diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-03-08 12:35:55 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-03-08 12:35:55 +0100 |
| commit | 8f58dde4c89ae365d0b2cb15d105d8ead73ee0c9 (patch) | |
| tree | 0131af4fd2b5fc18cff990df87e0c230f50c714c | |
| parent | 4bda9cabba26176d5abdad6b65b793e429fb763c (diff) | |
| download | vyos-1x-8f58dde4c89ae365d0b2cb15d105d8ead73ee0c9.tar.gz vyos-1x-8f58dde4c89ae365d0b2cb15d105d8ead73ee0c9.zip | |
vrf: T31: support VRF usage on VLAN/VIF interfaces
| -rw-r--r-- | interface-definitions/include/vif.xml.i | 1 | ||||
| -rw-r--r-- | python/vyos/configdict.py | 7 | ||||
| -rw-r--r-- | python/vyos/ifconfig_vlan.py | 45 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-bonding.py | 23 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-ethernet.py | 17 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-pseudo-ethernet.py | 4 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-wireless.py | 5 |
7 files changed, 65 insertions, 37 deletions
diff --git a/interface-definitions/include/vif.xml.i b/interface-definitions/include/vif.xml.i index 85e901852..88693e0d3 100644 --- a/interface-definitions/include/vif.xml.i +++ b/interface-definitions/include/vif.xml.i @@ -16,6 +16,7 @@ #include <include/dhcp-dhcpv6-options.xml.i> #include <include/interface-disable-link-detect.xml.i> #include <include/interface-disable.xml.i> + #include <include/interface-vrf.xml.i> <leafNode name="egress-qos"> <properties> <help>VLAN egress QoS</help> diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 80e199907..a1499479a 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -126,7 +126,8 @@ def vlan_to_dict(conf): 'ingress_qos': '', 'ingress_qos_changed': False, 'mac': '', - 'mtu': 1500 + 'mtu': 1500, + 'vrf': '' } # retrieve configured interface addresses if conf.exists('address'): @@ -194,6 +195,10 @@ def vlan_to_dict(conf): if conf.exists('mtu'): vlan['mtu'] = int(conf.return_value('mtu')) + # retrieve VRF instance + if conf.exists('vrf'): + vlan['vrf'] = conf.return_value('vrf') + # VLAN egress QoS if conf.exists('egress-qos'): vlan['egress_qos'] = conf.return_value('egress-qos') diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py index 576bb244a..1fe955b56 100644 --- a/python/vyos/ifconfig_vlan.py +++ b/python/vyos/ifconfig_vlan.py @@ -13,7 +13,9 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. +from netifaces import interfaces from vyos.ifconfig import VLANIf +from vyos import ConfigError def apply_vlan_config(vlan, config): """ @@ -65,6 +67,13 @@ def apply_vlan_config(vlan, config): vlan.set_arp_ignore(config['ip_enable_arp_ignore']) # Maximum Transmission Unit (MTU) vlan.set_mtu(config['mtu']) + + # assign to VRF + if config['vrf']: + vlan.add_vrf(config['vrf']) + else: + vlan.del_vrf(config['vrf']) + # Change VLAN interface MAC address if config['mac']: vlan.set_mac(config['mac']) @@ -83,3 +92,39 @@ def apply_vlan_config(vlan, config): for addr in config['address']: vlan.add_addr(addr) +def verify_vlan_config(config): + """ + Generic function to verify VLAN config consistency. Instead of re- + implementing this function in multiple places use single source \o/ + """ + + for vif_s in config['vif_s']: + for vif in config['vif']: + if vif['id'] == vif_s['id']: + raise ConfigError('Can not use identical ID on vif and vif-s interface') + + # DHCPv6 parameters-only and temporary address are mutually exclusive + if vif_s['dhcpv6_prm_only'] and vif_s['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + + vrf_name = vif_s['vrf'] + if vrf_name and vrf_name not in interfaces(): + raise ConfigError(f'VRF "{vrf_name}" does not exist') + + for vif_c in vif_s['vif_c']: + # DHCPv6 parameters-only and temporary address are mutually exclusive + if vif_c['dhcpv6_prm_only'] and vif_c['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + + vrf_name = vif_c['vrf'] + if vrf_name and vrf_name not in interfaces(): + raise ConfigError(f'VRF "{vrf_name}" does not exist') + + for vif in config['vif']: + # DHCPv6 parameters-only and temporary address are mutually exclusive + if vif['dhcpv6_prm_only'] and vif['dhcpv6_temporary']: + raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') + + vrf_name = vif['vrf'] + if vrf_name and vrf_name not in interfaces(): + raise ConfigError(f'VRF "{vrf_name}" does not exist') diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 617506c06..a75beabd1 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -21,7 +21,7 @@ from sys import exit from netifaces import interfaces from vyos.ifconfig import BondIf -from vyos.ifconfig_vlan import apply_vlan_config +from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.configdict import list_diff, vlan_to_dict from vyos.config import Config from vyos import ConfigError @@ -272,25 +272,8 @@ def verify(bond): if vrf_name and vrf_name not in interfaces(): raise ConfigError(f'VRF "{vrf_name}" does not exist') - # DHCPv6 parameters-only and temporary address are mutually exclusive - for vif_s in bond['vif_s']: - if vif_s['dhcpv6_prm_only'] and vif_s['dhcpv6_temporary']: - raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') - - for vif_c in vif_s['vif_c']: - if vif_c['dhcpv6_prm_only'] and vif_c['dhcpv6_temporary']: - raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') - - for vif in bond['vif']: - if vif['dhcpv6_prm_only'] and vif['dhcpv6_temporary']: - raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') - - - for vif_s in bond['vif_s']: - for vif in bond['vif']: - if vif['id'] == vif_s['id']: - raise ConfigError('Can not use identical ID on vif and vif-s interface') - + # use common function to verify VLAN configuration + verify_vlan_config(bond) conf = Config() for intf in bond['member']: diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index 67cc56bb2..6d779c94c 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -21,7 +21,7 @@ from copy import deepcopy from netifaces import interfaces from vyos.ifconfig import EthernetIf -from vyos.ifconfig_vlan import apply_vlan_config +from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.configdict import list_diff, vlan_to_dict from vyos.config import Config from vyos import ConfigError @@ -262,19 +262,8 @@ def verify(eth): if eth['address']: raise ConfigError('Can not assign address to interface {} which is a member of {}'.format(eth['intf'], bond)) - # DHCPv6 parameters-only and temporary address are mutually exclusive - for vif_s in eth['vif_s']: - if vif_s['dhcpv6_prm_only'] and vif_s['dhcpv6_temporary']: - raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') - - for vif_c in vif_s['vif_c']: - if vif_c['dhcpv6_prm_only'] and vif_c['dhcpv6_temporary']: - raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') - - for vif in eth['vif']: - if vif['dhcpv6_prm_only'] and vif['dhcpv6_temporary']: - raise ConfigError('DHCPv6 temporary and parameters-only options are mutually exclusive!') - + # use common function to verify VLAN configuration + verify_vlan_config(eth) return None def generate(eth): diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 09d580b28..67c5eb3d2 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -21,6 +21,7 @@ from sys import exit from netifaces import interfaces from vyos.ifconfig import MACVLANIf +from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.configdict import list_diff from vyos.config import Config from vyos import ConfigError @@ -199,6 +200,9 @@ def verify(peth): if not peth['link'] in interfaces(): raise ConfigError('Pseudo-ethernet source interface does not exist') + # use common function to verify VLAN configuration + verify_vlan_config(peth) + return None def generate(peth): diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 30074af78..2d4b16faa 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -27,7 +27,7 @@ from subprocess import Popen, PIPE from psutil import pid_exists from vyos.ifconfig import EthernetIf -from vyos.ifconfig_vlan import apply_vlan_config +from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.configdict import list_diff, vlan_to_dict from vyos.config import Config from vyos import ConfigError @@ -1298,7 +1298,8 @@ def verify(wifi): if not radius['key']: raise ConfigError('Misssing RADIUS shared secret key for server: {}'.format(radius['server'])) - + # use common function to verify VLAN configuration + verify_vlan_config(wifi) return None |