diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-04-18 12:35:10 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-04-18 14:31:51 +0200 |
commit | 901d5e89ec6e3fb0f3d13f90f0495a4dda592454 (patch) | |
tree | 6a18d5bcbfa1fbdf7d83d1ba828a7641ac694af5 | |
parent | 3a81e26a23b5e1b372bfa15c63dbc725a2f448ed (diff) | |
download | vyos-1x-901d5e89ec6e3fb0f3d13f90f0495a4dda592454.tar.gz vyos-1x-901d5e89ec6e3fb0f3d13f90f0495a4dda592454.zip |
pppoe-server: T2314: migrate IPv6 to common CLI nodes with embeeded validation
-rw-r--r-- | data/templates/l2tp/l2tp.config.tmpl | 1 | ||||
-rw-r--r-- | data/templates/pppoe-server/pppoe.config.tmpl | 8 | ||||
-rw-r--r-- | interface-definitions/include/accel-client-ipv6-pool.xml.in | 59 | ||||
-rw-r--r-- | interface-definitions/service_pppoe-server.xml.in | 20 | ||||
-rw-r--r-- | interface-definitions/vpn_l2tp.xml.in | 60 | ||||
-rwxr-xr-x | src/conf_mode/service_pppoe-server.py | 32 | ||||
-rwxr-xr-x | src/conf_mode/vpn_l2tp.py | 2 | ||||
-rwxr-xr-x | src/migration-scripts/l2tp/2-to-3 | 6 | ||||
-rwxr-xr-x | src/migration-scripts/pppoe-server/2-to-3 | 31 |
9 files changed, 128 insertions, 91 deletions
diff --git a/data/templates/l2tp/l2tp.config.tmpl b/data/templates/l2tp/l2tp.config.tmpl index ba78cadcd..84f544203 100644 --- a/data/templates/l2tp/l2tp.config.tmpl +++ b/data/templates/l2tp/l2tp.config.tmpl @@ -124,7 +124,6 @@ ipv6=allow {% for p in client_ipv6_delegate_prefix %} delegate={{ p.prefix }},{{ p.mask }} {% endfor %} - {% endif %} {% if client_ipv6_delegate_prefix %} diff --git a/data/templates/pppoe-server/pppoe.config.tmpl b/data/templates/pppoe-server/pppoe.config.tmpl index 8bc6b5f4b..325b75adc 100644 --- a/data/templates/pppoe-server/pppoe.config.tmpl +++ b/data/templates/pppoe-server/pppoe.config.tmpl @@ -56,11 +56,11 @@ gw-ip-address={{ ppp_gw }} {% if client_ipv6_pool %} [ipv6-pool] -{% for prefix in client_ipv6_pool['prefix']: %} -{{ prefix }} +{% for p in client_ipv6_pool %} +{{ p.prefix }},{{ p.mask }} {% endfor %} -{% for prefix in client_ipv6_pool['delegate-prefix']: %} -delegate={{ prefix }} +{% for p in client_ipv6_delegate_prefix %} +delegate={{ p.prefix }},{{ p.mask }} {% endfor %} {% endif %} diff --git a/interface-definitions/include/accel-client-ipv6-pool.xml.in b/interface-definitions/include/accel-client-ipv6-pool.xml.in new file mode 100644 index 000000000..455ada6ef --- /dev/null +++ b/interface-definitions/include/accel-client-ipv6-pool.xml.in @@ -0,0 +1,59 @@ +<node name="client-ipv6-pool"> + <properties> + <help>Pool of client IPv6 addresses</help> + </properties> + <children> + <tagNode name="prefix"> + <properties> + <help>Pool of addresses used to assign to clients</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="mask"> + <properties> + <help>Prefix length used for individual client</help> + <valueHelp> + <format><48-128></format> + <description>Client prefix length (default: 64)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 48-128"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="delegate"> + <properties> + <help>Subnet used to delegate prefix through DHCPv6-PD (RFC3633)</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="delegation-prefix"> + <properties> + <help>Prefix length delegated to client</help> + <valueHelp> + <format><32-64></format> + <description>Delegated prefix length</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 32-64"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> +</node> diff --git a/interface-definitions/service_pppoe-server.xml.in b/interface-definitions/service_pppoe-server.xml.in index 0d7c3568c..e42de4f90 100644 --- a/interface-definitions/service_pppoe-server.xml.in +++ b/interface-definitions/service_pppoe-server.xml.in @@ -248,25 +248,7 @@ </leafNode> </children> </node> - <node name="client-ipv6-pool"> - <properties> - <help>Pool of client IPv6 addresses</help> - </properties> - <children> - <leafNode name="prefix"> - <properties> - <help>Format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients)</help> - <multi /> - </properties> - </leafNode> - <leafNode name="delegate-prefix"> - <properties> - <help>Format: ipv6prefix/mask,prefix_len (delegate to clients through DHCPv6 prefix delegation - rfc3633)</help> - <multi /> - </properties> - </leafNode> - </children> - </node> + #include <include/accel-client-ipv6-pool.xml.in> <leafNode name="name-server"> <properties> <help>Domain Name Server (DNS) propagated to client</help> diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in index d4286a810..d92817ca0 100644 --- a/interface-definitions/vpn_l2tp.xml.in +++ b/interface-definitions/vpn_l2tp.xml.in @@ -232,65 +232,7 @@ </leafNode> </children> </node> - <node name="client-ipv6-pool"> - <properties> - <help>Pool of client IPv6 addresses</help> - </properties> - <children> - <tagNode name="prefix"> - <properties> - <help>Pool of addresses used to assign to clients</help> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv6-prefix"/> - </constraint> - </properties> - <children> - <leafNode name="mask"> - <properties> - <help>Prefix length used for individual client</help> - <valueHelp> - <format><48-128></format> - <description>Client prefix length (default: 64)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 48-128"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - <tagNode name="delegate"> - <properties> - <help>Subnet used to delegate prefix through DHCPv6-PD (RFC3633)</help> - <valueHelp> - <format>ipv6net</format> - <description>IPv6 address and prefix length</description> - </valueHelp> - <constraint> - <validator name="ipv6-prefix"/> - </constraint> - </properties> - <children> - <leafNode name="delegation-prefix"> - <properties> - <help>Prefix length delegated to client</help> - <valueHelp> - <format><32-64></format> - <description>Delegated prefix length</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 32-64"/> - </constraint> - </properties> - </leafNode> - </children> - </tagNode> - </children> - </node> + #include <include/accel-client-ipv6-pool.xml.in> <leafNode name="description"> <properties> <help>Description for L2TP remote-access settings</help> diff --git a/src/conf_mode/service_pppoe-server.py b/src/conf_mode/service_pppoe-server.py index 52be86b14..aa8b9d141 100755 --- a/src/conf_mode/service_pppoe-server.py +++ b/src/conf_mode/service_pppoe-server.py @@ -35,7 +35,8 @@ default_config_data = { 'chap_secrets_file': pppoe_chap_secrets, # used in Jinja2 template 'client_ip_pool': '', 'client_ip_subnets': [], - 'client_ipv6_pool': {}, + 'client_ipv6_pool': [], + 'client_ipv6_delegate_prefix': [], 'concentrator': 'vyos-ac', 'interfaces': [], 'local_users' : [], @@ -130,6 +131,7 @@ def get_config(): if conf.exists(['wins-server']): pppoe['wins'] = conf.return_values(['wins-server']) + if conf.exists(['client-ip-pool']): if conf.exists(['client-ip-pool', 'start']) and conf.exists(['client-ip-pool', 'stop']): start = conf.return_value(['client-ip-pool', 'start']) @@ -139,10 +141,32 @@ def get_config(): if conf.exists(['client-ip-pool', 'subnet']): pppoe['client_ip_subnets'] = conf.return_values(['client-ip-pool', 'subnet']) + if conf.exists(['client-ipv6-pool', 'prefix']): - pppoe['client_ipv6_pool']['prefix'] = conf.return_values(['client-ipv6-pool', 'prefix']) - if conf.exists(['client-ipv6-pool', 'delegate-prefix']): - pppoe['client_ipv6_pool']['delegate-prefix'] = conf.return_values(['client-ipv6-pool', 'delegate-prefix']) + for prefix in conf.list_nodes(['client-ipv6-pool', 'prefix']): + tmp = { + 'prefix': prefix, + 'mask': '64' + } + + if conf.exists(['client-ipv6-pool', 'prefix', prefix, 'mask']): + tmp['mask'] = conf.return_value(['client-ipv6-pool', 'prefix', prefix, 'mask']) + + pppoe['client_ipv6_pool'].append(tmp) + + + if conf.exists(['client-ipv6-pool', 'delegate']): + for prefix in conf.list_nodes(['client-ipv6-pool', 'delegate']): + tmp = { + 'prefix': prefix, + 'mask': '' + } + + if conf.exists(['client-ipv6-pool', 'delegate', prefix, 'delegation-prefix']): + tmp['mask'] = conf.return_value(['client-ipv6-pool', 'delegate', prefix, 'delegation-prefix']) + + pppoe['client_ipv6_delegate_prefix'].append(tmp) + if conf.exists(['limits']): if conf.exists(['limits', 'burst']): diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py index 06803e7e0..331f22465 100755 --- a/src/conf_mode/vpn_l2tp.py +++ b/src/conf_mode/vpn_l2tp.py @@ -252,7 +252,7 @@ def get_config(): 'mask': '' } - if conf.exists(['client-ipv6-pool', 'delegate', prefix, 'mask']): + if conf.exists(['client-ipv6-pool', 'delegate', prefix, 'delegation-prefix']): tmp['mask'] = conf.return_value(['client-ipv6-pool', 'delegate', prefix, 'delegation-prefix']) l2tp['client_ipv6_delegate_prefix'].append(tmp) diff --git a/src/migration-scripts/l2tp/2-to-3 b/src/migration-scripts/l2tp/2-to-3 index bd0839e03..3472ee3ed 100755 --- a/src/migration-scripts/l2tp/2-to-3 +++ b/src/migration-scripts/l2tp/2-to-3 @@ -95,13 +95,13 @@ else: # delete old delegate prefix CLI nodes config.delete(ipv6_base + ['delegate-prefix']) # create ned delegation tag node - config.set(ipv6_base + ['delegate ']) - config.set_tag(ipv6_base + ['delegate ']) + config.set(ipv6_base + ['delegate']) + config.set_tag(ipv6_base + ['delegate']) for p in prefix_old: prefix = p.split(',')[0] mask = p.split(',')[1] - config.set(ipv6_base + ['delegate', prefix, 'mask'], value=mask) + config.set(ipv6_base + ['delegate', prefix, 'delegate-prefix'], value=mask) try: with open(file_name, 'w') as f: diff --git a/src/migration-scripts/pppoe-server/2-to-3 b/src/migration-scripts/pppoe-server/2-to-3 index 977f1ef43..eb3e00b8b 100755 --- a/src/migration-scripts/pppoe-server/2-to-3 +++ b/src/migration-scripts/pppoe-server/2-to-3 @@ -75,6 +75,37 @@ else: if config.exists(radius_base + ['server', server, 'req-limit']): config.delete(radius_base + ['server', server, 'req-limit']) + # Migrate IPv6 prefixes + ipv6_base = base + ['client-ipv6-pool'] + if config.exists(ipv6_base + ['prefix']): + prefix_old = config.return_values(ipv6_base + ['prefix']) + # delete old prefix CLI nodes + config.delete(ipv6_base + ['prefix']) + # create ned prefix tag node + config.set(ipv6_base + ['prefix']) + config.set_tag(ipv6_base + ['prefix']) + + for p in prefix_old: + prefix = p.split(',')[0] + mask = p.split(',')[1] + config.set(ipv6_base + ['prefix', prefix, 'mask'], value=mask) + + if config.exists(ipv6_base + ['delegate-prefix']): + prefix_old = config.return_values(ipv6_base + ['delegate-prefix']) + # delete old delegate prefix CLI nodes + config.delete(ipv6_base + ['delegate-prefix']) + # create ned delegation tag node + config.set(ipv6_base + ['delegate']) + config.set_tag(ipv6_base + ['delegate']) + + for p in prefix_old: + prefix = p.split(',')[0] + mask = p.split(',')[1] + config.set(ipv6_base + ['delegate', prefix, 'delegation-prefix'], value=mask) + + print(config.to_string()) + exit(1) + try: with open(file_name, 'w') as f: f.write(config.to_string()) |