interfaces: T2362: add node to delete the default IPv6 link-local address

author: Jernej Jakob <jernej.jakob@gmail.com> 2020-04-22 12:41:07 +0200
committer: Jernej Jakob <jernej.jakob@gmail.com> 2020-04-23 16:09:38 +0200
commit: c87a5a1e1f52cddf113f427ea902f45a2e2a8445 (patch)
tree: 3f0d071f1e498524ccbd7e1f60a288a264e7b727
parent: 4940bea4f7b8574d30876fd3d0456e75f6f29877 (diff)
download: vyos-1x-c87a5a1e1f52cddf113f427ea902f45a2e2a8445.tar.gz
vyos-1x-c87a5a1e1f52cddf113f427ea902f45a2e2a8445.zip
10 files changed, 56 insertions, 18 deletions
diff --git a/interface-definitions/include/ipv6-address.xml.i b/interface-definitions/include/ipv6-address.xml.i
index ffc6ef933..34f54e4c1 100644
--- a/interface-definitions/include/ipv6-address.xml.i
+++ b/interface-definitions/include/ipv6-address.xml.i
@@ -19,5 +19,11 @@
         <multi/>
       </properties>
     </leafNode>
+    <leafNode name="no-default-link-local">
+      <properties>
+        <help>Remove the default link-local address from the interface</help>
+        <valueless/>
+      </properties>
+    </leafNode>
   </children>
 </node>
diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py
index 9ea89194f..2ce8a795f 100644
--- a/python/vyos/configdict.py
+++ b/python/vyos/configdict.py
@@ -210,8 +210,12 @@ def vlan_to_dict(conf):
     eff_addr = conf.return_effective_values('ipv6 address eui64')
     vlan['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, vlan['ipv6_eui64_prefix'])
 
-    # add the link-local by default to make IPv6 work
-    vlan['ipv6_eui64_prefix'].append('fe80::/64')
+    # Remove the default link-local address if set.
+    if conf.exists('ipv6 address no-default-link-local'):
+        vlan['ipv6_eui64_prefix_remove'].append('fe80::/64')
+    else:
+        # add the link-local by default to make IPv6 work
+        vlan['ipv6_eui64_prefix'].append('fe80::/64')
 
     # Disable IPv6 forwarding on this interface
     if conf.exists('ipv6 disable-forwarding'):
diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py
index 6693f3a13..4aef486b4 100755
--- a/src/conf_mode/interfaces-bonding.py
+++ b/src/conf_mode/interfaces-bonding.py
@@ -212,8 +212,12 @@ def get_config():
     eff_addr = conf.return_effective_values('ipv6 address eui64')
     bond['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, bond['ipv6_eui64_prefix'])
 
-    # add the link-local by default to make IPv6 work
-    bond['ipv6_eui64_prefix'].append('fe80::/64')
+    # Remove the default link-local address if set.
+    if conf.exists('ipv6 address no-default-link-local'):
+        bond['ipv6_eui64_prefix_remove'].append('fe80::/64')
+    else:
+        # add the link-local by default to make IPv6 work
+        bond['ipv6_eui64_prefix'].append('fe80::/64')
 
     # Disable IPv6 forwarding on this interface
     if conf.exists('ipv6 disable-forwarding'):
diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py
index d4470ef26..da49415f7 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces-bridge.py
@@ -170,8 +170,12 @@ def get_config():
     eff_addr = conf.return_effective_values('ipv6 address eui64')
     bridge['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, bridge['ipv6_eui64_prefix'])
 
-    # add the link-local by default to make IPv6 work
-    bridge['ipv6_eui64_prefix'].append('fe80::/64')
+    # Remove the default link-local address if set.
+    if conf.exists('ipv6 address no-default-link-local'):
+        bridge['ipv6_eui64_prefix_remove'].append('fe80::/64')
+    else:
+        # add the link-local by default to make IPv6 work
+        bridge['ipv6_eui64_prefix'].append('fe80::/64')
 
     # Disable IPv6 forwarding on this interface
     if conf.exists('ipv6 disable-forwarding'):
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index db8e2cd3c..43d97916d 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -185,8 +185,12 @@ def get_config():
     eff_addr = conf.return_effective_values('ipv6 address eui64')
     eth['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, eth['ipv6_eui64_prefix'])
 
-    # add the link-local by default to make IPv6 work
-    eth['ipv6_eui64_prefix'].append('fe80::/64')
+    # Remove the default link-local address if set.
+    if conf.exists('ipv6 address no-default-link-local'):
+        eth['ipv6_eui64_prefix_remove'].append('fe80::/64')
+    else:
+        # add the link-local by default to make IPv6 work
+        eth['ipv6_eui64_prefix'].append('fe80::/64')
 
     # Disable IPv6 forwarding on this interface
     if conf.exists('ipv6 disable-forwarding'):
diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py
index a18cc6161..8c3a8279e 100755
--- a/src/conf_mode/interfaces-l2tpv3.py
+++ b/src/conf_mode/interfaces-l2tpv3.py
@@ -117,8 +117,10 @@ def get_config():
     if conf.exists('ipv6 address eui64'):
         l2tpv3['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64')
 
-    # add the link-local by default to make IPv6 work
-    l2tpv3['ipv6_eui64_prefix'].append('fe80::/64')
+    # Remove the default link-local address if set.
+    if not conf.exists('ipv6 address no-default-link-local'):
+        # add the link-local by default to make IPv6 work
+        l2tpv3['ipv6_eui64_prefix'].append('fe80::/64')
 
     # Disable IPv6 forwarding on this interface
     if conf.exists('ipv6 disable-forwarding'):
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 668dcabb4..029bc1d69 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -325,8 +325,12 @@ def get_config():
     eff_addr = conf.return_effective_values('ipv6 address eui64')
     openvpn['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, openvpn['ipv6_eui64_prefix'])
 
-    # add the link-local by default to make IPv6 work
-    openvpn['ipv6_eui64_prefix'].append('fe80::/64')
+    # Remove the default link-local address if set.
+    if conf.exists('ipv6 address no-default-link-local'):
+        openvpn['ipv6_eui64_prefix_remove'].append('fe80::/64')
+    else:
+        # add the link-local by default to make IPv6 work
+        openvpn['ipv6_eui64_prefix'].append('fe80::/64')
 
     # Disable IPv6 forwarding on this interface
     if conf.exists('ipv6 disable-forwarding'):
diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py
index 2f86a3bea..57b282291 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces-pseudo-ethernet.py
@@ -167,8 +167,12 @@ def get_config():
     eff_addr = conf.return_effective_values('ipv6 address eui64')
     peth['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, peth['ipv6_eui64_prefix'])
 
-    # add the link-local by default to make IPv6 work
-    peth['ipv6_eui64_prefix'].append('fe80::/64')
+    # Remove the default link-local address if set.
+    if conf.exists('ipv6 address no-default-link-local'):
+        peth['ipv6_eui64_prefix_remove'].append('fe80::/64')
+    else:
+        # add the link-local by default to make IPv6 work
+        peth['ipv6_eui64_prefix'].append('fe80::/64')
 
     # Disable IPv6 forwarding on this interface
     if conf.exists('ipv6 disable-forwarding'):
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index 3ff051eed..74eae4281 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -120,8 +120,10 @@ def get_config():
     if conf.exists('ipv6 address eui64'):
         vxlan['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64')
 
-    # add the link-local by default to make IPv6 work
-    vxlan['ipv6_eui64_prefix'].append('fe80::/64')
+    # Remove the default link-local address if set.
+    if not conf.exists('ipv6 address no-default-link-local'):
+        # add the link-local by default to make IPv6 work
+        vxlan['ipv6_eui64_prefix'].append('fe80::/64')
 
     # Disable IPv6 forwarding on this interface
     if conf.exists('ipv6 disable-forwarding'):
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index b25a094e2..148a7f6e0 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -378,8 +378,12 @@ def get_config():
     eff_addr = conf.return_effective_values('ipv6 address eui64')
     wifi['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, wifi['ipv6_eui64_prefix'])
 
-    # add the link-local by default to make IPv6 work
-    wifi['ipv6_eui64_prefix'].append('fe80::/64')
+    # Remove the default link-local address if set.
+    if conf.exists('ipv6 address no-default-link-local'):
+        wifi['ipv6_eui64_prefix_remove'].append('fe80::/64')
+    else:
+        # add the link-local by default to make IPv6 work
+        wifi['ipv6_eui64_prefix'].append('fe80::/64')
 
     # ARP enable ignore
     if conf.exists('ip enable-arp-ignore'):
author	Jernej Jakob <jernej.jakob@gmail.com>	2020-04-22 12:41:07 +0200
committer	Jernej Jakob <jernej.jakob@gmail.com>	2020-04-23 16:09:38 +0200
commit	c87a5a1e1f52cddf113f427ea902f45a2e2a8445 (patch)
tree	3f0d071f1e498524ccbd7e1f60a288a264e7b727
parent	4940bea4f7b8574d30876fd3d0456e75f6f29877 (diff)
download	vyos-1x-c87a5a1e1f52cddf113f427ea902f45a2e2a8445.tar.gz vyos-1x-c87a5a1e1f52cddf113f427ea902f45a2e2a8445.zip