diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-16 17:10:30 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-16 17:10:30 +0100 |
commit | 6c39a9cb6df6bb56c02583f82d68edc8ef17241d (patch) | |
tree | 7caace527a75d93adca7bbe5bebfbea240055d4e | |
parent | b452211624184f320524ba360815a94b0f4380b0 (diff) | |
parent | 3e35719a272956a16171e889e5dc0c8a3b47977e (diff) | |
download | vyos-1x-6c39a9cb6df6bb56c02583f82d68edc8ef17241d.tar.gz vyos-1x-6c39a9cb6df6bb56c02583f82d68edc8ef17241d.zip |
Merge pull request #2838 from vyos/mergify/bp/sagitta/pr-2837
T4658: Renamed DPD action value from 'hold' to 'trap' (backport #2837)
-rw-r--r-- | data/templates/ipsec/swanctl/peer.j2 | 6 | ||||
-rw-r--r-- | interface-definitions/include/version/ipsec-version.xml.i | 2 | ||||
-rw-r--r-- | interface-definitions/vpn_ipsec.xml.in | 6 | ||||
-rwxr-xr-x | src/migration-scripts/ipsec/12-to-13 | 52 |
4 files changed, 58 insertions, 8 deletions
diff --git a/data/templates/ipsec/swanctl/peer.j2 b/data/templates/ipsec/swanctl/peer.j2 index 9d95271fe..86a44a0ff 100644 --- a/data/templates/ipsec/swanctl/peer.j2 +++ b/data/templates/ipsec/swanctl/peer.j2 @@ -83,8 +83,7 @@ start_action = none {% endif %} {% if ike.dead_peer_detection is vyos_defined %} -{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} - dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }} + dpd_action = {{ ike.dead_peer_detection.action }} {% endif %} close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }} } @@ -134,8 +133,7 @@ start_action = none {% endif %} {% if ike.dead_peer_detection is vyos_defined %} -{% set dpd_translate = {'clear': 'clear', 'hold': 'trap', 'restart': 'restart'} %} - dpd_action = {{ dpd_translate[ike.dead_peer_detection.action] }} + dpd_action = {{ ike.dead_peer_detection.action }} {% endif %} close_action = {{ {'none': 'none', 'hold': 'trap', 'restart': 'start'}[ike.close_action] }} {% if peer_conf.vti.bind is vyos_defined %} diff --git a/interface-definitions/include/version/ipsec-version.xml.i b/interface-definitions/include/version/ipsec-version.xml.i index de7a9c088..a4d556cfc 100644 --- a/interface-definitions/include/version/ipsec-version.xml.i +++ b/interface-definitions/include/version/ipsec-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/ipsec-version.xml.i --> -<syntaxVersion component='ipsec' version='12'></syntaxVersion> +<syntaxVersion component='ipsec' version='13'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in index 1847401b5..76c71949f 100644 --- a/interface-definitions/vpn_ipsec.xml.in +++ b/interface-definitions/vpn_ipsec.xml.in @@ -280,10 +280,10 @@ <properties> <help>Keep-alive failure action</help> <completionHelp> - <list>hold clear restart</list> + <list>trap clear restart</list> </completionHelp> <valueHelp> - <format>hold</format> + <format>trap</format> <description>Attempt to re-negotiate the connection when matching traffic is seen</description> </valueHelp> <valueHelp> @@ -295,7 +295,7 @@ <description>Attempt to re-negotiate the connection immediately</description> </valueHelp> <constraint> - <regex>(hold|clear|restart)</regex> + <regex>(trap|clear|restart)</regex> </constraint> </properties> <defaultValue>clear</defaultValue> diff --git a/src/migration-scripts/ipsec/12-to-13 b/src/migration-scripts/ipsec/12-to-13 new file mode 100755 index 000000000..504a2e9c7 --- /dev/null +++ b/src/migration-scripts/ipsec/12-to-13 @@ -0,0 +1,52 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2024 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# Changed value of dead-peer-detection.action from hold to trap + +import re + +from sys import argv +from sys import exit + +from vyos.configtree import ConfigTree + +if len(argv) < 2: + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['vpn', 'ipsec', 'ike-group'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + exit(0) +else: + for ike_group in config.list_nodes(base): + base_dpd_action = base + [ike_group, 'dead-peer-detection', 'action'] + if config.exists(base_dpd_action) and config.return_value(base_dpd_action) == 'hold': + config.set(base_dpd_action, 'trap', replace=True) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print(f'Failed to save the modified config: {e}') + exit(1) |