diff options
| author | Saurabh Mohan <saurabh@vyatta.com> | 2013-05-09 13:58:05 -0700 |
|---|---|---|
| committer | Saurabh Mohan <saurabh@vyatta.com> | 2013-05-09 13:58:05 -0700 |
| commit | fec8fc84b3ab39cf7cb448c9542bdca3ca6f28bf (patch) | |
| tree | 67c312e6bd0119124e1d5832f0703719c10080fc /templates | |
| parent | b75dc3236179ffe13e6c3531dcecf6f21f21421d (diff) | |
| parent | 2ce614b5b76309c2257e8d11bea929278c96f428 (diff) | |
| download | vyatta-cfg-system-fec8fc84b3ab39cf7cb448c9542bdca3ca6f28bf.tar.gz vyatta-cfg-system-fec8fc84b3ab39cf7cb448c9542bdca3ca6f28bf.zip | |
Merge daisy support for mGRE
Diffstat (limited to 'templates')
8 files changed, 72 insertions, 32 deletions
diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def index 85bed6ac..cc99c1f5 100644 --- a/templates/interfaces/tunnel/node.def +++ b/templates/interfaces/tunnel/node.def @@ -8,17 +8,35 @@ syntax:expression: pattern $VAR(@) "^tun[0-9]+$" \ commit:expression: $VAR(./local-ip/) != "" ; \ "Must configure the tunnel local-ip for $VAR(@)" -commit:expression: $VAR(./remote-ip/) != "" ; \ - "Must configure the tunnel remote-ip for $VAR(@)" commit:expression: $VAR(./encapsulation/) != "" ; \ "Must configure the tunnel encapsulation for $VAR(@)" +commit:expression: +exec " + if [ $VAR(./encapsulation/@) == gre-multipoint ] && [ -n \"$VAR(./remote-ip/)\" ]; then \ + echo \"Remote-ip shouldn't be set for mGRE mode for $VAR(@)\"; \ + exit 1; \ + fi; \ + if [ $VAR(./encapsulation/@) != gre-multipoint ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then \ + echo \"Must configure the tunnel remote-ip for $VAR(@)\"; \ + exit 1; \ + fi; + + exit 0" +commit:expression: (!(pattern $VAR(./local-ip/@) ".*:.*") && $VAR(./encapsulation/@) == "gre-multipoint") || \ + $VAR(./encapsulation/@) != "gre-multipoint"; "IPv6 local-ip ($VAR(./local-ip/@)) is forbidden for gre-multipoint encapsulation type." + +commit:expression: (!(pattern $VAR(./address/@@) ".*:.*") && $VAR(./encapsulation/@) == "gre-multipoint") || \ + $VAR(./encapsulation/@) != "gre-multipoint"; "IPv6 addresses ($VAR(./address/@@)) are forbidden for gre-multipoint encapsulation type." create: + if [ "$VAR(./encapsulation/@)" == "gre-multipoint" ]; then + sudo invoke-rc.d opennhrp.init start; + fi if [ x$VAR(./multicast/@) == xenable ]; then MC="multicast on allmulticast on"; fi case "$VAR(./encapsulation/@)" in - "gre" | "ipip" | "sit") + "gre" | "ipip" | "sit" | "gre-multipoint") if [ -n "$VAR(./parameters/ip/bridge-group/)" ] ; then echo "interfaces tunnel $VAR(@): Tunnel encapsulation type must be gre-bridge if a bridge group is defined"; exit 1; @@ -29,8 +47,15 @@ create: if [ -n "$VAR(./parameters/ip/key/@)" ]; then KEY="key $VAR(./parameters/ip/key/@)"; fi - ip tunnel add $VAR(@) local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@) $KEY $TTL || - echo "interfaces tunnel $VAR(@): error creating tunnel interface" + if [ "$VAR(./encapsulation/@)" == "gre-multipoint" ]; then + ip tunnel add $VAR(@) local $VAR(./local-ip/@) mode gre $KEY $TTL + else + ip tunnel add $VAR(@) local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@) $KEY $TTL + fi + if [ -z "`ip tun sh | grep $VAR(@)`" ]; then + echo interfaces tunnel $VAR(@): error creating tunnel interface + exit 1 + fi ;; "gre-bridge") ip link add $VAR(@) type gretap local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) || @@ -53,10 +78,15 @@ delete: ip link delete $VAR(@) ;; "ipip6" | "ip6ip6") ip -6 tunnel del $VAR(@) mode $VAR(./encapsulation/@);; + "gre-multipoint") + ip tunnel del $VAR(@) mode gre;; esac -end: -if [ "${COMMIT_ACTION}" == DELETE ]; then - /opt/vyatta/sbin/vyatta-tunnel-cleanup $VAR(@) -fi +end: + if [ "${COMMIT_ACTION}" == DELETE ]; then + /opt/vyatta/sbin/vyatta-tunnel-cleanup $VAR(@) + fi + if [ -e /opt/vyatta/sbin/vyatta-update-nhrp.pl ]; then + sudo /opt/vyatta/sbin/vyatta-update-nhrp.pl --tun "$VAR(@)" --commit_tun; + fi diff --git a/templates/interfaces/tunnel/node.tag/address/node.def b/templates/interfaces/tunnel/node.tag/address/node.def index 04612379..539f7509 100644 --- a/templates/interfaces/tunnel/node.tag/address/node.def +++ b/templates/interfaces/tunnel/node.tag/address/node.def @@ -1,7 +1,7 @@ multi: type: ipv4net,ipv6net val_help: ipv4net; IPv4 address and prefix length -val_help: ipv6net; IPv6 address and prefix length +val_help: ipv6net; IPv6 address and prefix length [NOTICE: unavailable for gre-multipoint encapsulation] help: IP address syntax:expression: exec "/opt/vyatta/sbin/valid_address $VAR(@)" diff --git a/templates/interfaces/tunnel/node.tag/encapsulation/node.def b/templates/interfaces/tunnel/node.tag/encapsulation/node.def index b0df7a10..54e4f950 100644 --- a/templates/interfaces/tunnel/node.tag/encapsulation/node.def +++ b/templates/interfaces/tunnel/node.tag/encapsulation/node.def @@ -1,8 +1,9 @@ type: txt help: Encapsulation of this tunnel interface [REQUIRED] -syntax:expression: $VAR(@) in "ipip", "gre", "sit", "gre-bridge", "ipip6", "ip6ip6"; "Must be (ipip, gre, gre-bridge, sit, ipip6, ip6ip6)" -allowed: echo gre gre-bridge ipip sit ipip6 ip6ip6 +syntax:expression: ((pattern $VAR(@) "^[-a-zA-Z0-9_]+$") && (exec "sudo /opt/vyatta/sbin/vyatta-encapsulation $VAR(@)")) + +allowed: sudo /opt/vyatta/sbin/vyatta-encapsulation create:expression: "true" update:expression: "false" ; \ @@ -10,6 +11,7 @@ update:expression: "false" ; \ val_help: gre; Generic Routing Encapsulation val_help: gre-bridge; Generic Routing Encapsulation bridge interface +val_help: gre-multipoint; Multipoint Generic Routing Encapsulation(allowed if the package vyatta-nhrp installed) val_help: ipip; IP in IP encapsulation val_help: sit; Simple Internet Transition encapsulation val_help: ipip6; IP in IP6 encapsulation diff --git a/templates/interfaces/tunnel/node.tag/local-ip/node.def b/templates/interfaces/tunnel/node.tag/local-ip/node.def index e393f35c..c6a82a03 100644 --- a/templates/interfaces/tunnel/node.tag/local-ip/node.def +++ b/templates/interfaces/tunnel/node.tag/local-ip/node.def @@ -1,7 +1,7 @@ type: ipv4, ipv6 help: Local IP address for this tunnel [REQUIRED] val_help: ipv4; Local IPv4 address for this tunnel [REQUIRED] -val_help: ipv6; Local IPv6 address for this tunnel [REQUIRED] +val_help: ipv6; Local IPv6 address for this tunnel [REQUIRED] [NOTICE: unavailable for gre-multipoint encapsulation] update:if ! /opt/vyatta/sbin/local_ip $VAR(@) then @@ -11,8 +11,15 @@ update:if ! /opt/vyatta/sbin/local_ip $VAR(@) case "$VAR(../encapsulation/@)" in "gre-bridge") ;; - "gre" | "ipip" | "sit") + "gre" | "gre-multipoint" | "ipip" | "sit") sudo ip tunnel cha $VAR(../@) local $VAR(@) + if [ -e "/opt/vyatta/sbin/dmvpn-config.pl" ]; then + sudo /opt/vyatta/sbin/dmvpn-config.pl \ + --config_file='/etc/dmvpn.conf' \ + --secrets_file='/etc/dmvpn.secrets' \ + --init_script='/etc/init.d/ipsec' \ + --tunnel_context --tun_id=$VAR(../@) || exit 1 + fi ;; "ipip6" | "ip6ip6") if [ -n "$VAR(../parameters/ipv6/encaplimit/@)" ]; then diff --git a/templates/interfaces/tunnel/node.tag/parameters/ip/key/node.def b/templates/interfaces/tunnel/node.tag/parameters/ip/key/node.def index b9ed181e..a6ba8708 100644 --- a/templates/interfaces/tunnel/node.tag/parameters/ip/key/node.def +++ b/templates/interfaces/tunnel/node.tag/parameters/ip/key/node.def @@ -10,8 +10,8 @@ syntax:expression: exec " \ exit 1 ; \ fi ; " -commit:expression: $VAR(../../../encapsulation/@) in "gre" ; \ - "Key only valid for GRE for $VAR(../../../@)" +commit:expression: $VAR(../../../encapsulation/@) in "gre", "gre-multipoint" ; \ + "Key only valid for GRE/GRE-MULTIPOINT for $VAR(../../../@)" create:expression: "true" update:expression: "false" ; \ diff --git a/templates/interfaces/tunnel/node.tag/parameters/ip/tos/node.def b/templates/interfaces/tunnel/node.tag/parameters/ip/tos/node.def index c784e512..32080dce 100644 --- a/templates/interfaces/tunnel/node.tag/parameters/ip/tos/node.def +++ b/templates/interfaces/tunnel/node.tag/parameters/ip/tos/node.def @@ -3,8 +3,8 @@ help: Type of Service (TOS) syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 99; "Must be between 0-99" val_help: u32:0-99; Type Of Service (TOS) -commit:expression: $VAR(../../../encapsulation/@) in "gre", "sit", "ipip" ; \ - "tunnel encapsulation must be GRE, SIT or IPIP" +commit:expression: $VAR(../../../encapsulation/@) in "gre", "gre-multipoint", "sit", "ipip" ; \ + "tunnel encapsulation must be GRE, GRE-MULTIPOINT, SIT or IPIP" update: ip tunnel change $VAR(../../../@) tos $VAR(@) delete: ip tunnel change $VAR(../../../@) tos inherit diff --git a/templates/interfaces/tunnel/node.tag/parameters/ip/ttl/node.def b/templates/interfaces/tunnel/node.tag/parameters/ip/ttl/node.def index 24d27104..3bb2ec72 100644 --- a/templates/interfaces/tunnel/node.tag/parameters/ip/ttl/node.def +++ b/templates/interfaces/tunnel/node.tag/parameters/ip/ttl/node.def @@ -3,8 +3,8 @@ help: Time to live field val_help: u32:0-255; Time to live (default 255) syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "Must be between 0-255" -commit:expression: $VAR(../../../encapsulation/@) in "gre", "sit", "ipip" ; \ - "tunnel encapsulation must be GRE, SIT or IPIP" +commit:expression: $VAR(../../../encapsulation/@) in "gre", "gre-multipoint", "sit", "ipip" ; \ + "tunnel encapsulation must be GRE, GRE-MULTIPOINT, SIT or IPIP" update:sudo ip tunnel change $VAR(../../../@) ttl $VAR(@) delete:sudo ip tunnel change $VAR(../../../@) ttl inherit diff --git a/templates/system/ipv6/disable-forwarding/node.def b/templates/system/ipv6/disable-forwarding/node.def index b930e3d2..eefb8328 100644 --- a/templates/system/ipv6/disable-forwarding/node.def +++ b/templates/system/ipv6/disable-forwarding/node.def @@ -23,23 +23,24 @@ delete: sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding" cd /proc/sys/net/ipv6/conf for i in * ; do - if [[ "$i" == "default" ]] || - [[ "$i" == "all" ]] || - [[ ! -d "$i" ]]; then - continue - fi - if [[ -e /var/run/vyatta/ipv6_no_fwd.$i ]]; then - sudo sh -c "echo 0 > $i/forwarding" - fi + if [[ "$i" == "default" ]] || + [[ "$i" == "all" ]] || + [[ ! -d "$i" ]; then + continue + fi + if [[ -e /var/run/vyatta/ipv6_no_fwd.$i ]]; then + sudo sh -c "echo 0 > $i/forwarding" + fi done sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/default/forwarding" # # If router advertisements were configured while global IPv6 # forwarding was disabled, we will need to start the radvd daemon # now. - if [[ -e /etc/radvd.conf ]]; then - if [[ -z "$(pgrep -u radvd radvd)" ]]; then - /etc/init.d/radvd start - fi + running=$(pgrep -n radvd) + if [[ $running -eq 0 ]] && + [[ -e /etc/radvd.conf ]] && + [[ -x /etc/init.d/radvd ]; then + /etc/init.d/radvd start fi |