diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-12-20 12:33:18 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-12-20 12:33:18 +0100 |
commit | 9541355433e202fade4692851bffa33ba9d48f44 (patch) | |
tree | e11f5eadf479c0313fa65d3b10f295cbc93b90e0 | |
parent | ae567b86495bf0bbadf19d396df60186979558a4 (diff) | |
download | vyos-1x-9541355433e202fade4692851bffa33ba9d48f44.tar.gz vyos-1x-9541355433e202fade4692851bffa33ba9d48f44.zip |
dhcpv6: T3134: add missing duid support
-rw-r--r-- | interface-definitions/include/dhcpv6-options.xml.i | 12 | ||||
-rw-r--r-- | interface-definitions/include/interface-mac.xml.i | 2 | ||||
-rw-r--r-- | python/vyos/ifconfig/interface.py | 44 | ||||
-rwxr-xr-x | src/validators/ipv6-duid | 27 | ||||
-rwxr-xr-x | src/validators/mac-address | 2 |
5 files changed, 69 insertions, 18 deletions
diff --git a/interface-definitions/include/dhcpv6-options.xml.i b/interface-definitions/include/dhcpv6-options.xml.i index 9a1016956..997d4f2a4 100644 --- a/interface-definitions/include/dhcpv6-options.xml.i +++ b/interface-definitions/include/dhcpv6-options.xml.i @@ -4,6 +4,18 @@ <help>DHCPv6 client settings/options</help> </properties> <children> + <leafNode name="duid"> + <properties> + <help>DHCP unique identifier (DUID) to be sent by dhcpv6 client</help> + <valueHelp> + <format><h:h:h:h:h:h:h:h:h:h:h:h:h:h:h:h></format> + <description>DHCP unique identifier (DUID)</description> + </valueHelp> + <constraint> + <validator name="ipv6-duid"/> + </constraint> + </properties> + </leafNode> <leafNode name="parameters-only"> <properties> <help>Acquire only config parameters, no address</help> diff --git a/interface-definitions/include/interface-mac.xml.i b/interface-definitions/include/interface-mac.xml.i index e277de85c..87dc5fb60 100644 --- a/interface-definitions/include/interface-mac.xml.i +++ b/interface-definitions/include/interface-mac.xml.i @@ -3,7 +3,7 @@ <properties> <help>Media Access Control (MAC) address</help> <valueHelp> - <format>h:h:h:h:h:h</format> + <format>macaddr</format> <description>Hardware (MAC) address</description> </valueHelp> <constraint> diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 7026223b1..18357125b 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -13,14 +13,15 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. -from netifaces import interfaces import os import re import json import jmespath +from binascii import unhexlify from copy import deepcopy from glob import glob +from netifaces import interfaces from ipaddress import IPv4Network from ipaddress import IPv6Address @@ -733,7 +734,7 @@ class Interface(Control): >>> Interface('eth0').set_proxy_arp_pvlan(1) """ self.set_interface('proxy_arp_pvlan', enable) - + def get_addr(self): """ @@ -889,7 +890,7 @@ class Interface(Control): # drop all interface addresses first self.flush_addrs() - + ifname = self.ifname for bridge, bridge_config in bridge_dict.items(): @@ -903,18 +904,18 @@ class Interface(Control): # set bridge port path priority if 'priority' in bridge_config: self.set_path_cost(bridge_config['priority']) - + vlan_filter = 0 vlan_add = set() - + del_ifname_vlan_ids = get_vlan_ids(ifname) bridge_vlan_filter = Section.klass(bridge)(bridge, create=True).get_vlan_filter() - + if bridge_vlan_filter: if 1 in del_ifname_vlan_ids: del_ifname_vlan_ids.remove(1) vlan_filter = 1 - + for vlan in del_ifname_vlan_ids: cmd = f'bridge vlan del dev {ifname} vid {vlan}' self._cmd(cmd) @@ -937,13 +938,13 @@ class Interface(Control): cmd = f'bridge vlan add dev {self.ifname} vid {vlan} master' self._cmd(cmd) vlan_add.add(vlan) - + if vlan_filter: # Setting VLAN ID for the bridge for vlan in vlan_add: cmd = f'bridge vlan add dev {bridge} vid {vlan} self' self._cmd(cmd) - + # enable/disable Vlan Filter # When the VLAN aware option is not detected, the setting of `bridge` should not be overwritten Section.klass(bridge)(bridge, create=True).set_vlan_filter(vlan_filter) @@ -999,11 +1000,22 @@ class Interface(Control): ifname = self.ifname config_file = f'/run/dhcp6c/dhcp6c.{ifname}.conf' + duid_file = f'/var/lib/dhcpv6/dhcp6c_duid' if enable and 'disable' not in self._config: render(config_file, 'dhcp-client/ipv6.tmpl', self._config) + duid = dict_search('dhcpv6_options.duid', self._config) + if duid != None: + # DUID file path hardcoded and must be written as binary. + # https://github.com/jinmei/wide-dhcpv6/blob/24ee2a4f0009bc/dhcp6c.h#L33 + with open(duid_file, 'wb') as f: + f.write(unhexlify(duid.replace(':', '').encode())) + else: + if os.path.isfile(duid_file): + os.remove(duid_file) + # We must ignore any return codes. This is required to enable DHCPv6-PD # for interfaces which are yet not up and running. return self._popen(f'systemctl restart dhcp6c@{ifname}.service') @@ -1012,6 +1024,8 @@ class Interface(Control): if os.path.isfile(config_file): os.remove(config_file) + if os.path.isfile(duid_file): + os.remove(duid_file) def get_tc_config(self,objectname): # Parse configuration @@ -1041,7 +1055,7 @@ class Interface(Control): # Remove existing mirroring rules self.del_tc_qdisc(ifname,'ingress','ffff:') self.del_tc_qdisc(ifname,'prio','1:') - + # Setting up packet mirroring ingress_mirror = dict_search('mirror.ingress', self._config) # if interface does yet not exist bail out early and @@ -1053,7 +1067,7 @@ class Interface(Control): # Export the mirrored traffic to the interface mirror_cmd = f'tc filter add dev {ifname} parent ffff: protocol all prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress mirror dev {ingress_mirror}' self._cmd(mirror_cmd) - + egress_mirror = dict_search('mirror.egress', self._config) # if interface does yet not exist bail out early and # add it later @@ -1071,14 +1085,14 @@ class Interface(Control): # https://man7.org/linux/man-pages/man8/tc-mirred.8.html ifname = self._config['ifname'] mirror_rules = self._config.get('is_monitor_intf') - + # Remove existing mirroring rules # The rule must be completely deleted first for rule in mirror_rules: for intf, dire in rule.items(): self.del_tc_qdisc(intf,'ingress','ffff:') self.del_tc_qdisc(intf,'prio','1:') - + # Setting mirror rules for rule in mirror_rules: for intf, dire in rule.items(): @@ -1265,11 +1279,11 @@ class Interface(Control): if 'is_bridge_member' in config: bridge_dict = config.get('is_bridge_member') self.add_to_bridge(bridge_dict) - + # Re-set rules for the mirror monitoring interface if 'is_monitor_intf' in config: self.apply_mirror_of_monitor() - + # remove no longer required 802.1ad (Q-in-Q VLANs) ifname = config['ifname'] for vif_s_id in config.get('vif_s_remove', {}): diff --git a/src/validators/ipv6-duid b/src/validators/ipv6-duid new file mode 100755 index 000000000..c0233b2f1 --- /dev/null +++ b/src/validators/ipv6-duid @@ -0,0 +1,27 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import re +import sys + +pattern = "^([0-9A-Fa-f]{2}:){15}([0-9A-Fa-f]{2})$" + +if __name__ == '__main__': + if len(sys.argv) != 2: + sys.exit(1) + if not re.match(pattern, sys.argv[1]): + sys.exit(1) + sys.exit(0) diff --git a/src/validators/mac-address b/src/validators/mac-address index b2d3496f4..201dcaf12 100755 --- a/src/validators/mac-address +++ b/src/validators/mac-address @@ -17,10 +17,8 @@ import re import sys - pattern = "^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$" - if __name__ == '__main__': if len(sys.argv) != 2: sys.exit(1) |