bridge: T3137: Let VLAN aware bridge approach the behavior of professional equipment

According to the consensus, the specific behavior of a VLAN aware bridge should conform to the behavior of professional equipment. This commit makes a significant change to the behavior of VLAN aware bridge, and has the following behaviors: 1. Disable `vif 1` configuration 2. When the VLAN aware bridge is enabled, the parent interface is always VLAN 1 3. When `native-vlan` is not configured, the default behavior of the device is `native-vlan 1` 4. The VLAN ids forwarded by the bridge are determined by `vif` 5. It has an `enable-vlan` node to enable VLAN awareness 6. VLAN configuration is allowed only when VLAN aware bridge is activated
author: jack9603301 <jack9603301@163.com> 2021-01-09 21:32:19 +0800
committer: jack9603301 <jack9603301@163.com> 2021-01-15 16:26:33 +0800
commit: 38566b8fbdec60b1601ed127fd759c85802909e9 (patch)
tree: 00a658fbeb2d2b27fe3d7def53b9bbdb681de0c3 /src/conf_mode/interfaces-bridge.py
parent: 931692c5e4b15eb5ab62cd537ffd915365429e1c (diff)
download: vyos-1x-38566b8fbdec60b1601ed127fd759c85802909e9.tar.gz
vyos-1x-38566b8fbdec60b1601ed127fd759c85802909e9.zip
1 files changed, 39 insertions, 65 deletions
diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py
index 7af3e3d7c..d5bcfec4f 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces-bridge.py
@@ -41,26 +41,6 @@ from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
 
-def helper_check_removed_vlan(conf,bridge,key,key_mangling):
-    key_update = re.sub(key_mangling[0], key_mangling[1], key)
-    if dict_search('member.interface', bridge):
-        for interface in bridge['member']['interface']:
-            tmp = leaf_node_changed(conf, ['member', 'interface',interface,key])
-            if tmp:
-                if 'member' in bridge:
-                    if 'interface' in bridge['member']:
-                        if interface in bridge['member']['interface']:
-                            bridge['member']['interface'][interface].update({f'{key_update}_removed': tmp })
-                        else:
-                            bridge['member']['interface'].update({interface: {f'{key_update}_removed': tmp }})
-                    else:
-                        bridge['member'].update({ 'interface': {interface: {f'{key_update}_removed': tmp }}})
-                else:
-                    bridge.update({'member': { 'interface': {interface: {f'{key_update}_removed': tmp }}}})
-                    
-    return bridge
-    
-
 def get_config(config=None):
     """
     Retrive CLI config as dictionary. Dictionary can never be empty, as at least the
@@ -80,12 +60,6 @@ def get_config(config=None):
             bridge['member'].update({'interface_remove': tmp })
         else:
             bridge.update({'member': {'interface_remove': tmp }})
-        
-            
-    # determine which members vlan have been removed
-    
-    bridge = helper_check_removed_vlan(conf,bridge,'native-vlan',('-', '_'))
-    bridge = helper_check_removed_vlan(conf,bridge,'allowed-vlan',('-', '_'))
 
     if dict_search('member.interface', bridge):
         # XXX: T2665: we need a copy of the dict keys for iteration, else we will get:
@@ -99,7 +73,7 @@ def get_config(config=None):
         # the default dictionary is not properly paged into the dict (see T2665)
         # thus we will ammend it ourself
         default_member_values = defaults(base + ['member', 'interface'])
-        vlan_aware = False 
+        vlan_aware = True if 'enable_vlan' in bridge else False
         for interface,interface_config in bridge['member']['interface'].items():
             bridge['member']['interface'][interface] = dict_merge(
                     default_member_values, bridge['member']['interface'][interface])
@@ -120,19 +94,11 @@ def get_config(config=None):
             # Bridge members must not have an assigned address
             tmp = has_address_configured(conf, interface)
             if tmp: bridge['member']['interface'][interface].update({'has_address' : ''})
-            
+
             # VLAN-aware bridge members must not have VLAN interface configuration
-            if 'native_vlan' in interface_config:
-                vlan_aware = True
-            
-            if 'allowed_vlan' in interface_config:
-                vlan_aware = True
-            
-            
-            if vlan_aware:
-                tmp = has_vlan_subinterface_configured(conf,interface)
-                if tmp:
-                    if tmp: bridge['member']['interface'][interface].update({'has_vlan' : ''})
+            tmp = has_vlan_subinterface_configured(conf,interface)
+            if vlan_aware and tmp:
+                bridge['member']['interface'][interface].update({'has_vlan' : ''})
 
     return bridge
 
@@ -142,8 +108,10 @@ def verify(bridge):
 
     verify_dhcpv6(bridge)
     verify_vrf(bridge)
+
+    vlan_aware = True if 'enable_vlan' in bridge else False
     
-    vlan_aware = False 
+    ifname = bridge['ifname']
 
     if dict_search('member.interface', bridge):
         for interface, interface_config in bridge['member']['interface'].items():
@@ -166,31 +134,37 @@ def verify(bridge):
 
             if 'has_address' in interface_config:
                 raise ConfigError(error_msg + 'it has an address assigned!')
-            
-            if 'has_vlan' in interface_config:
-                raise ConfigError(error_msg + 'it has an VLAN subinterface assigned!')
-            
-            # VLAN-aware bridge members must not have VLAN interface configuration
-            if 'native_vlan' in interface_config:
-                vlan_aware = True
-            
-            if 'allowed_vlan' in interface_config:
-                vlan_aware = True
-            
-            if vlan_aware and 'wlan' in interface:
-                raise ConfigError(error_msg + 'VLAN aware cannot be set!')
-            
-            if 'allowed_vlan' in interface_config:
-                for vlan in interface_config['allowed_vlan']:
-                    if re.search('[0-9]{1,4}-[0-9]{1,4}', vlan):
-                        vlan_range = vlan.split('-')
-                        if int(vlan_range[0]) <1 and int(vlan_range[0])>4094:
-                            raise ConfigError('VLAN ID must be between 1 and 4094')
-                        if int(vlan_range[1]) <1 and int(vlan_range[1])>4094:
-                            raise ConfigError('VLAN ID must be between 1 and 4094')
-                    else:
-                        if int(vlan) <1 and int(vlan)>4094:
-                            raise ConfigError('VLAN ID must be between 1 and 4094')
+
+            if vlan_aware:
+                if 'has_vlan' in interface_config:
+                    raise ConfigError(error_msg + 'it has an VLAN subinterface assigned!')
+
+                if 'wlan' in interface:
+                    raise ConfigError(error_msg + 'VLAN aware cannot be set!')
+
+                if 'allowed_vlan' in interface_config:
+                    for vlan in interface_config['allowed_vlan']:
+                        if re.search('[0-9]{1,4}-[0-9]{1,4}', vlan):
+                            vlan_range = vlan.split('-')
+                            if int(vlan_range[0]) <1 and int(vlan_range[0])>4094:
+                                raise ConfigError('VLAN ID must be between 1 and 4094')
+                            if int(vlan_range[1]) <1 and int(vlan_range[1])>4094:
+                                raise ConfigError('VLAN ID must be between 1 and 4094')
+                        else:
+                            if int(vlan) <1 and int(vlan)>4094:
+                                raise ConfigError('VLAN ID must be between 1 and 4094')
+            else:
+                if 'allowed_vlan' in interface_config:
+                    raise ConfigError(f'You must first activate "enable-vlan" of {ifname} bridge to use "allowed-vlan"')
+                if 'native_vlan' in interface_config:
+                    raise ConfigError(f'You must first activate "enable-vlan" of {ifname} bridge to use "native-vlan"')
+    
+    if vlan_aware:
+        if dict_search('vif.1', bridge):
+            raise ConfigError(f'VLAN 1 sub interface cannot be set for VLAN aware bridge {ifname}, and VLAN 1 is always the parent interface')
+    else:
+        if dict_search('vif', bridge):
+            raise ConfigError(f'You must first activate "enable-vlan" of {ifname} bridge to use "vif"')
 
     return None
author	jack9603301 <jack9603301@163.com>	2021-01-09 21:32:19 +0800
committer	jack9603301 <jack9603301@163.com>	2021-01-15 16:26:33 +0800
commit	38566b8fbdec60b1601ed127fd759c85802909e9 (patch)
tree	00a658fbeb2d2b27fe3d7def53b9bbdb681de0c3 /src/conf_mode/interfaces-bridge.py
parent	931692c5e4b15eb5ab62cd537ffd915365429e1c (diff)
download	vyos-1x-38566b8fbdec60b1601ed127fd759c85802909e9.tar.gz vyos-1x-38566b8fbdec60b1601ed127fd759c85802909e9.zip