diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2024-03-24 12:13:01 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-24 12:13:01 +0200 |
commit | 3e418913f8855d4ce8b90bb9a43019d5ef1742f2 (patch) | |
tree | 81a03c00a8e615c35ee0d02007e82b6bfaddcd09 | |
parent | 6ad88061271b118dc4d22fe816f8b393f3220115 (diff) | |
parent | c104f9aea60416dbff3bf8de994921069ee6a928 (diff) | |
download | vyos-1x-3e418913f8855d4ce8b90bb9a43019d5ef1742f2.tar.gz vyos-1x-3e418913f8855d4ce8b90bb9a43019d5ef1742f2.zip |
Merge pull request #3163 from vyos/mergify/bp/sagitta/pr-3157
vti: T6085: bring VTI interfaces up only when the IPsec tunnel is up (backport #3157)
-rw-r--r-- | python/vyos/ifconfig/vti.py | 8 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_vti.py | 19 | ||||
-rwxr-xr-x | src/etc/ipsec.d/vti-up-down | 4 |
3 files changed, 28 insertions, 3 deletions
diff --git a/python/vyos/ifconfig/vti.py b/python/vyos/ifconfig/vti.py index 9ebbeb9ed..9511386f4 100644 --- a/python/vyos/ifconfig/vti.py +++ b/python/vyos/ifconfig/vti.py @@ -1,4 +1,4 @@ -# Copyright 2021-2022 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2021-2024 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -52,8 +52,14 @@ class VTIIf(Interface): cmd += f' {iproute2_key} {tmp}' self._cmd(cmd.format(**self.config)) + + # interface is always A/D down. It needs to be enabled explicitly self.set_interface('admin_state', 'down') + def set_admin_state(self, state): + """ Handled outside by /etc/ipsec.d/vti-up-down """ + pass + def get_mac(self): """ Get a synthetic MAC address. """ return self.get_mac_synthetic() diff --git a/smoketest/scripts/cli/test_interfaces_vti.py b/smoketest/scripts/cli/test_interfaces_vti.py index 7f13575a3..871ac650b 100755 --- a/smoketest/scripts/cli/test_interfaces_vti.py +++ b/smoketest/scripts/cli/test_interfaces_vti.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -18,6 +18,9 @@ import unittest from base_interfaces_test import BasicInterfaceTest +from vyos.ifconfig import Interface +from vyos.utils.network import is_intf_addr_assigned + class VTIInterfaceTest(BasicInterfaceTest.TestCase): @classmethod def setUpClass(cls): @@ -27,5 +30,19 @@ class VTIInterfaceTest(BasicInterfaceTest.TestCase): # call base-classes classmethod super(VTIInterfaceTest, cls).setUpClass() + def test_add_single_ip_address(self): + addr = '192.0.2.0/31' + for intf in self._interfaces: + self.cli_set(self._base_path + [intf, 'address', addr]) + for option in self._options.get(intf, []): + self.cli_set(self._base_path + [intf] + option.split()) + + self.cli_commit() + + # VTI interface are always down and only brought up by IPSec + for intf in self._interfaces: + self.assertTrue(is_intf_addr_assigned(intf, addr)) + self.assertEqual(Interface(intf).get_admin_state(), 'down') + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/etc/ipsec.d/vti-up-down b/src/etc/ipsec.d/vti-up-down index 441b316c2..01e9543c9 100755 --- a/src/etc/ipsec.d/vti-up-down +++ b/src/etc/ipsec.d/vti-up-down @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2023 VyOS maintainers and contributors +# Copyright (C) 2021-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -57,7 +57,9 @@ if __name__ == '__main__': if 'disable' not in vti: tmp = VTIIf(interface) tmp.update(vti) + call(f'sudo ip link set {interface} up') else: + call(f'sudo ip link set {interface} down') syslog(f'Interface {interface} is admin down ...') elif verb in ['down-client', 'down-host']: if vti_link_up: |