diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-05-11 18:46:18 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-11 18:46:18 +0200 |
commit | 6346a5f1a08e878e51213031ac33dcec08e368cd (patch) | |
tree | 7ace538f7568a8005f0e4f0987b27f0fd8dde20b | |
parent | 4ca0e563861f1d0ebf99afc012a9b95d9492e399 (diff) | |
parent | 49fc2c83adfa2c5dc169cae675f65c8e36a7d6c4 (diff) | |
download | vyos-1x-6346a5f1a08e878e51213031ac33dcec08e368cd.tar.gz vyos-1x-6346a5f1a08e878e51213031ac33dcec08e368cd.zip |
Merge pull request #407 from jjakob/accept-ra-fix-T2449
T2449: set 'accept_ra=2' if 'address dhcpv6' or 'ipv6 address autoconf' is set
-rw-r--r-- | python/vyos/configdict.py | 6 | ||||
-rw-r--r-- | python/vyos/ifconfig/dhcp.py | 6 | ||||
-rw-r--r-- | python/vyos/ifconfig/interface.py | 21 | ||||
-rw-r--r-- | python/vyos/ifconfig_vlan.py | 2 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-bonding.py | 3 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-bridge.py | 8 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-ethernet.py | 3 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-l2tpv3.py | 8 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 8 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-pseudo-ethernet.py | 3 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-tunnel.py | 8 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-vxlan.py | 8 | ||||
-rwxr-xr-x | src/conf_mode/interfaces-wireless.py | 3 |
13 files changed, 79 insertions, 8 deletions
diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 5ca369f66..8325355e8 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -122,6 +122,7 @@ vlan_default = { 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, + 'ipv6_accept_ra': 1, 'ipv6_autoconf': 0, 'ipv6_eui64_prefix': [], 'ipv6_eui64_prefix_remove': [], @@ -348,6 +349,11 @@ def intf_to_dict(conf, default): # If the interface does not exist, it could not have changed pass + # to make IPv6 SLAAC and DHCPv6 work with forwarding=1, + # accept_ra must be 2 + if intf['ipv6_autoconf'] or 'dhcpv6' in intf['address']: + intf['ipv6_accept_ra'] = 2 + return intf, disable diff --git a/python/vyos/ifconfig/dhcp.py b/python/vyos/ifconfig/dhcp.py index bf6566c07..57e488cc7 100644 --- a/python/vyos/ifconfig/dhcp.py +++ b/python/vyos/ifconfig/dhcp.py @@ -114,9 +114,6 @@ class _DHCPv6 (Control): render(self.options['options_file'], 'dhcp-client/daemon-options.tmpl', self.options) render(self.options['conf_file'], 'dhcp-client/ipv6.tmpl', self.options) - # no longer accept router announcements on this interface - self._write_sysfs('/proc/sys/net/ipv6/conf/{ifname}/accept_ra'.format(**self.options), 0) - return self._cmd('systemctl restart dhclient6@{ifname}.service'.format(**self.options)) def delete(self): @@ -136,9 +133,6 @@ class _DHCPv6 (Control): self._cmd('systemctl stop dhclient6@{ifname}.service'.format(**self.options)) - # accept router announcements on this interface - self._write_sysfs('/proc/sys/net/ipv6/conf/{ifname}/accept_ra'.format(**self.options), 1) - # cleanup old config files for name in ('conf_file', 'options_file', 'pid_file', 'lease_file'): if os.path.isfile(self.options[name]): diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 7b42e3399..61f2c6482 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -134,8 +134,12 @@ class Interface(Control): 'validate': assert_boolean, 'location': '/proc/sys/net/ipv4/conf/{ifname}/arp_ignore', }, + 'ipv6_accept_ra': { + 'validate': lambda ara: assert_range(ara,0,3), + 'location': '/proc/sys/net/ipv6/conf/{ifname}/accept_ra', + }, 'ipv6_autoconf': { - 'validate': lambda fwd: assert_range(fwd,0,2), + 'validate': lambda aco: assert_range(aco,0,2), 'location': '/proc/sys/net/ipv6/conf/{ifname}/autoconf', }, 'ipv6_forwarding': { @@ -409,6 +413,21 @@ class Interface(Control): """ return self.set_interface('arp_ignore', arp_ignore) + def set_ipv6_accept_ra(self, accept_ra): + """ + Accept Router Advertisements; autoconfigure using them. + + It also determines whether or not to transmit Router Solicitations. + If and only if the functional setting is to accept Router + Advertisements, Router Solicitations will be transmitted. + + 0 - Do not accept Router Advertisements. + 1 - (default) Accept Router Advertisements if forwarding is disabled. + 2 - Overrule forwarding behaviour. Accept Router Advertisements even if + forwarding is enabled. + """ + return self.set_interface('ipv6_accept_ra', accept_ra) + def set_ipv6_autoconf(self, autoconf): """ Autoconfigure addresses using Prefix Information in Router diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py index bb93121e7..6410be9aa 100644 --- a/python/vyos/ifconfig_vlan.py +++ b/python/vyos/ifconfig_vlan.py @@ -101,6 +101,8 @@ def apply_vlan_config(vlan, config): vlan.set_arp_ignore(config['ip_enable_arp_ignore']) # configure Proxy ARP vlan.set_proxy_arp(config['ip_proxy_arp']) + # IPv6 accept RA + vlan.set_ipv6_accept_ra(config['ipv6_accept_ra']) # IPv6 address autoconfiguration vlan.set_ipv6_autoconf(config['ipv6_autoconf']) # IPv6 forwarding diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 5a2ff9eef..93d2adbd6 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -51,6 +51,7 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, + 'ipv6_accept_ra': 1, 'ipv6_autoconf': 0, 'ipv6_eui64_prefix': [], 'ipv6_eui64_prefix_remove': [], @@ -340,6 +341,8 @@ def apply(bond): b.set_proxy_arp(bond['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface b.set_proxy_arp_pvlan(bond['ip_proxy_arp_pvlan']) + # IPv6 accept RA + b.set_ipv6_accept_ra(bond['ipv6_accept_ra']) # IPv6 address autoconfiguration b.set_ipv6_autoconf(bond['ipv6_autoconf']) # IPv6 forwarding diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index c43fae78b..217ba95e1 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -48,6 +48,7 @@ default_config_data = { 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, + 'ipv6_accept_ra': 1, 'ipv6_autoconf': 0, 'ipv6_eui64_prefix': [], 'ipv6_eui64_prefix_remove': [], @@ -197,6 +198,11 @@ def get_config(): and bridge['mac'] != BridgeIf(bridge['intf'], create=False).get_mac() ): bridge['ipv6_eui64_prefix_remove'] += bridge['ipv6_eui64_prefix'] + # to make IPv6 SLAAC and DHCPv6 work with forwarding=1, + # accept_ra must be 2 + if bridge['ipv6_autoconf'] or 'dhcpv6' in bridge['address']: + bridge['ipv6_accept_ra'] = 2 + # Interval at which neighbor bridges are removed if conf.exists('max-age'): bridge['max_age'] = int(conf.return_value('max-age')) @@ -302,6 +308,8 @@ def apply(bridge): br.set_arp_announce(bridge['ip_enable_arp_announce']) # configure ARP ignore br.set_arp_ignore(bridge['ip_enable_arp_ignore']) + # IPv6 accept RA + br.set_ipv6_accept_ra(bridge['ipv6_accept_ra']) # IPv6 address autoconfiguration br.set_ipv6_autoconf(bridge['ipv6_autoconf']) # IPv6 forwarding diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index 955022042..5f7b0014e 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -49,6 +49,7 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, + 'ipv6_accept_ra': 1, 'ipv6_autoconf': 0, 'ipv6_eui64_prefix': [], 'ipv6_eui64_prefix_remove': [], @@ -240,6 +241,8 @@ def apply(eth): e.set_proxy_arp(eth['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface e.set_proxy_arp_pvlan(eth['ip_proxy_arp_pvlan']) + # IPv6 accept RA + e.set_ipv6_accept_ra(eth['ipv6_accept_ra']) # IPv6 address autoconfiguration e.set_ipv6_autoconf(eth['ipv6_autoconf']) # IPv6 forwarding diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 26bb537e5..cdfc6ea84 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -35,6 +35,7 @@ default_config_data = { 'local_address': '', 'local_port': 5000, 'intf': '', + 'ipv6_accept_ra': 1, 'ipv6_autoconf': 0, 'ipv6_eui64_prefix': [], 'ipv6_forwarding': 1, @@ -132,6 +133,11 @@ def get_config(): if conf.exists('ipv6 dup-addr-detect-transmits'): l2tpv3['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) + # to make IPv6 SLAAC and DHCPv6 work with forwarding=1, + # accept_ra must be 2 + if l2tpv3['ipv6_autoconf'] or 'dhcpv6' in l2tpv3['address']: + l2tpv3['ipv6_accept_ra'] = 2 + # Maximum Transmission Unit (MTU) if conf.exists('mtu'): l2tpv3['mtu'] = int(conf.return_value('mtu')) @@ -241,6 +247,8 @@ def apply(l2tpv3): l.set_alias(l2tpv3['description']) # Maximum Transfer Unit (MTU) l.set_mtu(l2tpv3['mtu']) + # IPv6 accept RA + l.set_ipv6_accept_ra(l2tpv3['ipv6_accept_ra']) # IPv6 address autoconfiguration l.set_ipv6_autoconf(l2tpv3['ipv6_autoconf']) # IPv6 forwarding diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index bd69e4d4b..ea8e1a7c4 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -49,6 +49,7 @@ default_config_data = { 'encryption': '', 'hash': '', 'intf': '', + 'ipv6_accept_ra': 1, 'ipv6_autoconf': 0, 'ipv6_eui64_prefix': [], 'ipv6_eui64_prefix_remove': [], @@ -334,6 +335,11 @@ def get_config(): if conf.exists('ipv6 dup-addr-detect-transmits'): openvpn['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) + # to make IPv6 SLAAC and DHCPv6 work with forwarding=1, + # accept_ra must be 2 + if openvpn['ipv6_autoconf'] or 'dhcpv6' in openvpn['address']: + openvpn['ipv6_accept_ra'] = 2 + # OpenVPN operation mode if conf.exists('mode'): openvpn['mode'] = conf.return_value('mode') @@ -1042,6 +1048,8 @@ def apply(openvpn): o = VTunIf(interface) # update interface description used e.g. within SNMP o.set_alias(openvpn['description']) + # IPv6 accept RA + o.set_ipv6_accept_ra(openvpn['ipv6_accept_ra']) # IPv6 address autoconfiguration o.set_ipv6_autoconf(openvpn['ipv6_autoconf']) # IPv6 forwarding diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index ec2f1146e..a050ae80b 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -46,6 +46,7 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, + 'ipv6_accept_ra': 1, 'ipv6_autoconf': 0, 'ipv6_eui64_prefix': [], 'ipv6_eui64_prefix_remove': [], @@ -208,6 +209,8 @@ def apply(peth): p.set_proxy_arp(peth['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface p.set_proxy_arp_pvlan(peth['ip_proxy_arp_pvlan']) + # IPv6 accept RA + p.set_ipv6_accept_ra(peth['ipv6_accept_ra']) # IPv6 address autoconfiguration p.set_ipv6_autoconf(peth['ipv6_autoconf']) # IPv6 forwarding diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index f4cd53981..3e8653d58 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -251,6 +251,7 @@ default_config_data = { 'ip': False, 'ipv6': False, 'nhrp': [], + 'ipv6_accept_ra': 1, 'ipv6_autoconf': 0, 'ipv6_forwarding': 1, 'ipv6_dad_transmits': 1, @@ -401,6 +402,11 @@ def get_config(): eff_addr = conf.return_effective_values('address') options['addresses-del'] = list_diff(eff_addr, options['addresses-add']) + # to make IPv6 SLAAC and DHCPv6 work with forwarding=1, + # accept_ra must be 2 + if options['ipv6_autoconf'] or 'dhcpv6' in options['address']: + options['ipv6_accept_ra'] = 2 + # allmulticast fate is linked to multicast options['allmulticast'] = options['multicast'] @@ -636,7 +642,7 @@ def apply(conf): # set other interface properties for option in ('alias', 'mtu', 'link_detect', 'multicast', 'allmulticast', - 'ipv6_autoconf', 'ipv6_forwarding', 'ipv6_dad_transmits'): + 'ipv6_accept_ra', 'ipv6_autoconf', 'ipv6_forwarding', 'ipv6_dad_transmits'): if not options[option]: # should never happen but better safe continue diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 91682a540..84fe3dfc8 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -38,6 +38,7 @@ default_config_data = { 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, + 'ipv6_accept_ra': 1, 'ipv6_autoconf': 0, 'ipv6_eui64_prefix': [], 'ipv6_forwarding': 1, @@ -135,6 +136,11 @@ def get_config(): if conf.exists('ipv6 dup-addr-detect-transmits'): vxlan['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) + # to make IPv6 SLAAC and DHCPv6 work with forwarding=1, + # accept_ra must be 2 + if vxlan['ipv6_autoconf'] or 'dhcpv6' in vxlan['address']: + vxlan['ipv6_accept_ra'] = 2 + # VXLAN source address if conf.exists('source-address'): vxlan['source_address'] = conf.return_value('source-address') @@ -251,6 +257,8 @@ def apply(vxlan): v.set_arp_ignore(vxlan['ip_enable_arp_ignore']) # Enable proxy-arp on this interface v.set_proxy_arp(vxlan['ip_proxy_arp']) + # IPv6 accept RA + v.set_ipv6_accept_ra(vxlan['ipv6_accept_ra']) # IPv6 address autoconfiguration v.set_ipv6_autoconf(vxlan['ipv6_autoconf']) # IPv6 forwarding diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 03f66dd81..70d46d061 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -88,6 +88,7 @@ default_config_data = { 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, + 'ipv6_accept_ra': 1, 'ipv6_autoconf': 0, 'ipv6_eui64_prefix': [], 'ipv6_eui64_prefix_remove': [], @@ -647,6 +648,8 @@ def apply(wifi): w.set_arp_announce(wifi['ip_enable_arp_announce']) # configure ARP ignore w.set_arp_ignore(wifi['ip_enable_arp_ignore']) + # IPv6 accept RA + w.set_ipv6_accept_ra(wifi['ipv6_accept_ra']) # IPv6 address autoconfiguration w.set_ipv6_autoconf(wifi['ipv6_autoconf']) # IPv6 forwarding |