ipv6: T1831: migrate forwarding and dup-addr-detect-transmits nodes

... to new XML and Python based frontend/backend.
author: Christian Poessinger <christian@poessinger.com> 2020-03-25 19:32:34 +0100
committer: Christian Poessinger <christian@poessinger.com> 2020-03-28 11:28:55 +0100
commit: 7f9ce3017ff4bc99c66e4d5ddfd6a9904ca8542c (patch)
tree: ec72438e73d56a585d93535c338300f6caba76a5 /src
parent: d1df92fa0668e351256175cbaa70b19707c0f53c (diff)
download: vyos-1x-7f9ce3017ff4bc99c66e4d5ddfd6a9904ca8542c.tar.gz
vyos-1x-7f9ce3017ff4bc99c66e4d5ddfd6a9904ca8542c.zip
8 files changed, 116 insertions, 1 deletions
diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py
index 9b6401ab6..9349241bd 100755
--- a/src/conf_mode/interfaces-bonding.py
+++ b/src/conf_mode/interfaces-bonding.py
@@ -48,6 +48,8 @@ default_config_data = {
     'ip_enable_arp_ignore': 0,
     'ip_proxy_arp': 0,
     'ip_proxy_arp_pvlan': 0,
+    'ipv6_forwarding': True,
+    'ipv6_dup_addr_detect': '1',
     'intf': '',
     'mac': '',
     'mode': '802.3ad',
@@ -189,6 +191,14 @@ def get_config():
     if conf.exists('ip proxy-arp-pvlan'):
         bond['ip_proxy_arp_pvlan'] = 1
 
+    # Disable IPv6 forwarding on this interface
+    if conf.exists('ipv6 disable-forwarding'):
+        bond['ipv6_forwarding'] = False
+
+    # IPv6 Duplicate Address Detection (DAD) tries
+    if conf.exists('ipv6 dup-addr-detect-transmits'):
+        bond['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
     # Media Access Control (MAC) address
     if conf.exists('mac'):
         bond['mac'] = conf.return_value('mac')
@@ -416,6 +426,10 @@ def apply(bond):
         b.set_proxy_arp(bond['ip_proxy_arp'])
         # Enable private VLAN proxy ARP on this interface
         b.set_proxy_arp_pvlan(bond['ip_proxy_arp_pvlan'])
+        # Disable IPv6 forwarding on this interface
+        b.set_ipv6_forwarding(bond['ipv6_forwarding'])
+        # IPv6 Duplicate Address Detection (DAD) tries
+        b.set_ipv6_dad_messages(bond['ipv6_dup_addr_detect'])
 
         # Change interface MAC address
         if bond['mac']:
diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py
index f53175452..79b5e85e7 100755
--- a/src/conf_mode/interfaces-bridge.py
+++ b/src/conf_mode/interfaces-bridge.py
@@ -46,6 +46,8 @@ default_config_data = {
     'ip_enable_arp_accept': 0,
     'ip_enable_arp_announce': 0,
     'ip_enable_arp_ignore': 0,
+    'ipv6_forwarding': True,
+    'ipv6_dup_addr_detect': '1',
     'igmp_querier': 0,
     'intf': '',
     'mac' : '',
@@ -152,6 +154,14 @@ def get_config():
     if conf.exists('ip enable-arp-ignore'):
         bridge['ip_enable_arp_ignore'] = 1
 
+    # Disable IPv6 forwarding on this interface
+    if conf.exists('ipv6 disable-forwarding'):
+        bridge['ipv6_forwarding'] = False
+
+    # IPv6 Duplicate Address Detection (DAD) tries
+    if conf.exists('ipv6 dup-addr-detect-transmits'):
+        bridge['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
     # Media Access Control (MAC) address
     if conf.exists('mac'):
         bridge['mac'] = conf.return_value('mac')
@@ -258,6 +268,10 @@ def apply(bridge):
         br.set_arp_announce(bridge['ip_enable_arp_announce'])
         # configure ARP ignore
         br.set_arp_ignore(bridge['ip_enable_arp_ignore'])
+        # Disable IPv6 forwarding on this interface
+        br.set_ipv6_forwarding(bridge['ipv6_forwarding'])
+        # IPv6 Duplicate Address Detection (DAD) tries
+        br.set_ipv6_dad_messages(bridge['ipv6_dup_addr_detect'])
         # set max message age
         br.set_max_age(bridge['max_age'])
         # set bridge priority
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index f7d1093e2..84e7d1c44 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -48,6 +48,8 @@ default_config_data = {
     'ip_enable_arp_ignore': 0,
     'ip_proxy_arp': 0,
     'ip_proxy_arp_pvlan': 0,
+    'ipv6_forwarding': True,
+    'ipv6_dup_addr_detect': '1',
     'intf': '',
     'mac': '',
     'mtu': 1500,
@@ -167,6 +169,14 @@ def get_config():
     if conf.exists('ip proxy-arp-pvlan'):
         eth['ip_proxy_arp_pvlan'] = 1
 
+    # Disable IPv6 forwarding on this interface
+    if conf.exists('ipv6 disable-forwarding'):
+        eth['ipv6_forwarding'] = False
+
+    # IPv6 Duplicate Address Detection (DAD) tries
+    if conf.exists('ipv6 dup-addr-detect-transmits'):
+        eth['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
     # Media Access Control (MAC) address
     if conf.exists('mac'):
         eth['mac'] = conf.return_value('mac')
@@ -326,6 +336,10 @@ def apply(eth):
         e.set_proxy_arp(eth['ip_proxy_arp'])
         # Enable private VLAN proxy ARP on this interface
         e.set_proxy_arp_pvlan(eth['ip_proxy_arp_pvlan'])
+        # Disable IPv6 forwarding on this interface
+        e.set_ipv6_forwarding(eth['ipv6_forwarding'])
+        # IPv6 Duplicate Address Detection (DAD) tries
+        e.set_ipv6_dad_messages(eth['ipv6_dup_addr_detect'])
 
         # Change interface MAC address - re-set to real hardware address (hw-id)
         # if custom mac is removed
diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py
index 468a893c5..5334472d3 100755
--- a/src/conf_mode/interfaces-l2tpv3.py
+++ b/src/conf_mode/interfaces-l2tpv3.py
@@ -33,6 +33,8 @@ default_config_data = {
     'local_address': '',
     'local_port': 5000,
     'intf': '',
+    'ipv6_forwarding': True,
+    'ipv6_dup_addr_detect': '1',
     'mtu': 1488,
     'peer_session_id': '',
     'peer_tunnel_id': '',
@@ -101,6 +103,14 @@ def get_config():
     if conf.exists('local-ip'):
         l2tpv3['local_address'] = conf.return_value('local-ip')
 
+    # Disable IPv6 forwarding on this interface
+    if conf.exists('ipv6 disable-forwarding'):
+        l2tpv3['ipv6_forwarding'] = False
+
+    # IPv6 Duplicate Address Detection (DAD) tries
+    if conf.exists('ipv6 dup-addr-detect-transmits'):
+        l2tpv3['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
     # Maximum Transmission Unit (MTU)
     if conf.exists('mtu'):
         l2tpv3['mtu'] = int(conf.return_value('mtu'))
@@ -193,6 +203,10 @@ def apply(l2tpv3):
         l.set_alias(l2tpv3['description'])
         # Maximum Transfer Unit (MTU)
         l.set_mtu(l2tpv3['mtu'])
+        # Disable IPv6 forwarding on this interface
+        l.set_ipv6_forwarding(l2tpv3['ipv6_forwarding'])
+        # IPv6 Duplicate Address Detection (DAD) tries
+        l.set_ipv6_dad_messages(l2tpv3['ipv6_dup_addr_detect'])
 
         # Configure interface address(es) - no need to implicitly delete the
         # old addresses as they have already been removed by deleting the
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index d5121ab75..84de67e46 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -294,6 +294,8 @@ default_config_data = {
     'encryption': '',
     'hash': '',
     'intf': '',
+    'ipv6_forwarding': True,
+    'ipv6_dup_addr_detect': '1',
     'ping_restart': '60',
     'ping_interval': '10',
     'local_address': '',
@@ -490,6 +492,14 @@ def get_config():
     if conf.exists('local-port'):
         openvpn['local_port'] = conf.return_value('local-port')
 
+    # Disable IPv6 forwarding on this interface
+    if conf.exists('ipv6 disable-forwarding'):
+        openvpn['ipv6_forwarding'] = False
+
+    # IPv6 Duplicate Address Detection (DAD) tries
+    if conf.exists('ipv6 dup-addr-detect-transmits'):
+        openvpn['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
     # OpenVPN operation mode
     if conf.exists('mode'):
         mode = conf.return_value('mode')
@@ -1036,7 +1046,14 @@ def apply(openvpn):
     try:
         # we need to catch the exception if the interface is not up due to
         # reason stated above
-        VTunIf(openvpn['intf']).set_alias(openvpn['description'])
+        o = VTunIf(openvpn['intf'])
+        # update interface description used e.g. within SNMP
+        o.set_alias(openvpn['description'])
+        # Disable IPv6 forwarding on this interface
+        o.set_ipv6_forwarding(openvpn['ipv6_forwarding'])
+        # IPv6 Duplicate Address Detection (DAD) tries
+        o.set_ipv6_dad_messages(openvpn['ipv6_dup_addr_detect'])
+
     except:
         pass
 
diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py
index 55b80b959..19c8bbedc 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces-pseudo-ethernet.py
@@ -45,6 +45,8 @@ default_config_data = {
     'ip_enable_arp_ignore': 0,
     'ip_proxy_arp': 0,
     'ip_proxy_arp_pvlan': 0,
+    'ipv6_forwarding': True,
+    'ipv6_dup_addr_detect': '1',
     'intf': '',
     'link': '',
     'link_changed': False,
@@ -145,6 +147,14 @@ def get_config():
     if conf.exists(['ip', 'proxy-arp-pvlan']):
         peth['ip_proxy_arp_pvlan'] = 1
 
+    # Disable IPv6 forwarding on this interface
+    if conf.exists('ipv6 disable-forwarding'):
+        peth['ipv6_forwarding'] = False
+
+    # IPv6 Duplicate Address Detection (DAD) tries
+    if conf.exists('ipv6 dup-addr-detect-transmits'):
+        peth['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
     # Lower link device
     if conf.exists(['link']):
         peth['link'] = conf.return_value(['link'])
@@ -296,6 +306,10 @@ def apply(peth):
     p.set_proxy_arp(peth['ip_proxy_arp'])
     # Enable private VLAN proxy ARP on this interface
     p.set_proxy_arp_pvlan(peth['ip_proxy_arp_pvlan'])
+    # Disable IPv6 forwarding on this interface
+    p.set_ipv6_forwarding(peth['ipv6_forwarding'])
+    # IPv6 Duplicate Address Detection (DAD) tries
+    p.set_ipv6_dad_messages(peth['ipv6_dup_addr_detect'])
 
     # assign/remove VRF
     p.set_vrf(peth['vrf'])
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index f45493587..48271ff65 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -37,6 +37,8 @@ default_config_data = {
     'ip_enable_arp_announce': 0,
     'ip_enable_arp_ignore': 0,
     'ip_proxy_arp': 0,
+    'ipv6_forwarding': True,
+    'ipv6_dup_addr_detect': '1',
     'link': '',
     'mtu': 1450,
     'remote': '',
@@ -103,6 +105,14 @@ def get_config():
     if conf.exists('ip enable-proxy-arp'):
         vxlan['ip_proxy_arp'] = 1
 
+    # Disable IPv6 forwarding on this interface
+    if conf.exists('ipv6 disable-forwarding'):
+        vxlan['ipv6_forwarding'] = False
+
+    # IPv6 Duplicate Address Detection (DAD) tries
+    if conf.exists('ipv6 dup-addr-detect-transmits'):
+        vxlan['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
     # VXLAN underlay interface
     if conf.exists('link'):
         vxlan['link'] = conf.return_value('link')
@@ -201,6 +211,10 @@ def apply(vxlan):
         v.set_arp_ignore(vxlan['ip_enable_arp_ignore'])
         # Enable proxy-arp on this interface
         v.set_proxy_arp(vxlan['ip_proxy_arp'])
+        # Disable IPv6 forwarding on this interface
+        v.set_ipv6_forwarding(vxlan['ipv6_forwarding'])
+        # IPv6 Duplicate Address Detection (DAD) tries
+        v.set_ipv6_dad_messages(vxlan['ipv6_dup_addr_detect'])
 
         # Configure interface address(es) - no need to implicitly delete the
         # old addresses as they have already been removed by deleting the
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index 1e99ae12a..29257141d 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -827,6 +827,8 @@ default_config_data = {
     'ip_enable_arp_accept': 0,
     'ip_enable_arp_announce': 0,
     'ip_enable_arp_ignore': 0,
+    'ipv6_forwarding': True,
+    'ipv6_dup_addr_detect': '1',
     'mac' : '',
     'max_stations' : '',
     'mgmt_frame_protection' : 'disabled',
@@ -1140,6 +1142,14 @@ def get_config():
     if conf.exists('ip enable-arp-ignore'):
         wifi['ip_enable_arp_ignore'] = 1
 
+    # Disable IPv6 forwarding on this interface
+    if conf.exists('ipv6 disable-forwarding'):
+        wifi['ipv6_forwarding'] = False
+
+    # IPv6 Duplicate Address Detection (DAD) tries
+    if conf.exists('ipv6 dup-addr-detect-transmits'):
+        wifi['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits')
+
     # Wireless physical device
     if conf.exists('physical-device'):
         wifi['phy'] = conf.return_value('physical-device')
@@ -1487,6 +1497,10 @@ def apply(wifi):
         w.set_arp_announce(wifi['ip_enable_arp_announce'])
         # configure ARP ignore
         w.set_arp_ignore(wifi['ip_enable_arp_ignore'])
+        # Disable IPv6 forwarding on this interface
+        w.set_ipv6_forwarding(bond['ipv6_forwarding'])
+        # IPv6 Duplicate Address Detection (DAD) tries
+        w.set_ipv6_dad_messages(bond['ipv6_dup_addr_detect'])
 
         # Configure interface address(es)
         # - not longer required addresses get removed first
author	Christian Poessinger <christian@poessinger.com>	2020-03-25 19:32:34 +0100
committer	Christian Poessinger <christian@poessinger.com>	2020-03-28 11:28:55 +0100
commit	7f9ce3017ff4bc99c66e4d5ddfd6a9904ca8542c (patch)
tree	ec72438e73d56a585d93535c338300f6caba76a5 /src
parent	d1df92fa0668e351256175cbaa70b19707c0f53c (diff)
download	vyos-1x-7f9ce3017ff4bc99c66e4d5ddfd6a9904ca8542c.tar.gz vyos-1x-7f9ce3017ff4bc99c66e4d5ddfd6a9904ca8542c.zip