From 0b6eb4f601dd9717b478ff38e8d4ab4fcd878b15 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Wed, 22 Apr 2020 17:08:44 +0200 Subject: interfaces: T2362: split set_ipv6_eui64_address into add and del functions --- python/vyos/ifconfig/interface.py | 41 ++++++++++++++------------------------- 1 file changed, 15 insertions(+), 26 deletions(-) (limited to 'python') diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 62c30dbf7..a156eddd9 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors +# Copyright 2019-2020 VyOS maintainers and contributors # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -419,39 +419,28 @@ class Interface(Control): """ return self.set_interface('ipv6_autoconf', autoconf) - def set_ipv6_eui64_address(self, prefix): + def add_ipv6_eui64_address(self, prefix): """ Extended Unique Identifier (EUI), as per RFC2373, allows a host to - assign iteslf a unique IPv6 address based on a given IPv6 prefix. + assign itself a unique IPv6 address based on a given IPv6 prefix. - If prefix is passed address is assigned, if prefix is '' address is - removed from interface. + Calculate the EUI64 from the interface's MAC, then assign it + with the given prefix to the interface. """ - # if prefix is an empty string convert it to None so mac2eui64 works - # as expected - if not prefix: - prefix = None eui64 = mac2eui64(self.get_mac(), prefix) + prefixlen = prefix.split('/')[1] + self.add_addr(f'{eui64}/{prefixlen}') - if not prefix: - # if prefix is empty - thus removed - we need to walk through all - # interface IPv6 addresses and find the one with the calculated - # EUI-64 identifier. The address is then removed - for addr in self.get_addr(): - addr_wo_prefix = addr.split('/')[0] - if is_ipv6(addr_wo_prefix): - if eui64 in IPv6Address(addr_wo_prefix).exploded: - self.del_addr(addr) - - return None + def del_ipv6_eui64_address(self, prefix): + """ + Delete the address based on the interface's MAC-based EUI64 + combined with the prefix address. + """ + eui64 = mac2eui64(self.get_mac(), prefix) + prefixlen = prefix.split('/')[1] + self.del_addr(f'{eui64}/{prefixlen}') - # calculate and add EUI-64 IPv6 address - if IPv6Network(prefix): - # we also need to take the subnet length into account - prefix = prefix.split('/')[1] - eui64 = f'{eui64}/{prefix}' - self.add_addr(eui64 ) def set_ipv6_forwarding(self, forwarding): """ -- cgit v1.2.3 From 9f26522388972eb6537446a5030c806a5e1b68ff Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Wed, 22 Apr 2020 18:57:50 +0200 Subject: interfaces: vlan: T2362: add IPv6 EUI64 address to VLAN scripts --- python/vyos/configdict.py | 12 ++++++++++++ python/vyos/ifconfig_vlan.py | 8 ++++++++ 2 files changed, 20 insertions(+) (limited to 'python') diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 24fe174d2..0d315f146 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -125,6 +125,8 @@ def vlan_to_dict(conf): 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': [], + 'ipv6_eui64_prefix_remove': [], 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'ingress_qos': '', @@ -199,6 +201,16 @@ def vlan_to_dict(conf): if conf.exists('ipv6 address autoconf'): vlan['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + vlan['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + + # Determine currently effective EUI64 address - to determine which + # address is no longer valid and needs to be removed + eff_addr = conf.return_effective_value('ipv6 address eui64') + if eff_addr and eff_addr not in vlan['ipv6_eui64_prefix']: + vlan['ipv6_eui64_prefix_remove'].append(eff_addr) + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): vlan['ipv6_forwarding'] = 0 diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py index 899fd17da..ee009f7f9 100644 --- a/python/vyos/ifconfig_vlan.py +++ b/python/vyos/ifconfig_vlan.py @@ -66,10 +66,18 @@ def apply_vlan_config(vlan, config): # assign/remove VRF vlan.set_vrf(config['vrf']) + # Delete old IPv6 EUI64 addresses before changing MAC + for addr in config['ipv6_eui64_prefix_remove']: + vlan.del_ipv6_eui64_address(addr) + # Change VLAN interface MAC address if config['mac']: vlan.set_mac(config['mac']) + # Add IPv6 EUI-based addresses + for addr in config['ipv6_eui64_prefix']: + vlan.add_ipv6_eui64_address(addr) + # enable/disable VLAN interface if config['disable']: vlan.set_admin_state('down') -- cgit v1.2.3 From 76feb7d154a452ba5475b9b6ee720a7a8f5491d5 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Wed, 22 Apr 2020 17:11:14 +0200 Subject: interfaces: T2362: add default IPv6 link-local address to make IPv6 work --- python/vyos/configdict.py | 3 +++ src/conf_mode/interfaces-bonding.py | 3 +++ src/conf_mode/interfaces-bridge.py | 3 +++ src/conf_mode/interfaces-ethernet.py | 3 +++ src/conf_mode/interfaces-l2tpv3.py | 3 +++ src/conf_mode/interfaces-openvpn.py | 3 +++ src/conf_mode/interfaces-pseudo-ethernet.py | 3 +++ src/conf_mode/interfaces-vxlan.py | 3 +++ src/conf_mode/interfaces-wireless.py | 3 +++ 9 files changed, 27 insertions(+) (limited to 'python') diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 0d315f146..611f7dd6e 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -211,6 +211,9 @@ def vlan_to_dict(conf): if eff_addr and eff_addr not in vlan['ipv6_eui64_prefix']: vlan['ipv6_eui64_prefix_remove'].append(eff_addr) + # add the link-local by default to make IPv6 work + vlan['ipv6_eui64_prefix'].append('fe80::/64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): vlan['ipv6_forwarding'] = 0 diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 267a78870..0ce376a16 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -213,6 +213,9 @@ def get_config(): if eff_addr and eff_addr not in bond['ipv6_eui64_prefix']: bond['ipv6_eui64_prefix_remove'].append(eff_addr) + # add the link-local by default to make IPv6 work + bond['ipv6_eui64_prefix'].append('fe80::/64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): bond['ipv6_forwarding'] = 0 diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index 8826c6996..ba459f871 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -171,6 +171,9 @@ def get_config(): if eff_addr and eff_addr not in bridge['ipv6_eui64_prefix']: bridge['ipv6_eui64_prefix_remove'].append(eff_addr) + # add the link-local by default to make IPv6 work + bridge['ipv6_eui64_prefix'].append('fe80::/64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): bridge['ipv6_forwarding'] = 0 diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index 7f4762e84..01a805e8b 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -186,6 +186,9 @@ def get_config(): if eff_addr and eff_addr not in eth['ipv6_eui64_prefix']: eth['ipv6_eui64_prefix_remove'].append(eff_addr) + # add the link-local by default to make IPv6 work + eth['ipv6_eui64_prefix'].append('fe80::/64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): eth['ipv6_forwarding'] = 0 diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 3698f3e12..45b618148 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -117,6 +117,9 @@ def get_config(): if conf.exists('ipv6 address eui64'): l2tpv3['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + # add the link-local by default to make IPv6 work + l2tpv3['ipv6_eui64_prefix'].append('fe80::/64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): l2tpv3['ipv6_forwarding'] = 0 diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 99eb8d6ca..469793910 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -325,6 +325,9 @@ def get_config(): if eff_addr and eff_addr not in openvpn['ipv6_eui64_prefix']: openvpn['ipv6_eui64_prefix_remove'].append(eff_addr) + # add the link-local by default to make IPv6 work + openvpn['ipv6_eui64_prefix'].append('fe80::/64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): openvpn['ipv6_forwarding'] = 0 diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 6f194f814..d7863512e 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -168,6 +168,9 @@ def get_config(): if eff_addr and eff_addr not in peth['ipv6_eui64_prefix']: peth['ipv6_eui64_prefix_remove'].append(eff_addr) + # add the link-local by default to make IPv6 work + peth['ipv6_eui64_prefix'].append('fe80::/64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): peth['ipv6_forwarding'] = 0 diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 5ed19ddf2..69dbe32d8 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -120,6 +120,9 @@ def get_config(): if conf.exists('ipv6 address eui64'): vxlan['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + # add the link-local by default to make IPv6 work + vxlan['ipv6_eui64_prefix'].append('fe80::/64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): vxlan['ipv6_forwarding'] = 0 diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 8f893fa8a..e7c14e3fb 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -379,6 +379,9 @@ def get_config(): if eff_addr and eff_addr not in wifi['ipv6_eui64_prefix']: wifi['ipv6_eui64_prefix_remove'].append(eff_addr) + # add the link-local by default to make IPv6 work + wifi['ipv6_eui64_prefix'].append('fe80::/64') + # ARP enable ignore if conf.exists('ip enable-arp-ignore'): wifi['ip_enable_arp_ignore'] = 1 -- cgit v1.2.3 From d6c08414d55eadd8232b693303f2b14bfe121c01 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Wed, 22 Apr 2020 17:12:25 +0200 Subject: interfaces: T2362: delete and re-add all EUI64 addresses if MAC has changed --- python/vyos/configdict.py | 3 +++ src/conf_mode/interfaces-bonding.py | 8 +++++++- src/conf_mode/interfaces-bridge.py | 8 +++++++- src/conf_mode/interfaces-ethernet.py | 8 +++++++- src/conf_mode/interfaces-pseudo-ethernet.py | 8 +++++++- src/conf_mode/interfaces-wireless.py | 8 +++++++- 6 files changed, 38 insertions(+), 5 deletions(-) (limited to 'python') diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 611f7dd6e..71c85b36d 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -225,6 +225,9 @@ def vlan_to_dict(conf): # Media Access Control (MAC) address if conf.exists('mac'): vlan['mac'] = conf.return_value('mac') + # always recreate EUI64 addresses if mac is set + # I'm not sure how to check if a vlan interface exists or how to get its current mac. + vlan['ipv6_eui64_prefix_remove'] += vlan['ipv6_eui64_prefix'] # Maximum Transmission Unit (MTU) if conf.exists('mtu'): diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 0ce376a16..001da081c 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -20,7 +20,7 @@ from copy import deepcopy from sys import exit from netifaces import interfaces -from vyos.ifconfig import BondIf +from vyos.ifconfig import BondIf, Section from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.configdict import list_diff, vlan_to_dict from vyos.config import Config @@ -228,6 +228,12 @@ def get_config(): if conf.exists('mac'): bond['mac'] = conf.return_value('mac') + # Find out if MAC has changed - if so, we need to delete all IPv6 EUI64 addresses + # before re-adding them + if ( bond['mac'] and bond['intf'] in Section.interfaces(section='bonding') + and bond['mac'] != BondIf(bond['intf'], create=False).get_mac() ): + bond['ipv6_eui64_prefix_remove'] += bond['ipv6_eui64_prefix'] + # Bonding mode if conf.exists('mode'): act_mode = conf.return_value('mode') diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index ba459f871..2ad5ecf2b 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -20,7 +20,7 @@ from copy import deepcopy from sys import exit from netifaces import interfaces -from vyos.ifconfig import BridgeIf +from vyos.ifconfig import BridgeIf, Section from vyos.ifconfig.stp import STP from vyos.configdict import list_diff from vyos.config import Config @@ -186,6 +186,12 @@ def get_config(): if conf.exists('mac'): bridge['mac'] = conf.return_value('mac') + # Find out if MAC has changed - if so, we need to delete all IPv6 EUI64 addresses + # before re-adding them + if ( bridge['mac'] and bridge['intf'] in Section.interfaces(section='bridge') + and bridge['mac'] != BridgeIf(bridge['intf'], create=False).get_mac() ): + bridge['ipv6_eui64_prefix_remove'] += bridge['ipv6_eui64_prefix'] + # Interval at which neighbor bridges are removed if conf.exists('max-age'): bridge['max_age'] = int(conf.return_value('max-age')) diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index 01a805e8b..f620cc6ab 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -20,7 +20,7 @@ from sys import exit from copy import deepcopy from netifaces import interfaces -from vyos.ifconfig import EthernetIf +from vyos.ifconfig import EthernetIf, Section from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.configdict import list_diff, vlan_to_dict from vyos.config import Config @@ -201,6 +201,12 @@ def get_config(): if conf.exists('mac'): eth['mac'] = conf.return_value('mac') + # Find out if MAC has changed - if so, we need to delete all IPv6 EUI64 addresses + # before re-adding them + if ( eth['mac'] and eth['intf'] in Section.interfaces(section='ethernet') + and eth['mac'] != EthernetIf(eth['intf'], create=False).get_mac() ): + eth['ipv6_eui64_prefix_remove'] += eth['ipv6_eui64_prefix'] + # Maximum Transmission Unit (MTU) if conf.exists('mtu'): eth['mtu'] = int(conf.return_value('mtu')) diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index d7863512e..bf19e46b9 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -22,7 +22,7 @@ from netifaces import interfaces from vyos.config import Config from vyos.configdict import list_diff, vlan_to_dict -from vyos.ifconfig import MACVLANIf +from vyos.ifconfig import MACVLANIf, Section from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.validate import is_bridge_member from vyos import ConfigError @@ -190,6 +190,12 @@ def get_config(): if conf.exists(['mac']): peth['mac'] = conf.return_value(['mac']) + # Find out if MAC has changed - if so, we need to delete all IPv6 EUI64 addresses + # before re-adding them + if ( peth['mac'] and peth['intf'] in Section.interfaces(section='pseudo-ethernet') + and peth['mac'] != MACVLANIf(peth['intf'], create=False).get_mac() ): + peth['ipv6_eui64_prefix_remove'] += peth['ipv6_eui64_prefix'] + # MACvlan mode if conf.exists(['mode']): peth['mode'] = conf.return_value(['mode']) diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index e7c14e3fb..82a5a892a 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -25,7 +25,7 @@ from netaddr import EUI, mac_unix_expanded from vyos.config import Config from vyos.configdict import list_diff, vlan_to_dict -from vyos.ifconfig import WiFiIf +from vyos.ifconfig import WiFiIf, Section from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.template import render from vyos.util import chown, call @@ -402,6 +402,12 @@ def get_config(): if conf.exists('mac'): wifi['mac'] = conf.return_value('mac') + # Find out if MAC has changed - if so, we need to delete all IPv6 EUI64 addresses + # before re-adding them + if ( wifi['mac'] and wifi['intf'] in Section.interfaces(section='wireless') + and wifi['mac'] != WiFiIf(wifi['intf'], create=False).get_mac() ): + wifi['ipv6_eui64_prefix_remove'] += wifi['ipv6_eui64_prefix'] + # Maximum number of wireless radio stations if conf.exists('max-stations'): wifi['max_stations'] = conf.return_value('max-stations') -- cgit v1.2.3 From 4940bea4f7b8574d30876fd3d0456e75f6f29877 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Wed, 22 Apr 2020 12:39:22 +0200 Subject: interfaces: T2362: allow setting multiple 'ipv6 address eui64' --- interface-definitions/include/ipv6-address.xml.i | 5 +++-- python/vyos/configdict.py | 11 +++++------ src/conf_mode/interfaces-bonding.py | 11 +++++------ src/conf_mode/interfaces-bridge.py | 11 +++++------ src/conf_mode/interfaces-ethernet.py | 11 +++++------ src/conf_mode/interfaces-l2tpv3.py | 4 ++-- src/conf_mode/interfaces-openvpn.py | 12 ++++++------ src/conf_mode/interfaces-pseudo-ethernet.py | 11 +++++------ src/conf_mode/interfaces-vxlan.py | 4 ++-- src/conf_mode/interfaces-wireless.py | 11 +++++------ 10 files changed, 43 insertions(+), 48 deletions(-) (limited to 'python') diff --git a/interface-definitions/include/ipv6-address.xml.i b/interface-definitions/include/ipv6-address.xml.i index 507d5dcc1..ffc6ef933 100644 --- a/interface-definitions/include/ipv6-address.xml.i +++ b/interface-definitions/include/ipv6-address.xml.i @@ -8,14 +8,15 @@ - ssign IPv6 address using EUI-64 based on MAC address + Prefix for IPv6 address with MAC-based EUI-64 ipv6net - IPv6 address and prefix length + IPv6 network and prefix length + diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 71c85b36d..9ea89194f 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -201,15 +201,14 @@ def vlan_to_dict(conf): if conf.exists('ipv6 address autoconf'): vlan['ipv6_autoconf'] = 1 - # Get prefix for IPv6 addressing based on MAC address (EUI-64) + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): - vlan['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + vlan['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') - # Determine currently effective EUI64 address - to determine which + # Determine currently effective EUI64 addresses - to determine which # address is no longer valid and needs to be removed - eff_addr = conf.return_effective_value('ipv6 address eui64') - if eff_addr and eff_addr not in vlan['ipv6_eui64_prefix']: - vlan['ipv6_eui64_prefix_remove'].append(eff_addr) + eff_addr = conf.return_effective_values('ipv6 address eui64') + vlan['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, vlan['ipv6_eui64_prefix']) # add the link-local by default to make IPv6 work vlan['ipv6_eui64_prefix'].append('fe80::/64') diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 001da081c..6693f3a13 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -203,15 +203,14 @@ def get_config(): if conf.exists('ipv6 address autoconf'): bond['ipv6_autoconf'] = 1 - # Get prefix for IPv6 addressing based on MAC address (EUI-64) + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): - bond['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + bond['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') - # Determine currently effective EUI64 address - to determine which + # Determine currently effective EUI64 addresses - to determine which # address is no longer valid and needs to be removed - eff_addr = conf.return_effective_value('ipv6 address eui64') - if eff_addr and eff_addr not in bond['ipv6_eui64_prefix']: - bond['ipv6_eui64_prefix_remove'].append(eff_addr) + eff_addr = conf.return_effective_values('ipv6 address eui64') + bond['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, bond['ipv6_eui64_prefix']) # add the link-local by default to make IPv6 work bond['ipv6_eui64_prefix'].append('fe80::/64') diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index 2ad5ecf2b..d4470ef26 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -161,15 +161,14 @@ def get_config(): if conf.exists('ipv6 address autoconf'): bridge['ipv6_autoconf'] = 1 - # Get prefix for IPv6 addressing based on MAC address (EUI-64) + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): - bridge['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + bridge['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') - # Determine currently effective EUI64 address - to determine which + # Determine currently effective EUI64 addresses - to determine which # address is no longer valid and needs to be removed - eff_addr = conf.return_effective_value('ipv6 address eui64') - if eff_addr and eff_addr not in bridge['ipv6_eui64_prefix']: - bridge['ipv6_eui64_prefix_remove'].append(eff_addr) + eff_addr = conf.return_effective_values('ipv6 address eui64') + bridge['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, bridge['ipv6_eui64_prefix']) # add the link-local by default to make IPv6 work bridge['ipv6_eui64_prefix'].append('fe80::/64') diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index f620cc6ab..db8e2cd3c 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -176,15 +176,14 @@ def get_config(): if conf.exists('ipv6 address autoconf'): eth['ipv6_autoconf'] = 1 - # Get prefix for IPv6 addressing based on MAC address (EUI-64) + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): - eth['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + eth['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') - # Determine currently effective EUI64 address - to determine which + # Determine currently effective EUI64 addresses - to determine which # address is no longer valid and needs to be removed - eff_addr = conf.return_effective_value('ipv6 address eui64') - if eff_addr and eff_addr not in eth['ipv6_eui64_prefix']: - eth['ipv6_eui64_prefix_remove'].append(eff_addr) + eff_addr = conf.return_effective_values('ipv6 address eui64') + eth['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, eth['ipv6_eui64_prefix']) # add the link-local by default to make IPv6 work eth['ipv6_eui64_prefix'].append('fe80::/64') diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 45b618148..a18cc6161 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -113,9 +113,9 @@ def get_config(): if conf.exists('ipv6 address autoconf'): l2tpv3['ipv6_autoconf'] = 1 - # Get prefix for IPv6 addressing based on MAC address (EUI-64) + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): - l2tpv3['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + l2tpv3['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') # add the link-local by default to make IPv6 work l2tpv3['ipv6_eui64_prefix'].append('fe80::/64') diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 469793910..668dcabb4 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -25,6 +25,7 @@ from time import sleep from shutil import rmtree from vyos.config import Config +from vyos.configdict import list_diff from vyos.ifconfig import VTunIf from vyos.template import render from vyos.util import call, chown, chmod_600, chmod_755 @@ -315,15 +316,14 @@ def get_config(): if conf.exists('ipv6 address autoconf'): openvpn['ipv6_autoconf'] = 1 - # Get prefix for IPv6 addressing based on MAC address (EUI-64) + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): - openvpn['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + openvpn['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') - # Determine currently effective EUI64 address - to determine which + # Determine currently effective EUI64 addresses - to determine which # address is no longer valid and needs to be removed - eff_addr = conf.return_effective_value('ipv6 address eui64') - if eff_addr and eff_addr not in openvpn['ipv6_eui64_prefix']: - openvpn['ipv6_eui64_prefix_remove'].append(eff_addr) + eff_addr = conf.return_effective_values('ipv6 address eui64') + openvpn['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, openvpn['ipv6_eui64_prefix']) # add the link-local by default to make IPv6 work openvpn['ipv6_eui64_prefix'].append('fe80::/64') diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index bf19e46b9..2f86a3bea 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -158,15 +158,14 @@ def get_config(): if conf.exists('ipv6 address autoconf'): peth['ipv6_autoconf'] = 1 - # Get prefix for IPv6 addressing based on MAC address (EUI-64) + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): - peth['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + peth['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') - # Determine currently effective EUI64 address - to determine which + # Determine currently effective EUI64 addresses - to determine which # address is no longer valid and needs to be removed - eff_addr = conf.return_effective_value('ipv6 address eui64') - if eff_addr and eff_addr not in peth['ipv6_eui64_prefix']: - peth['ipv6_eui64_prefix_remove'].append(eff_addr) + eff_addr = conf.return_effective_values('ipv6 address eui64') + peth['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, peth['ipv6_eui64_prefix']) # add the link-local by default to make IPv6 work peth['ipv6_eui64_prefix'].append('fe80::/64') diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 69dbe32d8..3ff051eed 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -116,9 +116,9 @@ def get_config(): if conf.exists('ipv6 address autoconf'): vxlan['ipv6_autoconf'] = 1 - # Get prefix for IPv6 addressing based on MAC address (EUI-64) + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): - vxlan['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + vxlan['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') # add the link-local by default to make IPv6 work vxlan['ipv6_eui64_prefix'].append('fe80::/64') diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 82a5a892a..b25a094e2 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -369,15 +369,14 @@ def get_config(): if conf.exists('ipv6 address autoconf'): wifi['ipv6_autoconf'] = 1 - # Get prefix for IPv6 addressing based on MAC address (EUI-64) + # Get prefixes for IPv6 addressing based on MAC address (EUI-64) if conf.exists('ipv6 address eui64'): - wifi['ipv6_eui64_prefix'].append(conf.return_value('ipv6 address eui64')) + wifi['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') - # Determine currently effective EUI64 address - to determine which + # Determine currently effective EUI64 addresses - to determine which # address is no longer valid and needs to be removed - eff_addr = conf.return_effective_value('ipv6 address eui64') - if eff_addr and eff_addr not in wifi['ipv6_eui64_prefix']: - wifi['ipv6_eui64_prefix_remove'].append(eff_addr) + eff_addr = conf.return_effective_values('ipv6 address eui64') + wifi['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, wifi['ipv6_eui64_prefix']) # add the link-local by default to make IPv6 work wifi['ipv6_eui64_prefix'].append('fe80::/64') -- cgit v1.2.3 From c87a5a1e1f52cddf113f427ea902f45a2e2a8445 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Wed, 22 Apr 2020 12:41:07 +0200 Subject: interfaces: T2362: add node to delete the default IPv6 link-local address --- interface-definitions/include/ipv6-address.xml.i | 6 ++++++ python/vyos/configdict.py | 8 ++++++-- src/conf_mode/interfaces-bonding.py | 8 ++++++-- src/conf_mode/interfaces-bridge.py | 8 ++++++-- src/conf_mode/interfaces-ethernet.py | 8 ++++++-- src/conf_mode/interfaces-l2tpv3.py | 6 ++++-- src/conf_mode/interfaces-openvpn.py | 8 ++++++-- src/conf_mode/interfaces-pseudo-ethernet.py | 8 ++++++-- src/conf_mode/interfaces-vxlan.py | 6 ++++-- src/conf_mode/interfaces-wireless.py | 8 ++++++-- 10 files changed, 56 insertions(+), 18 deletions(-) (limited to 'python') diff --git a/interface-definitions/include/ipv6-address.xml.i b/interface-definitions/include/ipv6-address.xml.i index ffc6ef933..34f54e4c1 100644 --- a/interface-definitions/include/ipv6-address.xml.i +++ b/interface-definitions/include/ipv6-address.xml.i @@ -19,5 +19,11 @@ + + + Remove the default link-local address from the interface + + + diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 9ea89194f..2ce8a795f 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -210,8 +210,12 @@ def vlan_to_dict(conf): eff_addr = conf.return_effective_values('ipv6 address eui64') vlan['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, vlan['ipv6_eui64_prefix']) - # add the link-local by default to make IPv6 work - vlan['ipv6_eui64_prefix'].append('fe80::/64') + # Remove the default link-local address if set. + if conf.exists('ipv6 address no-default-link-local'): + vlan['ipv6_eui64_prefix_remove'].append('fe80::/64') + else: + # add the link-local by default to make IPv6 work + vlan['ipv6_eui64_prefix'].append('fe80::/64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 6693f3a13..4aef486b4 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -212,8 +212,12 @@ def get_config(): eff_addr = conf.return_effective_values('ipv6 address eui64') bond['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, bond['ipv6_eui64_prefix']) - # add the link-local by default to make IPv6 work - bond['ipv6_eui64_prefix'].append('fe80::/64') + # Remove the default link-local address if set. + if conf.exists('ipv6 address no-default-link-local'): + bond['ipv6_eui64_prefix_remove'].append('fe80::/64') + else: + # add the link-local by default to make IPv6 work + bond['ipv6_eui64_prefix'].append('fe80::/64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index d4470ef26..da49415f7 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -170,8 +170,12 @@ def get_config(): eff_addr = conf.return_effective_values('ipv6 address eui64') bridge['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, bridge['ipv6_eui64_prefix']) - # add the link-local by default to make IPv6 work - bridge['ipv6_eui64_prefix'].append('fe80::/64') + # Remove the default link-local address if set. + if conf.exists('ipv6 address no-default-link-local'): + bridge['ipv6_eui64_prefix_remove'].append('fe80::/64') + else: + # add the link-local by default to make IPv6 work + bridge['ipv6_eui64_prefix'].append('fe80::/64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index db8e2cd3c..43d97916d 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -185,8 +185,12 @@ def get_config(): eff_addr = conf.return_effective_values('ipv6 address eui64') eth['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, eth['ipv6_eui64_prefix']) - # add the link-local by default to make IPv6 work - eth['ipv6_eui64_prefix'].append('fe80::/64') + # Remove the default link-local address if set. + if conf.exists('ipv6 address no-default-link-local'): + eth['ipv6_eui64_prefix_remove'].append('fe80::/64') + else: + # add the link-local by default to make IPv6 work + eth['ipv6_eui64_prefix'].append('fe80::/64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index a18cc6161..8c3a8279e 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -117,8 +117,10 @@ def get_config(): if conf.exists('ipv6 address eui64'): l2tpv3['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') - # add the link-local by default to make IPv6 work - l2tpv3['ipv6_eui64_prefix'].append('fe80::/64') + # Remove the default link-local address if set. + if not conf.exists('ipv6 address no-default-link-local'): + # add the link-local by default to make IPv6 work + l2tpv3['ipv6_eui64_prefix'].append('fe80::/64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 668dcabb4..029bc1d69 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -325,8 +325,12 @@ def get_config(): eff_addr = conf.return_effective_values('ipv6 address eui64') openvpn['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, openvpn['ipv6_eui64_prefix']) - # add the link-local by default to make IPv6 work - openvpn['ipv6_eui64_prefix'].append('fe80::/64') + # Remove the default link-local address if set. + if conf.exists('ipv6 address no-default-link-local'): + openvpn['ipv6_eui64_prefix_remove'].append('fe80::/64') + else: + # add the link-local by default to make IPv6 work + openvpn['ipv6_eui64_prefix'].append('fe80::/64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 2f86a3bea..57b282291 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -167,8 +167,12 @@ def get_config(): eff_addr = conf.return_effective_values('ipv6 address eui64') peth['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, peth['ipv6_eui64_prefix']) - # add the link-local by default to make IPv6 work - peth['ipv6_eui64_prefix'].append('fe80::/64') + # Remove the default link-local address if set. + if conf.exists('ipv6 address no-default-link-local'): + peth['ipv6_eui64_prefix_remove'].append('fe80::/64') + else: + # add the link-local by default to make IPv6 work + peth['ipv6_eui64_prefix'].append('fe80::/64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 3ff051eed..74eae4281 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -120,8 +120,10 @@ def get_config(): if conf.exists('ipv6 address eui64'): vxlan['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') - # add the link-local by default to make IPv6 work - vxlan['ipv6_eui64_prefix'].append('fe80::/64') + # Remove the default link-local address if set. + if not conf.exists('ipv6 address no-default-link-local'): + # add the link-local by default to make IPv6 work + vxlan['ipv6_eui64_prefix'].append('fe80::/64') # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index b25a094e2..148a7f6e0 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -378,8 +378,12 @@ def get_config(): eff_addr = conf.return_effective_values('ipv6 address eui64') wifi['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, wifi['ipv6_eui64_prefix']) - # add the link-local by default to make IPv6 work - wifi['ipv6_eui64_prefix'].append('fe80::/64') + # Remove the default link-local address if set. + if conf.exists('ipv6 address no-default-link-local'): + wifi['ipv6_eui64_prefix_remove'].append('fe80::/64') + else: + # add the link-local by default to make IPv6 work + wifi['ipv6_eui64_prefix'].append('fe80::/64') # ARP enable ignore if conf.exists('ip enable-arp-ignore'): -- cgit v1.2.3