summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-02-27 21:37:15 +0100
committerChristian Poessinger <christian@poessinger.com>2021-02-28 00:54:37 +0100
commit582b718221c67ddb71e39fbad0a72241761304a9 (patch)
tree4bb7c0ea424ce74137e5ba966e05bbeef4e7cede
parent8f100189086102458ff8e4f61f842cf44a6bf8aa (diff)
downloadvyos-1x-582b718221c67ddb71e39fbad0a72241761304a9.tar.gz
vyos-1x-582b718221c67ddb71e39fbad0a72241761304a9.zip
tunnel: T3366: rename local-ip to source-address
Streamline the CLI configuration where we try to use source-address when creating connections which are especially sourced from a discrete address.
-rw-r--r--interface-definitions/include/radius-server-ipv4-ipv6.xml.i22
-rw-r--r--interface-definitions/include/source-address-ipv4-ipv6.xml.i1
-rw-r--r--interface-definitions/include/tunnel-local-remote-ip.xml.i20
-rw-r--r--python/vyos/configverify.py18
-rw-r--r--python/vyos/ifconfig/tunnel.py4
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_tunnel.py32
-rwxr-xr-xsrc/migration-scripts/interfaces/19-to-2013
7 files changed, 58 insertions, 52 deletions
diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
index ab3c6d72a..c57d39b6b 100644
--- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
+++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i
@@ -26,7 +26,27 @@
#include <include/radius-server-port.xml.i>
</children>
</tagNode>
- #include <include/source-address-ipv4-ipv6.xml.i>
+ <leafNode name="source-address">
+ <properties>
+ <help>Source IP address used to initiate connection</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
+ </completionHelp>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 source address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>IPv6 source address</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ </constraint>
+ <multi/>
+ </properties>
+ </leafNode>
</children>
</node>
<!-- included end -->
diff --git a/interface-definitions/include/source-address-ipv4-ipv6.xml.i b/interface-definitions/include/source-address-ipv4-ipv6.xml.i
index 4da4698c2..004e04f7b 100644
--- a/interface-definitions/include/source-address-ipv4-ipv6.xml.i
+++ b/interface-definitions/include/source-address-ipv4-ipv6.xml.i
@@ -17,7 +17,6 @@
<validator name="ipv4-address"/>
<validator name="ipv6-address"/>
</constraint>
- <multi/>
</properties>
</leafNode>
<!-- included end -->
diff --git a/interface-definitions/include/tunnel-local-remote-ip.xml.i b/interface-definitions/include/tunnel-local-remote-ip.xml.i
index 85c20f482..f86e1dd8c 100644
--- a/interface-definitions/include/tunnel-local-remote-ip.xml.i
+++ b/interface-definitions/include/tunnel-local-remote-ip.xml.i
@@ -1,23 +1,5 @@
<!-- included start from tunnel-local-remote-ip.xml.i -->
-<leafNode name="local-ip">
- <properties>
- <help>Local IP address for this tunnel</help>
- <valueHelp>
- <format>ipv4</format>
- <description>Local IPv4 address for this tunnel</description>
- </valueHelp>
- <valueHelp>
- <format>ipv6</format>
- <description>Local IPv6 address for this tunnel</description>
- </valueHelp>
- <completionHelp>
- <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
- </completionHelp>
- <constraint>
- <validator name="ip-address"/>
- </constraint>
- </properties>
-</leafNode>
+#include <include/source-address-ipv4-ipv6.xml.i>
<leafNode name="remote-ip">
<properties>
<help>Remote IP address for this tunnel</help>
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 8286a735c..c901ccbc5 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -100,26 +100,26 @@ def verify_tunnel(config):
raise ConfigError('Must configure the tunnel encapsulation for '\
'{ifname}!'.format(**config))
- if 'local_ip' not in config and 'dhcp_interface' not in config:
- raise ConfigError('local-ip is mandatory for tunnel')
+ if 'source_address' not in config and 'dhcp_interface' not in config:
+ raise ConfigError('source-address is mandatory for tunnel')
if 'remote_ip' not in config and config['encapsulation'] != 'gre':
raise ConfigError('remote-ip is mandatory for tunnel')
- if {'local_ip', 'dhcp_interface'} <= set(config):
- raise ConfigError('Can not use both local-ip and dhcp-interface')
+ if {'source_address', 'dhcp_interface'} <= set(config):
+ raise ConfigError('Can not use both source-address and dhcp-interface')
if config['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre', 'ip6erspan']:
error_ipv6 = 'Encapsulation mode requires IPv6'
- if 'local_ip' in config and not is_ipv6(config['local_ip']):
- raise ConfigError(f'{error_ipv6} local-ip')
+ if 'source_address' in config and not is_ipv6(config['source_address']):
+ raise ConfigError(f'{error_ipv6} source-address')
if 'remote_ip' in config and not is_ipv6(config['remote_ip']):
raise ConfigError(f'{error_ipv6} remote-ip')
else:
error_ipv4 = 'Encapsulation mode requires IPv4'
- if 'local_ip' in config and not is_ipv4(config['local_ip']):
- raise ConfigError(f'{error_ipv4} local-ip')
+ if 'source_address' in config and not is_ipv4(config['source_address']):
+ raise ConfigError(f'{error_ipv4} source-address')
if 'remote_ip' in config and not is_ipv4(config['remote_ip']):
raise ConfigError(f'{error_ipv4} remote-ip')
@@ -130,7 +130,7 @@ def verify_tunnel(config):
raise ConfigError(f'Option source-interface can not be used with ' \
f'encapsulation "{encapsulation}"!')
elif config['encapsulation'] == 'gre':
- if 'local_ip' in config and is_ipv6(config['local_ip']):
+ if 'source_address' in config and is_ipv6(config['source_address']):
raise ConfigError('Can not use local IPv6 address is for mGRE tunnels')
def verify_eapol(config):
diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py
index a74d50646..2820e2563 100644
--- a/python/vyos/ifconfig/tunnel.py
+++ b/python/vyos/ifconfig/tunnel.py
@@ -51,9 +51,9 @@ class TunnelIf(Interface):
# - https://man7.org/linux/man-pages/man8/ip-link.8.html
# - https://man7.org/linux/man-pages/man8/ip-tunnel.8.html
mapping = {
- 'local_ip' : 'local',
- 'remote_ip' : 'remote',
+ 'source_address' : 'local',
'source_interface' : 'dev',
+ 'remote_ip' : 'remote',
'parameters.ip.key' : 'key',
'parameters.ip.tos' : 'tos',
'parameters.ip.ttl' : 'ttl',
diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py
index 0bbc807db..cf7e7aac9 100755
--- a/smoketest/scripts/cli/test_interfaces_tunnel.py
+++ b/smoketest/scripts/cli/test_interfaces_tunnel.py
@@ -71,8 +71,8 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
cls.local_v4 = '192.0.2.1'
cls.local_v6 = '2001:db8::1'
cls._options = {
- 'tun10': ['encapsulation ipip', 'remote-ip 192.0.2.10', 'local-ip ' + cls.local_v4],
- 'tun20': ['encapsulation gre', 'remote-ip 192.0.2.20', 'local-ip ' + cls.local_v4],
+ 'tun10': ['encapsulation ipip', 'remote-ip 192.0.2.10', 'source-address ' + cls.local_v4],
+ 'tun20': ['encapsulation gre', 'remote-ip 192.0.2.20', 'source-address ' + cls.local_v4],
}
cls._interfaces = list(cls._options)
@@ -94,15 +94,15 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
for encapsulation in ['ipip', 'sit', 'gre', 'gretap']:
self.session.set(self._base_path + [interface, 'address', local_if_addr])
self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v6])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v6])
self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6])
- # Encapsulation mode requires IPv4 local-ip
+ # Encapsulation mode requires IPv4 source-address
with self.assertRaises(ConfigSessionError):
self.session.commit()
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
- # Encapsulation mode requires IPv4 local-ip
+ # Encapsulation mode requires IPv4 remote-ip
with self.assertRaises(ConfigSessionError):
self.session.commit()
self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
@@ -141,15 +141,15 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
for encapsulation in ['ipip6', 'ip6ip6', 'ip6gre']:
self.session.set(self._base_path + [interface, 'address', local_if_addr])
self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
- # Encapsulation mode requires IPv6 local-ip
+ # Encapsulation mode requires IPv6 source-address
with self.assertRaises(ConfigSessionError):
self.session.commit()
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v6])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v6])
- # Encapsulation mode requires IPv6 local-ip
+ # Encapsulation mode requires IPv6 remote-ip
with self.assertRaises(ConfigSessionError):
self.session.commit()
self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6])
@@ -182,18 +182,18 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
self.session.commit()
def test_tunnel_verify_local_dhcp(self):
- # We can not use local-ip and dhcp-interface at the same time
+ # We can not use source-address and dhcp-interface at the same time
interface = f'tun1020'
local_if_addr = f'10.0.0.1/24'
self.session.set(self._base_path + [interface, 'address', local_if_addr])
self.session.set(self._base_path + [interface, 'encapsulation', 'gre'])
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
self.session.set(self._base_path + [interface, 'dhcp-interface', 'eth0'])
- # local-ip and dhcp-interface can not be used at the same time
+ # source-address and dhcp-interface can not be used at the same time
with self.assertRaises(ConfigSessionError):
self.session.commit()
self.session.delete(self._base_path + [interface, 'dhcp-interface'])
@@ -208,7 +208,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
tos = '20'
self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
self.session.set(self._base_path + [interface, 'parameters', 'ip', 'no-pmtu-discovery'])
@@ -234,7 +234,7 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
tos = '20'
self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
# Check if commit is ok
@@ -258,4 +258,4 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
self.assertEqual(new_remote, conf['linkinfo']['info_data']['remote'])
if __name__ == '__main__':
- unittest.main(verbosity=2)
+ unittest.main(verbosity=2, failfast=True)
diff --git a/src/migration-scripts/interfaces/19-to-20 b/src/migration-scripts/interfaces/19-to-20
index be42cdd61..1727ac4dc 100755
--- a/src/migration-scripts/interfaces/19-to-20
+++ b/src/migration-scripts/interfaces/19-to-20
@@ -36,12 +36,17 @@ if __name__ == '__main__':
#
# Migrate "interface tunnel <tunX> encapsulation gre-bridge" to gretap
+ # Migrate "interface tunnel <tunX> local-ip" to source-address
for interface in config.list_nodes(base):
- path = base + [interface, 'encapsulation']
- if config.exists(path):
- tmp = config.return_value(path)
+ encap_path = base + [interface, 'encapsulation']
+ if config.exists(encap_path):
+ tmp = config.return_value(encap_path)
if tmp == 'gre-bridge':
- config.set(path, value='gretap')
+ config.set(encap_path, value='gretap')
+
+ local_ip_path = base + [interface, 'local-ip']
+ if config.exists(local_ip_path):
+ config.rename(local_ip_path, 'source-address')
try:
with open(file_name, 'w') as f: