From 96049e6fdad05bd73423ea64780e90b385807cb9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 9 Aug 2021 20:25:24 +0200 Subject: ipsec: T3720: assigning vti secondary address caused interface in A/D state --- src/conf_mode/interfaces-vti.py | 10 +++++----- src/etc/ipsec.d/vti-up-down | 26 ++++++++++++++++++++------ 2 files changed, 25 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces-vti.py index 1b38304c1..57950ffea 100755 --- a/src/conf_mode/interfaces-vti.py +++ b/src/conf_mode/interfaces-vti.py @@ -45,13 +45,13 @@ def generate(vti): return None def apply(vti): - if vti['ifname'] in interfaces(): - # Always delete the VTI interface in advance + # Remove macsec interface + if 'deleted' in vti: VTIIf(**vti).remove() + return None - if 'deleted' not in vti: - tmp = VTIIf(**vti) - tmp.update(vti) + tmp = VTIIf(**vti) + tmp.update(vti) return None diff --git a/src/etc/ipsec.d/vti-up-down b/src/etc/ipsec.d/vti-up-down index 2b66dd9e6..281c9bf2b 100755 --- a/src/etc/ipsec.d/vti-up-down +++ b/src/etc/ipsec.d/vti-up-down @@ -19,7 +19,15 @@ import os import sys -from vyos.util import call, get_interface_config, get_interface_address +from syslog import syslog +from syslog import openlog +from syslog import LOG_PID +from syslog import LOG_INFO + +from vyos.configquery import ConfigTreeQuery +from vyos.util import call +from vyos.util import get_interface_config +from vyos.util import get_interface_address def get_dhcp_address(interface): addr = get_interface_address(interface) @@ -35,7 +43,8 @@ if __name__ == '__main__': interface = sys.argv[1] dhcp_interface = sys.argv[2] - print(f'vti-up-down: start: {verb} {connection} {interface}') + openlog(ident=f'vti-up-down', logoption=LOG_PID, facility=LOG_INFO) + syslog(f'Interface {interface} {verb} {connection}') if verb in ['up-client', 'up-host']: call('sudo ip route delete default table 220') @@ -43,19 +52,24 @@ if __name__ == '__main__': vti_link = get_interface_config(interface) if not vti_link: - print('vti-up-down: interface not found') + syslog(f'Interface {interface} not found') sys.exit(0) vti_link_up = (vti_link['operstate'] == 'UP' if 'operstate' in vti_link else False) + config = ConfigTreeQuery() + vti_dict = config.get_config_dict(['interfaces', 'vti', interface], + get_first_key=True) + if verb in ['up-client', 'up-host']: if not vti_link_up: if dhcp_interface != 'no': local_ip = get_dhcp_address(dhcp_interface) call(f'sudo ip tunnel change {interface} local {local_ip}') - call(f'sudo ip link set {interface} up') + if 'disable' not in vti_dict: + call(f'sudo ip link set {interface} up') + else: + syslog(f'Interface {interface} is admin down ...') elif verb in ['down-client', 'down-host']: if vti_link_up: call(f'sudo ip link set {interface} down') - - print('vti-up-down: finish') \ No newline at end of file -- cgit v1.2.3