From 0d1c8e4021b8da5c15883b860bd27d4e374bd045 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 27 Mar 2020 18:09:53 +0100 Subject: vyos.util: import cleanup Instead of including all functions/classes from a file, only include the ones we really need. --- python/vyos/util.py | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) (limited to 'python/vyos/util.py') diff --git a/python/vyos/util.py b/python/vyos/util.py index 67a602f7a..e8727c192 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -15,16 +15,16 @@ import os import re -import getpass -import grp -import time -import subprocess import sys - import psutil import vyos.defaults +from getpass import getuser +from grp import getgrnam +from time import sleep +from subprocess import check_output +from ipaddress import ip_network def read_file(path): """ Read a file to string """ @@ -32,6 +32,7 @@ def read_file(path): data = f.read().strip() return data + def colon_separated_to_dict(data_string, uniquekeys=False): """ Converts a string containing newline-separated entries of colon-separated key-value pairs into a dict. @@ -80,12 +81,14 @@ def colon_separated_to_dict(data_string, uniquekeys=False): return data + def process_running(pid_file): """ Checks if a process with PID in pid_file is running """ with open(pid_file, 'r') as f: pid = f.read().strip() return psutil.pid_exists(int(pid)) + def seconds_to_human(s, separator=""): """ Converts number of seconds passed to a human-readable interval such as 1w4d18h35m59s @@ -125,10 +128,12 @@ def seconds_to_human(s, separator=""): return result + def get_cfg_group_id(): - group_data = grp.getgrnam(vyos.defaults.cfg_group) + group_data = getgrnam(vyos.defaults.cfg_group) return group_data.gr_gid + def file_is_persistent(path): if not re.match(r'^(/config|/opt/vyatta/etc/config)', os.path.dirname(path)): warning = "Warning: file {0} is outside the /config directory\n".format(path) @@ -137,6 +142,7 @@ def file_is_persistent(path): else: return (True, None) + def commit_in_progress(): """ Not to be used in normal op mode scripts! """ @@ -154,7 +160,7 @@ def commit_in_progress(): # Since this will be used in scripts that modify the config outside of the CLI # framework, those knowingly have root permissions. # For everything else, we add a safeguard. - id = subprocess.check_output(['/usr/bin/id', '-u']).decode().strip() + id = check_output(['/usr/bin/id', '-u']).decode().strip() if id != '0': raise OSError("This functions needs root permissions to return correct results") @@ -171,12 +177,14 @@ def commit_in_progress(): # Default case return False + def wait_for_commit_lock(): """ Not to be used in normal op mode scripts! """ # Very synchronous approach to multiprocessing while commit_in_progress(): - time.sleep(1) + sleep(1) + def ask_yes_no(question, default=False) -> bool: """Ask a yes/no question via input() and return their answer.""" @@ -196,6 +204,6 @@ def ask_yes_no(question, default=False) -> bool: def is_admin() -> bool: """Look if current user is in sudo group""" - current_user = getpass.getuser() - (_, _, _, admin_group_members) = grp.getgrnam('sudo') + current_user = getuser() + (_, _, _, admin_group_members) = getgrnam('sudo') return current_user in admin_group_members -- cgit v1.2.3 From 822e171a0023c3f8f335cda08bcbf70b2d6d4070 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 28 Mar 2020 11:28:05 +0100 Subject: ipv6: T1831: migrate eui64 addressing to XML and python --- interface-definitions/include/ipv6-address.xml.i | 12 ++++++++ python/vyos/ifconfig/interface.py | 38 ++++++++++++++++++++++-- python/vyos/util.py | 22 ++++++++++++++ src/conf_mode/interfaces-bonding.py | 7 +++++ src/conf_mode/interfaces-bridge.py | 7 +++++ src/conf_mode/interfaces-ethernet.py | 8 ++++- src/conf_mode/interfaces-l2tpv3.py | 7 +++++ src/conf_mode/interfaces-openvpn.py | 7 +++++ src/conf_mode/interfaces-pseudo-ethernet.py | 7 +++++ src/conf_mode/interfaces-vxlan.py | 7 +++++ src/conf_mode/interfaces-wireless.py | 7 +++++ 11 files changed, 126 insertions(+), 3 deletions(-) (limited to 'python/vyos/util.py') diff --git a/interface-definitions/include/ipv6-address.xml.i b/interface-definitions/include/ipv6-address.xml.i index 31629830e..507d5dcc1 100644 --- a/interface-definitions/include/ipv6-address.xml.i +++ b/interface-definitions/include/ipv6-address.xml.i @@ -6,5 +6,17 @@ + + + ssign IPv6 address using EUI-64 based on MAC address + + ipv6net + IPv6 address and prefix length + + + + + + diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index a2d202466..8b41d6158 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -21,10 +21,10 @@ import time from copy import deepcopy from vyos.validate import * # should not * include -from vyos.config import Config # not used anymore +from vyos.util import mac2eui64 from vyos import ConfigError -from ipaddress import IPv4Network, IPv6Address +from ipaddress import IPv4Network, IPv6Address, IPv6Network from netifaces import ifaddresses, AF_INET, AF_INET6 from time import sleep from os.path import isfile @@ -393,6 +393,40 @@ class Interface(DHCP): """ return self.set_interface('ipv6_autoconf', autoconf) + def set_ipv6_eui64_address(self, prefix): + """ + Extended Unique Identifier (EUI), as per RFC2373, allows a host to + assign iteslf a unique IPv6 address based on a given IPv6 prefix. + + If prefix is passed address is assigned, if prefix is '' address is + removed from interface. + """ + # if prefix is an empty string convert it to None so mac2eui64 works + # as expected + if not prefix: + prefix = None + + eui64 = mac2eui64(self.get_mac(), prefix) + + if not prefix: + # if prefix is empty - thus removed - we need to walk through all + # interface IPv6 addresses and find the one with the calculated + # EUI-64 identifier. The address is then removed + for addr in self.get_addr(): + addr_wo_prefix = addr.split('/')[0] + if is_ipv6(addr_wo_prefix): + if eui64 in IPv6Address(addr_wo_prefix).exploded: + self.del_addr(addr) + + return None + + # calculate and add EUI-64 IPv6 address + if IPv6Network(prefix): + # we also need to take the subnet length into account + prefix = prefix.split('/')[1] + eui64 = f'{eui64}/{prefix}' + self.add_addr(eui64 ) + def set_ipv6_forwarding(self, forwarding): """ Configure IPv6 interface-specific Host/Router behaviour. diff --git a/python/vyos/util.py b/python/vyos/util.py index e8727c192..635b11ee5 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -207,3 +207,25 @@ def is_admin() -> bool: current_user = getuser() (_, _, _, admin_group_members) = getgrnam('sudo') return current_user in admin_group_members + + +def mac2eui64(mac, prefix=None): + ''' + Convert a MAC address to a EUI64 address or, with prefix provided, a full + IPv6 address. + Thankfully copied from https://gist.github.com/wido/f5e32576bb57b5cc6f934e177a37a0d3 + ''' + # http://tools.ietf.org/html/rfc4291#section-2.5.1 + eui64 = re.sub(r'[.:-]', '', mac).lower() + eui64 = eui64[0:6] + 'fffe' + eui64[6:] + eui64 = hex(int(eui64[0:2], 16) ^ 2)[2:].zfill(2) + eui64[2:] + + if prefix is None: + return ':'.join(re.findall(r'.{4}', eui64)) + else: + try: + net = ip_network(prefix, strict=False) + euil = int('0x{0}'.format(eui64), 16) + return str(net[euil]) + except: # pylint: disable=bare-except + return diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index ab58b9159..cc119b91a 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -49,6 +49,7 @@ default_config_data = { 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'intf': '', @@ -196,6 +197,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): bond['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + bond['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): bond['ipv6_forwarding'] = 0 @@ -433,6 +438,8 @@ def apply(bond): b.set_proxy_arp_pvlan(bond['ip_proxy_arp_pvlan']) # IPv6 address autoconfiguration b.set_ipv6_autoconf(bond['ipv6_autoconf']) + # IPv6 EUI-based address + b.set_ipv6_eui64_address(bond['ipv6_eui64_prefix']) # IPv6 forwarding b.set_ipv6_forwarding(bond['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index 1e143e30c..28e5957e4 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -47,6 +47,7 @@ default_config_data = { 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'igmp_querier': 0, @@ -159,6 +160,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): bridge['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + bridge['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): bridge['ipv6_forwarding'] = 0 @@ -275,6 +280,8 @@ def apply(bridge): br.set_arp_ignore(bridge['ip_enable_arp_ignore']) # IPv6 address autoconfiguration br.set_ipv6_autoconf(bridge['ipv6_autoconf']) + # IPv6 EUI-based address + br.set_ipv6_eui64_address(bridge['ipv6_eui64_prefix']) # IPv6 forwarding br.set_ipv6_forwarding(bridge['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index c7fabce60..286cab88e 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -49,6 +49,7 @@ default_config_data = { 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'intf': '', @@ -174,6 +175,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): eth['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + eth['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): eth['ipv6_forwarding'] = 0 @@ -341,9 +346,10 @@ def apply(eth): e.set_proxy_arp(eth['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface e.set_proxy_arp_pvlan(eth['ip_proxy_arp_pvlan']) - # Disable IPv6 forwarding on this interface # IPv6 address autoconfiguration e.set_ipv6_autoconf(eth['ipv6_autoconf']) + # IPv6 EUI-based address + e.set_ipv6_eui64_address(eth['ipv6_eui64_prefix']) # IPv6 forwarding e.set_ipv6_forwarding(eth['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 18ae1f4d8..af1d3f482 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -34,6 +34,7 @@ default_config_data = { 'local_port': 5000, 'intf': '', 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'mtu': 1488, @@ -108,6 +109,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): l2tpv3['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + l2tpv3['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): l2tpv3['ipv6_forwarding'] = 0 @@ -210,6 +215,8 @@ def apply(l2tpv3): l.set_mtu(l2tpv3['mtu']) # IPv6 address autoconfiguration l.set_ipv6_autoconf(l2tpv3['ipv6_autoconf']) + # IPv6 EUI-based address + l.set_ipv6_eui64_address(l2tpv3['ipv6_eui64_prefix']) # IPv6 forwarding l.set_ipv6_forwarding(l2tpv3['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index a91cc2d73..17aa4697f 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -295,6 +295,7 @@ default_config_data = { 'hash': '', 'intf': '', 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'ping_restart': '60', @@ -497,6 +498,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): openvpn['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + openvpn['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): openvpn['ipv6_forwarding'] = 0 @@ -1056,6 +1061,8 @@ def apply(openvpn): o.set_alias(openvpn['description']) # IPv6 address autoconfiguration o.set_ipv6_autoconf(openvpn['ipv6_autoconf']) + # IPv6 EUI-based address + o.set_ipv6_eui64_address(openvpn['ipv6_eui64_prefix']) # IPv6 forwarding o.set_ipv6_forwarding(openvpn['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 4b1abc553..56d4fdfc3 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -46,6 +46,7 @@ default_config_data = { 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'intf': '', @@ -152,6 +153,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): peth['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + peth['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): peth['ipv6_forwarding'] = 0 @@ -313,6 +318,8 @@ def apply(peth): p.set_proxy_arp_pvlan(peth['ip_proxy_arp_pvlan']) # IPv6 address autoconfiguration p.set_ipv6_autoconf(peth['ipv6_autoconf']) + # IPv6 EUI-based address + p.set_ipv6_eui64_address(peth['ipv6_eui64_prefix']) # IPv6 forwarding p.set_ipv6_forwarding(peth['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 294864bc1..3d2638c6f 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -38,6 +38,7 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'link': '', @@ -110,6 +111,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): vxlan['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + vxlan['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): vxlan['ipv6_forwarding'] = 0 @@ -218,6 +223,8 @@ def apply(vxlan): v.set_proxy_arp(vxlan['ip_proxy_arp']) # IPv6 address autoconfiguration v.set_ipv6_autoconf(vxlan['ipv6_autoconf']) + # IPv6 EUI-based address + v.set_ipv6_eui64_address(vxlan['ipv6_eui64_prefix']) # IPv6 forwarding v.set_ipv6_forwarding(vxlan['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index d368cfa5d..2c67c39ae 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -828,6 +828,7 @@ default_config_data = { 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'mac' : '', @@ -1143,6 +1144,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): wifi['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + wifi['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # ARP enable ignore if conf.exists('ip enable-arp-ignore'): wifi['ip_enable_arp_ignore'] = 1 @@ -1504,6 +1509,8 @@ def apply(wifi): w.set_arp_ignore(wifi['ip_enable_arp_ignore']) # IPv6 address autoconfiguration w.set_ipv6_autoconf(wifi['ipv6_autoconf']) + # IPv6 EUI-based address + w.set_ipv6_eui64_address(wifi['ipv6_eui64_prefix']) # IPv6 forwarding w.set_ipv6_forwarding(wifi['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries -- cgit v1.2.3