From 23676bb3f69b716eb1d9cb3d34ad2ce0d1686269 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Tue, 11 Mar 2008 18:55:27 -0700 Subject: Fix 2695 GRE tunnel doesn't work with "key" - Include key on tunnel creation. - Prevent user from changing encap/key after creation. - Only allow key on GRE encap. --- templates/interfaces/tunnel/node.def | 25 ++++++++++++++++------ .../interfaces/tunnel/node.tag/address/node.def | 6 +++++- .../interfaces/tunnel/node.tag/disable/node.def | 7 ++++-- .../tunnel/node.tag/encapsulation/node.def | 7 +++++- templates/interfaces/tunnel/node.tag/key/node.def | 12 +++++++++-- 5 files changed, 45 insertions(+), 12 deletions(-) diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def index 73c8e572..9ebb581c 100644 --- a/templates/interfaces/tunnel/node.def +++ b/templates/interfaces/tunnel/node.def @@ -2,10 +2,23 @@ tag: type: txt help: Configure a tunnel interface syntax:expression: $VAR(@) in "tun0", "tun1", "tun2", "tun3", "tun4", "tun5", "tun6", "tun7", "tun8", "tun9" ; "Must be (tun0 - tun9)" -commit:expression: $VAR(./local-ip/) != "" ; "Must configure the tunnel local-ip" -commit:expression: $VAR(./remote-ip/) != "" ; "Must configure the tunnel remote-ip" -commit:expression: $VAR(./encapsulation/) != "" ; "Must configure the tunnel encapsulation" -create:expression: "sudo ip tunnel add $VAR(@) local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@)" -create:expression: "sudo ip link set $VAR(@) up" -delete:expression: "sudo ip tunnel del $VAR(@)" + +commit:expression: $VAR(./local-ip/) != "" ; \ + "Must configure the tunnel local-ip for $VAR(@)" +commit:expression: $VAR(./remote-ip/) != "" ; \ + "Must configure the tunnel remote-ip for $VAR(@)" +commit:expression: $VAR(./encapsulation/) != "" ; \ + "Must configure the tunnel encapsulation for $VAR(@)" + +create:expression: "\ + if [ -n \"$VAR(./key/@)\" ]; then \ + KEY=\"key $VAR(./key/@)\"; \ + fi; \ + sudo ip tunnel add $VAR(@) \ + local $VAR(./local-ip/@) remote $VAR(./remote-ip/@) \ + mode $VAR(./encapsulation/@) $KEY; \ + sudo ip link set $VAR(@) up;" ; "Error creating $VAR(@)" + +delete:expression: "sudo ip tunnel del $VAR(@)" ; "Error deleting $VAR(@)" + comp_help: "Enter tunnel interface name (tun0 - tun9)" diff --git a/templates/interfaces/tunnel/node.tag/address/node.def b/templates/interfaces/tunnel/node.tag/address/node.def index fe58ae05..4d91c9ba 100644 --- a/templates/interfaces/tunnel/node.tag/address/node.def +++ b/templates/interfaces/tunnel/node.tag/address/node.def @@ -1,8 +1,12 @@ multi: type: txt help: Configure an IP address for this interface + syntax:expression: exec "/opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr $VAR(@) --dev $VAR(../@)"; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)" + update:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-update $VAR(@) --dev $VAR(../@)"; "Error setting address $VAR(@) on interface $VAR(../@)" + delete:expression: "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --eth-addr-delete $VAR(@) --dev $VAR(../@)"; "Error deleting address $VAR(@) on interface $VAR(../@)" + comp_help:Possible completions: - /\tSet the IP address and prefix length + / Set the IP address and prefix length diff --git a/templates/interfaces/tunnel/node.tag/disable/node.def b/templates/interfaces/tunnel/node.tag/disable/node.def index 9c795c61..cd3c019a 100644 --- a/templates/interfaces/tunnel/node.tag/disable/node.def +++ b/templates/interfaces/tunnel/node.tag/disable/node.def @@ -1,3 +1,6 @@ help: Disable interface -update:expression: "sudo ip link set $VAR(../@) down"; "Error disabling dev $VAR(../@)" -delete:expression: "sudo ip link set $VAR(../@) up"; "Error enabling dev $VAR(../@)" +update:expression: "sudo ip link set $VAR(../@) down"; \ + "Error disabling dev $VAR(../@)" + +delete:expression: "sudo ip link set $VAR(../@) up"; \ + "Error enabling dev $VAR(../@)" diff --git a/templates/interfaces/tunnel/node.tag/encapsulation/node.def b/templates/interfaces/tunnel/node.tag/encapsulation/node.def index 98745b2d..02d579a9 100644 --- a/templates/interfaces/tunnel/node.tag/encapsulation/node.def +++ b/templates/interfaces/tunnel/node.tag/encapsulation/node.def @@ -1,7 +1,12 @@ type: txt help: Set the encapsulation of this tunnel interface + syntax:expression: $VAR(@) in "ipip", "gre", "sit"; "Must be (ipip, gre, sit)" -update:expression: "sudo ip tunnel change $VAR(../@) mode $VAR(@)" + +create:expression: "true" +update:expression: "false" ; \ + "Encapsulation can only be set at tunnel creation for $VAR(../@)" + comp_help: "possible completions: gre Set Generic Routing Encapsulation ipip Set IP in IP encapsulation diff --git a/templates/interfaces/tunnel/node.tag/key/node.def b/templates/interfaces/tunnel/node.tag/key/node.def index 1c524984..ae244529 100644 --- a/templates/interfaces/tunnel/node.tag/key/node.def +++ b/templates/interfaces/tunnel/node.tag/key/node.def @@ -1,6 +1,14 @@ type: u32 help: Set the tunnel key -syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 999999; "Must be between 0-999999" -update:expression: "sudo ip tunnel change $VAR(../@) key $VAR(@)" +syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 999999; \ + "Must be between 0-999999 for $VAR(../@)" + +commit:expression: $VAR(../encapsulation/@) in "gre" ; \ + "Key only valid for GRE for $VAR(../@)" + +create:expression: "true" +update:expression: "false" ; \ + "Key can only be set at tunnel creation for $VAR(../@)" + comp_help: possible completions <0-999999> Set a tunnel key -- cgit v1.2.3