summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-03-25 19:32:34 +0100
committerChristian Poessinger <christian@poessinger.com>2020-03-28 11:28:55 +0100
commit7f9ce3017ff4bc99c66e4d5ddfd6a9904ca8542c (patch)
treeec72438e73d56a585d93535c338300f6caba76a5
parentd1df92fa0668e351256175cbaa70b19707c0f53c (diff)
downloadvyos-1x-7f9ce3017ff4bc99c66e4d5ddfd6a9904ca8542c.tar.gz
vyos-1x-7f9ce3017ff4bc99c66e4d5ddfd6a9904ca8542c.zip
ipv6: T1831: migrate forwarding and dup-addr-detect-transmits nodes
... to new XML and Python based frontend/backend.
-rw-r--r--interface-definitions/include/ipv6-disable-forwarding.xml.i6
-rw-r--r--interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i16
-rw-r--r--interface-definitions/include/vif.xml.i6
-rw-r--r--interface-definitions/interfaces-bonding.xml.in6
-rw-r--r--interface-definitions/interfaces-bridge.xml.in6
-rw-r--r--interface-definitions/interfaces-ethernet.xml.in6
-rw-r--r--interface-definitions/interfaces-l2tpv3.xml.in6
-rw-r--r--interface-definitions/interfaces-openvpn.xml.in6
-rw-r--r--interface-definitions/interfaces-pseudo-ethernet.xml.in6
-rw-r--r--interface-definitions/interfaces-tunnel.xml.in23
-rw-r--r--interface-definitions/interfaces-vxlan.xml.in6
-rw-r--r--interface-definitions/interfaces-wireless.xml.in6
-rw-r--r--python/vyos/configdict.py10
-rw-r--r--python/vyos/ifconfig/interface.py42
-rw-r--r--python/vyos/ifconfig_vlan.py4
-rwxr-xr-xsrc/conf_mode/interfaces-bonding.py14
-rwxr-xr-xsrc/conf_mode/interfaces-bridge.py14
-rwxr-xr-xsrc/conf_mode/interfaces-ethernet.py14
-rwxr-xr-xsrc/conf_mode/interfaces-l2tpv3.py14
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py19
-rwxr-xr-xsrc/conf_mode/interfaces-pseudo-ethernet.py14
-rwxr-xr-xsrc/conf_mode/interfaces-vxlan.py14
-rwxr-xr-xsrc/conf_mode/interfaces-wireless.py14
23 files changed, 254 insertions, 18 deletions
diff --git a/interface-definitions/include/ipv6-disable-forwarding.xml.i b/interface-definitions/include/ipv6-disable-forwarding.xml.i
new file mode 100644
index 000000000..3f90c7e34
--- /dev/null
+++ b/interface-definitions/include/ipv6-disable-forwarding.xml.i
@@ -0,0 +1,6 @@
+<leafNode name="disable-forwarding">
+ <properties>
+ <help>Disable IPv6 forwarding on this interface</help>
+ <valueless/>
+ </properties>
+</leafNode>
diff --git a/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i b/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i
new file mode 100644
index 000000000..728187560
--- /dev/null
+++ b/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i
@@ -0,0 +1,16 @@
+<leafNode name="dup-addr-detect-transmits">
+ <properties>
+ <help>Number of NS messages to send while performing DAD (default: 1)</help>
+ <valueHelp>
+ <format>1-n</format>
+ <description>Number of NS messages to send while performing DAD</description>
+ </valueHelp>
+ <valueHelp>
+ <format>0</format>
+ <description>Disable Duplicate Address Dectection (DAD)</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--non-negative"/>
+ </constraint>
+ </properties>
+</leafNode>
diff --git a/interface-definitions/include/vif.xml.i b/interface-definitions/include/vif.xml.i
index 88693e0d3..3316dd784 100644
--- a/interface-definitions/include/vif.xml.i
+++ b/interface-definitions/include/vif.xml.i
@@ -51,6 +51,12 @@
#include <include/interface-enable-proxy-arp.xml.i>
</children>
</node>
+ <node name="ipv6">
+ <children>
+ #include <include/ipv6-disable-forwarding.xml.i>
+ #include <include/ipv6-dup-addr-detect-transmits.xml.i>
+ </children>
+ </node>
#include <include/interface-mac.xml.i>
#include <include/interface-mtu-68-9000.xml.i>
</children>
diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in
index 80943a1fd..641125d25 100644
--- a/interface-definitions/interfaces-bonding.xml.in
+++ b/interface-definitions/interfaces-bonding.xml.in
@@ -89,6 +89,12 @@
#include <include/interface-proxy-arp-pvlan.xml.i>
</children>
</node>
+ <node name="ipv6">
+ <children>
+ #include <include/ipv6-disable-forwarding.xml.i>
+ #include <include/ipv6-dup-addr-detect-transmits.xml.i>
+ </children>
+ </node>
#include <include/interface-mac.xml.i>
<leafNode name="mode">
<properties>
diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index d36a1abbc..52ba0436f 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -86,6 +86,12 @@
#include <include/interface-disable-arp-filter.xml.i>
</children>
</node>
+ <node name="ipv6">
+ <children>
+ #include <include/ipv6-disable-forwarding.xml.i>
+ #include <include/ipv6-dup-addr-detect-transmits.xml.i>
+ </children>
+ </node>
#include <include/interface-mac.xml.i>
<leafNode name="max-age">
<properties>
diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in
index 5728d2f37..2f649b006 100644
--- a/interface-definitions/interfaces-ethernet.xml.in
+++ b/interface-definitions/interfaces-ethernet.xml.in
@@ -79,6 +79,12 @@
#include <include/interface-proxy-arp-pvlan.xml.i>
</children>
</node>
+ <node name="ipv6">
+ <children>
+ #include <include/ipv6-disable-forwarding.xml.i>
+ #include <include/ipv6-dup-addr-detect-transmits.xml.i>
+ </children>
+ </node>
#include <include/interface-mac.xml.i>
#include <include/interface-mtu-68-9000.xml.i>
<node name="offload-options">
diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in
index a408e58c1..92ea946e8 100644
--- a/interface-definitions/interfaces-l2tpv3.xml.in
+++ b/interface-definitions/interfaces-l2tpv3.xml.in
@@ -51,6 +51,12 @@
<constraintErrorMessage>Encapsulation must be UDP or IP</constraintErrorMessage>
</properties>
</leafNode>
+ <node name="ipv6">
+ <children>
+ #include <include/ipv6-disable-forwarding.xml.i>
+ #include <include/ipv6-dup-addr-detect-transmits.xml.i>
+ </children>
+ </node>
<leafNode name="local-ip">
<properties>
<help>Local IP address for L2TPv3 tunnel</help>
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index cac0ee417..a500c629c 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -162,6 +162,12 @@
</leafNode>
</children>
</node>
+ <node name="ipv6">
+ <children>
+ #include <include/ipv6-disable-forwarding.xml.i>
+ #include <include/ipv6-dup-addr-detect-transmits.xml.i>
+ </children>
+ </node>
<leafNode name="hash">
<properties>
<help>Hashing Algorithm</help>
diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in
index e6e8fd20c..53ff9f036 100644
--- a/interface-definitions/interfaces-pseudo-ethernet.xml.in
+++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in
@@ -33,6 +33,12 @@
#include <include/interface-proxy-arp-pvlan.xml.i>
</children>
</node>
+ <node name="ipv6">
+ <children>
+ #include <include/ipv6-disable-forwarding.xml.i>
+ #include <include/ipv6-dup-addr-detect-transmits.xml.i>
+ </children>
+ </node>
<leafNode name="link">
<properties>
<help>Lower link device</help>
diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in
index c66628ec8..fc6528193 100644
--- a/interface-definitions/interfaces-tunnel.xml.in
+++ b/interface-definitions/interfaces-tunnel.xml.in
@@ -15,7 +15,6 @@
<description>Tunnel interface name</description>
</valueHelp>
</properties>
-
<children>
#include <include/interface-description.xml.i>
#include <include/address-ipv4-ipv6.xml.i>
@@ -23,7 +22,12 @@
#include <include/interface-disable-link-detect.xml.i>
#include <include/interface-vrf.xml.i>
#include <include/interface-mtu-64-8024.xml.i>
-
+ <node name="ipv6">
+ <children>
+ #include <include/ipv6-disable-forwarding.xml.i>
+ #include <include/ipv6-dup-addr-detect-transmits.xml.i>
+ </children>
+ </node>
<leafNode name="local-ip">
<properties>
<help>Local IP address for this tunnel</help>
@@ -44,7 +48,6 @@
</constraint>
</properties>
</leafNode>
-
<leafNode name="remote-ip">
<properties>
<help>Remote IP address for this tunnel</help>
@@ -62,7 +65,6 @@
</constraint>
</properties>
</leafNode>
-
<leafNode name="6rd-prefix">
<properties>
<help>6rd network prefix</help>
@@ -75,7 +77,6 @@
</constraint>
</properties>
</leafNode>
-
<leafNode name="6rd-relay-prefix">
<properties>
<help>6rd relay prefix</help>
@@ -88,7 +89,6 @@
</constraint>
</properties>
</leafNode>
-
<leafNode name="dhcp-interface">
<properties>
<help>dhcp interface</help>
@@ -104,7 +104,6 @@
</constraint>
</properties>
</leafNode>
-
<leafNode name="encapsulation">
<properties>
<help>Ignore link state changes</help>
@@ -141,7 +140,6 @@
<constraintErrorMessage>Must be one of 'gre' 'gre-bridge' 'ipip' 'sit' 'ipip6' 'ip6ip6' 'ip6gre'</constraintErrorMessage>
</properties>
</leafNode>
-
<leafNode name="multicast">
<properties>
<help>Multicast operation over tunnel</help>
@@ -162,12 +160,10 @@
<constraintErrorMessage>Must be 'disable' or 'enable'</constraintErrorMessage>
</properties>
</leafNode>
-
<node name="parameters">
<properties>
<help>Tunnel parameters</help>
</properties>
-
<children>
<node name="ip">
<properties>
@@ -187,7 +183,6 @@
<constraintErrorMessage>TTL must be between 0 and 255</constraintErrorMessage>
</properties>
</leafNode>
-
<leafNode name="tos">
<properties>
<help>Type of Service (TOS)</help>
@@ -201,7 +196,6 @@
<constraintErrorMessage>TOS must be between 0 and 99</constraintErrorMessage>
</properties>
</leafNode>
-
<leafNode name="key">
<properties>
<help>Tunnel key</help>
@@ -217,12 +211,10 @@
</leafNode>
</children>
</node>
-
<node name="ipv6">
<properties>
<help>IPv6 specific tunnel parameters</help>
</properties>
-
<children>
<leafNode name="encaplimit">
<properties>
@@ -237,7 +229,6 @@
<constraintErrorMessage>key must be between 0-255</constraintErrorMessage>
</properties>
</leafNode>
-
<leafNode name="flowlabel">
<properties>
<help>Flowlabel</help>
@@ -251,7 +242,6 @@
<constraintErrorMessage>Must be 'inherit' or a number</constraintErrorMessage>
</properties>
</leafNode>
-
<leafNode name="hoplimit">
<properties>
<help>Hoplimit</help>
@@ -265,7 +255,6 @@
<constraintErrorMessage>hoplimit must be between 0-255</constraintErrorMessage>
</properties>
</leafNode>
-
<leafNode name="tclass">
<properties>
<help>Traffic class (Tclass)</help>
diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in
index 16cb2c169..a69c0feed 100644
--- a/interface-definitions/interfaces-vxlan.xml.in
+++ b/interface-definitions/interfaces-vxlan.xml.in
@@ -45,6 +45,12 @@
#include <include/interface-enable-proxy-arp.xml.i>
</children>
</node>
+ <node name="ipv6">
+ <children>
+ #include <include/ipv6-disable-forwarding.xml.i>
+ #include <include/ipv6-dup-addr-detect-transmits.xml.i>
+ </children>
+ </node>
<leafNode name="link">
<properties>
<help>Underlay device of VXLAN interface</help>
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index 8632bb881..08259b31a 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -469,6 +469,12 @@
#include <include/interface-enable-arp-ignore.xml.i>
</children>
</node>
+ <node name="ipv6">
+ <children>
+ #include <include/ipv6-disable-forwarding.xml.i>
+ #include <include/ipv6-dup-addr-detect-transmits.xml.i>
+ </children>
+ </node>
<leafNode name="hw-id">
<properties>
<help>Media Access Control (MAC) address</help>
diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py
index a1499479a..705fecd9b 100644
--- a/python/vyos/configdict.py
+++ b/python/vyos/configdict.py
@@ -123,6 +123,8 @@ def vlan_to_dict(conf):
'ip_enable_arp_accept': 0,
'ip_enable_arp_announce': 0,
'ip_enable_arp_ignore': 0,
+ 'ipv6_forwarding': True,
+ 'ipv6_dup_addr_detect': '1',
'ingress_qos': '',
'ingress_qos_changed': False,
'mac': '',
@@ -187,6 +189,14 @@ def vlan_to_dict(conf):
if conf.exists('ip enable-arp-ignore'):
vlan['ip_enable_arp_ignore'] = 1
+ # Disable IPv6 forwarding on this interface
+ if conf.exists('ipv6 disable-forwarding'):
+ vlan['ipv6_forwarding'] = False
+
+ # IPv6 Duplicate Address Detection (DAD) tries
+ if conf.exists('ipv6 dup-addr-detect-transmits'):
+ vlan['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
# Media Access Control (MAC) address
if conf.exists('mac'):
vlan['mac'] = conf.return_value('mac')
diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py
index 0fddc67f3..ae0b652b0 100644
--- a/python/vyos/ifconfig/interface.py
+++ b/python/vyos/ifconfig/interface.py
@@ -115,6 +115,14 @@ class Interface(DHCP):
'validate': assert_boolean,
'location': '/proc/sys/net/ipv4/conf/{ifname}/arp_ignore',
},
+ 'ipv6_forwarding': {
+ 'validate': assert_boolean,
+ 'location': '/proc/sys/net/ipv6/conf/{ifname}/forwarding',
+ },
+ 'ipv6_dad_transmits': {
+ 'validate': assert_boolean,
+ 'location': '/proc/sys/net/ipv6/conf/{ifname}/dad_transmits',
+ },
'proxy_arp': {
'validate': assert_boolean,
'location': '/proc/sys/net/ipv4/conf/{ifname}/proxy_arp',
@@ -374,6 +382,40 @@ class Interface(DHCP):
"""
return self.set_interface('arp_ignore', arp_ignore)
+ def set_ipv6_forwarding(self, forwarding):
+ """
+ Configure IPv6 interface-specific Host/Router behaviour.
+
+ False:
+
+ By default, Host behaviour is assumed. This means:
+
+ 1. IsRouter flag is not set in Neighbour Advertisements.
+ 2. If accept_ra is TRUE (default), transmit Router
+ Solicitations.
+ 3. If accept_ra is TRUE (default), accept Router
+ Advertisements (and do autoconfiguration).
+ 4. If accept_redirects is TRUE (default), accept Redirects.
+
+ True:
+
+ If local forwarding is enabled, Router behaviour is assumed.
+ This means exactly the reverse from the above:
+
+ 1. IsRouter flag is set in Neighbour Advertisements.
+ 2. Router Solicitations are not sent unless accept_ra is 2.
+ 3. Router Advertisements are ignored unless accept_ra is 2.
+ 4. Redirects are ignored.
+ """
+ return self.set_interface('ipv6_forwarding', forwarding)
+
+ def set_dad_messages(self, dad):
+ """
+ The amount of Duplicate Address Detection probes to send.
+ Default: 1
+ """
+ return self.set_interface('ipv6_dad_transmits', dad)
+
def set_link_detect(self, link_filter):
"""
Configure kernel response in packets received on interfaces that are 'down'
diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py
index 015f4d4af..11143f0bf 100644
--- a/python/vyos/ifconfig_vlan.py
+++ b/python/vyos/ifconfig_vlan.py
@@ -64,6 +64,10 @@ def apply_vlan_config(vlan, config):
vlan.set_arp_announce(config['ip_enable_arp_announce'])
# configure ARP ignore
vlan.set_arp_ignore(config['ip_enable_arp_ignore'])
+ # Disable IPv6 forwarding on this interface
+ vlan.ipv6_forwarding(bond['ipv6_forwarding'])
+ # IPv6 Duplicate Address Detection (DAD) tries
+ vlan.ipv6_dad_messages(bond['ipv6_dup_addr_detect'])
# Maximum Transmission Unit (MTU)
vlan.set_mtu(config['mtu'])
diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py
index 9b6401ab6..9349241bd 100755
--- a/src/conf_mode/interfaces-bonding.py
+++ b/src/conf_mode/interfaces-bonding.py
@@ -48,6 +48,8 @@ default_config_data = {
'ip_enable_arp_ignore': 0,
'ip_proxy_arp': 0,
'ip_proxy_arp_pvlan': 0,
+ 'ipv6_forwarding': True,
+ 'ipv6_dup_addr_detect': '1',
'intf': '',
'mac': '',
'mode': '802.3ad',
@@ -189,6 +191,14 @@ def get_config():
if conf.exists('ip proxy-arp-pvlan'):
bond['ip_proxy_arp_pvlan'] = 1
+ # Disable IPv6 forwarding on this interface
+ if conf.exists('ipv6 disable-forwarding'):
+ bond['ipv6_forwarding'] = False
+
+ # IPv6 Duplicate Address Detection (DAD) tries
+ if conf.exists('ipv6 dup-addr-detect-transmits'):
+ bond['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
# Media Access Control (MAC) address
if conf.exists('mac'):
bond['mac'] = conf.return_value('mac')
@@ -416,6 +426,10 @@ def apply(bond):
b.set_proxy_arp(bond['ip_proxy_arp'])
# Enable private VLAN proxy ARP on this interface
b.set_proxy_arp_pvlan(bond['ip_proxy_arp_pvlan'])
+ # Disable IPv6 forwarding on this interface
+ b.set_ipv6_forwarding(bond['ipv6_forwarding'])
+ # IPv6 Duplicate Address Detection (DAD) tries
+ b.set_ipv6_dad_messages(bond['ipv6_dup_addr_detect'])
# Change interface MAC address
if bond['mac']:
diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py
index f53175452..79b5e85e7 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces-bridge.py
@@ -46,6 +46,8 @@ default_config_data = {
'ip_enable_arp_accept': 0,
'ip_enable_arp_announce': 0,
'ip_enable_arp_ignore': 0,
+ 'ipv6_forwarding': True,
+ 'ipv6_dup_addr_detect': '1',
'igmp_querier': 0,
'intf': '',
'mac' : '',
@@ -152,6 +154,14 @@ def get_config():
if conf.exists('ip enable-arp-ignore'):
bridge['ip_enable_arp_ignore'] = 1
+ # Disable IPv6 forwarding on this interface
+ if conf.exists('ipv6 disable-forwarding'):
+ bridge['ipv6_forwarding'] = False
+
+ # IPv6 Duplicate Address Detection (DAD) tries
+ if conf.exists('ipv6 dup-addr-detect-transmits'):
+ bridge['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
# Media Access Control (MAC) address
if conf.exists('mac'):
bridge['mac'] = conf.return_value('mac')
@@ -258,6 +268,10 @@ def apply(bridge):
br.set_arp_announce(bridge['ip_enable_arp_announce'])
# configure ARP ignore
br.set_arp_ignore(bridge['ip_enable_arp_ignore'])
+ # Disable IPv6 forwarding on this interface
+ br.set_ipv6_forwarding(bridge['ipv6_forwarding'])
+ # IPv6 Duplicate Address Detection (DAD) tries
+ br.set_ipv6_dad_messages(bridge['ipv6_dup_addr_detect'])
# set max message age
br.set_max_age(bridge['max_age'])
# set bridge priority
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index f7d1093e2..84e7d1c44 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -48,6 +48,8 @@ default_config_data = {
'ip_enable_arp_ignore': 0,
'ip_proxy_arp': 0,
'ip_proxy_arp_pvlan': 0,
+ 'ipv6_forwarding': True,
+ 'ipv6_dup_addr_detect': '1',
'intf': '',
'mac': '',
'mtu': 1500,
@@ -167,6 +169,14 @@ def get_config():
if conf.exists('ip proxy-arp-pvlan'):
eth['ip_proxy_arp_pvlan'] = 1
+ # Disable IPv6 forwarding on this interface
+ if conf.exists('ipv6 disable-forwarding'):
+ eth['ipv6_forwarding'] = False
+
+ # IPv6 Duplicate Address Detection (DAD) tries
+ if conf.exists('ipv6 dup-addr-detect-transmits'):
+ eth['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
# Media Access Control (MAC) address
if conf.exists('mac'):
eth['mac'] = conf.return_value('mac')
@@ -326,6 +336,10 @@ def apply(eth):
e.set_proxy_arp(eth['ip_proxy_arp'])
# Enable private VLAN proxy ARP on this interface
e.set_proxy_arp_pvlan(eth['ip_proxy_arp_pvlan'])
+ # Disable IPv6 forwarding on this interface
+ e.set_ipv6_forwarding(eth['ipv6_forwarding'])
+ # IPv6 Duplicate Address Detection (DAD) tries
+ e.set_ipv6_dad_messages(eth['ipv6_dup_addr_detect'])
# Change interface MAC address - re-set to real hardware address (hw-id)
# if custom mac is removed
diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py
index 468a893c5..5334472d3 100755
--- a/src/conf_mode/interfaces-l2tpv3.py
+++ b/src/conf_mode/interfaces-l2tpv3.py
@@ -33,6 +33,8 @@ default_config_data = {
'local_address': '',
'local_port': 5000,
'intf': '',
+ 'ipv6_forwarding': True,
+ 'ipv6_dup_addr_detect': '1',
'mtu': 1488,
'peer_session_id': '',
'peer_tunnel_id': '',
@@ -101,6 +103,14 @@ def get_config():
if conf.exists('local-ip'):
l2tpv3['local_address'] = conf.return_value('local-ip')
+ # Disable IPv6 forwarding on this interface
+ if conf.exists('ipv6 disable-forwarding'):
+ l2tpv3['ipv6_forwarding'] = False
+
+ # IPv6 Duplicate Address Detection (DAD) tries
+ if conf.exists('ipv6 dup-addr-detect-transmits'):
+ l2tpv3['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
# Maximum Transmission Unit (MTU)
if conf.exists('mtu'):
l2tpv3['mtu'] = int(conf.return_value('mtu'))
@@ -193,6 +203,10 @@ def apply(l2tpv3):
l.set_alias(l2tpv3['description'])
# Maximum Transfer Unit (MTU)
l.set_mtu(l2tpv3['mtu'])
+ # Disable IPv6 forwarding on this interface
+ l.set_ipv6_forwarding(l2tpv3['ipv6_forwarding'])
+ # IPv6 Duplicate Address Detection (DAD) tries
+ l.set_ipv6_dad_messages(l2tpv3['ipv6_dup_addr_detect'])
# Configure interface address(es) - no need to implicitly delete the
# old addresses as they have already been removed by deleting the
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index d5121ab75..84de67e46 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -294,6 +294,8 @@ default_config_data = {
'encryption': '',
'hash': '',
'intf': '',
+ 'ipv6_forwarding': True,
+ 'ipv6_dup_addr_detect': '1',
'ping_restart': '60',
'ping_interval': '10',
'local_address': '',
@@ -490,6 +492,14 @@ def get_config():
if conf.exists('local-port'):
openvpn['local_port'] = conf.return_value('local-port')
+ # Disable IPv6 forwarding on this interface
+ if conf.exists('ipv6 disable-forwarding'):
+ openvpn['ipv6_forwarding'] = False
+
+ # IPv6 Duplicate Address Detection (DAD) tries
+ if conf.exists('ipv6 dup-addr-detect-transmits'):
+ openvpn['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
# OpenVPN operation mode
if conf.exists('mode'):
mode = conf.return_value('mode')
@@ -1036,7 +1046,14 @@ def apply(openvpn):
try:
# we need to catch the exception if the interface is not up due to
# reason stated above
- VTunIf(openvpn['intf']).set_alias(openvpn['description'])
+ o = VTunIf(openvpn['intf'])
+ # update interface description used e.g. within SNMP
+ o.set_alias(openvpn['description'])
+ # Disable IPv6 forwarding on this interface
+ o.set_ipv6_forwarding(openvpn['ipv6_forwarding'])
+ # IPv6 Duplicate Address Detection (DAD) tries
+ o.set_ipv6_dad_messages(openvpn['ipv6_dup_addr_detect'])
+
except:
pass
diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py
index 55b80b959..19c8bbedc 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces-pseudo-ethernet.py
@@ -45,6 +45,8 @@ default_config_data = {
'ip_enable_arp_ignore': 0,
'ip_proxy_arp': 0,
'ip_proxy_arp_pvlan': 0,
+ 'ipv6_forwarding': True,
+ 'ipv6_dup_addr_detect': '1',
'intf': '',
'link': '',
'link_changed': False,
@@ -145,6 +147,14 @@ def get_config():
if conf.exists(['ip', 'proxy-arp-pvlan']):
peth['ip_proxy_arp_pvlan'] = 1
+ # Disable IPv6 forwarding on this interface
+ if conf.exists('ipv6 disable-forwarding'):
+ peth['ipv6_forwarding'] = False
+
+ # IPv6 Duplicate Address Detection (DAD) tries
+ if conf.exists('ipv6 dup-addr-detect-transmits'):
+ peth['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
# Lower link device
if conf.exists(['link']):
peth['link'] = conf.return_value(['link'])
@@ -296,6 +306,10 @@ def apply(peth):
p.set_proxy_arp(peth['ip_proxy_arp'])
# Enable private VLAN proxy ARP on this interface
p.set_proxy_arp_pvlan(peth['ip_proxy_arp_pvlan'])
+ # Disable IPv6 forwarding on this interface
+ p.set_ipv6_forwarding(peth['ipv6_forwarding'])
+ # IPv6 Duplicate Address Detection (DAD) tries
+ p.set_ipv6_dad_messages(peth['ipv6_dup_addr_detect'])
# assign/remove VRF
p.set_vrf(peth['vrf'])
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index f45493587..48271ff65 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -37,6 +37,8 @@ default_config_data = {
'ip_enable_arp_announce': 0,
'ip_enable_arp_ignore': 0,
'ip_proxy_arp': 0,
+ 'ipv6_forwarding': True,
+ 'ipv6_dup_addr_detect': '1',
'link': '',
'mtu': 1450,
'remote': '',
@@ -103,6 +105,14 @@ def get_config():
if conf.exists('ip enable-proxy-arp'):
vxlan['ip_proxy_arp'] = 1
+ # Disable IPv6 forwarding on this interface
+ if conf.exists('ipv6 disable-forwarding'):
+ vxlan['ipv6_forwarding'] = False
+
+ # IPv6 Duplicate Address Detection (DAD) tries
+ if conf.exists('ipv6 dup-addr-detect-transmits'):
+ vxlan['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
# VXLAN underlay interface
if conf.exists('link'):
vxlan['link'] = conf.return_value('link')
@@ -201,6 +211,10 @@ def apply(vxlan):
v.set_arp_ignore(vxlan['ip_enable_arp_ignore'])
# Enable proxy-arp on this interface
v.set_proxy_arp(vxlan['ip_proxy_arp'])
+ # Disable IPv6 forwarding on this interface
+ v.set_ipv6_forwarding(vxlan['ipv6_forwarding'])
+ # IPv6 Duplicate Address Detection (DAD) tries
+ v.set_ipv6_dad_messages(vxlan['ipv6_dup_addr_detect'])
# Configure interface address(es) - no need to implicitly delete the
# old addresses as they have already been removed by deleting the
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index 1e99ae12a..29257141d 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -827,6 +827,8 @@ default_config_data = {
'ip_enable_arp_accept': 0,
'ip_enable_arp_announce': 0,
'ip_enable_arp_ignore': 0,
+ 'ipv6_forwarding': True,
+ 'ipv6_dup_addr_detect': '1',
'mac' : '',
'max_stations' : '',
'mgmt_frame_protection' : 'disabled',
@@ -1140,6 +1142,14 @@ def get_config():
if conf.exists('ip enable-arp-ignore'):
wifi['ip_enable_arp_ignore'] = 1
+ # Disable IPv6 forwarding on this interface
+ if conf.exists('ipv6 disable-forwarding'):
+ wifi['ipv6_forwarding'] = False
+
+ # IPv6 Duplicate Address Detection (DAD) tries
+ if conf.exists('ipv6 dup-addr-detect-transmits'):
+ wifi['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
# Wireless physical device
if conf.exists('physical-device'):
wifi['phy'] = conf.return_value('physical-device')
@@ -1487,6 +1497,10 @@ def apply(wifi):
w.set_arp_announce(wifi['ip_enable_arp_announce'])
# configure ARP ignore
w.set_arp_ignore(wifi['ip_enable_arp_ignore'])
+ # Disable IPv6 forwarding on this interface
+ w.set_ipv6_forwarding(bond['ipv6_forwarding'])
+ # IPv6 Duplicate Address Detection (DAD) tries
+ w.set_ipv6_dad_messages(bond['ipv6_dup_addr_detect'])
# Configure interface address(es)
# - not longer required addresses get removed first