Merge branch 'vyos:current' into current

5 files changed, 91 insertions, 15 deletions

diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py
index 434ff99d7..6ab5c252c 100644
--- a/python/vyos/configdict.py
+++ b/python/vyos/configdict.py
@@ -333,8 +333,9 @@ def get_dhcp_interfaces(conf, vrf=None):
             if dict_search('dhcp_options.default_route_distance', config) != None:
                 options.update({'dhcp_options' : config['dhcp_options']})
             if 'vrf' in config:
-                if vrf is config['vrf']: tmp.update({ifname : options})
-            else: tmp.update({ifname : options})
+                if vrf == config['vrf']: tmp.update({ifname : options})
+            else:
+                if vrf is None: tmp.update({ifname : options})
 
         return tmp
 
@@ -382,8 +383,9 @@ def get_pppoe_interfaces(conf, vrf=None):
         if 'no_default_route' in ifconfig:
             options.update({'no_default_route' : {}})
         if 'vrf' in ifconfig:
-            if vrf is ifconfig['vrf']: pppoe_interfaces.update({ifname : options})
-        else: pppoe_interfaces.update({ifname : options})
+            if vrf == ifconfig['vrf']: pppoe_interfaces.update({ifname : options})
+        else:
+            if vrf is None: pppoe_interfaces.update({ifname : options})
 
     return pppoe_interfaces
 
diff --git a/python/vyos/configtree.py b/python/vyos/configtree.py
index c0b3ebd78..9308bdde4 100644
--- a/python/vyos/configtree.py
+++ b/python/vyos/configtree.py
@@ -60,7 +60,7 @@ class ConfigTree(object):
         self.__get_error.restype = c_char_p
 
         self.__to_string = self.__lib.to_string
-        self.__to_string.argtypes = [c_void_p]
+        self.__to_string.argtypes = [c_void_p, c_bool]
         self.__to_string.restype = c_char_p
 
         self.__to_commands = self.__lib.to_commands
@@ -160,8 +160,8 @@ class ConfigTree(object):
     def _get_config(self):
         return self.__config
 
-    def to_string(self):
-        config_string = self.__to_string(self.__config).decode()
+    def to_string(self, ordered_values=False):
+        config_string = self.__to_string(self.__config, ordered_values).decode()
         config_string = "{0}\n{1}".format(config_string, self.__version)
         return config_string
 
@@ -352,6 +352,27 @@ def show_diff(left, right, path=[], commands=False, libpath=LIBPATH):
 
     return res
 
+def union(left, right, libpath=LIBPATH):
+    if left is None:
+        left = ConfigTree(config_string='\n')
+    if right is None:
+        right = ConfigTree(config_string='\n')
+    if not (isinstance(left, ConfigTree) and isinstance(right, ConfigTree)):
+        raise TypeError("Arguments must be instances of ConfigTree")
+
+    __lib = cdll.LoadLibrary(libpath)
+    __tree_union = __lib.tree_union
+    __tree_union.argtypes = [c_void_p, c_void_p]
+    __tree_union.restype = c_void_p
+    __get_error = __lib.get_error
+    __get_error.argtypes = []
+    __get_error.restype = c_char_p
+
+    res = __tree_union( left._get_config(), right._get_config())
+    tree = ConfigTree(address=res)
+
+    return tree
+
 class DiffTree:
     def __init__(self, left, right, path=[], libpath=LIBPATH):
         if left is None:
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 5be897d5f..919032a41 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -223,10 +223,23 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
         action = rule_conf['action'] if 'action' in rule_conf else 'accept'
         output.append(f'log prefix "[{fw_name[:19]}-{rule_id}-{action[:1].upper()}]"')
 
-        if 'log_level' in rule_conf:
-            log_level = rule_conf['log_level']
-            output.append(f'level {log_level}')
+        if 'log_options' in rule_conf:
 
+            if 'level' in rule_conf['log_options']:
+                log_level = rule_conf['log_options']['level']
+                output.append(f'log level {log_level}')
+
+            if 'group' in rule_conf['log_options']:
+                log_group = rule_conf['log_options']['group']
+                output.append(f'log group {log_group}')
+
+                if 'queue_threshold' in rule_conf['log_options']:
+                    queue_threshold = rule_conf['log_options']['queue_threshold']
+                    output.append(f'queue-threshold {queue_threshold}')
+
+                if 'snapshot_length' in rule_conf['log_options']:
+                    log_snaplen = rule_conf['log_options']['snapshot_length']
+                    output.append(f'snaplen {log_snaplen}')
 
     if 'hop_limit' in rule_conf:
         operators = {'eq': '==', 'gt': '>', 'lt': '<'}
diff --git a/python/vyos/ifconfig/operational.py b/python/vyos/ifconfig/operational.py
index 33e8614f0..dc2742123 100644
--- a/python/vyos/ifconfig/operational.py
+++ b/python/vyos/ifconfig/operational.py
@@ -143,15 +143,17 @@ class Operational(Control):
         except IOError:
             return no_stats
 
-    def clear_counters(self, counters=None):
-        clear = self._stats_all if counters is None else []
-        stats = self.load_counters()
+    def clear_counters(self):
+        stats = self.get_stats()
         for counter, value in stats.items():
-            stats[counter] = 0 if counter in clear else value
+            stats[counter] = value
         self.save_counters(stats)
 
     def reset_counters(self):
-        os.remove(self.cachefile(self.ifname))
+        try:
+            os.remove(self.cachefile(self.ifname))
+        except FileNotFoundError:
+            pass
 
     def get_stats(self):
         """ return a dict() with the value for each interface counter """
diff --git a/python/vyos/ipsec.py b/python/vyos/ipsec.py
index cb7c39ff6..bb5611025 100644
--- a/python/vyos/ipsec.py
+++ b/python/vyos/ipsec.py
@@ -139,3 +139,41 @@ def terminate_vici_by_name(ike_name: str, child_name: str) -> None:
         else:
             raise ViciCommandError(
                 f'Failed to terminate SA for IKE {ike_name}')
+
+
+def vici_initiate(ike_sa_name: str, child_sa_name: str, src_addr: str,
+                  dst_addr: str) -> bool:
+    """Initiate IKE SA connection with specific peer
+
+    Args:
+        ike_sa_name (str): an IKE SA connection name
+        child_sa_name (str): a child SA profile name
+        src_addr (str): source address
+        dst_addr (str): remote address
+
+    Returns:
+        bool: a result of initiation command
+    """
+    from vici import Session as vici_session
+
+    try:
+        session = vici_session()
+    except Exception:
+        raise ViciInitiateError("IPsec not initialized")
+
+    try:
+        session_generator = session.initiate({
+            'ike': ike_sa_name,
+            'child': child_sa_name,
+            'timeout': '-1',
+            'my-host': src_addr,
+            'other-host': dst_addr
+        })
+        # a dummy `for` loop is required because of requirements
+        # from vici. Without a full iteration on the output, the
+        # command to vici may not be executed completely
+        for _ in session_generator:
+            pass
+        return True
+    except Exception:
+        raise ViciCommandError(f'Failed to initiate SA for IKE {ike_sa_name}')
\ No newline at end of file