diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-02-27 21:37:15 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-02-28 00:54:37 +0100 |
commit | 582b718221c67ddb71e39fbad0a72241761304a9 (patch) | |
tree | 4bb7c0ea424ce74137e5ba966e05bbeef4e7cede | |
parent | 8f100189086102458ff8e4f61f842cf44a6bf8aa (diff) | |
download | vyos-1x-582b718221c67ddb71e39fbad0a72241761304a9.tar.gz vyos-1x-582b718221c67ddb71e39fbad0a72241761304a9.zip |
tunnel: T3366: rename local-ip to source-address
Streamline the CLI configuration where we try to use source-address when
creating connections which are especially sourced from a discrete address.
-rw-r--r-- | interface-definitions/include/radius-server-ipv4-ipv6.xml.i | 22 | ||||
-rw-r--r-- | interface-definitions/include/source-address-ipv4-ipv6.xml.i | 1 | ||||
-rw-r--r-- | interface-definitions/include/tunnel-local-remote-ip.xml.i | 20 | ||||
-rw-r--r-- | python/vyos/configverify.py | 18 | ||||
-rw-r--r-- | python/vyos/ifconfig/tunnel.py | 4 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_tunnel.py | 32 | ||||
-rwxr-xr-x | src/migration-scripts/interfaces/19-to-20 | 13 |
7 files changed, 58 insertions, 52 deletions
diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i index ab3c6d72a..c57d39b6b 100644 --- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i +++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i @@ -26,7 +26,27 @@ #include <include/radius-server-port.xml.i> </children> </tagNode> - #include <include/source-address-ipv4-ipv6.xml.i> + <leafNode name="source-address"> + <properties> + <help>Source IP address used to initiate connection</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 source address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 source address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + <multi/> + </properties> + </leafNode> </children> </node> <!-- included end --> diff --git a/interface-definitions/include/source-address-ipv4-ipv6.xml.i b/interface-definitions/include/source-address-ipv4-ipv6.xml.i index 4da4698c2..004e04f7b 100644 --- a/interface-definitions/include/source-address-ipv4-ipv6.xml.i +++ b/interface-definitions/include/source-address-ipv4-ipv6.xml.i @@ -17,7 +17,6 @@ <validator name="ipv4-address"/> <validator name="ipv6-address"/> </constraint> - <multi/> </properties> </leafNode> <!-- included end --> diff --git a/interface-definitions/include/tunnel-local-remote-ip.xml.i b/interface-definitions/include/tunnel-local-remote-ip.xml.i index 85c20f482..f86e1dd8c 100644 --- a/interface-definitions/include/tunnel-local-remote-ip.xml.i +++ b/interface-definitions/include/tunnel-local-remote-ip.xml.i @@ -1,23 +1,5 @@ <!-- included start from tunnel-local-remote-ip.xml.i --> -<leafNode name="local-ip"> - <properties> - <help>Local IP address for this tunnel</help> - <valueHelp> - <format>ipv4</format> - <description>Local IPv4 address for this tunnel</description> - </valueHelp> - <valueHelp> - <format>ipv6</format> - <description>Local IPv6 address for this tunnel</description> - </valueHelp> - <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - </completionHelp> - <constraint> - <validator name="ip-address"/> - </constraint> - </properties> -</leafNode> +#include <include/source-address-ipv4-ipv6.xml.i> <leafNode name="remote-ip"> <properties> <help>Remote IP address for this tunnel</help> diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 8286a735c..c901ccbc5 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -100,26 +100,26 @@ def verify_tunnel(config): raise ConfigError('Must configure the tunnel encapsulation for '\ '{ifname}!'.format(**config)) - if 'local_ip' not in config and 'dhcp_interface' not in config: - raise ConfigError('local-ip is mandatory for tunnel') + if 'source_address' not in config and 'dhcp_interface' not in config: + raise ConfigError('source-address is mandatory for tunnel') if 'remote_ip' not in config and config['encapsulation'] != 'gre': raise ConfigError('remote-ip is mandatory for tunnel') - if {'local_ip', 'dhcp_interface'} <= set(config): - raise ConfigError('Can not use both local-ip and dhcp-interface') + if {'source_address', 'dhcp_interface'} <= set(config): + raise ConfigError('Can not use both source-address and dhcp-interface') if config['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre', 'ip6erspan']: error_ipv6 = 'Encapsulation mode requires IPv6' - if 'local_ip' in config and not is_ipv6(config['local_ip']): - raise ConfigError(f'{error_ipv6} local-ip') + if 'source_address' in config and not is_ipv6(config['source_address']): + raise ConfigError(f'{error_ipv6} source-address') if 'remote_ip' in config and not is_ipv6(config['remote_ip']): raise ConfigError(f'{error_ipv6} remote-ip') else: error_ipv4 = 'Encapsulation mode requires IPv4' - if 'local_ip' in config and not is_ipv4(config['local_ip']): - raise ConfigError(f'{error_ipv4} local-ip') + if 'source_address' in config and not is_ipv4(config['source_address']): + raise ConfigError(f'{error_ipv4} source-address') if 'remote_ip' in config and not is_ipv4(config['remote_ip']): raise ConfigError(f'{error_ipv4} remote-ip') @@ -130,7 +130,7 @@ def verify_tunnel(config): raise ConfigError(f'Option source-interface can not be used with ' \ f'encapsulation "{encapsulation}"!') elif config['encapsulation'] == 'gre': - if 'local_ip' in config and is_ipv6(config['local_ip']): + if 'source_address' in config and is_ipv6(config['source_address']): raise ConfigError('Can not use local IPv6 address is for mGRE tunnels') def verify_eapol(config): diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py index a74d50646..2820e2563 100644 --- a/python/vyos/ifconfig/tunnel.py +++ b/python/vyos/ifconfig/tunnel.py @@ -51,9 +51,9 @@ class TunnelIf(Interface): # - https://man7.org/linux/man-pages/man8/ip-link.8.html # - https://man7.org/linux/man-pages/man8/ip-tunnel.8.html mapping = { - 'local_ip' : 'local', - 'remote_ip' : 'remote', + 'source_address' : 'local', 'source_interface' : 'dev', + 'remote_ip' : 'remote', 'parameters.ip.key' : 'key', 'parameters.ip.tos' : 'tos', 'parameters.ip.ttl' : 'ttl', diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py index 0bbc807db..cf7e7aac9 100755 --- a/smoketest/scripts/cli/test_interfaces_tunnel.py +++ b/smoketest/scripts/cli/test_interfaces_tunnel.py @@ -71,8 +71,8 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): cls.local_v4 = '192.0.2.1' cls.local_v6 = '2001:db8::1' cls._options = { - 'tun10': ['encapsulation ipip', 'remote-ip 192.0.2.10', 'local-ip ' + cls.local_v4], - 'tun20': ['encapsulation gre', 'remote-ip 192.0.2.20', 'local-ip ' + cls.local_v4], + 'tun10': ['encapsulation ipip', 'remote-ip 192.0.2.10', 'source-address ' + cls.local_v4], + 'tun20': ['encapsulation gre', 'remote-ip 192.0.2.20', 'source-address ' + cls.local_v4], } cls._interfaces = list(cls._options) @@ -94,15 +94,15 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): for encapsulation in ['ipip', 'sit', 'gre', 'gretap']: self.session.set(self._base_path + [interface, 'address', local_if_addr]) self.session.set(self._base_path + [interface, 'encapsulation', encapsulation]) - self.session.set(self._base_path + [interface, 'local-ip', self.local_v6]) + self.session.set(self._base_path + [interface, 'source-address', self.local_v6]) self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6]) - # Encapsulation mode requires IPv4 local-ip + # Encapsulation mode requires IPv4 source-address with self.assertRaises(ConfigSessionError): self.session.commit() - self.session.set(self._base_path + [interface, 'local-ip', self.local_v4]) + self.session.set(self._base_path + [interface, 'source-address', self.local_v4]) - # Encapsulation mode requires IPv4 local-ip + # Encapsulation mode requires IPv4 remote-ip with self.assertRaises(ConfigSessionError): self.session.commit() self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4]) @@ -141,15 +141,15 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): for encapsulation in ['ipip6', 'ip6ip6', 'ip6gre']: self.session.set(self._base_path + [interface, 'address', local_if_addr]) self.session.set(self._base_path + [interface, 'encapsulation', encapsulation]) - self.session.set(self._base_path + [interface, 'local-ip', self.local_v4]) + self.session.set(self._base_path + [interface, 'source-address', self.local_v4]) self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4]) - # Encapsulation mode requires IPv6 local-ip + # Encapsulation mode requires IPv6 source-address with self.assertRaises(ConfigSessionError): self.session.commit() - self.session.set(self._base_path + [interface, 'local-ip', self.local_v6]) + self.session.set(self._base_path + [interface, 'source-address', self.local_v6]) - # Encapsulation mode requires IPv6 local-ip + # Encapsulation mode requires IPv6 remote-ip with self.assertRaises(ConfigSessionError): self.session.commit() self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6]) @@ -182,18 +182,18 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): self.session.commit() def test_tunnel_verify_local_dhcp(self): - # We can not use local-ip and dhcp-interface at the same time + # We can not use source-address and dhcp-interface at the same time interface = f'tun1020' local_if_addr = f'10.0.0.1/24' self.session.set(self._base_path + [interface, 'address', local_if_addr]) self.session.set(self._base_path + [interface, 'encapsulation', 'gre']) - self.session.set(self._base_path + [interface, 'local-ip', self.local_v4]) + self.session.set(self._base_path + [interface, 'source-address', self.local_v4]) self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4]) self.session.set(self._base_path + [interface, 'dhcp-interface', 'eth0']) - # local-ip and dhcp-interface can not be used at the same time + # source-address and dhcp-interface can not be used at the same time with self.assertRaises(ConfigSessionError): self.session.commit() self.session.delete(self._base_path + [interface, 'dhcp-interface']) @@ -208,7 +208,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): tos = '20' self.session.set(self._base_path + [interface, 'encapsulation', encapsulation]) - self.session.set(self._base_path + [interface, 'local-ip', self.local_v4]) + self.session.set(self._base_path + [interface, 'source-address', self.local_v4]) self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4]) self.session.set(self._base_path + [interface, 'parameters', 'ip', 'no-pmtu-discovery']) @@ -234,7 +234,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): tos = '20' self.session.set(self._base_path + [interface, 'encapsulation', encapsulation]) - self.session.set(self._base_path + [interface, 'local-ip', self.local_v4]) + self.session.set(self._base_path + [interface, 'source-address', self.local_v4]) self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4]) # Check if commit is ok @@ -258,4 +258,4 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest): self.assertEqual(new_remote, conf['linkinfo']['info_data']['remote']) if __name__ == '__main__': - unittest.main(verbosity=2) + unittest.main(verbosity=2, failfast=True) diff --git a/src/migration-scripts/interfaces/19-to-20 b/src/migration-scripts/interfaces/19-to-20 index be42cdd61..1727ac4dc 100755 --- a/src/migration-scripts/interfaces/19-to-20 +++ b/src/migration-scripts/interfaces/19-to-20 @@ -36,12 +36,17 @@ if __name__ == '__main__': # # Migrate "interface tunnel <tunX> encapsulation gre-bridge" to gretap + # Migrate "interface tunnel <tunX> local-ip" to source-address for interface in config.list_nodes(base): - path = base + [interface, 'encapsulation'] - if config.exists(path): - tmp = config.return_value(path) + encap_path = base + [interface, 'encapsulation'] + if config.exists(encap_path): + tmp = config.return_value(encap_path) if tmp == 'gre-bridge': - config.set(path, value='gretap') + config.set(encap_path, value='gretap') + + local_ip_path = base + [interface, 'local-ip'] + if config.exists(local_ip_path): + config.rename(local_ip_path, 'source-address') try: with open(file_name, 'w') as f: |