From e3626da307d66c34e4ce12c7c38cdb8fa5da9889 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 30 Mar 2022 19:18:09 +0200 Subject: vyos.util: T4319: add is_ipv6_enabled() helper function (cherry picked from commit df0fbfeedce0f163e9d10be21d58ad4dc797a28a) --- python/vyos/ifconfig/interface.py | 4 ++-- python/vyos/ifconfig/loopback.py | 13 +++++-------- python/vyos/util.py | 4 ++++ 3 files changed, 11 insertions(+), 10 deletions(-) (limited to 'python/vyos') diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index a2fa96d82..99a06b1dd 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -38,7 +38,7 @@ from vyos.util import dict_search from vyos.util import read_file from vyos.util import get_interface_config from vyos.util import is_systemd_service_active -from vyos.util import sysctl_read +from vyos.util import is_ipv6_enabled from vyos.template import is_ipv4 from vyos.template import is_ipv6 from vyos.validate import is_intf_addr_assigned @@ -1359,7 +1359,7 @@ class Interface(Control): self.set_ipv4_source_validation(value) # Only change IPv6 parameters if IPv6 was not explicitly disabled - if sysctl_read('net.ipv6.conf.all.disable_ipv6') == '0': + if is_ipv6_enabled(): # IPv6 forwarding tmp = dict_search('ipv6.disable_forwarding', config) value = '0' if (tmp != None) else '1' diff --git a/python/vyos/ifconfig/loopback.py b/python/vyos/ifconfig/loopback.py index de554ef44..30c890fdf 100644 --- a/python/vyos/ifconfig/loopback.py +++ b/python/vyos/ifconfig/loopback.py @@ -13,9 +13,8 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see . -import vyos.util - from vyos.ifconfig.interface import Interface +from vyos.util import is_ipv6_enabled @Interface.register class LoopbackIf(Interface): @@ -34,8 +33,6 @@ class LoopbackIf(Interface): } } - name = 'loopback' - def remove(self): """ Loopback interface can not be deleted from operating system. We can @@ -62,11 +59,11 @@ class LoopbackIf(Interface): on any interface. """ addr = config.get('address', []) - # We must ensure that the loopback addresses are never deleted from the system - addr += ['127.0.0.1/8'] - if (vyos.util.sysctl_read('net.ipv6.conf.all.disable_ipv6') == '0'): - addr += ['::1/128'] + # We must ensure that the loopback addresses are never deleted from the system + addr.append('127.0.0.1/8') + if is_ipv6_enabled(): + addr.append('::1/128') # Update IP address entry in our dictionary config.update({'address' : addr}) diff --git a/python/vyos/util.py b/python/vyos/util.py index b5d81fba5..4283e604c 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -827,3 +827,7 @@ def sysctl_write(name, value): call(f'sysctl -wq {name}={value}') return True return False + +def is_ipv6_enabled() -> bool: + """ Check if IPv6 support on the system is enabled or not """ + return (sysctl_read('net.ipv6.conf.all.disable_ipv6') == '0') -- cgit v1.2.3 From 24ffc55877ac1b791f876fd454473d0fd9ab750b Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 30 Mar 2022 19:19:54 +0200 Subject: vyos.ifconfig: T4319: add_addr() should not add IPv6 address if it's disabled (cherry picked from commit 60f009defadb9d36bf84def1e839cb11a0b3d619) --- python/vyos/ifconfig/interface.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'python/vyos') diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 99a06b1dd..b06fd1294 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -990,6 +990,10 @@ class Interface(Control): "Can't configure both static IPv4 and DHCP address " "on the same interface")) + # Failsave - do not add IPv6 address if IPv6 is disabled + if is_ipv6(addr) and not is_ipv6_enabled(): + return False + # add to interface if addr == 'dhcp': self.set_dhcp(True) -- cgit v1.2.3 From 8ab73ce0f84e10ae3c4f6bdb341b7b6b11db66b4 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 31 Mar 2022 21:38:17 +0200 Subject: vyos.ifconfig: T4330: bugfix changing MTU when IPv6 is disabled Commit f8b3d8999c ("ipv6: T4319: do not configure IPv6 related settings if it's disabled") moved the MTU configuration part under the code path which is only run if IPv6 is enabled on the system. This prevented MTU changes on IPv6 disabled systems. (cherry picked from commit 53e20097d227ebf4bdb4dc6c85427ec9c5ec3982) --- python/vyos/ifconfig/interface.py | 8 ++++---- smoketest/scripts/cli/test_system_ipv6.py | 12 ++++++++++++ 2 files changed, 16 insertions(+), 4 deletions(-) (limited to 'python/vyos') diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index b06fd1294..e8278b103 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -1386,10 +1386,6 @@ class Interface(Control): value = tmp if (tmp != None) else '1' self.set_ipv6_dad_messages(value) - # MTU - Maximum Transfer Unit - if 'mtu' in config: - self.set_mtu(config.get('mtu')) - # Delete old IPv6 EUI64 addresses before changing MAC for addr in (dict_search('ipv6.address.eui64_old', config) or []): self.del_ipv6_eui64_address(addr) @@ -1406,6 +1402,10 @@ class Interface(Control): for addr in tmp: self.add_ipv6_eui64_address(addr) + # MTU - Maximum Transfer Unit + if 'mtu' in config: + self.set_mtu(config.get('mtu')) + # re-add ourselves to any bridge we might have fallen out of if 'is_bridge_member' in config: bridge_dict = config.get('is_bridge_member') diff --git a/smoketest/scripts/cli/test_system_ipv6.py b/smoketest/scripts/cli/test_system_ipv6.py index 6fe58701b..837d1dc12 100755 --- a/smoketest/scripts/cli/test_system_ipv6.py +++ b/smoketest/scripts/cli/test_system_ipv6.py @@ -21,6 +21,7 @@ from base_vyostest_shim import VyOSUnitTestSHIM from vyos.template import is_ipv4 from vyos.util import read_file from vyos.util import is_ipv6_enabled +from vyos.util import get_interface_config from vyos.validate import is_intf_addr_assigned base_path = ['system', 'ipv6'] @@ -69,6 +70,17 @@ class TestSystemIPv6(VyOSUnitTestSHIM.TestCase): else: self.assertFalse(is_intf_addr_assigned('lo', addr)) + # T4330: Verify MTU can be changed with IPv6 disabled + mtu = '1600' + eth_if = 'eth0' + self.cli_set(['interfaces', 'ethernet', eth_if, 'mtu', mtu]) + self.cli_commit() + + tmp = get_interface_config(eth_if) + self.assertEqual(tmp['mtu'], int(mtu)) + + self.cli_delete(['interfaces', 'ethernet', eth_if, 'mtu']) + def test_system_ipv6_strict_dad(self): # This defaults to 1 self.assertEqual(read_file(file_dad), '1') -- cgit v1.2.3 From 5b11ad0024552f9072c8bc046bb8ce7ad5a193b2 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 31 Mar 2022 21:38:17 +0200 Subject: vyos.ifconfig: T4330: MTU must be configured prior to any IPv6 option change This extends the fix from 53e20097 ("vyos.ifconfig: T4330: bugfix changing MTU when IPv6 is disabled") by ordering the execution in a way the Kernel does not complain. (cherry picked from commit 601ab19fd8c81a998b3c966cc83b85ed60ac5ae0) --- python/vyos/ifconfig/interface.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'python/vyos') diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index e8278b103..214c8dcb1 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -1362,6 +1362,13 @@ class Interface(Control): value = tmp if (tmp != None) else '0' self.set_ipv4_source_validation(value) + # MTU - Maximum Transfer Unit has a default value. It must ALWAYS be set + # before mangling any IPv6 option. If MTU is less then 1280 IPv6 will be + # automatically disabled by the kernel. Also MTU must be increased before + # configuring any IPv6 address on the interface. + if 'mtu' in config: + self.set_mtu(config.get('mtu')) + # Only change IPv6 parameters if IPv6 was not explicitly disabled if is_ipv6_enabled(): # IPv6 forwarding @@ -1402,10 +1409,6 @@ class Interface(Control): for addr in tmp: self.add_ipv6_eui64_address(addr) - # MTU - Maximum Transfer Unit - if 'mtu' in config: - self.set_mtu(config.get('mtu')) - # re-add ourselves to any bridge we might have fallen out of if 'is_bridge_member' in config: bridge_dict = config.get('is_bridge_member') -- cgit v1.2.3