interface-parameters-tos.xml.i b/interface-definitions/include/interface/interface-parameters-tos.xml.i deleted file mode 100644 index 83b4e0671..000000000 --- a/interface-definitions/include/interface/interface-parameters-tos.xml.i +++ /dev/null @@ -1,16 +0,0 @@ - - - - Specifies TOS value to use in outgoing packets - - 0-99 - Type of Service (TOS) - - - - - TOS must be between 0 and 99 - - inherit - - diff --git a/interface-definitions/include/interface/interface-parameters-ttl.xml.i b/interface-definitions/include/interface/interface-parameters-ttl.xml.i deleted file mode 100644 index 21a5e5cd9..000000000 --- a/interface-definitions/include/interface/interface-parameters-ttl.xml.i +++ /dev/null @@ -1,20 +0,0 @@ - - - - Specifies TTL value to use in outgoing packets - - 0 - Copy value from original IP header - - - 1-255 - Time to Live - - - - - TTL must be between 0 and 255 - - 0 - - diff --git a/interface-definitions/include/interface/interface-proxy-arp-pvlan.xml.i b/interface-definitions/include/interface/interface-proxy-arp-pvlan.xml.i deleted file mode 100644 index 153dfc072..000000000 --- a/interface-definitions/include/interface/interface-proxy-arp-pvlan.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Enable private VLAN proxy ARP on this interface - - - - diff --git a/interface-definitions/include/interface/interface-source-validation.xml.i b/interface-definitions/include/interface/interface-source-validation.xml.i deleted file mode 100644 index 70914f2e9..000000000 --- a/interface-definitions/include/interface/interface-source-validation.xml.i +++ /dev/null @@ -1,25 +0,0 @@ - - - - Source validation by reversed path (RFC3704) - - strict loose disable - - - strict - Enable Strict Reverse Path Forwarding as defined in RFC3704 - - - loose - Enable Loose Reverse Path Forwarding as defined in RFC3704 - - - disable - No source validation - - - ^(strict|loose|disable)$ - - - - diff --git a/interface-definitions/include/interface/interface-vrf.xml.i b/interface-definitions/include/interface/interface-vrf.xml.i deleted file mode 100644 index ef6ca1241..000000000 --- a/interface-definitions/include/interface/interface-vrf.xml.i +++ /dev/null @@ -1,14 +0,0 @@ - - - - VRF instance name - - text - VRF instance name - - - vrf name - - - - diff --git a/interface-definitions/include/interface/ipv4-options.xml.i b/interface-definitions/include/interface/ipv4-options.xml.i new file mode 100644 index 000000000..5a45487c5 --- /dev/null +++ b/interface-definitions/include/interface/ipv4-options.xml.i @@ -0,0 +1,18 @@ + + + + IPv4 routing parameters + + + #include + #include + #include + #include + #include + #include + #include + #include + #include + + + diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i new file mode 100644 index 000000000..dcd5a8710 --- /dev/null +++ b/interface-definitions/include/interface/ipv6-options.xml.i @@ -0,0 +1,12 @@ + + + + IPv6 routing parameters + + + #include + #include + #include + + + diff --git a/interface-definitions/include/interface/mac.xml.i b/interface-definitions/include/interface/mac.xml.i new file mode 100644 index 000000000..d7107ad23 --- /dev/null +++ b/interface-definitions/include/interface/mac.xml.i @@ -0,0 +1,14 @@ + + + + Media Access Control (MAC) address + + macaddr + Hardware (MAC) address + + + + + + + diff --git a/interface-definitions/include/interface/mirror.xml.i b/interface-definitions/include/interface/mirror.xml.i new file mode 100644 index 000000000..b3b45fb43 --- /dev/null +++ b/interface-definitions/include/interface/mirror.xml.i @@ -0,0 +1,25 @@ + + + + Incoming/outgoing packet mirroring destination + + + + + Mirror the ingress traffic of the interface to the destination interface + + + + + + + + Mirror the egress traffic of the interface to the destination interface + + + + + + + + diff --git a/interface-definitions/include/interface/mtu-1200-16000.xml.i b/interface-definitions/include/interface/mtu-1200-16000.xml.i new file mode 100644 index 000000000..3241ba912 --- /dev/null +++ b/interface-definitions/include/interface/mtu-1200-16000.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + 1200-16000 + Maximum Transmission Unit in byte + + + + + MTU must be between 1200 and 16000 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-1450-16000.xml.i b/interface-definitions/include/interface/mtu-1450-16000.xml.i new file mode 100644 index 000000000..0a35bbbaa --- /dev/null +++ b/interface-definitions/include/interface/mtu-1450-16000.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + 1450-16000 + Maximum Transmission Unit in byte + + + + + MTU must be between 1450 and 16000 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-64-8024.xml.i b/interface-definitions/include/interface/mtu-64-8024.xml.i new file mode 100644 index 000000000..f75de02ba --- /dev/null +++ b/interface-definitions/include/interface/mtu-64-8024.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + 64-8024 + Maximum Transmission Unit in byte + + + + + MTU must be between 64 and 8024 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-68-1500.xml.i b/interface-definitions/include/interface/mtu-68-1500.xml.i new file mode 100644 index 000000000..9e6fe8760 --- /dev/null +++ b/interface-definitions/include/interface/mtu-68-1500.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + 68-1500 + Maximum Transmission Unit in byte + + + + + MTU must be between 68 and 1500 + + 1500 + + diff --git a/interface-definitions/include/interface/mtu-68-16000.xml.i b/interface-definitions/include/interface/mtu-68-16000.xml.i new file mode 100644 index 000000000..83af7bbd4 --- /dev/null +++ b/interface-definitions/include/interface/mtu-68-16000.xml.i @@ -0,0 +1,16 @@ + + + + Maximum Transmission Unit (MTU) + + 68-16000 + Maximum Transmission Unit in byte + + + + + MTU must be between 68 and 16000 + + 1500 + + diff --git a/interface-definitions/include/interface/parameters-flowlabel.xml.i b/interface-definitions/include/interface/parameters-flowlabel.xml.i new file mode 100644 index 000000000..f5e868a64 --- /dev/null +++ b/interface-definitions/include/interface/parameters-flowlabel.xml.i @@ -0,0 +1,16 @@ + + + + Specifies the flow label to use in outgoing packets + + 0x0-0x0FFFFF + Tunnel key, 'inherit' or hex value + + + ^((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit)$ + + Must be 'inherit' or a number + + inherit + + diff --git a/interface-definitions/include/interface/parameters-key.xml.i b/interface-definitions/include/interface/parameters-key.xml.i new file mode 100644 index 000000000..1b1d67174 --- /dev/null +++ b/interface-definitions/include/interface/parameters-key.xml.i @@ -0,0 +1,15 @@ + + + + Tunnel key + + u32 + Tunnel key + + + + + key must be between 0-4294967295 + + + diff --git a/interface-definitions/include/interface/parameters-tos.xml.i b/interface-definitions/include/interface/parameters-tos.xml.i new file mode 100644 index 000000000..83b4e0671 --- /dev/null +++ b/interface-definitions/include/interface/parameters-tos.xml.i @@ -0,0 +1,16 @@ + + + + Specifies TOS value to use in outgoing packets + + 0-99 + Type of Service (TOS) + + + + + TOS must be between 0 and 99 + + inherit + + diff --git a/interface-definitions/include/interface/parameters-ttl.xml.i b/interface-definitions/include/interface/parameters-ttl.xml.i new file mode 100644 index 000000000..21a5e5cd9 --- /dev/null +++ b/interface-definitions/include/interface/parameters-ttl.xml.i @@ -0,0 +1,20 @@ + + + + Specifies TTL value to use in outgoing packets + + 0 + Copy value from original IP header + + + 1-255 + Time to Live + + + + + TTL must be between 0 and 255 + + 0 + + diff --git a/interface-definitions/include/interface/proxy-arp-pvlan.xml.i b/interface-definitions/include/interface/proxy-arp-pvlan.xml.i new file mode 100644 index 000000000..153dfc072 --- /dev/null +++ b/interface-definitions/include/interface/proxy-arp-pvlan.xml.i @@ -0,0 +1,8 @@ + + + + Enable private VLAN proxy ARP on this interface + + + + diff --git a/interface-definitions/include/interface/source-validation.xml.i b/interface-definitions/include/interface/source-validation.xml.i new file mode 100644 index 000000000..70914f2e9 --- /dev/null +++ b/interface-definitions/include/interface/source-validation.xml.i @@ -0,0 +1,25 @@ + + + + Source validation by reversed path (RFC3704) + + strict loose disable + + + strict + Enable Strict Reverse Path Forwarding as defined in RFC3704 + + + loose + Enable Loose Reverse Path Forwarding as defined in RFC3704 + + + disable + No source validation + + + ^(strict|loose|disable)$ + + + + diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i index 85885c153..a3193e77b 100644 --- a/interface-definitions/include/interface/vif-s.xml.i +++ b/interface-definitions/include/interface/vif-s.xml.i @@ -9,11 +9,11 @@ #include - #include + #include #include #include - #include - #include + #include + #include Protocol used for service VLAN (default: 802.1ad) @@ -35,10 +35,10 @@ 802.1ad - #include - #include - #include - #include + #include + #include + #include + #include QinQ TAG-C Virtual Local Area Network (VLAN) ID @@ -49,19 +49,19 @@ #include - #include + #include #include #include - #include - #include - #include - #include - #include - #include - #include + #include + #include + #include + #include + #include + #include + #include - #include + #include diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i index 4e7aeb0f9..f58fbff84 100644 --- a/interface-definitions/include/interface/vif.xml.i +++ b/interface-definitions/include/interface/vif.xml.i @@ -13,12 +13,12 @@ #include - #include + #include #include #include - #include - #include - #include + #include + #include + #include VLAN egress QoS @@ -43,10 +43,10 @@ QoS mapping should be in the format of '0:7 2:3' with numbers 0-9 - #include - #include - #include - #include + #include + #include + #include + #include diff --git a/interface-definitions/include/interface/vrf.xml.i b/interface-definitions/include/interface/vrf.xml.i new file mode 100644 index 000000000..ef6ca1241 --- /dev/null +++ b/interface-definitions/include/interface/vrf.xml.i @@ -0,0 +1,14 @@ + + + + VRF instance name + + text + VRF instance name + + + vrf name + + + + -- cgit v1.2.3 From 42d4a9731baa95064d2de299233e98d841f4976e Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 19 Aug 2021 20:24:39 +0200 Subject: xml: interfaces: use one common building block for "disable-forwarding" Both building blocks only differed in the help text, so use IP for both IPv4 and IPv6. (cherry picked from commit 0e751221d0832acac807e7f0bc97d7bb31230c3a) --- interface-definitions/include/interface/disable-forwarding.xml.i | 2 +- .../include/interface/ipv6-disable-forwarding.xml.i | 8 -------- interface-definitions/include/interface/ipv6-options.xml.i | 2 +- 3 files changed, 2 insertions(+), 10 deletions(-) delete mode 100644 interface-definitions/include/interface/ipv6-disable-forwarding.xml.i (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/interface/disable-forwarding.xml.i b/interface-definitions/include/interface/disable-forwarding.xml.i index cb6ef0475..cee9d2a8d 100644 --- a/interface-definitions/include/interface/disable-forwarding.xml.i +++ b/interface-definitions/include/interface/disable-forwarding.xml.i @@ -1,7 +1,7 @@ - Disable IPv4 forwarding on this interface + Disable IP forwarding on this interface diff --git a/interface-definitions/include/interface/ipv6-disable-forwarding.xml.i b/interface-definitions/include/interface/ipv6-disable-forwarding.xml.i deleted file mode 100644 index 4adb77d1b..000000000 --- a/interface-definitions/include/interface/ipv6-disable-forwarding.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Disable IPv6 forwarding on this interface - - - - diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i index dcd5a8710..a5b40c789 100644 --- a/interface-definitions/include/interface/ipv6-options.xml.i +++ b/interface-definitions/include/interface/ipv6-options.xml.i @@ -4,8 +4,8 @@ IPv6 routing parameters + #include #include - #include #include -- cgit v1.2.3 From ac89b13201ae4943a33b1f400e94a3d817a2ec0b Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 21 Aug 2021 11:35:07 +0200 Subject: pppoe: T1318: implement missing access-concentrator CLI option (cherry picked from commit b121ee14ff1961b56568b0116de3c246ea4af934) --- data/templates/pppoe/peer.tmpl | 16 ++++++++-------- .../include/pppoe-access-concentrator.xml.i | 11 +++++++++++ interface-definitions/interfaces-pppoe.xml.in | 12 ++---------- interface-definitions/service_pppoe-server.xml.in | 10 ++-------- 4 files changed, 23 insertions(+), 26 deletions(-) create mode 100644 interface-definitions/include/pppoe-access-concentrator.xml.i (limited to 'interface-definitions/include') diff --git a/data/templates/pppoe/peer.tmpl b/data/templates/pppoe/peer.tmpl index 0f78f9384..818f40745 100644 --- a/data/templates/pppoe/peer.tmpl +++ b/data/templates/pppoe/peer.tmpl @@ -1,8 +1,5 @@ ### Autogenerated by interfaces-pppoe.py ### - -{% if description %} -# {{ description }} -{% endif %} +{{ '# ' ~ description if description is defined else '' }} # Require peer to provide the local IP address if it is not # specified explicitly in the config file. @@ -38,6 +35,13 @@ noproxyarp maxfail 0 plugin rp-pppoe.so +{% if access_concentrator is defined and access_concentrator is not none %} +rp_pppoe_ac '{{ access_concentrator }}' +{% endif %} +{% if service_name is defined and service_name is not none %} +rp_pppoe_service '{{ service_name }}' +{% endif %} + {{ source_interface }} persist ifname {{ ifname }} @@ -60,10 +64,6 @@ ipv6cp-use-ipaddr {% endif %} {% endif %} -{% if service_name is defined %} -rp_pppoe_service "{{ service_name }}" -{% endif %} - {% if connect_on_demand is defined %} demand # See T2249. PPP default route options should only be set when in on-demand diff --git a/interface-definitions/include/pppoe-access-concentrator.xml.i b/interface-definitions/include/pppoe-access-concentrator.xml.i new file mode 100644 index 000000000..ccfcc1c49 --- /dev/null +++ b/interface-definitions/include/pppoe-access-concentrator.xml.i @@ -0,0 +1,11 @@ + + + + Access concentrator name + + [a-zA-Z0-9]{1,100} + + Access-concentrator name must be alphanumerical only (max. 100 characters) + + + diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in index 1bbfa63af..4792e4b94 100644 --- a/interface-definitions/interfaces-pppoe.xml.in +++ b/interface-definitions/interfaces-pppoe.xml.in @@ -16,15 +16,7 @@ - - - Access concentrator name (only connect to this concentrator) - - [a-zA-Z0-9]+$ - - Access concentrator name must be composed of uppper and lower case letters or numbers only - - + #include #include #include @@ -136,7 +128,7 @@ [a-zA-Z0-9]+$ - Service name must be composed of uppper and lower case letters or numbers only + Service name must be alphanumeric only diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 9d3420ed2..037a18e1d 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -8,14 +8,8 @@ 900 + #include - - Access concentrator name - - [a-zA-Z0-9]{1,100} - - access-concentrator name limited to alphanumerical characters only (max. 100) - vyos-ac @@ -129,7 +123,7 @@ [a-zA-Z0-9\-]{1,100} - servicename can contain aplhanumerical characters and dashes only (max. 100) + Service-name can contain aplhanumerical characters and dashes only (max. 100) -- cgit v1.2.3 From e4db4a23ff94a77bb62a40580018d4c884a13e12 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 25 Aug 2021 21:20:30 +0200 Subject: isis: T3779: backport entire 1.4 (current) featureset As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4 (required by T3417) it makes sense to synchronize the CLI configuration for both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse the userbase already with a brand new feature. As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards, this is the perfect time. --- data/templates/frr/isisd.frr.tmpl | 72 +- data/templates/frr/route-map.frr.tmpl | 5 + interface-definitions/include/bfd.xml.i | 8 + .../include/isis-redistribute-ipv4.xml.i | 56 -- .../include/isis/default-information-level.xml.i | 32 + interface-definitions/include/isis/metric.xml.i | 14 + interface-definitions/include/isis/passive.xml.i | 8 + .../include/isis/protocol-common-config.xml.i | 769 ++++++++++++++++++++ .../include/isis/redistribute-level-1-2.xml.i | 20 + interface-definitions/include/route-map.xml.i | 18 + interface-definitions/protocols-isis.xml.in | 772 +-------------------- smoketest/configs/isis-small | 105 +++ smoketest/scripts/cli/test_protocols_isis.py | 170 +++++ src/conf_mode/protocols_isis.py | 263 ++++--- src/migration-scripts/isis/0-to-1 | 59 ++ 15 files changed, 1412 insertions(+), 959 deletions(-) create mode 100644 data/templates/frr/route-map.frr.tmpl create mode 100644 interface-definitions/include/bfd.xml.i delete mode 100644 interface-definitions/include/isis-redistribute-ipv4.xml.i create mode 100644 interface-definitions/include/isis/default-information-level.xml.i create mode 100644 interface-definitions/include/isis/metric.xml.i create mode 100644 interface-definitions/include/isis/passive.xml.i create mode 100644 interface-definitions/include/isis/protocol-common-config.xml.i create mode 100644 interface-definitions/include/isis/redistribute-level-1-2.xml.i create mode 100644 interface-definitions/include/route-map.xml.i create mode 100644 smoketest/configs/isis-small create mode 100755 smoketest/scripts/cli/test_protocols_isis.py create mode 100755 src/migration-scripts/isis/0-to-1 (limited to 'interface-definitions/include') diff --git a/data/templates/frr/isisd.frr.tmpl b/data/templates/frr/isisd.frr.tmpl index 8a813d9cb..6cfa076d0 100644 --- a/data/templates/frr/isisd.frr.tmpl +++ b/data/templates/frr/isisd.frr.tmpl @@ -1,5 +1,5 @@ ! -router isis {{ process }} +router isis VyOS {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} net {{ net }} {% if dynamic_hostname is defined %} hostname dynamic @@ -13,8 +13,15 @@ router isis {{ process }} {% if set_overload_bit is defined %} set-overload-bit {% endif %} -{% if domain_password is defined and domain_password.plaintext_password is defined and domain_password.plaintext_password is not none %} +{% if domain_password is defined and domain_password is not none %} +{% if domain_password.md5 is defined and domain_password.md5 is not none %} + domain-password md5 {{ domain_password.plaintext_password }} +{% elif domain_password.plaintext_password is defined and domain_password.plaintext_password is not none %} domain-password clear {{ domain_password.plaintext_password }} +{% endif %} +{% endif %} +{% if log_adjacency_changes is defined %} + log-adjacency-changes {% endif %} {% if lsp_gen_interval is defined and lsp_gen_interval is not none %} lsp-gen-interval {{ lsp_gen_interval }} @@ -95,47 +102,61 @@ router isis {{ process }} {% if spf_delay_ietf is defined and spf_delay_ietf.init_delay is defined and spf_delay_ietf.init_delay is not none %} spf-delay-ietf init-delay {{ spf_delay_ietf.init_delay }} {% endif %} -{% if area_password is defined and area_password.md5 is defined and area_password.md5 is not none %} +{% if area_password is defined and area_password is not none %} +{% if area_password.md5 is defined and area_password.md5 is not none %} area-password md5 {{ area_password.md5 }} -{% elif area_password is defined and area_password.plaintext_password is defined and area_password.plaintext_password is not none %} +{% elif area_password.plaintext_password is defined and area_password.plaintext_password is not none %} area-password clear {{ area_password.plaintext_password }} +{% endif %} {% endif %} {% if default_information is defined and default_information.originate is defined and default_information.originate is not none %} -{% for level in default_information.originate.ipv4 if default_information.originate.ipv4 is defined %} - default-information originate ipv4 {{ level | replace('_', '-') }} -{% endfor %} -{% for level in default_information.originate.ipv6 if default_information.originate.ipv6 is defined %} - default-information originate ipv6 {{ level | replace('_', '-') }} always +{% for afi, afi_config in default_information.originate.items() %} +{% for level, level_config in afi_config.items() %} + default-information originate {{ afi }} {{ level | replace('_', '-') }} {{ 'always' if level_config.always is defined }} {{ 'route-map ' ~ level_config.route_map if level_config.route_map is defined }} {{ 'metric ' ~ level_config.metric if level_config.metric is defined }} +{% endfor %} {% endfor %} {% endif %} -{% if redistribute is defined and redistribute.ipv4 is defined and redistribute.ipv4 is not none %} -{% for protocol in redistribute.ipv4 %} -{% for level, level_config in redistribute.ipv4[protocol].items() %} -{% if level_config.metric is defined and level_config.metric is not none %} +{% if redistribute is defined %} +{% if redistribute.ipv4 is defined and redistribute.ipv4 is not none %} +{% for protocol, protocol_options in redistribute.ipv4.items() %} +{% for level, level_config in protocol_options.items() %} +{% if level_config.metric is defined and level_config.metric is not none %} redistribute ipv4 {{ protocol }} {{ level | replace('_', '-') }} metric {{ level_config.metric }} -{% elif level_config.route_map is defined and level_config.route_map is not none %} +{% elif level_config.route_map is defined and level_config.route_map is not none %} redistribute ipv4 {{ protocol }} {{ level | replace('_', '-') }} route-map {{ level_config.route_map }} -{% else %} +{% else %} redistribute ipv4 {{ protocol }} {{ level | replace('_', '-') }} -{% endif %} +{% endif %} +{% endfor %} {% endfor %} -{% endfor %} +{% endif %} +{% if redistribute.ipv6 is defined and redistribute.ipv6 is not none %} +{% for protocol, protocol_options in redistribute.ipv6.items() %} +{% for level, level_config in protocol_options.items() %} +{% if level_config.metric is defined and level_config.metric is not none %} + redistribute ipv6 {{ protocol }} {{ level | replace('_', '-') }} metric {{ level_config.metric }} +{% elif level_config.route_map is defined and level_config.route_map is not none %} + redistribute ipv6 {{ protocol }} {{ level | replace('_', '-') }} route-map {{ level_config.route_map }} +{% else %} + redistribute ipv6 {{ protocol }} {{ level | replace('_', '-') }} +{% endif %} +{% endfor %} +{% endfor %} +{% endif %} {% endif %} {% if level is defined and level is not none %} -{% if level == 'level-1' %} - is-type level-1 -{% elif level == 'level-2' %} +{% if level == 'level-2' %} is-type level-2-only -{% elif level == 'level-1-2' %} - is-type level-1-2 +{% else %} + is-type {{ level }} {% endif %} {% endif %} ! {% if interface is defined and interface is not none %} {% for iface, iface_config in interface.items() %} -interface {{ iface }} - ip router isis {{ process }} - ipv6 router isis {{ process }} +interface {{ iface }} {{ 'vrf ' + vrf if vrf is defined and vrf is not none }} + ip router isis VyOS + ipv6 router isis VyOS {% if iface_config.bfd is defined %} isis bfd {% endif %} @@ -174,3 +195,4 @@ interface {{ iface }} {% endif %} {% endfor %} {% endif %} +! \ No newline at end of file diff --git a/data/templates/frr/route-map.frr.tmpl b/data/templates/frr/route-map.frr.tmpl new file mode 100644 index 000000000..6b33cc126 --- /dev/null +++ b/data/templates/frr/route-map.frr.tmpl @@ -0,0 +1,5 @@ +! +{% if route_map is defined and route_map is not none %} +ip protocol {{ protocol }} route-map {{ route_map }} +{% endif %} +! diff --git a/interface-definitions/include/bfd.xml.i b/interface-definitions/include/bfd.xml.i new file mode 100644 index 000000000..2bc3664e1 --- /dev/null +++ b/interface-definitions/include/bfd.xml.i @@ -0,0 +1,8 @@ + + + + Enable Bidirectional Forwarding Detection (BFD) + + + + diff --git a/interface-definitions/include/isis-redistribute-ipv4.xml.i b/interface-definitions/include/isis-redistribute-ipv4.xml.i deleted file mode 100644 index 774086a81..000000000 --- a/interface-definitions/include/isis-redistribute-ipv4.xml.i +++ /dev/null @@ -1,56 +0,0 @@ - - - - Redistribute into level-1 - - - - - Metric for redistributed routes - - u32:0-16777215 - ISIS default metric - - - - - - - - - Route map reference - - policy route-map - - - - - - - - Redistribute into level-2 - - - - - Metric for redistributed routes - - u32:0-16777215 - ISIS default metric - - - - - - - - - Route map reference - - policy route-map - - - - - - diff --git a/interface-definitions/include/isis/default-information-level.xml.i b/interface-definitions/include/isis/default-information-level.xml.i new file mode 100644 index 000000000..5ade72a4b --- /dev/null +++ b/interface-definitions/include/isis/default-information-level.xml.i @@ -0,0 +1,32 @@ + + + + Distribute default route into level-1 + + + + + Always advertise default route + + + + #include + #include + + + + + Distribute default route into level-2 + + + + + Always advertise default route + + + + #include + #include + + + diff --git a/interface-definitions/include/isis/metric.xml.i b/interface-definitions/include/isis/metric.xml.i new file mode 100644 index 000000000..30e2cdc10 --- /dev/null +++ b/interface-definitions/include/isis/metric.xml.i @@ -0,0 +1,14 @@ + + + + Set default metric for circuit + + u32:0-16777215 + Default metric value + + + + + + + diff --git a/interface-definitions/include/isis/passive.xml.i b/interface-definitions/include/isis/passive.xml.i new file mode 100644 index 000000000..6d05f8cc7 --- /dev/null +++ b/interface-definitions/include/isis/passive.xml.i @@ -0,0 +1,8 @@ + + + + Configure passive mode for interface + + + + diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i new file mode 100644 index 000000000..84e2f7bb2 --- /dev/null +++ b/interface-definitions/include/isis/protocol-common-config.xml.i @@ -0,0 +1,769 @@ + + + + Configure the authentication password for an area + + + + + Plain-text authentication type + + txt + Level-wide password + + + + + + MD5 authentication type + + txt + Level-wide password + + + + + + + + Control distribution of default information + + + + + Distribute a default route + + + + + Distribute default route for IPv4 + + + #include + + + + + Distribute default route for IPv6 + + + #include + + + + + + + + + Set the authentication password for a routing domain + + + + + Plain-text authentication type + + txt + Level-wide password + + + + + + MD5 authentication type + + txt + Level-wide password + + + + + + + + Dynamic hostname for IS-IS + + + + + + IS-IS level number + + level-1 level-1-2 level-2 + + + level-1 + Act as a station router + + + level-1-2 + Act as both a station and an area router + + + level-2 + Act as an area router + + + ^(level-1|level-1-2|level-2)$ + + + + + + Log adjacency state changes + + + + + + Minimum interval between regenerating same LSP + + u32:1-120 + Minimum interval in seconds + + + + + + + + + Configure the maximum size of generated LSPs + + u32:128-4352 + Maximum size of generated LSPs + + + + + + 1497 + + + + LSP refresh interval + + u32:1-65235 + LSP refresh interval in seconds + + + + + + + + + Maximum LSP lifetime + + u32:350-65535 + LSP lifetime in seconds + + + + + + + + + Use old-style (ISO 10589) or new-style packet formats + + narrow transition wide + + + narrow + Use old style of TLVs with narrow metric + + + transition + Send and accept both styles of TLVs during transition + + + wide + Use new style of TLVs to carry wider metric + + + ^(narrow|transition|wide)$ + + + + + + A Network Entity Title for this process (ISO only) + + XX.XXXX. ... .XXX.XX + Network entity title (NET) + + + [a-fA-F0-9]{2}(\.[a-fA-F0-9]{4}){3,9}\.[a-fA-F0-9]{2} + + + + + + Use the RFC 6232 purge-originator + + + + + + Show IS-IS neighbor adjacencies + + + + + Enable MPLS traffic engineering extensions + + + + + + + MPLS traffic engineering router ID + + ipv4 + IPv4 address + + + + + + + + + + + Segment-Routing (SPRING) settings + + + + + Enable segment-routing functionality + + + + + + Global block label range + + + + + The lower bound of the global block + + u32:16-1048575 + MPLS label value + + + + + + + + + The upper bound of the global block + + u32:16-1048575 + MPLS label value + + + + + + + + + + + + Maximum MPLS labels allowed for this router + + u32:1-16 + MPLS label depth + + + + + + + + + Static IPv4/IPv6 prefix segment/label mapping + + ipv4net + IPv4 prefix segment + + + ipv6net + IPv6 prefix segment + + + + + + + + + + Specify the absolute value of prefix segment/label ID + + + + + Specify the absolute value of prefix segment/label ID + + u32:16-1048575 + The absolute segment/label ID value + + + + + + + + + Request upstream neighbor to replace segment/label with explicit null label + + + + + + Do not request penultimate hop popping for segment/label + + + + + + + + Specify the index value of prefix segment/label ID + + + + + Specify the index value of prefix segment/label ID + + u32:0-65535 + The index segment/label ID value + + + + + + + + + Request upstream neighbor to replace segment/label with explicit null label + + + + + + Do not request penultimate hop popping for segment/label + + + + + + + + + + + + Redistribute information from another routing protocol + + + + + Redistribute IPv4 routes + + + + + Border Gateway Protocol (BGP) + + + #include + + + + + Redistribute connected routes into IS-IS + + + #include + + + + + Redistribute kernel routes into IS-IS + + + #include + + + + + Redistribute OSPF routes into IS-IS + + + #include + + + + + Redistribute RIP routes into IS-IS + + + #include + + + + + Redistribute static routes into IS-IS + + + #include + + + + + + + Redistribute IPv6 routes + + + + + Redistribute BGP routes into IS-IS + + + #include + + + + + Redistribute connected routes into IS-IS + + + #include + + + + + Redistribute kernel routes into IS-IS + + + #include + + + + + Redistribute OSPFv3 routes into IS-IS + + + #include + + + + + Redistribute RIPng routes into IS-IS + + + #include + + + + + Redistribute static routes into IS-IS + + + #include + + + + + + + + + Set attached bit to identify as L1/L2 router for inter-area traffic + + + + + + Set overload bit to avoid any transit traffic + + + + + + IETF SPF delay algorithm + + + + + Delay used while in QUIET state + + u32:0-60000 + Delay used while in QUIET state (in ms) + + + + + + + + + Delay used while in SHORT_WAIT state + + u32:0-60000 + Delay used while in SHORT_WAIT state (in ms) + + + + + + + + + Delay used while in LONG_WAIT + + u32:0-60000 + Delay used while in LONG_WAIT state in ms + + + + + + + + + Time with no received IGP events before considering IGP stable + + u32:0-60000 + Time with no received IGP events before considering IGP stable in ms + + + + + + + + + Maximum duration needed to learn all the events related to a single failure + + u32:0-60000 + Maximum duration needed to learn all the events related to a single failure in ms + + + + + + + + + + + Minimum interval between SPF calculations + + u32:1-120 + Interval in seconds + + + + + + + + + Interface params + + + + + + #include + + + Configure circuit type for interface + + level-1 level-1-2 level-2-only + + + level-1 + Level-1 only adjacencies are formed + + + level-1-2 + Level-1-2 adjacencies are formed + + + level-2-only + Level-2 only adjacencies are formed + + + ^(level-1|level-1-2|level-2-only)$ + + + + + + Add padding to IS-IS hello packets + + + + + + Set Hello interval + + u32:1-600 + Set Hello interval + + + + + + + + + Set Hello interval + + u32:2-100 + Set multiplier for Hello holding time + + + + + + + #include + + + Set network type + + + + + point-to-point network type + + + + + + #include + + + Configure the authentication password for a circuit + + + + + Plain-text authentication type + + txt + Circuit password + + + + + + + + Set priority for Designated Router election + + u32:0-127 + Priority value + + + + + + + + + Set PSNP interval + + u32:0-127 + PSNP interval in seconds + + + + + + + + + Disable three-way handshake + + + + + +#include + \ No newline at end of file diff --git a/interface-definitions/include/isis/redistribute-level-1-2.xml.i b/interface-definitions/include/isis/redistribute-level-1-2.xml.i new file mode 100644 index 000000000..abb85274f --- /dev/null +++ b/interface-definitions/include/isis/redistribute-level-1-2.xml.i @@ -0,0 +1,20 @@ + + + + Redistribute into level-1 + + + #include + #include + + + + + Redistribute into level-2 + + + #include + #include + + + diff --git a/interface-definitions/include/route-map.xml.i b/interface-definitions/include/route-map.xml.i new file mode 100644 index 000000000..88092b7d4 --- /dev/null +++ b/interface-definitions/include/route-map.xml.i @@ -0,0 +1,18 @@ + + + + Specify route-map name to use + + policy route-map + + + txt + Route map name + + + ^[-_a-zA-Z0-9.]+$ + + Name of route-map can only contain alpha-numeric letters, hyphen and underscores + + + diff --git a/interface-definitions/protocols-isis.xml.in b/interface-definitions/protocols-isis.xml.in index 624c72a4c..e0bc47bb9 100644 --- a/interface-definitions/protocols-isis.xml.in +++ b/interface-definitions/protocols-isis.xml.in @@ -2,781 +2,15 @@ - + Intermediate System to Intermediate System (IS-IS) 610 - - text(TAG) - ISO Routing area tag - - - - Configure the authentication password for an area - - - - - Plain-text authentication type - - txt - Level-wide password - - - - - - MD5 authentication type - - txt - Level-wide password - - - - - - - - Control distribution of default information - - - - - Distribute a default route - - - - - Distribute default route for IPv4 - - - - - Distribute default route into level-1 - - - - - - Distribute default route into level-2 - - - - - - - - Distribute default route for IPv6 - - - - - Distribute default route into level-1 - - always - - - always - Always advertise default route - - - - - - Distribute default route into level-2 - - always - - - always - Always advertise default route - - - - - - - - - - - - Set the authentication password for a routing domain - - - - - Plain-text authentication type - - txt - Level-wide password - - - - - - - - - Dynamic hostname for IS-IS - - - - - - IS-IS level number - - level-1 level-1-2 level-2 - - - level-1 - Act as a station router - - - level-1-2 - Act as both a station and an area router - - - level-2 - Act as an area router - - - ^(level-1|level-1-2|level-2)$ - - - - - - Minimum interval between regenerating same LSP - - u32:1-120 - Minimum interval in seconds - - - - - - - - - Configure the maximum size of generated LSPs - - u32:128-4352 - Maximum size of generated LSPs - - - - - - - - - LSP refresh interval - - u32:1-65235 - LSP refresh interval in seconds - - - - - - - - - Maximum LSP lifetime - - u32:350-65535 - LSP lifetime in seconds - - - - - - - - - Use old-style (ISO 10589) or new-style packet formats - - narrow transition wide - - - narrow - Use old style of TLVs with narrow metric - - - transition - Send and accept both styles of TLVs during transition - - - wide - Use new style of TLVs to carry wider metric - - - ^(narrow|transition|wide)$ - - - - - - A Network Entity Title for this process (ISO only) - - XX.XXXX. ... .XXX.XX - Network entity title (NET) - - - [a-fA-F0-9]{2}(\.[a-fA-F0-9]{4}){3,9}\.[a-fA-F0-9]{2} - - - - - - Use the RFC 6232 purge-originator - - - - - - Show IS-IS neighbor adjacencies - - - - - Enable MPLS traffic engineering extensions - - - - - - - MPLS traffic engineering router ID - - ipv4 - IPv4 address - - - - - - - - - - - Segment-Routing (SPRING) settings - - - - - Enable segment-routing functionality - - - - - - Global block label range - - - - - The lower bound of the global block - - u32:16-1048575 - MPLS label value - - - - - - - - - The upper bound of the global block - - u32:16-1048575 - MPLS label value - - - - - - - - - - - - Maximum MPLS labels allowed for this router - - u32:1-16 - MPLS label depth - - - - - - - - - Static IPv4/IPv6 prefix segment/label mapping - - ipv4net - IPv4 prefix segment - - - ipv6net - IPv6 prefix segment - - - - - - - - - - Specify the absolute value of prefix segment/label ID - - - - - Specify the absolute value of prefix segment/label ID - - u32:16-1048575 - The absolute segment/label ID value - - - - - - - - - Request upstream neighbor to replace segment/label with explicit null label - - - - - - Do not request penultimate hop popping for segment/label - - - - - - - - Specify the index value of prefix segment/label ID - - - - - Specify the index value of prefix segment/label ID - - u32:0-65535 - The index segment/label ID value - - - - - - - - - Request upstream neighbor to replace segment/label with explicit null label - - - - - - Do not request penultimate hop popping for segment/label - - - - - - - - - - - - Redistribute information from another routing protocol - - - - - Redistribute IPv4 routes - - - - - Border Gateway Protocol (BGP) - - - #include - - - - - Redistribute connected routes into IS-IS - - - #include - - - - - Redistribute kernel routes into IS-IS - - - #include - - - - - Redistribute OSPF routes into IS-IS - - - #include - - - - - Redistribute RIP routes into IS-IS - - - #include - - - - - Redistribute static routes into IS-IS - - - #include - - - - - - - - - Set attached bit to identify as L1/L2 router for inter-area traffic - - - - - - Set overload bit to avoid any transit traffic - - - - - - IETF SPF delay algorithm - - - - - Delay used while in QUIET state - - u32:0-60000 - Delay used while in QUIET state (in ms) - - - - - - - - - Delay used while in SHORT_WAIT state - - u32:0-60000 - Delay used while in SHORT_WAIT state (in ms) - - - - - - - - - Delay used while in LONG_WAIT - - u32:0-60000 - Delay used while in LONG_WAIT state (in ms) - - - - - - - - - Time with no received IGP events before considering IGP stable - - u32:0-60000 - Time with no received IGP events before considering IGP stable (in ms) - - - - - - - - - Maximum duration needed to learn all the events related to a single failure - - u32:0-60000 - Maximum duration needed to learn all the events related to a single failure (in ms) - - - - - - - - - - - Minimum interval between SPF calculations - - u32:1-120 - Minimum interval between consecutive SPFs in seconds - - - - - - - - - - Interface params - - - - - - - - Enable BFD support - - - - - - Configure circuit type for interface - - level-1 level-1-2 level-2-only - - - level-1 - Level-1 only adjacencies are formed - - - level-1-2 - Level-1-2 adjacencies are formed - - - level-2-only - Level-2 only adjacencies are formed - - - ^(level-1|level-1-2|level-2-only)$ - - - - - - Add padding to IS-IS hello packets - - - - - - Set Hello interval - - u32:1-600 - Set Hello interval - - - - - - - - - Set Hello interval - - u32:2-100 - Set multiplier for Hello holding time - - - - - - - - - Set default metric for circuit - - u32:0-16777215 - Default metric value - - - - - - - - - Set network type - - - - - point-to-point network type - - - - - - - - Configure the passive mode for interface - - - - - - Configure the authentication password for a circuit - - - - - Plain-text authentication type - - txt - Circuit password - - - - - - - - Set priority for Designated Router election - - u32:0-127 - Priority value - - - - - - - - - Set PSNP interval in seconds - - u32:0-127 - Priority value - - - - - - - - - Disable three-way handshake - - - - - + #include - + diff --git a/smoketest/configs/isis-small b/smoketest/configs/isis-small new file mode 100644 index 000000000..2c42ac9c4 --- /dev/null +++ b/smoketest/configs/isis-small @@ -0,0 +1,105 @@ +interfaces { + dummy dum0 { + address 203.0.113.1/24 + } + ethernet eth0 { + duplex auto + speed auto + } + ethernet eth1 { + address 192.0.2.1/24 + duplex auto + speed auto + } + ethernet eth2 { + duplex auto + speed auto + } + ethernet eth3 { + duplex auto + speed auto + } +} +policy { + prefix-list EXPORT-ISIS { + rule 10 { + action permit + prefix 203.0.113.0/24 + } + } + route-map EXPORT-ISIS { + rule 10 { + action permit + match { + ip { + address { + prefix-list EXPORT-ISIS + } + } + } + } + } +} +protocols { + isis FOO { + interface eth1 { + bfd + } + net 49.0001.1921.6800.1002.00 + redistribute { + ipv4 { + connected { + level-2 { + route-map EXPORT-ISIS + } + } + } + } + } +} +system { + config-management { + commit-revisions 200 + } + console { + device ttyS0 { + speed 115200 + } + } + domain-name vyos.io + host-name vyos + login { + user vyos { + authentication { + encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ + plaintext-password "" + } + level admin + } + } + ntp { + server 0.pool.ntp.org { + } + server 1.pool.ntp.org { + } + server 2.pool.ntp.org { + } + } + syslog { + global { + facility all { + level info + } + facility protocols { + level debug + } + } + } + time-zone Europe/Berlin +} + + +// Warning: Do not remove the following line. +// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@18:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@7:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" +// Release version: 1.3.0-rc1 + diff --git a/smoketest/scripts/cli/test_protocols_isis.py b/smoketest/scripts/cli/test_protocols_isis.py new file mode 100755 index 000000000..482162b0e --- /dev/null +++ b/smoketest/scripts/cli/test_protocols_isis.py @@ -0,0 +1,170 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import unittest + +from base_vyostest_shim import VyOSUnitTestSHIM +from vyos.configsession import ConfigSession +from vyos.configsession import ConfigSessionError +from vyos.ifconfig import Section +from vyos.util import process_named_running + +PROCESS_NAME = 'isisd' +base_path = ['protocols', 'isis'] + +domain = 'VyOS' +net = '49.0001.1921.6800.1002.00' + +class TestProtocolsISIS(VyOSUnitTestSHIM.TestCase): + @classmethod + def setUpClass(cls): + cls._interfaces = Section.interfaces('ethernet') + + # call base-classes classmethod + super(cls, cls).setUpClass() + + def tearDown(self): + self.cli_delete(base_path) + self.cli_commit() + + # Check for running process + self.assertTrue(process_named_running(PROCESS_NAME)) + + def isis_base_config(self): + self.cli_set(base_path + ['net', net]) + for interface in self._interfaces: + self.cli_set(base_path + ['interface', interface]) + + def test_isis_01_redistribute(self): + prefix_list = 'EXPORT-ISIS' + route_map = 'EXPORT-ISIS' + rule = '10' + + self.cli_set(['policy', 'prefix-list', prefix_list, 'rule', rule, 'action', 'permit']) + self.cli_set(['policy', 'prefix-list', prefix_list, 'rule', rule, 'prefix', '203.0.113.0/24']) + self.cli_set(['policy', 'route-map', route_map, 'rule', rule, 'action', 'permit']) + self.cli_set(['policy', 'route-map', route_map, 'rule', rule, 'match', 'ip', 'address', 'prefix-list', prefix_list]) + + self.cli_set(base_path) + + # verify() - net id and interface are mandatory + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.isis_base_config() + self.cli_set(base_path + ['redistribute', 'ipv4', 'connected', 'level-2', 'route-map', route_map]) + self.cli_set(base_path + ['log-adjacency-changes']) + + # Commit all changes + self.cli_commit() + + # Verify all changes + tmp = self.getFRRconfig(f'router isis {domain}') + self.assertIn(f' net {net}', tmp) + self.assertIn(f' log-adjacency-changes', tmp) + self.assertIn(f' redistribute ipv4 connected level-2 route-map {route_map}', tmp) + + for interface in self._interfaces: + tmp = self.getFRRconfig(f'interface {interface}') + self.assertIn(f' ip router isis {domain}', tmp) + self.assertIn(f' ipv6 router isis {domain}', tmp) + + self.cli_delete(['policy', 'route-map', route_map]) + self.cli_delete(['policy', 'prefix-list', prefix_list]) + + def test_isis_02_zebra_route_map(self): + # Implemented because of T3328 + route_map = 'foo-isis-in' + + self.cli_set(['policy', 'route-map', route_map, 'rule', '10', 'action', 'permit']) + + self.isis_base_config() + self.cli_set(base_path + ['redistribute', 'ipv4', 'connected', 'level-2', 'route-map', route_map]) + self.cli_set(base_path + ['route-map', route_map]) + + # commit changes + self.cli_commit() + + # Verify FRR configuration + zebra_route_map = f'ip protocol isis route-map {route_map}' + frrconfig = self.getFRRconfig(zebra_route_map) + self.assertIn(zebra_route_map, frrconfig) + + # Remove the route-map again + self.cli_delete(base_path + ['route-map']) + # commit changes + self.cli_commit() + + # Verify FRR configuration + frrconfig = self.getFRRconfig(zebra_route_map) + self.assertNotIn(zebra_route_map, frrconfig) + + self.cli_delete(['policy', 'route-map', route_map]) + + def test_isis_03_default_information(self): + metric = '50' + route_map = 'default-foo-' + + self.isis_base_config() + for afi in ['ipv4', 'ipv6']: + for level in ['level-1', 'level-2']: + self.cli_set(base_path + ['default-information', 'originate', afi, level, 'always']) + self.cli_set(base_path + ['default-information', 'originate', afi, level, 'metric', metric]) + self.cli_set(base_path + ['default-information', 'originate', afi, level, 'route-map', route_map + level + afi]) + + # Commit all changes + self.cli_commit() + + # Verify all changes + tmp = self.getFRRconfig(f'router isis {domain}') + self.assertIn(f' net {net}', tmp) + + for afi in ['ipv4', 'ipv6']: + for level in ['level-1', 'level-2']: + route_map_name = route_map + level + afi + self.assertIn(f' default-information originate {afi} {level} always route-map {route_map_name} metric {metric}', tmp) + + def test_isis_04_password(self): + password = 'foo' + + self.isis_base_config() + + self.cli_set(base_path + ['area-password', 'plaintext-password', password]) + self.cli_set(base_path + ['area-password', 'md5', password]) + self.cli_set(base_path + ['domain-password', 'plaintext-password', password]) + self.cli_set(base_path + ['domain-password', 'md5', password]) + + # verify() - can not use both md5 and plaintext-password for area-password + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_delete(base_path + ['area-password', 'md5', password]) + + # verify() - can not use both md5 and plaintext-password for domain-password + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_delete(base_path + ['domain-password', 'md5', password]) + + # Commit all changes + self.cli_commit() + + # Verify all changes + tmp = self.getFRRconfig(f'router isis {domain}') + self.assertIn(f' net {net}', tmp) + self.assertIn(f' domain-password clear {password}', tmp) + self.assertIn(f' area-password clear {password}', tmp) + +if __name__ == '__main__': + unittest.main(verbosity=2) diff --git a/src/conf_mode/protocols_isis.py b/src/conf_mode/protocols_isis.py index eab580083..0c179b724 100755 --- a/src/conf_mode/protocols_isis.py +++ b/src/conf_mode/protocols_isis.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -19,12 +19,16 @@ import os from sys import exit from vyos.config import Config +from vyos.configdict import dict_merge from vyos.configdict import node_changed -from vyos import ConfigError -from vyos.util import call +from vyos.configverify import verify_common_route_maps +from vyos.configverify import verify_interface_exists +from vyos.ifconfig import Interface from vyos.util import dict_search -from vyos.template import render +from vyos.util import get_interface_config from vyos.template import render_to_string +from vyos.xml import defaults +from vyos import ConfigError from vyos import frr from vyos import airbag airbag.enable() @@ -34,131 +38,172 @@ def get_config(config=None): conf = config else: conf = Config() - base = ['protocols', 'isis'] - isis = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) + base = ['protocols', 'isis'] + isis = conf.get_config_dict(base, key_mangling=('-', '_'), + get_first_key=True) + + interfaces_removed = node_changed(conf, base + ['interface']) + if interfaces_removed: + isis['interface_removed'] = list(interfaces_removed) + + # Bail out early if configuration tree does not exist + if not conf.exists(base): + isis.update({'deleted' : ''}) + return isis + + # We have gathered the dict representation of the CLI, but there are default + # options which we need to update into the dictionary retrived. + # XXX: Note that we can not call defaults(base), as defaults does not work + # on an instance of a tag node. + default_values = defaults(base) + # merge in default values + isis = dict_merge(default_values, isis) + + # We also need some additional information from the config, prefix-lists + # and route-maps for instance. They will be used in verify(). + # + # XXX: one MUST always call this without the key_mangling() option! See + # vyos.configverify.verify_common_route_maps() for more information. + tmp = conf.get_config_dict(['policy']) + # Merge policy dict into "regular" config dict + isis = dict_merge(tmp, isis) return isis def verify(isis): # bail out early - looks like removal from running config - if not isis: + if not isis or 'deleted' in isis: return None - for process, isis_config in isis.items(): - # If more then one isis process is defined (Frr only supports one) - # http://docs.frrouting.org/en/latest/isisd.html#isis-router - if len(isis) > 1: - raise ConfigError('Only one isis process can be defined') - - # If network entity title (net) not defined - if 'net' not in isis_config: - raise ConfigError('ISIS net format iso is mandatory!') - - # last byte in IS-IS area address must be 0 - tmp = isis_config['net'].split('.') - if int(tmp[-1]) != 0: - raise ConfigError('Last byte of IS-IS network entity title must always be 0!') - - # If interface not set - if 'interface' not in isis_config: - raise ConfigError('ISIS interface is mandatory!') - - # If md5 and plaintext-password set at the same time - if 'area_password' in isis_config: - if {'md5', 'plaintext_password'} <= set(isis_config['encryption']): - raise ConfigError('Can not use both md5 and plaintext-password for ISIS area-password!') - - # If one param from delay set, but not set others - if 'spf_delay_ietf' in isis_config: - required_timers = ['holddown', 'init_delay', 'long_delay', 'short_delay', 'time_to_learn'] - exist_timers = [] - for elm_timer in required_timers: - if elm_timer in isis_config['spf_delay_ietf']: - exist_timers.append(elm_timer) - - exist_timers = set(required_timers).difference(set(exist_timers)) - if len(exist_timers) > 0: - raise ConfigError('All types of delay must be specified: ' + ', '.join(exist_timers).replace('_', '-')) - - # If Redistribute set, but level don't set - if 'redistribute' in isis_config: - proc_level = isis_config.get('level','').replace('-','_') - for proto, proto_config in isis_config.get('redistribute', {}).get('ipv4', {}).items(): + if 'net' not in isis: + raise ConfigError('Network entity is mandatory!') + + # last byte in IS-IS area address must be 0 + tmp = isis['net'].split('.') + if int(tmp[-1]) != 0: + raise ConfigError('Last byte of IS-IS network entity title must always be 0!') + + verify_common_route_maps(isis) + + # If interface not set + if 'interface' not in isis: + raise ConfigError('Interface used for routing updates is mandatory!') + + for interface in isis['interface']: + verify_interface_exists(interface) + # Interface MTU must be >= configured lsp-mtu + mtu = Interface(interface).get_mtu() + area_mtu = isis['lsp_mtu'] + # Recommended maximum PDU size = interface MTU - 3 bytes + recom_area_mtu = mtu - 3 + if mtu < int(area_mtu) or int(area_mtu) > recom_area_mtu: + raise ConfigError(f'Interface {interface} has MTU {mtu}, ' \ + f'current area MTU is {area_mtu}! \n' \ + f'Recommended area lsp-mtu {recom_area_mtu} or less ' \ + '(calculated on MTU size).') + + # If md5 and plaintext-password set at the same time + for password in ['area_password', 'domain_password']: + if password in isis: + if {'md5', 'plaintext_password'} <= set(isis[password]): + tmp = password.replace('_', '-') + raise ConfigError(f'Can use either md5 or plaintext-password for {tmp}!') + + # If one param from delay set, but not set others + if 'spf_delay_ietf' in isis: + required_timers = ['holddown', 'init_delay', 'long_delay', 'short_delay', 'time_to_learn'] + exist_timers = [] + for elm_timer in required_timers: + if elm_timer in isis['spf_delay_ietf']: + exist_timers.append(elm_timer) + + exist_timers = set(required_timers).difference(set(exist_timers)) + if len(exist_timers) > 0: + raise ConfigError('All types of delay must be specified: ' + ', '.join(exist_timers).replace('_', '-')) + + # If Redistribute set, but level don't set + if 'redistribute' in isis: + proc_level = isis.get('level','').replace('-','_') + for afi in ['ipv4', 'ipv6']: + if afi not in isis['redistribute']: + continue + + for proto, proto_config in isis['redistribute'][afi].items(): if 'level_1' not in proto_config and 'level_2' not in proto_config: - raise ConfigError('Redistribute level-1 or level-2 should be specified in \"protocols isis {} redistribute ipv4 {}\"'.format(process, proto)) - for redistribute_level in proto_config.keys(): - if proc_level and proc_level != 'level_1_2' and proc_level != redistribute_level: - raise ConfigError('\"protocols isis {0} redistribute ipv4 {2} {3}\" cannot be used with \"protocols isis {0} level {1}\"'.format(process, proc_level, proto, redistribute_level)) - - # Segment routing checks - if dict_search('segment_routing', isis_config): - if dict_search('segment_routing.global_block', isis_config): - high_label_value = dict_search('segment_routing.global_block.high_label_value', isis_config) - low_label_value = dict_search('segment_routing.global_block.low_label_value', isis_config) - # If segment routing global block high value is blank, throw error - if low_label_value and not high_label_value: - raise ConfigError('Segment routing global block high value must not be left blank') - # If segment routing global block low value is blank, throw error - if high_label_value and not low_label_value: - raise ConfigError('Segment routing global block low value must not be left blank') - # If segment routing global block low value is higher than the high value, throw error - if int(low_label_value) > int(high_label_value): - raise ConfigError('Segment routing global block low value must be lower than high value') - - if dict_search('segment_routing.local_block', isis_config): - high_label_value = dict_search('segment_routing.local_block.high_label_value', isis_config) - low_label_value = dict_search('segment_routing.local_block.low_label_value', isis_config) - # If segment routing local block high value is blank, throw error - if low_label_value and not high_label_value: - raise ConfigError('Segment routing local block high value must not be left blank') - # If segment routing local block low value is blank, throw error - if high_label_value and not low_label_value: - raise ConfigError('Segment routing local block low value must not be left blank') - # If segment routing local block low value is higher than the high value, throw error - if int(low_label_value) > int(high_label_value): - raise ConfigError('Segment routing local block low value must be lower than high value') + raise ConfigError(f'Redistribute level-1 or level-2 should be specified in ' \ + f'"protocols isis {process} redistribute {afi} {proto}"!') + + for redistr_level, redistr_config in proto_config.items(): + if proc_level and proc_level != 'level_1_2' and proc_level != redistr_level: + raise ConfigError(f'"protocols isis {process} redistribute {afi} {proto} {redistr_level}" ' \ + f'can not be used with \"protocols isis {process} level {proc_level}\"') + + # Segment routing checks + if dict_search('segment_routing.global_block', isis): + high_label_value = dict_search('segment_routing.global_block.high_label_value', isis) + low_label_value = dict_search('segment_routing.global_block.low_label_value', isis) + + # If segment routing global block high value is blank, throw error + if (low_label_value and not high_label_value) or (high_label_value and not low_label_value): + raise ConfigError('Segment routing global block requires both low and high value!') + + # If segment routing global block low value is higher than the high value, throw error + if int(low_label_value) > int(high_label_value): + raise ConfigError('Segment routing global block low value must be lower than high value') + + if dict_search('segment_routing.local_block', isis): + high_label_value = dict_search('segment_routing.local_block.high_label_value', isis) + low_label_value = dict_search('segment_routing.local_block.low_label_value', isis) + + # If segment routing local block high value is blank, throw error + if (low_label_value and not high_label_value) or (high_label_value and not low_label_value): + raise ConfigError('Segment routing local block requires both high and low value!') + + # If segment routing local block low value is higher than the high value, throw error + if int(low_label_value) > int(high_label_value): + raise ConfigError('Segment routing local block low value must be lower than high value') return None def generate(isis): - if not isis: - isis['new_frr_config'] = '' + if not isis or 'deleted' in isis: + isis['frr_isisd_config'] = '' + isis['frr_zebra_config'] = '' return None - # only one ISIS process is supported, so we can directly send the first key - # of the config dict - process = list(isis.keys())[0] - isis[process]['process'] = process - - isis['new_frr_config'] = render_to_string('frr/isisd.frr.tmpl', - isis[process]) - + isis['protocol'] = 'isis' # required for frr/route-map.frr.tmpl + isis['frr_zebra_config'] = render_to_string('frr/route-map.frr.tmpl', isis) + isis['frr_isisd_config'] = render_to_string('frr/isisd.frr.tmpl', isis) return None def apply(isis): + isis_daemon = 'isisd' + zebra_daemon = 'zebra' + # Save original configuration prior to starting any commit actions frr_cfg = frr.FRRConfig() - frr_cfg.load_configuration(daemon='isisd') - frr_cfg.modify_section(r'interface \S+', '') - frr_cfg.modify_section(f'router isis \S+', '') - frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', isis['new_frr_config']) - frr_cfg.commit_configuration(daemon='isisd') - - # If FRR config is blank, rerun the blank commit x times due to frr-reload - # behavior/bug not properly clearing out on one commit. - if isis['new_frr_config'] == '': - for a in range(5): - frr_cfg.commit_configuration(daemon='isisd') - - # Debugging - ''' - print('') - print('--------- DEBUGGING ----------') - print(f'Existing config:\n{frr_cfg["original_config"]}\n\n') - print(f'Replacement config:\n{isis["new_frr_config"]}\n\n') - print(f'Modified config:\n{frr_cfg["modified_config"]}\n\n') - ''' + + # The route-map used for the FIB (zebra) is part of the zebra daemon + frr_cfg.load_configuration(zebra_daemon) + frr_cfg.modify_section(r'(\s+)?ip protocol isis route-map [-a-zA-Z0-9.]+$', '', '(\s|!)') + frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', isis['frr_zebra_config']) + frr_cfg.commit_configuration(zebra_daemon) + + frr_cfg.load_configuration(isis_daemon) + frr_cfg.modify_section(f'^router isis VyOS$', '') + + for key in ['interface', 'interface_removed']: + if key not in isis: + continue + for interface in isis[key]: + frr_cfg.modify_section(f'^interface {interface}$', '') + + frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', isis['frr_isisd_config']) + frr_cfg.commit_configuration(isis_daemon) + + # Save configuration to /run/frr/config/frr.conf + frr.save_configuration() return None diff --git a/src/migration-scripts/isis/0-to-1 b/src/migration-scripts/isis/0-to-1 new file mode 100755 index 000000000..93cbbbed5 --- /dev/null +++ b/src/migration-scripts/isis/0-to-1 @@ -0,0 +1,59 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# T3417: migrate IS-IS tagNode to node as we can only have one IS-IS process + +from sys import argv +from sys import exit + +from vyos.configtree import ConfigTree + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['protocols', 'isis'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + exit(0) + +# Only one IS-IS process is supported, thus this operation is save +isis_base = base + config.list_nodes(base) + +# We need a temporary copy of the config +tmp_base = ['protocols', 'isis2'] +config.copy(isis_base, tmp_base) + +# Now it's save to delete the old configuration +config.delete(base) + +# Rename temporary copy to new final config (IS-IS domain key is static and no +# longer required to be set via CLI) +config.rename(tmp_base, 'isis') + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print(f'Failed to save the modified config: {e}') + exit(1) -- cgit v1.2.3 From 0deb1709930f620e97ff9a29afc8a86e950f0758 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 29 Aug 2021 14:29:19 +0200 Subject: xml: add missing "u32:" value declarator on integer ranges (cherry picked from commit 794f193d11c8c1b5fed78f4e40280480446ab593) --- interface-definitions/bcast-relay.xml.in | 5 ++- interface-definitions/dhcp-relay.xml.in | 4 +-- interface-definitions/dhcp-server.xml.in | 2 +- interface-definitions/dhcpv6-relay.xml.in | 2 +- interface-definitions/dhcpv6-server.xml.in | 13 ++++---- interface-definitions/dns-dynamic.xml.in | 2 +- interface-definitions/dns-forwarding.xml.in | 4 +-- interface-definitions/flow-accounting-conf.xml.in | 16 +++++----- interface-definitions/https.xml.in | 9 +++--- interface-definitions/igmp-proxy.xml.in | 2 +- .../include/accel-ppp/ppp-interface-cache.xml.i | 2 +- .../include/accel-ppp/radius-additions.xml.i | 12 ++++---- .../include/interface/arp-cache-timeout.xml.i | 2 +- .../include/interface/dhcpv6-options.xml.i | 4 +-- .../interface/ipv6-dup-addr-detect-transmits.xml.i | 8 ++--- .../include/interface/mtu-1200-16000.xml.i | 2 +- .../include/interface/mtu-1450-16000.xml.i | 2 +- .../include/interface/mtu-64-8024.xml.i | 2 +- .../include/interface/mtu-68-1500.xml.i | 2 +- .../include/interface/mtu-68-16000.xml.i | 2 +- .../include/interface/parameters-flowlabel.xml.i | 11 +++++-- .../include/interface/parameters-tos.xml.i | 2 +- .../include/interface/parameters-ttl.xml.i | 6 ++-- .../include/interface/vif-s.xml.i | 4 +++ interface-definitions/include/interface/vif.xml.i | 2 +- interface-definitions/include/nat-rule.xml.i | 2 +- interface-definitions/interfaces-bridge.xml.in | 18 +++++------ interface-definitions/interfaces-l2tpv3.xml.in | 12 ++++---- interface-definitions/interfaces-macsec.xml.in | 6 ++-- interface-definitions/interfaces-openvpn.xml.in | 10 +++--- interface-definitions/interfaces-tunnel.xml.in | 8 ++--- interface-definitions/interfaces-wireguard.xml.in | 2 +- interface-definitions/interfaces-wireless.xml.in | 2 +- interface-definitions/lldp.xml.in | 2 +- interface-definitions/protocols-igmp.xml.in | 15 ++++++--- interface-definitions/protocols-multicast.xml.in | 4 +-- interface-definitions/protocols-pim.xml.in | 6 ++-- interface-definitions/service_pppoe-server.xml.in | 4 +-- interface-definitions/service_router-advert.xml.in | 36 +++++++++++----------- interface-definitions/ssh.xml.in | 2 +- interface-definitions/vpn_l2tp.xml.in | 4 +-- interface-definitions/vrf.xml.in | 6 ++-- 42 files changed, 138 insertions(+), 123 deletions(-) (limited to 'interface-definitions/include') diff --git a/interface-definitions/bcast-relay.xml.in b/interface-definitions/bcast-relay.xml.in index 1b354d885..a0f73a03b 100644 --- a/interface-definitions/bcast-relay.xml.in +++ b/interface-definitions/bcast-relay.xml.in @@ -1,5 +1,4 @@ - @@ -14,8 +13,8 @@ Unique ID for each UDP port to forward - 1-99 - Numerical ID # + u32:1-99 + Broadcast relay instance ID diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/dhcp-relay.xml.in index 8c95239d9..0d485ef80 100644 --- a/interface-definitions/dhcp-relay.xml.in +++ b/interface-definitions/dhcp-relay.xml.in @@ -27,7 +27,7 @@ Policy to discard packets that have reached specified hop-count - 1-255 + u32:1-255 Hop count (default: 10) @@ -41,7 +41,7 @@ Maximum packet size to send to a DHCPv4/BOOTP server - 64-1400 + u32:64-1400 Maximum packet size (default: 576) diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in index 015500043..bafd6f6a2 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/dhcp-server.xml.in @@ -96,7 +96,7 @@ Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used. - 0-32 + u32:0-32 DHCP client prefix length must be 0 to 32 diff --git a/interface-definitions/dhcpv6-relay.xml.in b/interface-definitions/dhcpv6-relay.xml.in index 308f94a01..7162cf353 100644 --- a/interface-definitions/dhcpv6-relay.xml.in +++ b/interface-definitions/dhcpv6-relay.xml.in @@ -35,7 +35,7 @@ Maximum hop count for which requests will be processed - 1-255 + u32:1-255 Hop count (default: 10) diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in index 5d6c64685..95b1e5602 100644 --- a/interface-definitions/dhcpv6-server.xml.in +++ b/interface-definitions/dhcpv6-server.xml.in @@ -1,5 +1,4 @@ - @@ -34,7 +33,7 @@ Preference of this DHCPv6 server compared with others - 0-255 + u32:0-255 DHCPv6 server preference (0-255) @@ -62,7 +61,7 @@ Time (in seconds) that stateless clients should wait between refreshing the information they were given - 1-4294967295 + u32:1-4294967295 DHCPv6 information refresh time @@ -161,7 +160,7 @@ Default time (in seconds) that will be assigned to a lease - 1-4294967295 + u32:1-4294967295 DHCPv6 valid lifetime @@ -173,7 +172,7 @@ Maximum time (in seconds) that will be assigned to a lease - 1-4294967295 + u32:1-4294967295 Maximum lease time in seconds @@ -185,7 +184,7 @@ Minimum time (in seconds) that will be assigned to a lease - 1-4294967295 + u32:1-4294967295 Minimum lease time in seconds @@ -273,7 +272,7 @@ Length in bits of prefixes to be delegated - 32-64 + u32:32-64 Delagated prefix length (32-64) diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in index b0b9158c8..250642691 100644 --- a/interface-definitions/dns-dynamic.xml.in +++ b/interface-definitions/dns-dynamic.xml.in @@ -49,7 +49,7 @@ Time To Live (default: 600) - 1-86400 + u32:1-86400 DNS forwarding cache size diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index 66b4db403..9b58788c6 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -18,7 +18,7 @@ DNS forwarding cache size (default: 10000) - 0-10000 + u32:0-10000 DNS forwarding cache size @@ -133,7 +133,7 @@ Maximum amount of time negative entries are cached (default: 3600) - 0-7200 + u32:0-7200 Seconds to cache NXDOMAIN entries diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in index b3980d9e2..b0f308afd 100644 --- a/interface-definitions/flow-accounting-conf.xml.in +++ b/interface-definitions/flow-accounting-conf.xml.in @@ -267,7 +267,7 @@ Expiry scan interval - 0-2147483647 + u32:0-2147483647 Expiry scan interval (default 60) @@ -279,7 +279,7 @@ Generic flow timeout value - 0-2147483647 + u32:0-2147483647 Generic flow timeout in seconds (default 3600) @@ -291,7 +291,7 @@ ICMP timeout value - 0-2147483647 + u32:0-2147483647 ICMP timeout in seconds (default 300) @@ -303,7 +303,7 @@ Max active timeout value - 0-2147483647 + u32:0-2147483647 Max active timeout in seconds (default 604800) @@ -315,7 +315,7 @@ TCP finish timeout value - 0-2147483647 + u32:0-2147483647 TCP FIN timeout in seconds (default 300) @@ -327,7 +327,7 @@ TCP generic timeout value - 0-2147483647 + u32:0-2147483647 TCP generic timeout in seconds (default 3600) @@ -339,7 +339,7 @@ TCP reset timeout value - 0-2147483647 + u32:0-2147483647 TCP RST timeout in seconds (default 120) @@ -351,7 +351,7 @@ UDP timeout value - 0-2147483647 + u32:0-2147483647 UDP timeout in seconds (default 300) diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in index f3d81c3ed..ccb77910a 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/https.xml.in @@ -1,5 +1,4 @@ - @@ -47,7 +46,7 @@ Port to listen for HTTPS requests; default 443 - 1-65535 + u32:1-65535 Numeric IP port @@ -150,9 +149,9 @@ - - Email address to associate with certificate - + + Email address to associate with certificate + diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/igmp-proxy.xml.in index d0f44eada..91c912d8b 100644 --- a/interface-definitions/igmp-proxy.xml.in +++ b/interface-definitions/igmp-proxy.xml.in @@ -65,7 +65,7 @@ TTL threshold (default: 1) - 1-255 + u32:1-255 TTL threshold for the interfaces (default: 1) diff --git a/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i b/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i index 9f223d7ed..019601c85 100644 --- a/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i +++ b/interface-definitions/include/accel-ppp/ppp-interface-cache.xml.i @@ -3,7 +3,7 @@ PPP interface cache - 1-256000 + u32:1-256000 Count of interfaces to keep in cache diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i index e65088c43..44ec64d7f 100644 --- a/interface-definitions/include/accel-ppp/radius-additions.xml.i +++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i @@ -5,7 +5,7 @@ Maximum jitter value in seconds to be applied to accounting information interval - 1-60 + u32:1-60 Maximum jitter value in seconds @@ -20,7 +20,7 @@ Accounting port - 1-65535 + u32:1-65535 Numeric IP port (default: 1813) @@ -34,7 +34,7 @@ Mark server unavailable for <n> seconds on failure - 0-600 + u32:0-600 Fail time penalty @@ -50,7 +50,7 @@ Timeout in seconds to wait response from RADIUS server - 1-60 + u32:1-60 Timeout in seconds @@ -64,7 +64,7 @@ Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds) - 0-60 + u32:0-60 Timeout in seconds, 0 to keep active @@ -78,7 +78,7 @@ Number of tries to send Access-Request/Accounting-Request queries - 1-20 + u32:1-20 Maximum tries diff --git a/interface-definitions/include/interface/arp-cache-timeout.xml.i b/interface-definitions/include/interface/arp-cache-timeout.xml.i index b269fecd8..70e69e14a 100644 --- a/interface-definitions/include/interface/arp-cache-timeout.xml.i +++ b/interface-definitions/include/interface/arp-cache-timeout.xml.i @@ -3,7 +3,7 @@ ARP cache entry timeout in seconds - 1-86400 + u32:1-86400 ARP cache entry timout in seconds (default 30) diff --git a/interface-definitions/include/interface/dhcpv6-options.xml.i b/interface-definitions/include/interface/dhcpv6-options.xml.i index a569659a4..a0cac34f1 100644 --- a/interface-definitions/include/interface/dhcpv6-options.xml.i +++ b/interface-definitions/include/interface/dhcpv6-options.xml.i @@ -38,7 +38,7 @@ Request IPv6 prefix length from peer - 32-64 + u32:32-64 Length of delegated prefix @@ -71,7 +71,7 @@ Interface site-Level aggregator (SLA) - 0-128 + u32:0-128 Decimal integer which fits in the length of SLA IDs diff --git a/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i b/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i index 2b5ec0281..babe6d20f 100644 --- a/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i +++ b/interface-definitions/include/interface/ipv6-dup-addr-detect-transmits.xml.i @@ -3,12 +3,12 @@ Number of NS messages to send while performing DAD (default: 1) - 1-n - Number of NS messages to send while performing DAD + u32:0 + Disable Duplicate Address Dectection (DAD) - 0 - Disable Duplicate Address Dectection (DAD) + u32:1-n + Number of NS messages to send while performing DAD diff --git a/interface-definitions/include/interface/mtu-1200-16000.xml.i b/interface-definitions/include/interface/mtu-1200-16000.xml.i index 3241ba912..730c6e00d 100644 --- a/interface-definitions/include/interface/mtu-1200-16000.xml.i +++ b/interface-definitions/include/interface/mtu-1200-16000.xml.i @@ -3,7 +3,7 @@ Maximum Transmission Unit (MTU) - 1200-16000 + u32:1200-16000 Maximum Transmission Unit in byte diff --git a/interface-definitions/include/interface/mtu-1450-16000.xml.i b/interface-definitions/include/interface/mtu-1450-16000.xml.i index 0a35bbbaa..96cfa7054 100644 --- a/interface-definitions/include/interface/mtu-1450-16000.xml.i +++ b/interface-definitions/include/interface/mtu-1450-16000.xml.i @@ -3,7 +3,7 @@ Maximum Transmission Unit (MTU) - 1450-16000 + u32:1450-16000 Maximum Transmission Unit in byte diff --git a/interface-definitions/include/interface/mtu-64-8024.xml.i b/interface-definitions/include/interface/mtu-64-8024.xml.i index f75de02ba..3719ece24 100644 --- a/interface-definitions/include/interface/mtu-64-8024.xml.i +++ b/interface-definitions/include/interface/mtu-64-8024.xml.i @@ -3,7 +3,7 @@ Maximum Transmission Unit (MTU) - 64-8024 + u32:64-8024 Maximum Transmission Unit in byte diff --git a/interface-definitions/include/interface/mtu-68-1500.xml.i b/interface-definitions/include/interface/mtu-68-1500.xml.i index 9e6fe8760..d74cdfa9c 100644 --- a/interface-definitions/include/interface/mtu-68-1500.xml.i +++ b/interface-definitions/include/interface/mtu-68-1500.xml.i @@ -3,7 +3,7 @@ Maximum Transmission Unit (MTU) - 68-1500 + u32:68-1500 Maximum Transmission Unit in byte diff --git a/interface-definitions/include/interface/mtu-68-16000.xml.i b/interface-definitions/include/interface/mtu-68-16000.xml.i index 83af7bbd4..41340fbf3 100644 --- a/interface-definitions/include/interface/mtu-68-16000.xml.i +++ b/interface-definitions/include/interface/mtu-68-16000.xml.i @@ -3,7 +3,7 @@ Maximum Transmission Unit (MTU) - 68-16000 + u32:68-16000 Maximum Transmission Unit in byte diff --git a/interface-definitions/include/interface/parameters-flowlabel.xml.i b/interface-definitions/include/interface/parameters-flowlabel.xml.i index f5e868a64..a89bb13f1 100644 --- a/interface-definitions/include/interface/parameters-flowlabel.xml.i +++ b/interface-definitions/include/interface/parameters-flowlabel.xml.i @@ -2,9 +2,16 @@ Specifies the flow label to use in outgoing packets + + inherit + - 0x0-0x0FFFFF - Tunnel key, 'inherit' or hex value + inherit + Copy field from original header + + + 0x0-0x0fffff + Tunnel key, or hex value ^((0x){0,1}(0?[0-9A-Fa-f]{1,5})|inherit)$ diff --git a/interface-definitions/include/interface/parameters-tos.xml.i b/interface-definitions/include/interface/parameters-tos.xml.i index 83b4e0671..1b342a43e 100644 --- a/interface-definitions/include/interface/parameters-tos.xml.i +++ b/interface-definitions/include/interface/parameters-tos.xml.i @@ -3,7 +3,7 @@ Specifies TOS value to use in outgoing packets - 0-99 + u32:0-99 Type of Service (TOS) diff --git a/interface-definitions/include/interface/parameters-ttl.xml.i b/interface-definitions/include/interface/parameters-ttl.xml.i index 21a5e5cd9..8ef8c9149 100644 --- a/interface-definitions/include/interface/parameters-ttl.xml.i +++ b/interface-definitions/include/interface/parameters-ttl.xml.i @@ -3,11 +3,11 @@ Specifies TTL value to use in outgoing packets - 0 - Copy value from original IP header + u32:0 + Inherit - copy value from original IP header - 1-255 + u32:1-255 Time to Live diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i index a3193e77b..7a41bb242 100644 --- a/interface-definitions/include/interface/vif-s.xml.i +++ b/interface-definitions/include/interface/vif-s.xml.i @@ -2,6 +2,10 @@ QinQ TAG-S Virtual Local Area Network (VLAN) ID + + u32:0-4094 + QinQ Virtual Local Area Network (VLAN) ID + diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i index f58fbff84..fdf09c5f9 100644 --- a/interface-definitions/include/interface/vif.xml.i +++ b/interface-definitions/include/interface/vif.xml.i @@ -3,7 +3,7 @@ Virtual Local Area Network (VLAN) ID - 0-4094 + u32:0-4094 Virtual Local Area Network (VLAN) ID diff --git a/interface-definitions/include/nat-rule.xml.i b/interface-definitions/include/nat-rule.xml.i index 579d19bdd..084f1f722 100644 --- a/interface-definitions/include/nat-rule.xml.i +++ b/interface-definitions/include/nat-rule.xml.i @@ -278,7 +278,7 @@ Robust Header Compression - 0-255 + u32:0-255 IP protocol number diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in index ddfc5ade4..144f43f32 100644 --- a/interface-definitions/interfaces-bridge.xml.in +++ b/interface-definitions/interfaces-bridge.xml.in @@ -21,11 +21,11 @@ MAC address aging interval - 0 + u32:0 Disable MAC address learning (always flood) - 10-1000000 + u32:10-1000000 MAC address aging time in seconds (default: 300) @@ -45,7 +45,7 @@ Forwarding delay - 0-200 + u32:0-200 Spanning Tree Protocol forwarding delay in seconds (default 15) @@ -59,7 +59,7 @@ Hello packet advertisment interval - 1-10 + u32:1-10 Spanning Tree Protocol hello advertisement interval in seconds (default 2) @@ -96,7 +96,7 @@ Interval at which neighbor bridges are removed - 1-40 + u32:1-40 Bridge maximum aging time in seconds (default 20) @@ -123,7 +123,7 @@ Specify VLAN id which should natively be present on the link - 1-4094 + u32:1-4094 Virtual Local Area Network (VLAN) ID @@ -154,7 +154,7 @@ Bridge port cost - 1-65535 + u32:1-65535 Path cost value for Spanning Tree Protocol @@ -168,7 +168,7 @@ Bridge port priority - 0-63 + u32:0-63 Bridge port priority @@ -192,7 +192,7 @@ Priority for this bridge - 0-65535 + u32:0-65535 Bridge priority (default 32768) diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in index d3e18fe6e..1cd30b86e 100644 --- a/interface-definitions/interfaces-l2tpv3.xml.in +++ b/interface-definitions/interfaces-l2tpv3.xml.in @@ -22,7 +22,7 @@ UDP destination port for L2TPv3 tunnel (default: 5000) - 1-65535 + u32:1-65535 Numeric IP port @@ -64,7 +64,7 @@ Peer session identifier - 1-429496729 + u32:1-429496729 L2TPv3 peer session identifier @@ -76,7 +76,7 @@ Peer tunnel identifier - 1-429496729 + u32:1-429496729 L2TPv3 peer tunnel identifier @@ -89,7 +89,7 @@ Session identifier - 1-429496729 + u32:1-429496729 L2TPv3 session identifier @@ -101,7 +101,7 @@ UDP source port for L2TPv3 tunnel (default: 5000) - 1-65535 + u32:1-65535 Numeric IP port @@ -114,7 +114,7 @@ Local tunnel identifier - 1-429496729 + u32:1-429496729 L2TPv3 local tunnel identifier diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in index e88cb4794..4a566ef8b 100644 --- a/interface-definitions/interfaces-macsec.xml.in +++ b/interface-definitions/interfaces-macsec.xml.in @@ -82,7 +82,7 @@ Priority of MACsec Key Agreement protocol (MKA) actor (default: 255) - 0-255 + u32:0-255 MACsec Key Agreement protocol (MKA) priority @@ -97,11 +97,11 @@ IEEE 802.1X/MACsec replay protection window - 0 + u32:0 No replay window, strict check - 1-4294967295 + u32:1-4294967295 Number of packets that could be misordered diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index b7727f356..bf199f472 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -206,7 +206,7 @@ Maximum number of keepalive packet failures (default: 60) - 0-1000 + u32:0-1000 Maximum number of keepalive packet failures @@ -219,7 +219,7 @@ Keepalive packet interval in seconds (default: 10) - 0-600 + u32:0-600 Keepalive packet interval (seconds) @@ -268,7 +268,7 @@ Local port number to accept connections - 1-65535 + u32:1-65535 Numeric IP port @@ -378,7 +378,7 @@ Remote port number to connect to - 1-65535 + u32:1-65535 Numeric IP port @@ -546,7 +546,7 @@ Number of maximum client connections - 1-4096 + u32:1-4096 Number of concurrent clients diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in index d0256a64a..df9b58992 100644 --- a/interface-definitions/interfaces-tunnel.xml.in +++ b/interface-definitions/interfaces-tunnel.xml.in @@ -171,8 +171,8 @@ none - 0-255 - Encaplimit (default 4) + u32:0-255 + Encaplimit (default: 4) none @@ -191,7 +191,7 @@ Hoplimit - 0-255 + u32:0-255 Hoplimit (default 64) @@ -205,7 +205,7 @@ Traffic class (Tclass) - 0x0-0x0FFFFF + 0x0-0x0fffff Traffic class, 'inherit' or hex value diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in index 5255ce3a2..73328c16a 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -118,7 +118,7 @@ Interval to send keepalive messages - 1-65535 + u32:1-65535 Interval in seconds diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index c96d9b78d..048c7b475 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -206,7 +206,7 @@ Number of antennas on this card - 1-8 + u32:1-8 Number of antennas for this card diff --git a/interface-definitions/lldp.xml.in b/interface-definitions/lldp.xml.in index e14abae14..32ef0ad14 100644 --- a/interface-definitions/lldp.xml.in +++ b/interface-definitions/lldp.xml.in @@ -105,7 +105,7 @@ ECS ELIN (Emergency location identifier number) - 0-9999999999 + u32:0-9999999999 Emergency Call Service ELIN number (between 10-25 numbers) diff --git a/interface-definitions/protocols-igmp.xml.in b/interface-definitions/protocols-igmp.xml.in index a9b11e1a3..e10340512 100644 --- a/interface-definitions/protocols-igmp.xml.in +++ b/interface-definitions/protocols-igmp.xml.in @@ -46,9 +46,16 @@ IGMP version + + 2 3 + - 2-3 - IGMP version + 2 + IGMP version 2 + + + 3 + IGMP version 3 @@ -59,7 +66,7 @@ IGMP host query interval - 1-1800 + u32:1-1800 Query interval in seconds @@ -71,7 +78,7 @@ IGMP max query response time - 10-250 + u32:10-250 Query response value in deci-seconds diff --git a/interface-definitions/protocols-multicast.xml.in b/interface-definitions/protocols-multicast.xml.in index a06f2b287..1b1382352 100644 --- a/interface-definitions/protocols-multicast.xml.in +++ b/interface-definitions/protocols-multicast.xml.in @@ -38,7 +38,7 @@ Distance value for this route - 1-255 + u32:1-255 Distance for this route @@ -74,7 +74,7 @@ Distance value for this route - 1-255 + u32:1-255 Distance for this route diff --git a/interface-definitions/protocols-pim.xml.in b/interface-definitions/protocols-pim.xml.in index 6152045a7..bb5cc797b 100644 --- a/interface-definitions/protocols-pim.xml.in +++ b/interface-definitions/protocols-pim.xml.in @@ -21,7 +21,7 @@ Designated Router Election Priority - 1-4294967295 + u32:1-4294967295 Value of the new DR Priority @@ -33,7 +33,7 @@ Hello Interval - 1-180 + u32:1-180 Hello Interval in seconds @@ -79,7 +79,7 @@ Keep alive Timer - 31-60000 + u32:31-60000 Keep alive Timer in seconds diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 037a18e1d..955c104f7 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -267,7 +267,7 @@ PADO delays - 1-999999 + u32:1-999999 Number in ms @@ -280,7 +280,7 @@ Number of sessions - 1-999999 + u32:1-999999 Number of sessions diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in index 750ae314c..e18b27f1b 100644 --- a/interface-definitions/service_router-advert.xml.in +++ b/interface-definitions/service_router-advert.xml.in @@ -20,12 +20,12 @@ Set Hop Count field of the IP header for outgoing packets (default: 64) - 1-255 - Value should represent current diameter of the Internet + u32:0 + Unspecified (by this router) - 0 - Unspecified (by this router) + u32:1-255 + Value should represent current diameter of the Internet @@ -38,7 +38,7 @@ Lifetime associated with the default router in units of seconds - 4-9000 + u32:4-9000 Router Lifetime in seconds @@ -86,7 +86,7 @@ Link MTU value placed in RAs, exluded in RAs if unset - 1280-9000 + u32:1280-9000 Link MTU value in RAs @@ -110,7 +110,7 @@ Maximum interval between unsolicited multicast RAs (default: 600) - 4-1800 + u32:4-1800 Maximum interval in seconds @@ -124,7 +124,7 @@ Minimum interval between unsolicited multicast RAs - 3-1350 + u32:3-1350 Minimum interval in seconds @@ -173,7 +173,7 @@ infinity - 1-4294967295 + u32:1-4294967295 Time in seconds that the route will remain valid @@ -272,7 +272,7 @@ infinity - 1-4294967295 + u32:1-4294967295 Time in seconds that the prefix will remain valid @@ -292,12 +292,12 @@ Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation - 1-3600000 - Reachable Time value in RAs (in milliseconds) + u32:0 + Reachable Time unspecified by this router - 0 - Reachable Time unspecified by this router + u32:1-3600000 + Reachable Time value in RAs (in milliseconds) @@ -310,12 +310,12 @@ Time in milliseconds between retransmitted Neighbor Solicitation messages - 1-4294967295 - Minimum interval in milliseconds + u32:0 + Time, in milliseconds, between retransmitted Neighbor Solicitation messages - 0 - Time, in milliseconds, between retransmitted Neighbor Solicitation messages + u32:1-4294967295 + Minimum interval in milliseconds diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in index c447f144d..e3b9d16e1 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/ssh.xml.in @@ -138,7 +138,7 @@ Enable transmission of keepalives from server to client - 1-65535 + u32:1-65535 Time interval in seconds for keepalive message diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index 5bdebcb05..787298284 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -220,9 +220,9 @@ #include - Mark server unavailable for <n> seconds on failure + Mark server unavailable for N seconds on failure - 0-600 + u32:0-600 Fail time penalty diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in index 8cddc3012..306b15d60 100644 --- a/interface-definitions/vrf.xml.in +++ b/interface-definitions/vrf.xml.in @@ -30,13 +30,13 @@ Routing table associated with this instance - 100-2147483647 + u32:100-65535 Routing table ID - + - VRF routing table must be in range from 100 to 2147483647 + VRF routing table must be in range from 100 to 65535 #include -- cgit v1.2.3 From ee547e02819204676eb8c014254a3e1e193f46c7 Mon Sep 17 00:00:00 2001 From: Javinator9889 Date: Wed, 15 Sep 2021 19:11:49 +0200 Subject: typo: remove unnecessary 'i' from help (cherry picked from commit ec9503a9ec487ec7aa3524cb9847357f0631ca25) --- interface-definitions/include/source-address-ipv4.xml.i | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/source-address-ipv4.xml.i b/interface-definitions/include/source-address-ipv4.xml.i index 86235df61..052678113 100644 --- a/interface-definitions/include/source-address-ipv4.xml.i +++ b/interface-definitions/include/source-address-ipv4.xml.i @@ -1,7 +1,7 @@ - IPv4 source address used to initiiate connection + IPv4 source address used to initiate connection -- cgit v1.2.3 From abad387fcaf700a32f8fc85183d617fcfbb0b8f4 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 18 Sep 2021 21:48:53 +0200 Subject: dhcp-server: T3838: rename dns-server to name-server node IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6. (cherry picked from commit e2f9f4f4e8b2e961a58d935d09798ddb4e1e0460) --- data/templates/dhcp-server/dhcpd.conf.tmpl | 4 +-- interface-definitions/dhcp-server.xml.in | 14 +------- interface-definitions/dhcpv6-server.xml.in | 42 ++-------------------- interface-definitions/dns-forwarding.xml.in | 19 +--------- .../include/accel-ppp/name-server.xml.i | 20 ----------- .../include/name-server-ipv4-ipv6.xml.i | 20 +++++++++++ .../include/name-server-ipv4.xml.i | 15 ++++++++ .../include/name-server-ipv6.xml.i | 15 ++++++++ interface-definitions/interfaces-openvpn.xml.in | 18 +--------- interface-definitions/service_ipoe-server.xml.in | 2 +- interface-definitions/service_pppoe-server.xml.in | 2 +- interface-definitions/service_router-advert.xml.in | 14 +------- interface-definitions/vpn_l2tp.xml.in | 2 +- interface-definitions/vpn_openconnect.xml.in | 2 +- interface-definitions/vpn_pptp.xml.in | 14 +------- interface-definitions/vpn_sstp.xml.in | 2 +- smoketest/scripts/cli/test_service_dhcp-server.py | 16 ++++----- src/migration-scripts/dhcp-server/5-to-6 | 7 ++++ 18 files changed, 80 insertions(+), 148 deletions(-) delete mode 100644 interface-definitions/include/accel-ppp/name-server.xml.i create mode 100644 interface-definitions/include/name-server-ipv4-ipv6.xml.i create mode 100644 interface-definitions/include/name-server-ipv4.xml.i create mode 100644 interface-definitions/include/name-server-ipv6.xml.i (limited to 'interface-definitions/include') diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl index 58be7984d..f64192acf 100644 --- a/data/templates/dhcp-server/dhcpd.conf.tmpl +++ b/data/templates/dhcp-server/dhcpd.conf.tmpl @@ -88,8 +88,8 @@ shared-network {{ network | replace('_','-') }} { {% if network_config.subnet is defined and network_config.subnet is not none %} {% for subnet, subnet_config in network_config.subnet.items() %} subnet {{ subnet | address_from_cidr }} netmask {{ subnet | netmask_from_cidr }} { -{% if subnet_config.dns_server is defined and subnet_config.dns_server is not none %} - option domain-name-servers {{ subnet_config.dns_server | join(', ') }}; +{% if subnet_config.name_server is defined and subnet_config.name_server is not none %} + option domain-name-servers {{ subnet_config.name_server | join(', ') }}; {% endif %} {% if subnet_config.domain_search is defined and subnet_config.domain_search is not none %} option domain-search "{{ subnet_config.domain_search | join('", "') }}"; diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in index c0f72dd86..3a1eee60e 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/dhcp-server.xml.in @@ -117,19 +117,7 @@ - - - DNS server IPv4 address - - ipv4 - DNS server IPv4 address - - - - - - - + #include Client Domain Name diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in index 95b1e5602..58181872b 100644 --- a/interface-definitions/dhcpv6-server.xml.in +++ b/interface-definitions/dhcpv6-server.xml.in @@ -14,19 +14,7 @@ Additional global parameters for DHCPv6 server - - - IPv6 address of a Recursive DNS Server - - ipv6 - IPv6 address of DNS name server - - - - - - - + #include @@ -70,19 +58,7 @@ #include - - - IPv6 address of a Recursive DNS Server - - ipv6 - IPv6 address of DNS name server - - - - - - - + #include @@ -194,19 +170,7 @@ - - - IPv6 address of a Recursive DNS Server - - ipv6 - IPv6 address of DNS name server - - - - - - - + #include NIS domain name for client to use diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index 9edd18a66..5d6e25a27 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -142,24 +142,7 @@ 3600 - - - Domain Name Servers (DNS) addresses [OPTIONAL] - - ipv4 - Domain Name Server (DNS) IPv4 address - - - ipv6 - Domain Name Server (DNS) IPv6 address - - - - - - - - + #include Local addresses from which to send DNS queries diff --git a/interface-definitions/include/accel-ppp/name-server.xml.i b/interface-definitions/include/accel-ppp/name-server.xml.i deleted file mode 100644 index e744b384f..000000000 --- a/interface-definitions/include/accel-ppp/name-server.xml.i +++ /dev/null @@ -1,20 +0,0 @@ - - - - Domain Name Server (DNS) propagated to client - - ipv4 - Domain Name Server (DNS) IPv4 address - - - ipv6 - Domain Name Server (DNS) IPv6 address - - - - - - - - - diff --git a/interface-definitions/include/name-server-ipv4-ipv6.xml.i b/interface-definitions/include/name-server-ipv4-ipv6.xml.i new file mode 100644 index 000000000..14973234b --- /dev/null +++ b/interface-definitions/include/name-server-ipv4-ipv6.xml.i @@ -0,0 +1,20 @@ + + + + Domain Name Servers (DNS) addresses + + ipv4 + Domain Name Server (DNS) IPv4 address + + + ipv6 + Domain Name Server (DNS) IPv6 address + + + + + + + + + diff --git a/interface-definitions/include/name-server-ipv4.xml.i b/interface-definitions/include/name-server-ipv4.xml.i new file mode 100644 index 000000000..0cf884e03 --- /dev/null +++ b/interface-definitions/include/name-server-ipv4.xml.i @@ -0,0 +1,15 @@ + + + + Domain Name Servers (DNS) addresses + + ipv4 + Domain Name Server (DNS) IPv4 address + + + + + + + + diff --git a/interface-definitions/include/name-server-ipv6.xml.i b/interface-definitions/include/name-server-ipv6.xml.i new file mode 100644 index 000000000..d4517c4c6 --- /dev/null +++ b/interface-definitions/include/name-server-ipv6.xml.i @@ -0,0 +1,15 @@ + + + + Domain Name Servers (DNS) addresses + + ipv6 + Domain Name Server (DNS) IPv6 address + + + + + + + + diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index 40f8fe65c..51e81390c 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -554,23 +554,7 @@ - - - Domain Name Server (DNS) - - ipv4 - DNS server IPv4 address - - - ipv6 - DNS server IPv6 address - - - - - - - + #include Route to be pushed to all clients diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in index 7c575ba77..b19acab56 100644 --- a/interface-definitions/service_ipoe-server.xml.in +++ b/interface-definitions/service_ipoe-server.xml.in @@ -111,7 +111,7 @@ - #include + #include #include diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 955c104f7..712e6549e 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -59,7 +59,7 @@ #include - #include + #include interface(s) to listen on diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in index e18b27f1b..0f4009f5c 100644 --- a/interface-definitions/service_router-advert.xml.in +++ b/interface-definitions/service_router-advert.xml.in @@ -135,19 +135,7 @@ - - - IPv6 address of recursive DNS server - - ipv6 - IPv6 address of DNS name server - - - - - - - + #include Hosts use the administered (stateful) protocol for autoconfiguration of other (non-address) information diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index 787298284..8bcede159 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -22,7 +22,7 @@ #include - #include + #include L2TP Network Server (LNS) diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in index b345b560e..f35b1ebbd 100644 --- a/interface-definitions/vpn_openconnect.xml.in +++ b/interface-definitions/vpn_openconnect.xml.in @@ -190,7 +190,7 @@ - #include + #include diff --git a/interface-definitions/vpn_pptp.xml.in b/interface-definitions/vpn_pptp.xml.in index 91c8cd76f..9b84a00c1 100644 --- a/interface-definitions/vpn_pptp.xml.in +++ b/interface-definitions/vpn_pptp.xml.in @@ -21,19 +21,7 @@ - - - Domain Name Server (DNS) propagated to client - - ipv4 - Domain Name Server (DNS) IPv4 address - - - - - - - + #include #include diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index 840e237cc..5406ede41 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -27,7 +27,7 @@ #include #include - #include + #include Client IP pools and gateway setting diff --git a/smoketest/scripts/cli/test_service_dhcp-server.py b/smoketest/scripts/cli/test_service_dhcp-server.py index 40977bb04..37e016778 100755 --- a/smoketest/scripts/cli/test_service_dhcp-server.py +++ b/smoketest/scripts/cli/test_service_dhcp-server.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -59,8 +59,8 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet] # we use the first subnet IP address as default gateway self.cli_set(pool + ['default-router', router]) - self.cli_set(pool + ['dns-server', dns_1]) - self.cli_set(pool + ['dns-server', dns_2]) + self.cli_set(pool + ['name-server', dns_1]) + self.cli_set(pool + ['name-server', dns_2]) self.cli_set(pool + ['domain-name', domain_name]) # check validate() - No DHCP address range or active static-mapping set @@ -108,8 +108,8 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet] # we use the first subnet IP address as default gateway self.cli_set(pool + ['default-router', router]) - self.cli_set(pool + ['dns-server', dns_1]) - self.cli_set(pool + ['dns-server', dns_2]) + self.cli_set(pool + ['name-server', dns_1]) + self.cli_set(pool + ['name-server', dns_2]) self.cli_set(pool + ['domain-name', domain_name]) self.cli_set(pool + ['ip-forwarding']) self.cli_set(pool + ['smtp-server', smtp_server]) @@ -201,8 +201,8 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet] # we use the first subnet IP address as default gateway self.cli_set(pool + ['default-router', router]) - self.cli_set(pool + ['dns-server', dns_1]) - self.cli_set(pool + ['dns-server', dns_2]) + self.cli_set(pool + ['name-server', dns_1]) + self.cli_set(pool + ['name-server', dns_2]) self.cli_set(pool + ['domain-name', domain_name]) # check validate() - No DHCP address range or active static-mapping set @@ -261,7 +261,7 @@ class TestServiceDHCPServer(VyOSUnitTestSHIM.TestCase): pool = base_path + ['shared-network-name', shared_net_name, 'subnet', subnet] # we use the first subnet IP address as default gateway self.cli_set(pool + ['default-router', router]) - self.cli_set(pool + ['dns-server', dns_1]) + self.cli_set(pool + ['name-server', dns_1]) self.cli_set(pool + ['domain-name', domain_name]) self.cli_set(pool + ['lease', lease_time]) diff --git a/src/migration-scripts/dhcp-server/5-to-6 b/src/migration-scripts/dhcp-server/5-to-6 index 4cd2ec07a..7f447ac17 100755 --- a/src/migration-scripts/dhcp-server/5-to-6 +++ b/src/migration-scripts/dhcp-server/5-to-6 @@ -14,6 +14,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +# T1968: allow multiple static-routes to be configured +# T3838: rename dns-server -> name-server import sys from vyos.configtree import ConfigTree @@ -45,6 +47,7 @@ for network in config.list_nodes(base): for subnet in config.list_nodes(base_network + ['subnet']): base_subnet = base_network + ['subnet', subnet] + # T1968: allow multiple static-routes to be configured if config.exists(base_subnet + ['static-route']): prefix = config.return_value(base_subnet + ['static-route', 'destination-subnet']) router = config.return_value(base_subnet + ['static-route', 'router']) @@ -53,6 +56,10 @@ for network in config.list_nodes(base): config.set(base_subnet + ['static-route', prefix, 'next-hop'], value=router) config.set_tag(base_subnet + ['static-route']) + # T3838: rename dns-server -> name-server + if config.exists(base_subnet + ['dns-server']): + config.rename(base_subnet + ['dns-server'], 'name-server') + try: with open(file_name, 'w') as f: f.write(config.to_string()) -- cgit v1.2.3 From a00f3bfd0ff580625f63f024bdce9ed55100d63d Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 19 Sep 2021 11:14:43 +0200 Subject: dhcp-server: T3841: add option to perform ICMP check before address assignment (cherry picked from commit 83ea0cb273e29db22062cc133b6eabd4ba2761c7) --- data/templates/dhcp-server/dhcpd.conf.tmpl | 6 ++++++ interface-definitions/dhcp-server.xml.in | 2 ++ interface-definitions/include/dhcp-ping-check.xml.i | 8 ++++++++ 3 files changed, 16 insertions(+) create mode 100644 interface-definitions/include/dhcp-ping-check.xml.i (limited to 'interface-definitions/include') diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl index 9aeaafcc2..11482c1ec 100644 --- a/data/templates/dhcp-server/dhcpd.conf.tmpl +++ b/data/templates/dhcp-server/dhcpd.conf.tmpl @@ -70,6 +70,9 @@ shared-network {{ network | replace('_','-') }} { {% if network_config.authoritative is defined %} authoritative; {% endif %} +{% if network_config.ping_check is defined %} + ping-check true; +{% endif %} {% if network_config.shared_network_parameters is defined and network_config.shared_network_parameters is not none %} # The following {{ network_config.shared_network_parameters | length }} line(s) # were added as shared-network-parameters in the CLI and have not been validated @@ -157,6 +160,9 @@ shared-network {{ network | replace('_','-') }} { default-lease-time {{ subnet_config.lease }}; max-lease-time {{ subnet_config.lease }}; {% endif %} +{% if network_config.ping_check is not defined and subnet_config.ping_check is defined %} + ping-check true; +{% endif %} {% if subnet_config.static_mapping is defined and subnet_config.static_mapping is not none %} {% for host, host_config in subnet_config.static_mapping.items() if host_config.disable is not defined %} host {{ host | replace('_','-') if host_decl_name is defined else network | replace('_','-') + '_' + host | replace('_','-') }} { diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in index 598be74b4..e1d224121 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/dhcp-server.xml.in @@ -107,6 +107,7 @@ Shared-network-name description + #include #include @@ -229,6 +230,7 @@ + #include IP address of POP3 server diff --git a/interface-definitions/include/dhcp-ping-check.xml.i b/interface-definitions/include/dhcp-ping-check.xml.i new file mode 100644 index 000000000..0b2a1214a --- /dev/null +++ b/interface-definitions/include/dhcp-ping-check.xml.i @@ -0,0 +1,8 @@ + + + + Sends ICMP Echo request to the address being assigned + + + + -- cgit v1.2.3 From b72fff14c4061e26657835d72e0944229a196940 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 18 Sep 2021 22:09:05 +0200 Subject: dhcp-server: T3839: support name-servers and domain config per shared-network DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1' (cherry picked from commit d411a40a3598c55fae7abd8bc5f1876007aa704b) --- data/templates/dhcp-server/dhcpd.conf.tmpl | 6 ++++++ interface-definitions/dhcp-server.xml.in | 12 +++--------- interface-definitions/include/dhcp-domain-name.xml.i | 11 +++++++++++ 3 files changed, 20 insertions(+), 9 deletions(-) create mode 100644 interface-definitions/include/dhcp-domain-name.xml.i (limited to 'interface-definitions/include') diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl index 7173986a4..a2d5cb242 100644 --- a/data/templates/dhcp-server/dhcpd.conf.tmpl +++ b/data/templates/dhcp-server/dhcpd.conf.tmpl @@ -70,6 +70,12 @@ shared-network {{ network | replace('_','-') }} { {% if network_config.authoritative is defined %} authoritative; {% endif %} +{% if network_config.name_server is defined and network_config.name_server is not none %} + option domain-name-servers {{ network_config.name_server | join(', ') }}; +{% endif %} +{% if network_config.domain_name is defined and network_config.domain_name is not none %} + option domain-name "{{ network_config.domain_name }}"; +{% endif %} {% if network_config.ping_check is defined %} ping-check true; {% endif %} diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in index 502a07c05..3a2c05698 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/dhcp-server.xml.in @@ -103,6 +103,8 @@ #include + #include + #include #include #include @@ -164,15 +166,7 @@ #include - - - Client Domain Name - - - - Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_ - - + #include #include diff --git a/interface-definitions/include/dhcp-domain-name.xml.i b/interface-definitions/include/dhcp-domain-name.xml.i new file mode 100644 index 000000000..eb95596da --- /dev/null +++ b/interface-definitions/include/dhcp-domain-name.xml.i @@ -0,0 +1,11 @@ + + + + Client Domain Name + + + + Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_ + + + -- cgit v1.2.3 From bc71e8dcfbe0ae8b27c13dbb3ce8358726ef9585 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 19 Sep 2021 11:31:01 +0200 Subject: xml: dhcp-server: move building blocks to dhcp subdirectory (cherry picked from commit 59e5b5eb4c0507f9d3831483152a748b58560bfd) --- interface-definitions/dhcp-server.xml.in | 10 +++++----- interface-definitions/dhcpv6-server.xml.in | 4 ++-- interface-definitions/include/dhcp-domain-name.xml.i | 11 ----------- interface-definitions/include/dhcp-ping-check.xml.i | 8 -------- .../include/dhcp-server-domain-search.xml.i | 12 ------------ interface-definitions/include/dhcp/domain-name.xml.i | 11 +++++++++++ interface-definitions/include/dhcp/domain-search.xml.i | 12 ++++++++++++ interface-definitions/include/dhcp/ping-check.xml.i | 8 ++++++++ interface-definitions/include/generic-description.xml.i | 11 +++++++++++ 9 files changed, 49 insertions(+), 38 deletions(-) delete mode 100644 interface-definitions/include/dhcp-domain-name.xml.i delete mode 100644 interface-definitions/include/dhcp-ping-check.xml.i delete mode 100644 interface-definitions/include/dhcp-server-domain-search.xml.i create mode 100644 interface-definitions/include/dhcp/domain-name.xml.i create mode 100644 interface-definitions/include/dhcp/domain-search.xml.i create mode 100644 interface-definitions/include/dhcp/ping-check.xml.i create mode 100644 interface-definitions/include/generic-description.xml.i (limited to 'interface-definitions/include') diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in index 3a2c05698..2707ce96d 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/dhcp-server.xml.in @@ -102,8 +102,8 @@ - #include - #include + #include + #include #include #include #include @@ -166,8 +166,8 @@ #include - #include - #include + #include + #include Enable DHCP failover support for this subnet @@ -220,7 +220,7 @@ - #include + #include IP address of POP3 server diff --git a/interface-definitions/dhcpv6-server.xml.in b/interface-definitions/dhcpv6-server.xml.in index 18aa53fb8..fb96571f5 100644 --- a/interface-definitions/dhcpv6-server.xml.in +++ b/interface-definitions/dhcpv6-server.xml.in @@ -58,7 +58,7 @@ - #include + #include #include @@ -127,7 +127,7 @@ - #include + #include Parameters relating to the lease time diff --git a/interface-definitions/include/dhcp-domain-name.xml.i b/interface-definitions/include/dhcp-domain-name.xml.i deleted file mode 100644 index eb95596da..000000000 --- a/interface-definitions/include/dhcp-domain-name.xml.i +++ /dev/null @@ -1,11 +0,0 @@ - - - - Client Domain Name - - - - Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_ - - - diff --git a/interface-definitions/include/dhcp-ping-check.xml.i b/interface-definitions/include/dhcp-ping-check.xml.i deleted file mode 100644 index 0b2a1214a..000000000 --- a/interface-definitions/include/dhcp-ping-check.xml.i +++ /dev/null @@ -1,8 +0,0 @@ - - - - Sends ICMP Echo request to the address being assigned - - - - diff --git a/interface-definitions/include/dhcp-server-domain-search.xml.i b/interface-definitions/include/dhcp-server-domain-search.xml.i deleted file mode 100644 index 4fc55097b..000000000 --- a/interface-definitions/include/dhcp-server-domain-search.xml.i +++ /dev/null @@ -1,12 +0,0 @@ - - - - Client Domain Name search list - - - - Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers, period, and underscore. - - - - diff --git a/interface-definitions/include/dhcp/domain-name.xml.i b/interface-definitions/include/dhcp/domain-name.xml.i new file mode 100644 index 000000000..410e27d29 --- /dev/null +++ b/interface-definitions/include/dhcp/domain-name.xml.i @@ -0,0 +1,11 @@ + + + + Client Domain Name + + + + Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_ + + + diff --git a/interface-definitions/include/dhcp/domain-search.xml.i b/interface-definitions/include/dhcp/domain-search.xml.i new file mode 100644 index 000000000..bcc8fcd12 --- /dev/null +++ b/interface-definitions/include/dhcp/domain-search.xml.i @@ -0,0 +1,12 @@ + + + + Client Domain Name search list + + + + Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers, period, and underscore. + + + + diff --git a/interface-definitions/include/dhcp/ping-check.xml.i b/interface-definitions/include/dhcp/ping-check.xml.i new file mode 100644 index 000000000..a506f68e4 --- /dev/null +++ b/interface-definitions/include/dhcp/ping-check.xml.i @@ -0,0 +1,8 @@ + + + + Sends ICMP Echo request to the address being assigned + + + + diff --git a/interface-definitions/include/generic-description.xml.i b/interface-definitions/include/generic-description.xml.i new file mode 100644 index 000000000..03fc564e6 --- /dev/null +++ b/interface-definitions/include/generic-description.xml.i @@ -0,0 +1,11 @@ + + + + Description + + txt + Description + + + + -- cgit v1.2.3 From 10a71d6d0534810c314010adc22ae7265334647c Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 21 Sep 2021 20:01:21 +0200 Subject: dhcp-server: T3839: support domain-search and ntp-server config per shared-network (cherry picked from commit 689d1824d251ea9fbd81bf0c941dbd36e33ef420) --- data/templates/dhcp-server/dhcpd.conf.tmpl | 12 +++++++++--- interface-definitions/dhcp-server.xml.in | 21 ++++++--------------- interface-definitions/include/dhcp/ntp-server.xml.i | 15 +++++++++++++++ 3 files changed, 30 insertions(+), 18 deletions(-) create mode 100644 interface-definitions/include/dhcp/ntp-server.xml.i (limited to 'interface-definitions/include') diff --git a/data/templates/dhcp-server/dhcpd.conf.tmpl b/data/templates/dhcp-server/dhcpd.conf.tmpl index d774b4827..003c585dd 100644 --- a/data/templates/dhcp-server/dhcpd.conf.tmpl +++ b/data/templates/dhcp-server/dhcpd.conf.tmpl @@ -72,6 +72,12 @@ shared-network {{ network | replace('_','-') }} { {% if network_config.domain_name is defined and network_config.domain_name is not none %} option domain-name "{{ network_config.domain_name }}"; {% endif %} +{% if network_config.domain_search is defined and network_config.domain_search is not none %} + option domain-search "{{ network_config.domain_search | join('", "') }}"; +{% endif %} +{% if network_config.ntp_server is defined and network_config.ntp_server is not none %} + option ntp-servers {{ network_config.ntp_server | join(', ') }}; +{% endif %} {% if network_config.ping_check is defined %} ping-check true; {% endif %} @@ -88,6 +94,9 @@ shared-network {{ network | replace('_','-') }} { {% if subnet_config.name_server is defined and subnet_config.name_server is not none %} option domain-name-servers {{ subnet_config.name_server | join(', ') }}; {% endif %} +{% if subnet_config.domain_name is defined and subnet_config.domain_name is not none %} + option domain-name "{{ subnet_config.domain_name }}"; +{% endif %} {% if subnet_config.domain_search is defined and subnet_config.domain_search is not none %} option domain-search "{{ subnet_config.domain_search | join('", "') }}"; {% endif %} @@ -129,9 +138,6 @@ shared-network {{ network | replace('_','-') }} { {% if subnet_config.server_identifier is defined and subnet_config.server_identifier is not none %} option dhcp-server-identifier {{ subnet_config.server_identifier }}; {% endif %} -{% if subnet_config.domain_name is defined and subnet_config.domain_name is not none %} - option domain-name "{{ subnet_config.domain_name }}"; -{% endif %} {% if subnet_config.subnet_parameters is defined and subnet_config.subnet_parameters is not none %} # The following {{ subnet_config.subnet_parameters | length }} line(s) were added as # subnet-parameters in the CLI and have not been validated!!! diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in index 2707ce96d..47bdc4db1 100644 --- a/interface-definitions/dhcp-server.xml.in +++ b/interface-definitions/dhcp-server.xml.in @@ -103,10 +103,12 @@ #include + #include + #include #include - #include #include #include + #include Additional shared-network parameters for DHCP server. @@ -165,9 +167,10 @@ - #include #include #include + #include + #include Enable DHCP failover support for this subnet @@ -207,19 +210,7 @@ 86400 - - - IP address of NTP server - - ipv4 - NTP server IPv4 address - - - - - - - + #include #include diff --git a/interface-definitions/include/dhcp/ntp-server.xml.i b/interface-definitions/include/dhcp/ntp-server.xml.i new file mode 100644 index 000000000..32d8207e5 --- /dev/null +++ b/interface-definitions/include/dhcp/ntp-server.xml.i @@ -0,0 +1,15 @@ + + + + IP address of NTP server + + ipv4 + NTP server IPv4 address + + + + + + + + -- cgit v1.2.3 From dd036c62d1370f655a8d2075577597f24ffff7dc Mon Sep 17 00:00:00 2001 From: Viacheslav Date: Tue, 2 Nov 2021 13:48:36 +0000 Subject: sstp: T2566: Fix to allow IPv6 only pools To allow IPv6 only for vpn sstp sessions we have to add 'ppp-options' which can disable IPv4 allocation explicity. Additional IPv6 ppp-options and fix template for it. --- data/templates/accel-ppp/config_ipv6_pool.j2 | 2 +- data/templates/accel-ppp/sstp.config.tmpl | 6 ++--- .../include/accel-ppp/ppp-options-ipv4.xml.i | 23 ++++++++++++++++ .../include/accel-ppp/ppp-options-ipv6.xml.i | 31 ++++++++++++++++++++++ interface-definitions/vpn_sstp.xml.in | 2 ++ 5 files changed, 60 insertions(+), 4 deletions(-) create mode 100644 interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i create mode 100644 interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i (limited to 'interface-definitions/include') diff --git a/data/templates/accel-ppp/config_ipv6_pool.j2 b/data/templates/accel-ppp/config_ipv6_pool.j2 index f45bf9442..093887f7e 100644 --- a/data/templates/accel-ppp/config_ipv6_pool.j2 +++ b/data/templates/accel-ppp/config_ipv6_pool.j2 @@ -5,7 +5,7 @@ AdvAutonomousFlag=1 {% if client_ipv6_pool.prefix is defined and client_ipv6_pool.prefix is not none %} [ipv6-pool] {% for prefix, options in client_ipv6_pool.prefix.items() %} -{{ prefix }},{{ options.mask }} +{{ prefix }},{{ '64 ' if options.mask is not defined else options.mask }} {% endfor %} {% if client_ipv6_pool.delegate is defined and client_ipv6_pool.delegate is not none %} {% for prefix, options in client_ipv6_pool.delegate.items() %} diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl index d48e9ab0d..7a40a96aa 100644 --- a/data/templates/accel-ppp/sstp.config.tmpl +++ b/data/templates/accel-ppp/sstp.config.tmpl @@ -52,9 +52,9 @@ verbose=1 check-ip=1 {# MTU #} mtu={{ mtu }} -{% if client_ipv6_pool is defined %} -ipv6=allow -{% endif %} +ipv6={{ 'allow' if ppp_options.ipv6 == "deny" and client_ipv6_pool is defined else ppp_options.ipv6 }} +ipv4={{ ppp_options.ipv4 }} + mppe={{ ppp_options.mppe }} lcp-echo-interval={{ ppp_options.lcp_echo_interval }} lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }} diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i new file mode 100644 index 000000000..3e065329d --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv4.xml.i @@ -0,0 +1,23 @@ + + + + IPv4 negotiation algorithm + + ^(deny|allow)$ + + invalid value + + deny + Do not negotiate IPv4 + + + allow + Negotiate IPv4 only if client requests + + + deny allow + + + allow + + diff --git a/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i new file mode 100644 index 000000000..b9fbac5c6 --- /dev/null +++ b/interface-definitions/include/accel-ppp/ppp-options-ipv6.xml.i @@ -0,0 +1,31 @@ + + + + IPv6 (IPCP6) negotiation algorithm + + ^(deny|allow|prefer|require)$ + + invalid value + + deny + Do not negotiate IPv6 + + + allow + Negotiate IPv6 only if client requests + + + prefer + Ask client for IPv6 negotiation, do not fail if it rejects + + + require + Require IPv6 negotiation + + + deny allow prefer require + + + deny + + diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index 5406ede41..ad905a1f0 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -43,6 +43,8 @@ #include + #include + #include #include #include -- cgit v1.2.3 From 01ed77040ec9493e4ca1cf868ff3c22847da4487 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 3 Nov 2021 19:55:23 +0100 Subject: sstp: T2566: use XML defaultValue over Jinja2 hardcoded value --- data/templates/accel-ppp/config_ipv6_pool.j2 | 2 +- .../include/accel-ppp/client-ipv6-pool.xml.i | 1 + python/vyos/configdict.py | 14 ++++++++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) (limited to 'interface-definitions/include') diff --git a/data/templates/accel-ppp/config_ipv6_pool.j2 b/data/templates/accel-ppp/config_ipv6_pool.j2 index 093887f7e..f45bf9442 100644 --- a/data/templates/accel-ppp/config_ipv6_pool.j2 +++ b/data/templates/accel-ppp/config_ipv6_pool.j2 @@ -5,7 +5,7 @@ AdvAutonomousFlag=1 {% if client_ipv6_pool.prefix is defined and client_ipv6_pool.prefix is not none %} [ipv6-pool] {% for prefix, options in client_ipv6_pool.prefix.items() %} -{{ prefix }},{{ '64 ' if options.mask is not defined else options.mask }} +{{ prefix }},{{ options.mask }} {% endfor %} {% if client_ipv6_pool.delegate is defined and client_ipv6_pool.delegate is not none %} {% for prefix, options in client_ipv6_pool.delegate.items() %} diff --git a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i index bd3dadf8d..a692f2335 100644 --- a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i +++ b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i @@ -27,6 +27,7 @@ + 64 diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 73986e9af..3668331bb 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -522,6 +522,11 @@ def get_accel_dict(config, base, chap_secrets): if dict_search('authentication.local_users.username', default_values): del default_values['authentication']['local_users']['username'] + # T2665: defaults include IPv6 client-pool mask per TAG node which need to be + # added to individual local users instead - so we can simply delete them + if dict_search('client_ipv6_pool.prefix.mask', default_values): + del default_values['client_ipv6_pool']['prefix']['mask'] + dict = dict_merge(default_values, dict) # set CPUs cores to process requests @@ -565,4 +570,13 @@ def get_accel_dict(config, base, chap_secrets): dict['authentication']['local_users']['username'][username] = dict_merge( default_values, dict['authentication']['local_users']['username'][username]) + # Add individual IPv6 client-pool default mask if required + if dict_search('client_ipv6_pool.prefix', dict): + # T2665 + default_values = defaults(base + ['client-ipv6-pool', 'prefix']) + + for prefix in dict_search('client_ipv6_pool.prefix', dict): + dict['client_ipv6_pool']['prefix'][prefix] = dict_merge( + default_values, dict['client_ipv6_pool']['prefix'][prefix]) + return dict -- cgit v1.2.3 From 8dcb089916795aa83768fe429c4e280b95079ca9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 3 Nov 2021 20:03:05 +0100 Subject: sstp: accel-ppp: T3964: add missing input validator for static-ip assignment (cherry picked from commit b8f702bc7b6e92b8841271b4a2355d2b65ccb247) --- interface-definitions/include/accel-ppp/auth-local-users.xml.i | 3 +++ 1 file changed, 3 insertions(+) (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/accel-ppp/auth-local-users.xml.i b/interface-definitions/include/accel-ppp/auth-local-users.xml.i index 308d6510d..1b40a9ea7 100644 --- a/interface-definitions/include/accel-ppp/auth-local-users.xml.i +++ b/interface-definitions/include/accel-ppp/auth-local-users.xml.i @@ -18,6 +18,9 @@ Static client IP address + + + * -- cgit v1.2.3