From ecdc9b1f0bf47b762669d8600aaddc5cfa5ed206 Mon Sep 17 00:00:00 2001
From: aapostoliuk <a.apostoliuk@vyos.io>
Date: Thu, 16 Mar 2023 12:33:18 +0200
Subject: ipsec: T5043: Rewritten and fixed 'reset vpn' commands

1. Rewritten CLI of 'reset vpn' commands.
2. Created 'reset vpn ipsec remote-access' commands to reset
   RA IKEv2 session.
3. Created 'reset vpn ipsec site-to-site all' command to reset all
   configured IPSec site-to-site peers sessions.
4. Rewritten 'reset vpn l2t|pptp|sstp' commands to
   new opmode style.
---
 op-mode-definitions/reset-vpn.xml.in | 120 +++++++++++++++++------------------
 op-mode-definitions/vpn-ipsec.xml.in |  97 +++++++++++++++++++---------
 2 files changed, 126 insertions(+), 91 deletions(-)

(limited to 'op-mode-definitions')

diff --git a/op-mode-definitions/reset-vpn.xml.in b/op-mode-definitions/reset-vpn.xml.in
index 94ee1c7df..8de95d1cc 100644
--- a/op-mode-definitions/reset-vpn.xml.in
+++ b/op-mode-definitions/reset-vpn.xml.in
@@ -7,82 +7,78 @@
           <help>Reset Virtual Private Network (VPN) information</help>
         </properties>
         <children>
-          <node name="remote-access">
+          <node name="l2tp">
             <properties>
-              <help>Reset remote access VPN connections</help>
+              <help>Reset L2TP server VPN sessions</help>
             </properties>
             <children>
               <node name="all">
                 <properties>
-                  <help>Terminate all users current remote access VPN session(s)</help>
+                  <help>Reset all L2TP server VPN sessions</help>
                 </properties>
-                <children>
-                  <node name="protocol">
-                    <properties>
-                      <help>Terminate specified users current remote access VPN session(s) with specified protocol</help>
-                    </properties>
-                    <children>
-                      <leafNode name="l2tp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with L2TP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="l2tp"</command>
-                      </leafNode>
-                      <leafNode name="pptp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with PPTP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="pptp"</command>
-                      </leafNode>
-                      <leafNode name="sstp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with SSTP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users" --protocol="sstp"</command>
-                      </leafNode>
-                    </children>
-                  </node>
-                </children>
-                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="all_users"</command>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp"</command>
               </node>
               <tagNode name="interface">
                 <properties>
-                  <help>Terminate a remote access VPN interface</help>
+                  <help>Reset specified interface on L2TP VPN server</help>
                 </properties>
-                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --interface="$5"</command>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp" --interface="$5"</command>
               </tagNode>
               <tagNode name="user">
                 <properties>
-                  <help>Terminate specified users current remote access VPN session(s)</help>
+                  <help>Reset specified user on L2TP VPN server</help>
                 </properties>
-                <children>
-                  <node name="protocol">
-                    <properties>
-                      <help>Terminate specified users current remote access VPN session(s) with specified protocol</help>
-                    </properties>
-                    <children>
-                      <leafNode name="l2tp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with L2TP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5" --protocol="l2tp"</command>
-                      </leafNode>
-                      <leafNode name="pptp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with PPTP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5" --protocol="pptp"</command>
-                      </leafNode>
-                      <leafNode name="sstp">
-                        <properties>
-                          <help>Terminate all users current remote access VPN session(s) with SSTP protocol</help>
-                        </properties>
-                        <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5" --protocol="sstp"</command>
-                      </leafNode>
-                    </children>
-                  </node>
-                </children>
-                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py --username="$5"</command>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="l2tp" --username="$5"</command>
+              </tagNode>
+            </children>
+          </node>
+          <node name="pptp">
+            <properties>
+              <help>Reset PPTP server VPN sessions</help>
+            </properties>
+            <children>
+              <node name="all">
+                <properties>
+                  <help>Reset all PPTP server VPN sessions</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp"</command>
+              </node>
+              <tagNode name="interface">
+                <properties>
+                  <help>Reset specified interface on PPTP VPN server</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp" --interface="$5"</command>
+              </tagNode>
+              <tagNode name="user">
+                <properties>
+                  <help>Reset specified user on PPTP VPN server</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="pptp" --username="$5"</command>
+              </tagNode>
+            </children>
+          </node>
+          <node name="sstp">
+            <properties>
+              <help>Reset SSTP server VPN sessions</help>
+            </properties>
+            <children>
+              <node name="all">
+                <properties>
+                  <help>Reset all SSTP server VPN sessions</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp"</command>
+              </node>
+              <tagNode name="interface">
+                <properties>
+                  <help>Reset specified interface on SSTP VPN server</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp" --interface="$5"</command>
+              </tagNode>
+              <tagNode name="user">
+                <properties>
+                  <help>Reset specified user on SSTP VPN server</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/reset_vpn.py reset_conn --protocol="sstp" --username="$5"</command>
               </tagNode>
             </children>
           </node>
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in
index ee006a2d5..5baaec7ce 100644
--- a/op-mode-definitions/vpn-ipsec.xml.in
+++ b/op-mode-definitions/vpn-ipsec.xml.in
@@ -7,49 +7,88 @@
           <help>Reset Virtual Private Network (VPN) information</help>
         </properties>
         <children>
-          <tagNode name="ipsec-peer">
+          <node name="ipsec">
             <properties>
-              <help>Reset all tunnels for given peer</help>
-              <completionHelp>
-                <path>vpn ipsec site-to-site peer</path>
-              </completionHelp>
+              <help>Reset IPSec VPN sessions</help>
             </properties>
             <children>
-              <tagNode name="tunnel">
+              <tagNode name="profile">
                 <properties>
-                  <help>Reset a specific tunnel for given peer</help>
+                  <help>Reset all tunnels for given DMVPN profile</help>
                   <completionHelp>
-                    <path>vpn ipsec site-to-site peer ${COMP_WORDS[3]} tunnel</path>
+                    <path>vpn ipsec profile</path>
                   </completionHelp>
                 </properties>
-                <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4" --tunnel="$6"</command>
+                <children>
+                  <tagNode name="tunnel">
+                    <properties>
+                      <help>Reset a specific tunnel for given DMVPN profile</help>
+                    </properties>
+                    <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$6" --tunnel="$8"</command>
+                  </tagNode>
+                </children>
+                <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$6" --tunnel="all"</command>
               </tagNode>
-              <node name="vti">
+              <node name="remote-access">
                 <properties>
-                  <help>Reset the VTI tunnel for given peer</help>
+                  <help>Reset remote access IPSec VPN connections</help>
                 </properties>
-                <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4" --tunnel="vti"</command>
+                <children>
+                  <node name="all">
+                    <properties>
+                      <help>Reset all users current remote access IPSec VPN sessions</help>
+                    </properties>
+                     <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_ra</command>
+                  </node>
+                  <tagNode name="user">
+                    <properties>
+                      <help>Reset specified user current remote access IPsec VPN session(s)</help>
+                    </properties>
+                    <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_ra --user="$6"</command>
+                  </tagNode>
+                </children>
               </node>
-            </children>
-            <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4"</command>
-          </tagNode>
-          <tagNode name="ipsec-profile">
-            <properties>
-              <help>Reset all tunnels for given DMVPN profile</help>
-              <completionHelp>
-                <path>vpn ipsec profile</path>
-              </completionHelp>
-            </properties>
-            <children>
-              <tagNode name="tunnel">
+              <node name="site-to-site">
                 <properties>
-                  <help>Reset a specific tunnel for given DMVPN profile</help>
+                  <help>Reset site-to-site IPSec VPN connections</help>
                 </properties>
-                <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="$6"</command>
-              </tagNode>
+                <children>
+                  <node name="all">
+                    <properties>
+                      <help>Reset all site-to-site IPSec VPN sessions</help>
+                    </properties>
+                     <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_all_peers</command>
+                  </node>
+                  <tagNode name="peer">
+                    <properties>
+                      <help>Reset all tunnels for given peer</help>
+                      <completionHelp>
+                        <path>vpn ipsec site-to-site peer</path>
+                      </completionHelp>
+                    </properties>
+                    <children>
+                      <tagNode name="tunnel">
+                        <properties>
+                          <help>Reset a specific tunnel for given peer</help>
+                          <completionHelp>
+                            <path>vpn ipsec site-to-site peer ${COMP_WORDS[5]} tunnel</path>
+                          </completionHelp>
+                        </properties>
+                        <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="$8"</command>
+                      </tagNode>
+                      <node name="vti">
+                        <properties>
+                          <help>Reset the VTI tunnel for given peer</help>
+                        </properties>
+                        <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="vti"</command>
+                      </node>
+                    </children>
+                    <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6"</command>
+                  </tagNode>
+                </children>
+              </node>
             </children>
-            <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="all"</command>
-          </tagNode>
+          </node>
         </children>
       </node>
     </children>
-- 
cgit v1.2.3


From a1c9c36c917a23d4cc3d5a9bbdd92c18829679b7 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 28 Mar 2023 13:55:08 -0500
Subject: interfaces: T4885: add op-mode-defs for clear interfaces counters

---
 op-mode-definitions/counters.xml.in | 598 ++++++++++++++++++++++++++++++++++++
 op-mode-definitions/wireless.xml.in |  40 ---
 2 files changed, 598 insertions(+), 40 deletions(-)
 create mode 100644 op-mode-definitions/counters.xml.in
 delete mode 100644 op-mode-definitions/wireless.xml.in

(limited to 'op-mode-definitions')

diff --git a/op-mode-definitions/counters.xml.in b/op-mode-definitions/counters.xml.in
new file mode 100644
index 000000000..4bf08d201
--- /dev/null
+++ b/op-mode-definitions/counters.xml.in
@@ -0,0 +1,598 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="clear">
+    <children>
+      <node name="interfaces">
+        <children>
+          <node name="counters">
+            <properties>
+              <help>Clear interface counters for all interfaces</help>
+            </properties>
+            <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters</command>
+          </node>
+          <node name="bonding">
+            <properties>
+              <help>Clear Bonding interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all bonding interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="bonding">
+            <properties>
+              <help>Clear interface information for a given bonding interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type bonding</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given bonding interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="bridge">
+            <properties>
+              <help>Clear Bridge interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all bridge interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="bridge">
+            <properties>
+              <help>Clear interface information for a given bridge interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type bridge</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given bridge interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="dummy">
+            <properties>
+              <help>Clear Dummy interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all dummy interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="dummy">
+            <properties>
+              <help>Clear interface information for a given dummy interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type dummy</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given dummy interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="ethernet">
+            <properties>
+              <help>Clear Ethernet interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all ethernet interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="ethernet">
+            <properties>
+              <help>Clear interface information for a given ethernet interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type ethernet</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given ethernet interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="geneve">
+            <properties>
+              <help>Clear GENEVE interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all GENEVE interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="geneve">
+            <properties>
+              <help>Clear interface information for a given GENEVE interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type geneve</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given GENEVE interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="input">
+            <properties>
+              <help>Clear Input (ifb) interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all Input interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="input">
+            <properties>
+              <help>Clear interface information for a given Input interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type input</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given Input interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="l2tpv3">
+            <properties>
+              <help>Clear L2TPv3 interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all L2TPv3 interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="l2tpv3">
+            <properties>
+              <help>Clear interface information for a given L2TPv3 interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type l2tpeth</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given L2TPv3 interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="loopback">
+            <properties>
+              <help>Clear Loopback interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all loopback interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="loopback">
+            <properties>
+              <help>Clear interface information for a given loopback interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type loopback</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given loopback interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="macsec">
+            <properties>
+              <help>Clear MACsec interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all MACsec interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="macsec">
+            <properties>
+              <help>Clear interface information for a given MACsec interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type macsec</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given MACsec interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="openvpn">
+            <properties>
+              <help>Clear OpenVPN interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all OpenVPN interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="openvpn">
+            <properties>
+              <help>Clear interface information for a given OpenVPN interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type openvpn</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given OpenVPN interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="pppoe">
+            <properties>
+              <help>Clear PPPoE interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all PPPoE interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="pppoe">
+            <properties>
+              <help>Clear interface information for a given PPPoE interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type pppoe</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given PPPoE interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="pseudo-ethernet">
+            <properties>
+              <help>Clear Pseudo-Ethernet/MACvlan interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all Pseudo-Ethernet interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="pseudo-ethernet">
+            <properties>
+              <help>Clear interface information for a given Pseudo-Ethernet interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type pseudo-ethernet</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given Pseudo-Ethernet interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="sstp">
+            <properties>
+              <help>Clear SSTP interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all SSTP interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="sstp">
+            <properties>
+              <help>Clear interface information for a given SSTP interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type sstp</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given SSTP interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="tunnel">
+            <properties>
+              <help>Clear Tunnel interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all tunnel interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="tunnel">
+            <properties>
+              <help>Clear interface information for a given tunnel interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type tunnel</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given tunnel interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="virtual-ethernet">
+            <properties>
+              <help>Clear virtual-ethernet interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all virtual-ethernet interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="virtual-ethernet">
+            <properties>
+              <help>Clear interface information for a given virtual-ethernet interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type virtual-ethernet</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given virtual-ethernet interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="vti">
+            <properties>
+              <help>Clear VTI interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all VTI interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="vti">
+            <properties>
+              <help>Clear interface information for a given VTI interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type vti</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given VTI interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="vxlan">
+            <properties>
+              <help>Clear VXLAN interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all VXLAN interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="vxlan">
+            <properties>
+              <help>Clear interface information for a given VXLAN interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type vxlan</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given VXLAN interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="wireguard">
+            <properties>
+              <help>Clear Wireguard interface information</help>
+            </properties>
+            <children>
+              <node name="counters">
+                <properties>
+                  <help>Clear all Wireguard interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </node>
+            </children>
+          </node>
+          <tagNode name="wireguard">
+            <properties>
+              <help>Clear interface information for a given Wireguard interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type wireguard</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear interface counters for a given Wireguard interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="wireless">
+            <properties>
+              <help>Clear Wireless (WLAN) interface information</help>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear all wireless interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </leafNode>
+            </children>
+          </node>
+          <tagNode name="wireless">
+            <properties>
+              <help>Clear interface information for a given wireless interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type wireless</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear counters for a given wireless interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+          <node name="wwan">
+            <properties>
+              <help>Clear Wireless Modem (WWAN) interface information</help>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear all WWAN interface counters</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_type "$3"</command>
+              </leafNode>
+            </children>
+          </node>
+          <tagNode name="wwan">
+            <properties>
+              <help>Clear interface information for a given WWAN interface</help>
+              <completionHelp>
+                <script>${vyos_completion_dir}/list_interfaces --type wwan</script>
+              </completionHelp>
+            </properties>
+            <children>
+              <leafNode name="counters">
+                <properties>
+                  <help>Clear counters for a given WWAN interface</help>
+                </properties>
+                <command>sudo ${vyos_op_scripts_dir}/interfaces.py clear_counters --intf_name "$4"</command>
+              </leafNode>
+            </children>
+          </tagNode>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
+
diff --git a/op-mode-definitions/wireless.xml.in b/op-mode-definitions/wireless.xml.in
deleted file mode 100644
index 25809e0b8..000000000
--- a/op-mode-definitions/wireless.xml.in
+++ /dev/null
@@ -1,40 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="clear">
-    <children>
-      <node name="interfaces">
-        <children>
-          <node name="wireless">
-            <properties>
-              <help>Clear wireless interface information</help>
-            </properties>
-            <children>
-              <leafNode name="counters">
-                <properties>
-                  <help>Clear all wireless interface counters</help>
-                </properties>
-                <command>sudo ${vyos_op_scripts_dir}/show_interfaces.py --action=clear --intf-type="$3"</command>
-              </leafNode>
-            </children>
-          </node>
-          <tagNode name="wireless">
-            <properties>
-              <help>Clear interface information for a given wireless interface</help>
-              <completionHelp>
-                <script>${vyos_completion_dir}/list_interfaces --type wireless</script>
-              </completionHelp>
-            </properties>
-            <children>
-              <leafNode name="counters">
-                <properties>
-                  <help>Clear all wireless interface counters</help>
-                </properties>
-                <command>sudo ${vyos_op_scripts_dir}/show_interfaces.py --action=clear --intf="$4"</command>
-              </leafNode>
-            </children>
-          </tagNode>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
-- 
cgit v1.2.3


From a78982625a8a18069bd5a13744734873698fd0f9 Mon Sep 17 00:00:00 2001
From: aapostoliuk <a.apostoliuk@vyos.io>
Date: Thu, 30 Mar 2023 18:28:56 +0300
Subject: ipsec: T5093: Fixed 'reset vpn ipsec profile' command

Fixed 'reset vpn ipsec profile' command
using vici library and new op-mode style.
Added ability to use 'reset vpn ipsec profile' command
with 'remote-host' option.
---
 op-mode-definitions/vpn-ipsec.xml.in         | 19 +++++++--
 python/vyos/ipsec.py                         | 38 +++++++++++++++++
 src/completion/list_ipsec_profile_tunnels.py | 48 +++++++++++++++++++++
 src/op_mode/ipsec.py                         | 62 ++++++++++++++++++++++++++++
 src/op_mode/vpn_ipsec.py                     | 61 ++-------------------------
 5 files changed, 168 insertions(+), 60 deletions(-)
 create mode 100644 src/completion/list_ipsec_profile_tunnels.py

(limited to 'op-mode-definitions')

diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in
index 5baaec7ce..5a7e6dd63 100644
--- a/op-mode-definitions/vpn-ipsec.xml.in
+++ b/op-mode-definitions/vpn-ipsec.xml.in
@@ -14,7 +14,7 @@
             <children>
               <tagNode name="profile">
                 <properties>
-                  <help>Reset all tunnels for given DMVPN profile</help>
+                  <help>Reset a specific tunnel for given DMVPN profile</help>
                   <completionHelp>
                     <path>vpn ipsec profile</path>
                   </completionHelp>
@@ -23,11 +23,24 @@
                   <tagNode name="tunnel">
                     <properties>
                       <help>Reset a specific tunnel for given DMVPN profile</help>
+                      <completionHelp>
+                        <script>sudo ${vyos_completion_dir}/list_ipsec_profile_tunnels.py --profile ${COMP_WORDS[4]}</script>
+                      </completionHelp>
                     </properties>
-                    <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$6" --tunnel="$8"</command>
+                    <children>
+                      <tagNode name="remote-host">
+                        <properties>
+                          <help>Reset a specific tunnel for given DMVPN NBMA</help>
+                          <completionHelp>
+                            <list>&lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
+                          </completionHelp>
+                        </properties>
+                        <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_profile_dst --profile="$5" --tunnel="$7" --nbma_dst="$9"</command>
+                      </tagNode>
+                    </children>
+                    <command>sudo ${vyos_op_scripts_dir}/ipsec.py reset_profile_all --profile="$5" --tunnel="$7"</command>
                   </tagNode>
                 </children>
-                <command>sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$6" --tunnel="all"</command>
               </tagNode>
               <node name="remote-access">
                 <properties>
diff --git a/python/vyos/ipsec.py b/python/vyos/ipsec.py
index cb7c39ff6..bb5611025 100644
--- a/python/vyos/ipsec.py
+++ b/python/vyos/ipsec.py
@@ -139,3 +139,41 @@ def terminate_vici_by_name(ike_name: str, child_name: str) -> None:
         else:
             raise ViciCommandError(
                 f'Failed to terminate SA for IKE {ike_name}')
+
+
+def vici_initiate(ike_sa_name: str, child_sa_name: str, src_addr: str,
+                  dst_addr: str) -> bool:
+    """Initiate IKE SA connection with specific peer
+
+    Args:
+        ike_sa_name (str): an IKE SA connection name
+        child_sa_name (str): a child SA profile name
+        src_addr (str): source address
+        dst_addr (str): remote address
+
+    Returns:
+        bool: a result of initiation command
+    """
+    from vici import Session as vici_session
+
+    try:
+        session = vici_session()
+    except Exception:
+        raise ViciInitiateError("IPsec not initialized")
+
+    try:
+        session_generator = session.initiate({
+            'ike': ike_sa_name,
+            'child': child_sa_name,
+            'timeout': '-1',
+            'my-host': src_addr,
+            'other-host': dst_addr
+        })
+        # a dummy `for` loop is required because of requirements
+        # from vici. Without a full iteration on the output, the
+        # command to vici may not be executed completely
+        for _ in session_generator:
+            pass
+        return True
+    except Exception:
+        raise ViciCommandError(f'Failed to initiate SA for IKE {ike_sa_name}')
\ No newline at end of file
diff --git a/src/completion/list_ipsec_profile_tunnels.py b/src/completion/list_ipsec_profile_tunnels.py
new file mode 100644
index 000000000..df6c52f6d
--- /dev/null
+++ b/src/completion/list_ipsec_profile_tunnels.py
@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019-2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import sys
+import argparse
+
+from vyos.config import Config
+from vyos.util import dict_search
+
+def get_tunnels_from_ipsecprofile(profile):
+    config = Config()
+    base = ['vpn', 'ipsec', 'profile', profile, 'bind']
+    profile_conf = config.get_config_dict(base, effective=True, key_mangling=('-', '_'))
+    tunnels = []
+
+    try:
+        for tunnel in (dict_search('bind.tunnel', profile_conf) or []):
+            tunnels.append(tunnel)
+    except:
+        pass
+
+    return tunnels
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument("-p", "--profile", type=str, help="List tunnels per profile")
+    args = parser.parse_args()
+
+    tunnels = []
+
+    tunnels = get_tunnels_from_ipsecprofile(args.profile)
+
+    print(" ".join(tunnels))
+
diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py
index 6acde08ea..7f4fb72e5 100755
--- a/src/op_mode/ipsec.py
+++ b/src/op_mode/ipsec.py
@@ -13,6 +13,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
 import re
 import sys
 import typing
@@ -487,6 +488,67 @@ def reset_ra(username: typing.Optional[str] = None):
         vyos.ipsec.terminate_vici_ikeid_list(list_sa_id)
 
 
+def reset_profile_dst(profile: str, tunnel: str, nbma_dst: str):
+    if profile and tunnel and nbma_dst:
+        ike_sa_name = f'dmvpn-{profile}-{tunnel}'
+        try:
+            # Get IKE SAs
+            sa_list = convert_data(
+                vyos.ipsec.get_vici_sas_by_name(ike_sa_name, None))
+            if not sa_list:
+                raise vyos.opmode.IncorrectValue(
+                    f'SA(s) for profile {profile} tunnel {tunnel} not found, aborting')
+            sa_nbma_list = list([x for x in sa_list if
+                                 ike_sa_name in x and x[ike_sa_name][
+                                     'remote-host'] == nbma_dst])
+            if not sa_nbma_list:
+                raise vyos.opmode.IncorrectValue(
+                    f'SA(s) for profile {profile} tunnel {tunnel} remote-host {nbma_dst} not found, aborting')
+            # terminate IKE SAs
+            vyos.ipsec.terminate_vici_ikeid_list(list(
+                [x[ike_sa_name]['uniqueid'] for x in sa_nbma_list if
+                 ike_sa_name in x]))
+            # initiate IKE SAs
+            for ike in sa_nbma_list:
+                if ike_sa_name in ike:
+                    vyos.ipsec.vici_initiate(ike_sa_name, 'dmvpn',
+                                             ike[ike_sa_name]['local-host'],
+                                             ike[ike_sa_name]['remote-host'])
+            print(
+                f'Profile {profile} tunnel {tunnel} remote-host {nbma_dst} reset result: success')
+        except (vyos.ipsec.ViciInitiateError) as err:
+            raise vyos.opmode.UnconfiguredSubsystem(err)
+        except (vyos.ipsec.ViciCommandError) as err:
+            raise vyos.opmode.IncorrectValue(err)
+
+
+def reset_profile_all(profile: str, tunnel: str):
+    if profile and tunnel:
+        ike_sa_name = f'dmvpn-{profile}-{tunnel}'
+        try:
+            # Get IKE SAs
+            sa_list: list = convert_data(
+                vyos.ipsec.get_vici_sas_by_name(ike_sa_name, None))
+            if not sa_list:
+                raise vyos.opmode.IncorrectValue(
+                    f'SA(s) for profile {profile} tunnel {tunnel} not found, aborting')
+            # terminate IKE SAs
+            vyos.ipsec.terminate_vici_by_name(ike_sa_name, None)
+            # initiate IKE SAs
+            for ike in sa_list:
+                if ike_sa_name in ike:
+                    vyos.ipsec.vici_initiate(ike_sa_name, 'dmvpn',
+                                             ike[ike_sa_name]['local-host'],
+                                             ike[ike_sa_name]['remote-host'])
+                print(
+                    f'Profile {profile} tunnel {tunnel} remote-host {ike[ike_sa_name]["remote-host"]} reset result: success')
+            print(f'Profile {profile} tunnel {tunnel} reset result: success')
+        except (vyos.ipsec.ViciInitiateError) as err:
+            raise vyos.opmode.UnconfiguredSubsystem(err)
+        except (vyos.ipsec.ViciCommandError) as err:
+            raise vyos.opmode.IncorrectValue(err)
+
+
 def show_sa(raw: bool):
     sa_data = _get_raw_data_sas()
     if raw:
diff --git a/src/op_mode/vpn_ipsec.py b/src/op_mode/vpn_ipsec.py
index 2392cfe92..b81d1693e 100755
--- a/src/op_mode/vpn_ipsec.py
+++ b/src/op_mode/vpn_ipsec.py
@@ -16,12 +16,12 @@
 
 import re
 import argparse
-from subprocess import TimeoutExpired
 
 from vyos.util import call
 
 SWANCTL_CONF = '/etc/swanctl/swanctl.conf'
 
+
 def get_peer_connections(peer, tunnel, return_all = False):
     search = rf'^[\s]*(peer_{peer}_(tunnel_[\d]+|vti)).*'
     matches = []
@@ -34,57 +34,6 @@ def get_peer_connections(peer, tunnel, return_all = False):
                     matches.append(result[1])
     return matches
 
-def reset_peer(peer, tunnel):
-    if not peer:
-        print('Invalid peer, aborting')
-        return
-
-    conns = get_peer_connections(peer, tunnel, return_all = (not tunnel or tunnel == 'all'))
-
-    if not conns:
-        print('Tunnel(s) not found, aborting')
-        return
-
-    result = True
-    for conn in conns:
-        try:
-            call(f'/usr/sbin/ipsec down {conn}{{*}}', timeout = 10)
-            call(f'/usr/sbin/ipsec up {conn}', timeout = 10)
-        except TimeoutExpired as e:
-            print(f'Timed out while resetting {conn}')
-            result = False
-
-
-    print('Peer reset result: ' + ('success' if result else 'failed'))
-
-def get_profile_connection(profile, tunnel = None):
-    search = rf'(dmvpn-{profile}-[\w]+)' if tunnel == 'all' else rf'(dmvpn-{profile}-{tunnel})'
-    with open(SWANCTL_CONF, 'r') as f:
-        for line in f.readlines():
-            result = re.search(search, line)
-            if result:
-                return result[1]
-    return None
-
-def reset_profile(profile, tunnel):
-    if not profile:
-        print('Invalid profile, aborting')
-        return
-
-    if not tunnel:
-        print('Invalid tunnel, aborting')
-        return
-
-    conn = get_profile_connection(profile)
-
-    if not conn:
-        print('Profile not found, aborting')
-        return
-
-    call(f'/usr/sbin/ipsec down {conn}')
-    result = call(f'/usr/sbin/ipsec up {conn}')
-
-    print('Profile reset result: ' + ('success' if result == 0 else 'failed'))
 
 def debug_peer(peer, tunnel):
     peer = peer.replace(':', '-')
@@ -119,6 +68,7 @@ def debug_peer(peer, tunnel):
     for conn in conns:
         call(f'/usr/sbin/ipsec statusall | grep {conn}')
 
+
 if __name__ == '__main__':
     parser = argparse.ArgumentParser()
     parser.add_argument('--action', help='Control action', required=True)
@@ -127,9 +77,6 @@ if __name__ == '__main__':
 
     args = parser.parse_args()
 
-    if args.action == 'reset-peer':
-        reset_peer(args.name, args.tunnel)
-    elif args.action == "reset-profile":
-        reset_profile(args.name, args.tunnel)
-    elif args.action == "vpn-debug":
+
+    if args.action == "vpn-debug":
         debug_peer(args.name, args.tunnel)
-- 
cgit v1.2.3


From d1345fe688546082a1d8283ccb0c3b05bcd0a1d3 Mon Sep 17 00:00:00 2001
From: fett0 <fernando.gmaidana@gmail.com>
Date: Thu, 30 Mar 2023 22:54:16 +0000
Subject:  T5131: fix op-mode show isis segment-routing prefix-sids

---
 op-mode-definitions/include/isis-common.xml.i | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'op-mode-definitions')

diff --git a/op-mode-definitions/include/isis-common.xml.i b/op-mode-definitions/include/isis-common.xml.i
index 95a171515..4a2f1e503 100644
--- a/op-mode-definitions/include/isis-common.xml.i
+++ b/op-mode-definitions/include/isis-common.xml.i
@@ -122,6 +122,12 @@
       </properties>
       <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
     </leafNode>
+    <leafNode name="prefix-sid">
+     <properties>
+       <help>Show Prefix-SID information</help>
+     </properties>
+     <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
+   </leafNode>
   </children>
   <command>vtysh -c "show isis route"</command>
 </node>
@@ -136,12 +142,6 @@
       </properties>
       <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
     </leafNode>
-    <leafNode name="prefix-sids">
-      <properties>
-        <help>Show prefix segment IDs</help>
-      </properties>
-      <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
-    </leafNode>
   </children>
 </node>
 <leafNode name="spf-delay-ietf">
-- 
cgit v1.2.3


From 657f5c1a08351c7740ff74cc112321d8f4e2155c Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Fri, 31 Mar 2023 13:09:21 +0000
Subject: T5125: Add op-mode for sFlow based on hsflowd

Add op-mode for sFlow based on hsflowd "show sflow"
Add machine readable format '--raw' and formatted output
---
 data/templates/sflow/hsflowd.conf.j2       |   1 +
 op-mode-definitions/sflow.xml.in           |  15 +++++
 smoketest/scripts/cli/test_system_sflow.py |   1 +
 src/op_mode/sflow.py                       | 102 +++++++++++++++++++++++++++++
 4 files changed, 119 insertions(+)
 create mode 100644 op-mode-definitions/sflow.xml.in
 create mode 100755 src/op_mode/sflow.py

(limited to 'op-mode-definitions')

diff --git a/data/templates/sflow/hsflowd.conf.j2 b/data/templates/sflow/hsflowd.conf.j2
index 94f5939be..5000956bd 100644
--- a/data/templates/sflow/hsflowd.conf.j2
+++ b/data/templates/sflow/hsflowd.conf.j2
@@ -28,4 +28,5 @@ sflow {
 {% if drop_monitor_limit is vyos_defined %}
   dropmon { limit={{ drop_monitor_limit }} start=on sw=on hw=off }
 {% endif %}
+  dbus { }
 }
diff --git a/op-mode-definitions/sflow.xml.in b/op-mode-definitions/sflow.xml.in
new file mode 100644
index 000000000..9f02dacda
--- /dev/null
+++ b/op-mode-definitions/sflow.xml.in
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- sflow op mode commands -->
+<interfaceDefinition>
+  <node name="show">
+    <children>
+      <node name="sflow">
+        <properties>
+          <help>Show sFlow statistics</help>
+        </properties>
+        <!-- requires sudo, do not remove it -->
+        <command>sudo ${vyos_op_scripts_dir}/sflow.py show</command>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
diff --git a/smoketest/scripts/cli/test_system_sflow.py b/smoketest/scripts/cli/test_system_sflow.py
index fef88b56a..1aec050a4 100755
--- a/smoketest/scripts/cli/test_system_sflow.py
+++ b/smoketest/scripts/cli/test_system_sflow.py
@@ -91,6 +91,7 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
         self.assertIn(f'collector {{ ip = {server} udpport = {port} }}', hsflowd)
         self.assertIn(f'collector {{ ip = {local_server} udpport = {default_port} }}', hsflowd)
         self.assertIn(f'dropmon {{ limit={mon_limit} start=on sw=on hw=off }}', hsflowd)
+        self.assertIn('dbus { }', hsflowd)
 
         for interface in Section.interfaces('ethernet'):
             self.assertIn(f'pcap {{ dev={interface} }}', hsflowd)
diff --git a/src/op_mode/sflow.py b/src/op_mode/sflow.py
new file mode 100755
index 000000000..1ff006274
--- /dev/null
+++ b/src/op_mode/sflow.py
@@ -0,0 +1,102 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import dbus
+import sys
+
+from tabulate import tabulate
+
+from vyos.configquery import ConfigTreeQuery
+from vyos.util import cmd
+
+import vyos.opmode
+
+
+def _get_raw_sflow():
+    bus = dbus.SystemBus()
+    config = ConfigTreeQuery()
+
+    interfaces = config.values('system sflow interface')
+    servers = config.list_nodes('system sflow server')
+
+    sflow = bus.get_object('net.sflow.hsflowd', '/net/sflow/hsflowd')
+    sflow_telemetry = dbus.Interface(
+        sflow, dbus_interface='net.sflow.hsflowd.telemetry')
+    agent_address = sflow_telemetry.GetAgent()
+    samples_dropped = int(sflow_telemetry.Get('dropped_samples'))
+    samples_packet_sent = int(sflow_telemetry.Get('flow_samples'))
+    samples_counter_sent = int(sflow_telemetry.Get('counter_samples'))
+    datagrams_sent = int(sflow_telemetry.Get('datagrams'))
+    rtmetric_samples = int(sflow_telemetry.Get('rtmetric_samples'))
+    samples_suppressed = int(sflow_telemetry.Get('flow_samples_suppressed'))
+    counter_samples_suppressed = int(
+        sflow_telemetry.Get("counter_samples_suppressed"))
+    version = sflow_telemetry.GetVersion()
+
+    sflow_dict = {
+        'agent_address': agent_address,
+        'sflow_interfaces': interfaces,
+        'sflow_servers': servers,
+        'counter_samples_sent': samples_counter_sent,
+        'datagrams_sent': datagrams_sent,
+        'packet_samples_dropped': samples_dropped,
+        'packet_samples_sent': samples_packet_sent,
+        'rtmetric_samples': rtmetric_samples,
+        'flow_samples_suppressed': samples_suppressed,
+        'counter_samples_suppressed': counter_samples_suppressed,
+        'hsflowd_version': version
+    }
+    return sflow_dict
+
+
+def _get_formatted_sflow(data):
+    table = [
+        ['Agent address', f'{data.get("agent_address")}'],
+        ['sFlow interfaces', f'{data.get("sflow_interfaces", "n/a")}'],
+        ['sFlow servers', f'{data.get("sflow_servers", "n/a")}'],
+        ['Datagrams sent', f'{data.get("datagrams_sent")}'],
+        ['Packet samples sent', f'{data.get("packet_samples_sent")}'],
+        ['Packet samples dropped', f'{data.get("packet_samples_dropped")}'],
+        ['Counter samples sent', f'{data.get("counter_samples_sent")}'],
+        ['Flow samples suppressed', f'{data.get("flow_samples_suppressed")}'],
+        ['Counter samples suppressed', f'{data.get("counter_samples_suppressed")}']
+    ]
+
+    return tabulate(table)
+
+
+def show(raw: bool):
+
+    config = ConfigTreeQuery()
+    if not config.exists('system sflow'):
+        raise vyos.opmode.UnconfiguredSubsystem(
+            '"system sflow" is not configured!')
+
+    sflow_data = _get_raw_sflow()
+    if raw:
+        return sflow_data
+    else:
+        return _get_formatted_sflow(sflow_data)
+
+
+if __name__ == '__main__':
+    try:
+        res = vyos.opmode.run(sys.modules[__name__])
+        if res:
+            print(res)
+    except (ValueError, vyos.opmode.Error) as e:
+        print(e)
+        sys.exit(1)
-- 
cgit v1.2.3


From 15922541cef35956107e0b32ee952fee05928dbd Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sat, 1 Apr 2023 12:33:21 +0200
Subject: isis: op-mode: T5132: bugfix VRF commands for route and neighbor

show isis vrf <name> neighbor|route

did not call the vtysh wrapper but instead always called the commands
for the default routing table.
---
 op-mode-definitions/include/isis-common.xml.i | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'op-mode-definitions')

diff --git a/op-mode-definitions/include/isis-common.xml.i b/op-mode-definitions/include/isis-common.xml.i
index 4a2f1e503..0e20861c7 100644
--- a/op-mode-definitions/include/isis-common.xml.i
+++ b/op-mode-definitions/include/isis-common.xml.i
@@ -94,7 +94,7 @@
       <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
     </leafNode>
   </children>
-  <command>vtysh -c "show isis neighbor"</command>
+  <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
 </node>
 <tagNode name="neighbor">
   <properties>
@@ -129,7 +129,7 @@
      <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
    </leafNode>
   </children>
-  <command>vtysh -c "show isis route"</command>
+  <command>${vyos_op_scripts_dir}/vtysh_wrapper.sh $@</command>
 </node>
 <node name="segment-routing">
   <properties>
-- 
cgit v1.2.3