diff options
24 files changed, 311 insertions, 264 deletions
diff --git a/Makefile.am b/Makefile.am index 7b6218eb..88bbf983 100644 --- a/Makefile.am +++ b/Makefile.am @@ -76,7 +76,6 @@ sbin_SCRIPTS += scripts/vyatta-bridge.pl sbin_SCRIPTS += scripts/vyatta-bridgegroup-depedency.pl sbin_SCRIPTS += scripts/vyatta-dhcpv6-client.pl sbin_SCRIPTS += scripts/vyatta-update-grub.pl -sbin_SCRIPTS += scripts/vyatta-encapsulation sbin_SCRIPTS += scripts/vyos-intfwatchd sbin_PROGRAMS = src/valid_address diff --git a/debian/changelog b/debian/changelog index 1a03b577..ed1b8fa0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,33 @@ +vyatta-cfg-system (0.20.43+vyos1+helium16) unstable; urgency=low + + [ UnicronNL ] + * Remove execution of vyatta-update-nhtp script + * Remove obsolete information + * Always allow gre-multipoint + + [ Kim Hagen ] + * Bug #285 - Cannot delete bond interface with vif + + [ Alex Harpin ] + * vyatta-cfg-system: remove quotes from SysContact and SysLocation + + [ Kim Hagen ] + * Do not delete tunnel if it is in use by NHRP config + + [ Alex Harpin ] + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: allow interfaces with dhcp addresses to be + deleted + * vyatta-cfg-system: formatting changes for style consistency + * vyatta-cfg-system: prevent dhcp updating dns when statically + configured + + [ Daniil Baturin ] + * Bug #306: add option to enable private VLAN proxy ARP on an + interface. + + -- Daniil Baturin <daniil@baturin.org> Tue, 09 Sep 2014 17:32:43 +0200 + vyatta-cfg-system (0.20.43+vyos1+helium15) unstable; urgency=low * Bug #196: rename "smuxpeer" to "smux-peer" for consistency with diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index a39b517b..6423db15 100755 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -224,17 +224,17 @@ sub snmp_get_values { $config->setLevel($snmp_level); my $contact = $config->returnValue("contact"); if (defined $contact) { - print "syscontact \"$contact\" \n"; + print "SysContact $contact \n"; } my $description = $config->returnValue("description"); if (defined $description) { - print "sysdescr \"$description\" \n"; + print "SysDescr $description \n"; } my $location = $config->returnValue("location"); if (defined $location) { - print "syslocation \"$location\" \n"; + print "SysLocation $location \n"; } } diff --git a/scripts/system/vyatta_update_resolv.pl b/scripts/system/vyatta_update_resolv.pl index b311bff5..921052f0 100755 --- a/scripts/system/vyatta_update_resolv.pl +++ b/scripts/system/vyatta_update_resolv.pl @@ -25,34 +25,43 @@ use strict; use lib "/opt/vyatta/share/perl5/"; - - use Getopt::Long; +use Vyatta::Config; + my $dhclient_script = 0; -GetOptions("dhclient-script=i" => \$dhclient_script); +my $config_mode = 0; +GetOptions("dhclient-script=i" => \$dhclient_script, + "config-mode=i" => \$config_mode, +); -use Vyatta::Config; my $vc = new Vyatta::Config(); - $vc->setLevel('system'); + my @domains; my $domain_name = undef; +my $disable_dhcp_nameservers = undef; + +if ($config_mode == 1) { + $disable_dhcp_nameservers = $vc->exists('disable-dhcp-nameservers'); +} else { + $disable_dhcp_nameservers = $vc->existsOrig('disable-dhcp-nameservers'); +} if ($dhclient_script == 1) { - @domains = $vc->returnOrigValues('domain-search domain'); - $domain_name = $vc->returnOrigValue('domain-name'); + @domains = $vc->returnOrigValues('domain-search domain'); + $domain_name = $vc->returnOrigValue('domain-name'); } else { - @domains = $vc->returnValues('domain-search domain'); - $domain_name = $vc->returnValue('domain-name'); + @domains = $vc->returnValues('domain-search domain'); + $domain_name = $vc->returnValue('domain-name'); } if ($dhclient_script == 0 && @domains > 0 && $domain_name && length($domain_name) > 0) { my @loc; if ($vc->returnOrigValues('domain-search domain') > 0) { - @loc = ["system","domain-name"]; + @loc = ["system","domain-name"]; } else { - @loc = ["system","domain-search","domain"]; + @loc = ["system","domain-search","domain"]; } Vyatta::Config::outputError(@loc,"System configuration error. Both \'domain-name\' and \'domain-search\' are specified, but only one of these mutually exclusive parameters is allowed."); exit(1); @@ -60,126 +69,129 @@ if ($dhclient_script == 0 && @domains > 0 && $domain_name && length($domain_name my $doms = ''; foreach my $domain (@domains) { - if (length($doms) > 0) { - $doms .= ' '; - } - $doms .= $domain; + if (length($doms) > 0) { + $doms .= ' '; + } + $doms .= $domain; } # add domain names received from dhcp client to domain search in /etc/resolv.conf if domain-name not set in CLI + if (!defined($domain_name)) { - my @dhcp_interfaces_resolv_files = `ls /etc/ | grep resolv.conf.dhclient-new`; - if ($#dhcp_interfaces_resolv_files >= 0) { - for my $each_file (@dhcp_interfaces_resolv_files) { - chomp $each_file; - my $find_search = `grep "^search" /etc/$each_file 2> /dev/null | wc -l`; - if ($find_search == 1) { - my $search_string = `grep "^search" /etc/$each_file`; - my @dhcp_domains = split(/\s+/, $search_string, 2); - my $dhcp_domain = $dhcp_domains[1]; - chomp $dhcp_domain; - $doms .= ' ' . $dhcp_domain; - } + my @dhcp_interfaces_resolv_files = `ls /etc/ | grep resolv.conf.dhclient-new`; + if ($#dhcp_interfaces_resolv_files >= 0) { + for my $each_file (@dhcp_interfaces_resolv_files) { + chomp $each_file; + my $find_search = `grep "^search" /etc/$each_file 2> /dev/null | wc -l`; + if ($find_search == 1) { + my $search_string = `grep "^search" /etc/$each_file`; + my @dhcp_domains = split(/\s+/, $search_string, 2); + my $dhcp_domain = $dhcp_domains[1]; + chomp $dhcp_domain; + $doms .= ' ' . $dhcp_domain; + } + } } - } } my $search = ''; if (length($doms) > 0) { - $search = "search\t\t$doms\t\t#line generated by $0\n"; + $search = "search\t\t$doms\t\t#line generated by $0\n"; } my $domain = ''; if ($domain_name && length($domain_name) > 0) { - $domain = "domain\t\t$domain_name\t\t#line generated by $0\n"; + $domain = "domain\t\t$domain_name\t\t#line generated by $0\n"; } -# update /etc/resolv.conf for name-servers received from dhcp client, only done when dhclient-script calls this script -if ($dhclient_script == 1) { - my @current_dhcp_nameservers; - my $restart_ntp = 0; - - # code below to add new name-servers received from dhcp client - - my @dhcp_interfaces_resolv_files = `ls /etc/ | grep resolv.conf.dhclient-new`; - if ($#dhcp_interfaces_resolv_files >= 0) { - my $ns_count = 0; - for my $each_file (@dhcp_interfaces_resolv_files) { - chomp $each_file; - my $find_nameserver = `grep nameserver /etc/$each_file 2> /dev/null | wc -l`; - if ($find_nameserver > 0) { - my @nameservers = `grep nameserver /etc/$each_file`; - for my $each_nameserver (@nameservers) { - my @nameserver = split(/ /, $each_nameserver, 2); - my $ns = $nameserver[1]; - chomp $ns; - $current_dhcp_nameservers[$ns_count] = $ns; - $ns_count++; - my @search_ns_in_resolvconf = `grep $ns /etc/resolv.conf`; - my $ns_in_resolvconf = 0; - if (@search_ns_in_resolvconf > 0) { - foreach my $ns_resolvconf (@search_ns_in_resolvconf) { - my @resolv_ns = split(/\s+/, $ns_resolvconf); - my $final_ns = $resolv_ns[1]; - chomp $final_ns; - if ($final_ns eq $ns) { - $ns_in_resolvconf = 1; - } - } - } - if ($ns_in_resolvconf == 0) { - open (my $rf, '>>', '/etc/resolv.conf') - or die "$! error trying to overwrite"; - print $rf "#nameserver\t$ns\t\t#nameserver written by $0\n"; - print $rf "nameserver\t$ns\n"; - close $rf; - $restart_ntp = 1; - } +# update /etc/resolv.conf with name-servers received from dhcp client, done when this script is called +# with either the dhclient-script (on DHCP changes) or config-mode (disable-dhcp-nameservers) options. + +if (($dhclient_script == 1) || ($config_mode == 1)) { + my @current_dhcp_nameservers; + my $restart_ntp = 0; + + # code below to add new name-servers received from dhcp client, but only if disable-dhcp-nameservers + # hasn't been enabled. + + my @dhcp_interfaces_resolv_files = `ls /etc/ | grep resolv.conf.dhclient-new`; + if ($#dhcp_interfaces_resolv_files >= 0) { + my $ns_count = 0; + for my $each_file (@dhcp_interfaces_resolv_files) { + chomp $each_file; + my $find_nameserver = `grep nameserver /etc/$each_file 2> /dev/null | wc -l`; + if ($find_nameserver > 0) { + my @nameservers = `grep nameserver /etc/$each_file`; + for my $each_nameserver (@nameservers) { + my @nameserver = split(/ /, $each_nameserver, 2); + my $ns = $nameserver[1]; + chomp $ns; + $current_dhcp_nameservers[$ns_count] = $ns; + $ns_count++; + my @search_ns_in_resolvconf = `grep $ns /etc/resolv.conf`; + my $ns_in_resolvconf = 0; + if (@search_ns_in_resolvconf > 0) { + foreach my $ns_resolvconf (@search_ns_in_resolvconf) { + my @resolv_ns = split(/\s+/, $ns_resolvconf); + my $final_ns = $resolv_ns[1]; + chomp $final_ns; + if ($final_ns eq $ns) { + $ns_in_resolvconf = 1; + } + } + } + if (($ns_in_resolvconf == 0) && !($disable_dhcp_nameservers)) { + open (my $rf, '>>', '/etc/resolv.conf') + or die "$! error trying to overwrite"; + print $rf "nameserver\t$ns\t\t#nameserver written by $0\n"; + close $rf; + $restart_ntp = 1; + } + } } - } + } } - } - - # code below to remove old name-servers from /etc/resolv.conf that were not received in this response from dhcp-server - - my @nameservers_dhcp_in_resolvconf = `grep 'nameserver written' /etc/resolv.conf`; - my @dhcp_nameservers_in_resolvconf; - my $count_nameservers_in_resolvconf = 0; - for my $count_dhcp_nameserver (@nameservers_dhcp_in_resolvconf) { - my @dhcp_nameserver = split(/\t/, $count_dhcp_nameserver, 3); - $dhcp_nameservers_in_resolvconf[$count_nameservers_in_resolvconf] = $dhcp_nameserver[1]; - $count_nameservers_in_resolvconf++; - } - if ($#current_dhcp_nameservers < 0) { - for my $dhcpnameserver (@dhcp_nameservers_in_resolvconf) { - my $cmd = "sed -i '/$dhcpnameserver\t/d' /etc/resolv.conf"; - system($cmd); - $restart_ntp = 1; + + # code below to remove old name-servers from /etc/resolv.conf that were not received in this response + # from dhcp-server, or to remove previous dhcp supplied name-servers if disable-dhcp-nameservers has + # been enabled. + + my @nameservers_dhcp_in_resolvconf = `grep 'nameserver written' /etc/resolv.conf`; + my @dhcp_nameservers_in_resolvconf; + my $count_nameservers_in_resolvconf = 0; + for my $count_dhcp_nameserver (@nameservers_dhcp_in_resolvconf) { + my @dhcp_nameserver = split(/\t/, $count_dhcp_nameserver, 3); + $dhcp_nameservers_in_resolvconf[$count_nameservers_in_resolvconf] = $dhcp_nameserver[1]; + $count_nameservers_in_resolvconf++; } - } else { - for my $dhcpnameserver (@dhcp_nameservers_in_resolvconf) { + if (($#current_dhcp_nameservers < 0) || ($disable_dhcp_nameservers)) { + for my $dhcpnameserver (@dhcp_nameservers_in_resolvconf) { + my $cmd = "sed -i '/$dhcpnameserver\t/d' /etc/resolv.conf"; + system($cmd); + $restart_ntp = 1; + } + } else { + for my $dhcpnameserver (@dhcp_nameservers_in_resolvconf) { my $found = 0; for my $currentnameserver (@current_dhcp_nameservers) { - if ($dhcpnameserver eq $currentnameserver){ - $found = 1; - } + if ($dhcpnameserver eq $currentnameserver){ + $found = 1; + } } if ($found == 0) { - my $cmd = "sed -i '/$dhcpnameserver\t/d' /etc/resolv.conf"; - system($cmd); - $restart_ntp = 1; + my $cmd = "sed -i '/$dhcpnameserver\t/d' /etc/resolv.conf"; + system($cmd); + $restart_ntp = 1; } - } - } - if ($restart_ntp == 1) { - # this corresponds to what is done in name-server/node.def as a fix for bug 1300 - my $cmd_ntp_restart = "if [ -f /etc/ntp.conf ] && grep -q '^server' /etc/ntp.conf; then /usr/sbin/invoke-rc.d ntp restart >&/dev/null; fi &"; - system($cmd_ntp_restart); - } + } + if ($restart_ntp == 1) { + # this corresponds to what is done in name-server/node.def as a fix for bug 1300 + my $cmd_ntp_restart = "if [ -f /etc/ntp.conf ] && grep -q '^server' /etc/ntp.conf; then /usr/sbin/invoke-rc.d ntp restart >&/dev/null; fi &"; + system($cmd_ntp_restart); + } } - # The following will re-write '/etc/resolv.conf' line by line, # replacing the 'search' specifier with the latest values, # or replacing the 'domain' specifier with the latest value. @@ -187,12 +199,11 @@ if ($dhclient_script == 1) { my @resolv; if (-e '/etc/resolv.conf') { open (my $f, '<', '/etc/resolv.conf') - or die("$0: Error! Unable to open '/etc/resolv.conf' for input: $!\n"); + or die("$0: Error! Unable to open '/etc/resolv.conf' for input: $!\n"); @resolv = <$f>; close ($f); } - my $foundSearch = 0; my $foundDomain = 0; @@ -200,26 +211,26 @@ open (my $r, '>', '/etc/resolv.conf') or die("$0: Error! Unable to open '/etc/resolv.conf' for output: $!\n"); foreach my $line (@resolv) { - if ($line =~ /^search\s/) { - $foundSearch = 1; - if (length($search) > 0) { - print $r $search; - } - } elsif ($line =~ /^domain\s/) { - $foundDomain = 1; - if (length($domain) > 0) { - print $r $domain; - } - } else { - print $r $line; - } + if ($line =~ /^search\s/) { + $foundSearch = 1; + if (length($search) > 0) { + print $r $search; + } + } elsif ($line =~ /^domain\s/) { + $foundDomain = 1; + if (length($domain) > 0) { + print $r $domain; + } + } else { + print $r $line; + } } + if ($foundSearch == 0 && length($search) > 0) { - print $r $search; + print $r $search; } if ($foundDomain == 0 && length($domain) > 0) { - print $r $domain; + print $r $domain; } close ($r); - diff --git a/scripts/vyatta-address b/scripts/vyatta-address index 08e14196..3cc1755b 100755 --- a/scripts/vyatta-address +++ b/scripts/vyatta-address @@ -9,45 +9,49 @@ if [ $# -ne 3 ]; then fi case $1 in - add) - if [[ "$3" = "dhcp" ]] - then - exec /opt/vyatta/sbin/vyatta-interfaces.pl --dev="$2" --dhcp=start - elif [[ "$3" = "dhcpv6" ]] - then + add) + if [[ "$3" = "dhcp" ]]; then + exec /opt/vyatta/sbin/vyatta-interfaces.pl --dev="$2" --dhcp=start + elif [[ "$3" = "dhcpv6" ]]; then exec /opt/vyatta/sbin/vyatta-dhcpv6-client.pl --start -ifname "$2" - elif [[ "$3" =~ ":" ]] - then # Ipv6 address - if ! ip -6 addr list dev $2 | grep -q $3; then - exec ip -6 addr add "$3" dev "$2" - fi - else - if ! ip addr list dev $2 | grep -q $3; then - exec ip addr add "$3" broadcast + dev "$2" - fi - fi ;; + elif [[ "$3" =~ ":" ]]; then + # Ipv6 address + if ! ip -6 addr list dev $2 | grep -q $3; then + exec ip -6 addr add "$3" dev "$2" + fi + else + if ! ip addr list dev $2 | grep -q $3; then + exec ip addr add "$3" broadcast + dev "$2" + fi + fi ;; - delete) - if ! /sbin/ip address show dev $2 2>/dev/null | grep -q "$3"; then + delete) + # Get current address from interface when using DHCP + if [[ "$3" = "dhcp" ]]; then + file=/var/lib/dhcp3/dhclient_"$2"_lease; + ip_address=$(sed -n "/new_ip_address='/ s/.*\='*//p" $file | sed -n "s/'//p"); + else + ip_address=$3; + fi + + if ! /sbin/ip address show dev $2 2>/dev/null | grep -q "$ip_address"; then # Address doesn't exist there, nothing to delete exit 0 fi - if [ ! -d "/sys/class/net/$2" ] - then # device is already gone - exit 0 - elif [[ "$3" = "dhcp" ]] - then - exec /opt/vyatta/sbin/vyatta-interfaces.pl --dev="$2" --dhcp=stop - elif [[ "$3" = "dhcpv6" ]] - then - exec /opt/vyatta/sbin/vyatta-dhcpv6-client.pl --stop --ifname "$2" - elif [[ "$3" =~ ":" ]] - then - exec ip -6 addr del "$3" dev "$2" - else - exec ip addr del "$3" dev "$2" - fi ;; - *) - echo "Unknown option $1" - exit 1 ;; + + if [ ! -d "/sys/class/net/$2" ]; then + # device is already gone + exit 0 + elif [[ "$3" = "dhcp" ]]; then + exec /opt/vyatta/sbin/vyatta-interfaces.pl --dev="$2" --dhcp=stop + elif [[ "$3" = "dhcpv6" ]]; then + exec /opt/vyatta/sbin/vyatta-dhcpv6-client.pl --stop --ifname "$2" + elif [[ "$3" =~ ":" ]]; then + exec ip -6 addr del "$3" dev "$2" + else + exec ip addr del "$3" dev "$2" + fi ;; + *) + echo "Unknown option $1" + exit 1 ;; esac diff --git a/scripts/vyatta-encapsulation b/scripts/vyatta-encapsulation deleted file mode 100644 index f1cae8b1..00000000 --- a/scripts/vyatta-encapsulation +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -list="gre gre-bridge gre-multipoint ipip sit ipip6 ip6ip6" -full_list="${list}" -if [[ -n "$1" ]]; then - for f in ${full_list}; do if [[ "$1" = "$f" ]]; then exit 0; fi; done - echo "Must be (${full_list})" - exit 1; -else - echo ${full_list} -fi diff --git a/scripts/vyatta-system-nameservers b/scripts/vyatta-system-nameservers index 1df0f02c..74f2c8b6 100755 --- a/scripts/vyatta-system-nameservers +++ b/scripts/vyatta-system-nameservers @@ -23,71 +23,64 @@ # **** End License **** # -print_usage() -{ +print_usage() { echo "Usage:" echo -e "\t$0 update <ip of name-server>" echo -e "\t$0 delete <ip of name-server>" } -restart_dnsmasq () -{ - # restart dnsmasq if dns-forwarding is configured - if cli-shell-api existsActive service dns forwarding; then - /opt/vyatta/sbin/vyatta-dns-forwarding.pl --update-dnsforwarding >&/dev/null - fi +restart_dnsmasq () { + # restart dnsmasq if dns-forwarding is configured + if cli-shell-api existsActive service dns forwarding; then + /opt/vyatta/sbin/vyatta-dns-forwarding.pl --update-dnsforwarding >&/dev/null + fi } -restart_ntp () -{ - # restart ntp if ntp is configured - if [ -f /etc/ntp.conf ] && grep -q "^server" /etc/ntp.conf; then - /usr/sbin/invoke-rc.d ntp restart >&/dev/null - fi +restart_ntp () { + # restart ntp if ntp is configured + if [ -f /etc/ntp.conf ] && grep -q "^server" /etc/ntp.conf; then + /usr/sbin/invoke-rc.d ntp restart >&/dev/null + fi } - -update_system_nameservers () -{ - nameserver=$1 - touch /etc/resolv.conf - # if name-server already in /etc/resolv.conf then exit - if grep -q "$nameserver\($\|[[:space:]]\)" /etc/resolv.conf; then - exit 0 - else - # find last instance of cli inserted nameserver - # insert currently received nameserver immediately after that - # this is done to keep system set nameservers priority over dhcp received nameservers - cli_ns_array=($(awk '{if (!$3) print $2}' /etc/resolv.conf)) - cli_ns_array_len=${#cli_ns_array[*]} - line_num=0 - if [ $cli_ns_array_len -gt 0 ]; then - grepped_ns_line=`grep "${cli_ns_array[$cli_ns_array_len-1]}$" -n /etc/resolv.conf` - echo ${grepped_ns_line%%:*} > /etc/resolv_tmp.conf - line_num=`cat /etc/resolv_tmp.conf` - fi - head -$line_num /etc/resolv.conf > /etc/resolv_tmp.conf - echo "nameserver $nameserver" >> /etc/resolv_tmp.conf - total_lines=`cat /etc/resolv.conf | wc -l` - rest_lines=`expr $total_lines - $line_num` - tail -$rest_lines /etc/resolv.conf >> /etc/resolv_tmp.conf - mv -f /etc/resolv_tmp.conf /etc/resolv.conf - fi - restart_dnsmasq - restart_ntp +update_system_nameservers () { + nameserver=$1 + touch /etc/resolv.conf + # if name-server already in /etc/resolv.conf then exit + if grep -q "$nameserver\($\|[[:space:]]\)" /etc/resolv.conf; then + exit 0 + else + # find last instance of cli inserted nameserver + # insert currently received nameserver immediately after that + # this is done to keep system set nameservers priority over dhcp received nameservers + cli_ns_array=($(awk '{if (!$3) print $2}' /etc/resolv.conf)) + cli_ns_array_len=${#cli_ns_array[*]} + line_num=0 + if [ $cli_ns_array_len -gt 0 ]; then + grepped_ns_line=`grep "${cli_ns_array[$cli_ns_array_len-1]}$" -n /etc/resolv.conf` + echo ${grepped_ns_line%%:*} > /etc/resolv_tmp.conf + line_num=`cat /etc/resolv_tmp.conf` + fi + head -$line_num /etc/resolv.conf > /etc/resolv_tmp.conf + echo "nameserver $nameserver" >> /etc/resolv_tmp.conf + total_lines=`cat /etc/resolv.conf | wc -l` + rest_lines=`expr $total_lines - $line_num` + tail -$rest_lines /etc/resolv.conf >> /etc/resolv_tmp.conf + mv -f /etc/resolv_tmp.conf /etc/resolv.conf + fi + restart_dnsmasq + restart_ntp } -delete_system_nameserver () -{ - nameserver=$1 - touch /etc/resolv.conf - # remove specified nameserver - sed -i "/$nameserver$/d" /etc/resolv.conf - restart_dnsmasq - restart_ntp +delete_system_nameserver () { + nameserver=$1 + touch /etc/resolv.conf + # remove specified nameserver + sed -i "/$nameserver$/d" /etc/resolv.conf + restart_dnsmasq + restart_ntp } - # # main # @@ -95,8 +88,8 @@ delete_system_nameserver () case "$1" in update) if [ $# -ne 2 ]; then - print_usage - exit 1 + print_usage + exit 1 fi update_system_nameservers $2 exit 0 @@ -104,17 +97,15 @@ case "$1" in delete) if [ $# -ne 2 ]; then - print_usage - exit 1 + print_usage + exit 1 fi delete_system_nameserver $2 exit 0 ;; - *) print_usage exit 1 ;; - esac diff --git a/scripts/vyatta-tunnel-cleanup b/scripts/vyatta-tunnel-cleanup index af73bc04..979fb7bd 100755 --- a/scripts/vyatta-tunnel-cleanup +++ b/scripts/vyatta-tunnel-cleanup @@ -26,9 +26,6 @@ my %tunnel; foreach my $tun ( $config->listEffectiveNodes() ) { my $mode = $config->returnEffectiveValue("$tun encapsulation"); next if ($interface eq $tun); # don't count the one being deleted - if ($mode eq "gre-multipoint") { - $mode = "gre"; - } $tunnel{$mode} = 1; } diff --git a/templates/interfaces/bonding/node.tag/ip/proxy-arp-pvlan/node.def b/templates/interfaces/bonding/node.tag/ip/proxy-arp-pvlan/node.def new file mode 100644 index 00000000..a6cf9494 --- /dev/null +++ b/templates/interfaces/bonding/node.tag/ip/proxy-arp-pvlan/node.def @@ -0,0 +1,3 @@ +help: Enable private VLAN proxy ARP on this interface +create:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$VAR(../../@)/proxy_arp_pvlan\" " +delete:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$VAR(../../@)/proxy_arp_pvlan\" " diff --git a/templates/interfaces/bonding/node.tag/vif-s/node.def b/templates/interfaces/bonding/node.tag/vif-s/node.def index 64aabe2e..5a2e8dee 100644 --- a/templates/interfaces/bonding/node.tag/vif-s/node.def +++ b/templates/interfaces/bonding/node.tag/vif-s/node.def @@ -15,4 +15,4 @@ create: read -a SLAVES </sys/class/net/$VAR(../@)/bonding/slaves /opt/vyatta/sbin/vyatta-link-detect "$VAR(../@).$VAR(@)" on delete: [ -d /sys/class/net/$VAR(../@).$VAR(@) ] || exit 0 - ip link delete dev ".$VAR(../@).$VAR(@)" type vlan proto 802.1ad id $VAR(@) + ip link delete dev "$VAR(../@).$VAR(@)" type vlan proto 802.1ad id $VAR(@) diff --git a/templates/interfaces/bonding/node.tag/vif/node.def b/templates/interfaces/bonding/node.tag/vif/node.def index 16d5972f..63394e44 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.def @@ -15,4 +15,4 @@ create: read -a SLAVES </sys/class/net/$VAR(../@)/bonding/slaves /opt/vyatta/sbin/vyatta-link-detect "$VAR(../@).$VAR(@)" on delete: [ -d /sys/class/net/$VAR(../@).$VAR(@) ] || exit 0 - ip link delete dev ".$VAR(../@).$VAR(@)" type vlan id $VAR(@) + ip link delete dev "$VAR(../@).$VAR(@)" type vlan id $VAR(@) diff --git a/templates/interfaces/ethernet/node.tag/ip/proxy-arp-pvlan/node.def b/templates/interfaces/ethernet/node.tag/ip/proxy-arp-pvlan/node.def new file mode 100644 index 00000000..a6cf9494 --- /dev/null +++ b/templates/interfaces/ethernet/node.tag/ip/proxy-arp-pvlan/node.def @@ -0,0 +1,3 @@ +help: Enable private VLAN proxy ARP on this interface +create:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$VAR(../../@)/proxy_arp_pvlan\" " +delete:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$VAR(../../@)/proxy_arp_pvlan\" " diff --git a/templates/interfaces/pseudo-ethernet/node.tag/ip/proxy-arp-pvlan/node.def b/templates/interfaces/pseudo-ethernet/node.tag/ip/proxy-arp-pvlan/node.def new file mode 100644 index 00000000..a6cf9494 --- /dev/null +++ b/templates/interfaces/pseudo-ethernet/node.tag/ip/proxy-arp-pvlan/node.def @@ -0,0 +1,3 @@ +help: Enable private VLAN proxy ARP on this interface +create:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$VAR(../../@)/proxy_arp_pvlan\" " +delete:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$VAR(../../@)/proxy_arp_pvlan\" " diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def index f35bb401..426b9d26 100644 --- a/templates/interfaces/tunnel/node.def +++ b/templates/interfaces/tunnel/node.def @@ -12,31 +12,30 @@ commit:expression: $VAR(./encapsulation/) != "" ; \ "Must configure the tunnel encapsulation for $VAR(@)" commit:expression: exec " - if [ $VAR(./encapsulation/@) == gre-multipoint ] && [ -n \"$VAR(./remote-ip/)\" ]; then \ - echo \"Remote-ip shouldn't be set for mGRE mode for $VAR(@)\"; \ - exit 1; \ + if [ $VAR(./encapsulation/@) = gre ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then \ + echo \"No remote-ip configured for $VAR(@), tunnel can only be used for mGRE.\"; \ fi; \ - if [ $VAR(./encapsulation/@) != gre-multipoint ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then \ + if [ $VAR(./encapsulation/@) != gre ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then \ echo \"Must configure the tunnel remote-ip for $VAR(@)\"; \ exit 1; \ fi; exit 0" -commit:expression: (!(pattern $VAR(./local-ip/@) ".*:.*") && $VAR(./encapsulation/@) == "gre-multipoint") || \ - $VAR(./encapsulation/@) != "gre-multipoint"; "IPv6 local-ip ($VAR(./local-ip/@)) is forbidden for gre-multipoint encapsulation type." +commit:expression: (!(pattern $VAR(./local-ip/@) ".*:.*") && $VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) == "") || \ + $VAR(./encapsulation/@) != "gre" || ($VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) != ""); "IPv6 local-ip ($VAR(./local-ip/@)) is forbidden for mGRE tunnels." -commit:expression: (!(pattern $VAR(./address/@@) ".*:.*") && $VAR(./encapsulation/@) == "gre-multipoint") || \ - $VAR(./encapsulation/@) != "gre-multipoint"; "IPv6 addresses ($VAR(./address/@@)) are forbidden for gre-multipoint encapsulation type." +commit:expression: (!(pattern $VAR(./address/@@) ".*:.*") && $VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) == "") || \ + $VAR(./encapsulation/@) != "gre" || ($VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) != ""); "IPv6 addresses ($VAR(./address/@@)) are forbidden for mGRE tunnels." create: - if [ "$VAR(./encapsulation/@)" == "gre-multipoint" ]; then + if [ $VAR(./encapsulation/@) = gre ] && [ -z $VAR(./remote-ip/) ]; then sudo invoke-rc.d opennhrp.init start; fi if [ x$VAR(./multicast/@) == xenable ]; then MC="multicast on allmulticast on"; fi case "$VAR(./encapsulation/@)" in - "gre" | "ipip" | "sit" | "gre-multipoint") + "gre" | "ipip" | "sit") if [ -n "$VAR(./parameters/ip/bridge-group/)" ] ; then echo "interfaces tunnel $VAR(@): Tunnel encapsulation type must be gre-bridge if a bridge group is defined"; exit 1; @@ -47,7 +46,7 @@ create: if [ -n "$VAR(./parameters/ip/key/@)" ]; then KEY="key $VAR(./parameters/ip/key/@)"; fi - if [ "$VAR(./encapsulation/@)" == "gre-multipoint" ]; then + if [ "$VAR(./encapsulation/@)" == "gre" ] && [ -z $VAR(./remote-ip/) ]; then ip tunnel add $VAR(@) local $VAR(./local-ip/@) mode gre $KEY $TTL else ip tunnel add $VAR(@) local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@) $KEY $TTL @@ -70,16 +69,19 @@ create: echo "interfaces tunnel $VAR(@): error setting tunnel interface active" delete: + /opt/vyatta/sbin/vyos-update-nhrp.pl --checkref --tun $VAR(@) ip link set $VAR(@) down case "$VAR(./encapsulation/@)" in "gre" | "ipip" | "sit") - ip tunnel del $VAR(@) mode $VAR(./encapsulation/@);; + if [ -z $VAR(./remote-ip/) ]; then + ip tunnel del $VAR(@) mode gre + else + ip tunnel del $VAR(@) mode $VAR(./encapsulation/@) + fi;; "gre-bridge") ip link delete $VAR(@) ;; "ipip6" | "ip6ip6") ip -6 tunnel del $VAR(@) mode $VAR(./encapsulation/@);; - "gre-multipoint") - ip tunnel del $VAR(@) mode gre;; esac diff --git a/templates/interfaces/tunnel/node.tag/address/node.def b/templates/interfaces/tunnel/node.tag/address/node.def index 539f7509..26c2f860 100644 --- a/templates/interfaces/tunnel/node.tag/address/node.def +++ b/templates/interfaces/tunnel/node.tag/address/node.def @@ -1,7 +1,7 @@ multi: type: ipv4net,ipv6net val_help: ipv4net; IPv4 address and prefix length -val_help: ipv6net; IPv6 address and prefix length [NOTICE: unavailable for gre-multipoint encapsulation] +val_help: ipv6net; IPv6 address and prefix length [NOTICE: unavailable for mGRE tunnels] help: IP address syntax:expression: exec "/opt/vyatta/sbin/valid_address $VAR(@)" diff --git a/templates/interfaces/tunnel/node.tag/encapsulation/node.def b/templates/interfaces/tunnel/node.tag/encapsulation/node.def index 5b47e5a9..c8d0c7c2 100644 --- a/templates/interfaces/tunnel/node.tag/encapsulation/node.def +++ b/templates/interfaces/tunnel/node.tag/encapsulation/node.def @@ -1,9 +1,9 @@ type: txt help: Encapsulation of this tunnel interface [REQUIRED] -syntax:expression: ((pattern $VAR(@) "^[-a-zA-Z0-9_]+$") && (exec "sudo /opt/vyatta/sbin/vyatta-encapsulation $VAR(@)")) - -allowed: sudo /opt/vyatta/sbin/vyatta-encapsulation +syntax:expression: ((pattern $VAR(@) "^[-a-zA-Z0-9_]+$") && \ + ($VAR(@) in "gre", "gre-bridge", "ipip", "sit", "ipip6", "ip6ip6"; \ + "Must be (gre gre-bridge ipip sit ipip6 ip6ip6)\n")) create:expression: "true" update:expression: "false" ; \ @@ -11,7 +11,6 @@ update:expression: "false" ; \ val_help: gre; Generic Routing Encapsulation val_help: gre-bridge; Generic Routing Encapsulation bridge interface -val_help: gre-multipoint; Multipoint Generic Routing Encapsulation val_help: ipip; IP in IP encapsulation val_help: sit; Simple Internet Transition encapsulation val_help: ipip6; IP in IP6 encapsulation diff --git a/templates/interfaces/tunnel/node.tag/local-ip/node.def b/templates/interfaces/tunnel/node.tag/local-ip/node.def index c6a82a03..8275243a 100644 --- a/templates/interfaces/tunnel/node.tag/local-ip/node.def +++ b/templates/interfaces/tunnel/node.tag/local-ip/node.def @@ -1,7 +1,7 @@ type: ipv4, ipv6 help: Local IP address for this tunnel [REQUIRED] val_help: ipv4; Local IPv4 address for this tunnel [REQUIRED] -val_help: ipv6; Local IPv6 address for this tunnel [REQUIRED] [NOTICE: unavailable for gre-multipoint encapsulation] +val_help: ipv6; Local IPv6 address for this tunnel [REQUIRED] [NOTICE: unavailable for mGRE tunnels] update:if ! /opt/vyatta/sbin/local_ip $VAR(@) then @@ -11,7 +11,7 @@ update:if ! /opt/vyatta/sbin/local_ip $VAR(@) case "$VAR(../encapsulation/@)" in "gre-bridge") ;; - "gre" | "gre-multipoint" | "ipip" | "sit") + "gre" | "ipip" | "sit") sudo ip tunnel cha $VAR(../@) local $VAR(@) if [ -e "/opt/vyatta/sbin/dmvpn-config.pl" ]; then sudo /opt/vyatta/sbin/dmvpn-config.pl \ diff --git a/templates/interfaces/tunnel/node.tag/parameters/ip/key/node.def b/templates/interfaces/tunnel/node.tag/parameters/ip/key/node.def index a6ba8708..b9ed181e 100644 --- a/templates/interfaces/tunnel/node.tag/parameters/ip/key/node.def +++ b/templates/interfaces/tunnel/node.tag/parameters/ip/key/node.def @@ -10,8 +10,8 @@ syntax:expression: exec " \ exit 1 ; \ fi ; " -commit:expression: $VAR(../../../encapsulation/@) in "gre", "gre-multipoint" ; \ - "Key only valid for GRE/GRE-MULTIPOINT for $VAR(../../../@)" +commit:expression: $VAR(../../../encapsulation/@) in "gre" ; \ + "Key only valid for GRE for $VAR(../../../@)" create:expression: "true" update:expression: "false" ; \ diff --git a/templates/interfaces/tunnel/node.tag/parameters/ip/tos/node.def b/templates/interfaces/tunnel/node.tag/parameters/ip/tos/node.def index 32080dce..c784e512 100644 --- a/templates/interfaces/tunnel/node.tag/parameters/ip/tos/node.def +++ b/templates/interfaces/tunnel/node.tag/parameters/ip/tos/node.def @@ -3,8 +3,8 @@ help: Type of Service (TOS) syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 99; "Must be between 0-99" val_help: u32:0-99; Type Of Service (TOS) -commit:expression: $VAR(../../../encapsulation/@) in "gre", "gre-multipoint", "sit", "ipip" ; \ - "tunnel encapsulation must be GRE, GRE-MULTIPOINT, SIT or IPIP" +commit:expression: $VAR(../../../encapsulation/@) in "gre", "sit", "ipip" ; \ + "tunnel encapsulation must be GRE, SIT or IPIP" update: ip tunnel change $VAR(../../../@) tos $VAR(@) delete: ip tunnel change $VAR(../../../@) tos inherit diff --git a/templates/interfaces/tunnel/node.tag/parameters/ip/ttl/node.def b/templates/interfaces/tunnel/node.tag/parameters/ip/ttl/node.def index 3bb2ec72..24d27104 100644 --- a/templates/interfaces/tunnel/node.tag/parameters/ip/ttl/node.def +++ b/templates/interfaces/tunnel/node.tag/parameters/ip/ttl/node.def @@ -3,8 +3,8 @@ help: Time to live field val_help: u32:0-255; Time to live (default 255) syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "Must be between 0-255" -commit:expression: $VAR(../../../encapsulation/@) in "gre", "gre-multipoint", "sit", "ipip" ; \ - "tunnel encapsulation must be GRE, GRE-MULTIPOINT, SIT or IPIP" +commit:expression: $VAR(../../../encapsulation/@) in "gre", "sit", "ipip" ; \ + "tunnel encapsulation must be GRE, SIT or IPIP" update:sudo ip tunnel change $VAR(../../../@) ttl $VAR(@) delete:sudo ip tunnel change $VAR(../../../@) ttl inherit diff --git a/templates/service/snmp/contact/node.def b/templates/service/snmp/contact/node.def index 039cd548..63a368cc 100644 --- a/templates/service/snmp/contact/node.def +++ b/templates/service/snmp/contact/node.def @@ -1,2 +1,6 @@ type: txt help: Contact information + +syntax:expression: pattern $VAR(@) "^[[:print:]]{1,255}$" ; \ + "Contact information is limited to 255 characters or less" + diff --git a/templates/service/snmp/description/node.def b/templates/service/snmp/description/node.def index 61ec96b6..cd88099a 100644 --- a/templates/service/snmp/description/node.def +++ b/templates/service/snmp/description/node.def @@ -1,2 +1,6 @@ type: txt help: Description information + +syntax:expression: pattern $VAR(@) "^[[:print:]]{1,255}$" ; \ + "Description is limited to 255 characters or less" + diff --git a/templates/service/snmp/location/node.def b/templates/service/snmp/location/node.def index a5b234ea..903b405f 100644 --- a/templates/service/snmp/location/node.def +++ b/templates/service/snmp/location/node.def @@ -1,3 +1,6 @@ type: txt help: Location information +syntax:expression: pattern $VAR(@) "^[[:print:]]{1,255}$" ; \ + "Location is limited to 255 characters or less" + diff --git a/templates/system/disable-dhcp-nameservers/node.def b/templates/system/disable-dhcp-nameservers/node.def new file mode 100644 index 00000000..adf84948 --- /dev/null +++ b/templates/system/disable-dhcp-nameservers/node.def @@ -0,0 +1,5 @@ +priority: 300 +help: Disable DHCP updates of DNS settings + +create: sudo /opt/vyatta/sbin/vyatta_update_resolv.pl --config-mode 1 +delete: sudo /opt/vyatta/sbin/vyatta_update_resolv.pl --config-mode 1 |