From 817ce73d37c7c6a073b6276c66b411160e4944cb Mon Sep 17 00:00:00 2001 From: hagbard Date: Mon, 29 Oct 2018 11:08:54 -0700 Subject: T240: system integrity check --- src/op_mode/system_integrity.py | 69 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100755 src/op_mode/system_integrity.py (limited to 'src') diff --git a/src/op_mode/system_integrity.py b/src/op_mode/system_integrity.py new file mode 100755 index 000000000..886d94f16 --- /dev/null +++ b/src/op_mode/system_integrity.py @@ -0,0 +1,69 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +import sys +import os +import subprocess +import re +import itertools +from datetime import datetime, timedelta + +verf = r'/usr/libexec/vyos/op_mode/version.py' + +def get_sys_build_version(): + if not os.path.exists(verf): + return None + + a = subprocess.check_output(['/usr/libexec/vyos/op_mode/version.py']).decode() + if re.search('^Built on:.+',a, re.M) == None: + return None + + dt = ( re.sub('Built on: +','', re.search('^Built on:.+',a, re.M).group(0)) ) + return datetime.strptime(dt,'%a %d %b %Y %H:%M %Z') + +def check_pkgs(dt): + pkg_diffs = { + 'buildtime' : str(dt), + 'pkg' : {} + } + + pkg_info = os.listdir('/var/lib/dpkg/info/') + for file in pkg_info: + if re.search('\.list$', file): + fts = os.stat('/var/lib/dpkg/info/' + file).st_mtime + dt_str = (datetime.utcfromtimestamp(fts).strftime('%Y-%m-%d %H:%M:%S')) + fdt = datetime.strptime(dt_str, '%Y-%m-%d %H:%M:%S') + if fdt > dt: + pkg_diffs['pkg'].update( { str(re.sub('\.list','',file)) : str(fdt)}) + + if len(pkg_diffs['pkg']) != 0: + return pkg_diffs + else: + return None + +def main(): + dt = get_sys_build_version() + pkgs = check_pkgs(dt) + if pkgs != None: + print ("The following packages don\'t fit the image creation time\nbuild time:\t" + pkgs['buildtime']) + for k, v in pkgs['pkg'].items(): + print ("installed: " + v + '\t' + k) + +if __name__ == '__main__': + sys.exit( main() ) + -- cgit v1.2.3 From c4c183a16fe2ddc612ed947fc5513c87f30c7c27 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 2 Nov 2018 16:14:22 +0100 Subject: T939: Remove possibility to specify DHCP relay port --- interface-definitions/dhcp-relay.xml | 13 ------------ interface-definitions/dhcpv6-relay.xml | 13 ------------ src/conf_mode/dhcp_relay.py | 8 +------- src/conf_mode/dhcpv6_relay.py | 8 +------- src/migration-scripts/dhcp-relay/1-to-2 | 35 +++++++++++++++++++++++++++++++++ 5 files changed, 37 insertions(+), 40 deletions(-) create mode 100755 src/migration-scripts/dhcp-relay/1-to-2 (limited to 'src') diff --git a/interface-definitions/dhcp-relay.xml b/interface-definitions/dhcp-relay.xml index c918d25a3..f4cb36eea 100644 --- a/interface-definitions/dhcp-relay.xml +++ b/interface-definitions/dhcp-relay.xml @@ -49,19 +49,6 @@ max-size must be a value between 64 and 1400 - - - Port number to listen on - - 1-65535 - Port to listen on - - - - - port must be a value between 1 and 65535 - - Policy to handle incoming DHCPv4 packets which already contain relay agent options (default: forward) diff --git a/interface-definitions/dhcpv6-relay.xml b/interface-definitions/dhcpv6-relay.xml index d6e6daf51..15c76a098 100644 --- a/interface-definitions/dhcpv6-relay.xml +++ b/interface-definitions/dhcpv6-relay.xml @@ -31,19 +31,6 @@ - - - UDP port to listen for requests on - - 1-65535 - Port to listen on - - - - - port must be a value between 1 and 65535 - - Maximum hop count for which requests will be processed diff --git a/src/conf_mode/dhcp_relay.py b/src/conf_mode/dhcp_relay.py index 61b494b7e..1b2abed9e 100755 --- a/src/conf_mode/dhcp_relay.py +++ b/src/conf_mode/dhcp_relay.py @@ -43,14 +43,13 @@ SERVERS="{{ server | join(' ') }}" INTERFACES="{{ interface | join(' ') }}" # Additional options that are passed to the DHCP relay daemon? -OPTIONS="-4 {% if port -%} -p {{ port }}{%- endif %} {{ options | join(' ') }}" +OPTIONS="-4 {{ options | join(' ') }}" """ default_config_data = { 'interface': [], 'server': [], 'options': [], - 'port': '', 'hop_count': '10', 'relay_agent_packets': 'forward' } @@ -86,11 +85,6 @@ def get_config(): size = '-A ' + conf.return_value('max-size') relay['options'].append(size) - # Listen and transmit on port . This is mostly useful for debugging - # purposes. Default is port 67 for DHCPv4/BOOTP, or port 547 for DHCPv6. - if conf.exists('port'): - relay['port'] = conf.return_value('port') - # Control the handling of incoming DHCPv4 packets which already contain # relay agent options. If such a packet does not have giaddr set in its # header, the DHCP standard requires that the packet be discarded. However, diff --git a/src/conf_mode/dhcpv6_relay.py b/src/conf_mode/dhcpv6_relay.py index 959bf0496..86e3f8265 100755 --- a/src/conf_mode/dhcpv6_relay.py +++ b/src/conf_mode/dhcpv6_relay.py @@ -31,13 +31,12 @@ config_tmpl = """ # Defaults for isc-dhcpv6-relay initscript sourced by /etc/init.d/isc-dhcpv6-relay -OPTIONS="-6 -l {{ listen_addr | join('-l ') }} {% if port -%} -p {{ port }}{%- endif %} {{ options | join(' ') }} -u {{ upstream_addr | join('-u ') }}" +OPTIONS="-6 -l {{ listen_addr | join('-l ') }} {{ options | join(' ') }} -u {{ upstream_addr | join('-u ') }}" """ default_config_data = { 'listen_addr': [], 'upstream_addr': [], - 'port': '', 'options': [], } @@ -65,11 +64,6 @@ def get_config(): server = addr + '%' + intf relay['upstream_addr'].append(server) - # Listen and transmit on port . This is mostly useful for debugging - # purposes. Default is port 67 for DHCPv4/BOOTP, or port 547 for DHCPv6. - if conf.exists('listen-port'): - relay['port'] = conf.return_value('listen-port') - # Maximum hop count. When forwarding packets, dhcrelay discards packets # which have reached a hop count of COUNT. Default is 10. Maximum is 255. if conf.exists('max-hop-count'): diff --git a/src/migration-scripts/dhcp-relay/1-to-2 b/src/migration-scripts/dhcp-relay/1-to-2 new file mode 100755 index 000000000..b72da1028 --- /dev/null +++ b/src/migration-scripts/dhcp-relay/1-to-2 @@ -0,0 +1,35 @@ +#!/usr/bin/env python3 + +# Delete "set service dhcp-relay relay-options port" option +# Delete "set service dhcpv6-relay listen-port" option + +import sys + +from vyos.configtree import ConfigTree + +if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) + +if not (config.exists(['service', 'dhcp-relay', 'relay-options', 'port']) or config.exists(['service', 'dhcpv6-relay', 'listen-port'])): + # Nothing to do + sys.exit(0) +else: + # Delete abandoned node + config.delete(['service', 'dhcp-relay', 'relay-options', 'port']) + # Delete abandoned node + config.delete(['service', 'dhcpv6-relay', 'listen-port']) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + sys.exit(1) -- cgit v1.2.3 From 2ad8fa385cefa1acbe75b8ca22a4183b00edf7de Mon Sep 17 00:00:00 2001 From: hagbard Date: Fri, 2 Nov 2018 12:15:34 -0700 Subject: T949: config issue when creating multiple wg interfaces at the same time. --- src/conf_mode/wireguard.py | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py index c6440ad81..3c8ade1db 100755 --- a/src/conf_mode/wireguard.py +++ b/src/conf_mode/wireguard.py @@ -295,18 +295,13 @@ def configure_interface(c, intf): os.remove(psk_file) def add_addr(intf, addr): + # see https://phabricator.vyos.net/T949 ret = subprocess.call(['ip a a dev ' + intf + ' ' + addr + ' &>/dev/null'], shell=True) - if ret != 0: - raise ConfigError('Can\'t set IP ' + addr + ' on ' + intf) - else: - sl.syslog(sl.LOG_NOTICE, "ip a a dev " + intf + " " + addr) + sl.syslog(sl.LOG_NOTICE, "ip a a dev " + intf + " " + addr) def del_addr(intf, addr): ret = subprocess.call(['ip a d dev ' + intf + ' ' + addr + ' &>/dev/null'], shell=True) - if ret != 0: - raise ConfigError('Can\'t delete IP ' + addr + ' on ' + intf) - else: - sl.syslog(sl.LOG_NOTICE, "ip a d dev " + intf + " " + addr) + sl.syslog(sl.LOG_NOTICE, "ip a d dev " + intf + " " + addr) if __name__ == '__main__': try: -- cgit v1.2.3 From af3a5142dce9fb3d6f3fecdbccfd1cae23b31c62 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Mon, 5 Nov 2018 01:04:54 +0100 Subject: T950: make sure agentx is enabled in FRR only when SNMP is setup, and supress duplicate error messages. --- src/conf_mode/snmp.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 7d695bb4c..026f6d2f7 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -830,8 +830,8 @@ def apply(snmp): os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_delete service snmp v3 user "{0}" auth plaintext-key > /dev/null'.format(cfg['user'])) os.system('vyos_libexec_dir=/usr/libexec/vyos /opt/vyatta/sbin/my_delete service snmp v3 user "{0}" privacy plaintext-key > /dev/null'.format(cfg['user'])) - # Enable AgentX in FRR - os.system('vtysh -c "configure terminal" -c "agentx"') + # Enable AgentX in FRR + os.system('vtysh -c "configure terminal" -c "agentx" >/dev/null') return None -- cgit v1.2.3 From f69a8bbf9cdaac6b3acb0b9da2d748ae37323e3e Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Mon, 5 Nov 2018 03:05:54 +0100 Subject: T288: add a script for normalizing IP(v6) addresses so that they can be safely passed to iproute2. --- src/system/normalize-ip | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100755 src/system/normalize-ip (limited to 'src') diff --git a/src/system/normalize-ip b/src/system/normalize-ip new file mode 100755 index 000000000..08f922a8e --- /dev/null +++ b/src/system/normalize-ip @@ -0,0 +1,43 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +# Normalizes IPv6 addresses so that they can be passed to iproute2, +# since iproute2 will not take an address with leading zeroes for an argument + +import re +import sys +import ipaddress + + +if __name__ == '__main__': + if len(sys.argv) < 2: + print("Argument required") + sys.exit(1) + + address_string, prefix_length = re.match(r'(.+)/(.+)', sys.argv[1]).groups() + + try: + address = ipaddress.IPv6Address(address_string) + normalized_address = address.compressed + except ipaddress.AddressValueError: + # It's likely an IPv4 address, do nothing + normalized_address = address_string + + print("{0}/{1}".format(normalized_address, prefix_length)) + sys.exit(0) + -- cgit v1.2.3