Merge pull request #2777 from aapostoliuk/T5688-multirange

T5688: Changed 'range' to multi in 'client-ip-pool' for accell-ppp
author: Christian Breunig <christian@breunig.cc> 2024-01-10 19:59:20 +0100
committer: GitHub <noreply@github.com> 2024-01-10 19:59:20 +0100
commit: aebb458262072457c6a3840d1b17031fbd780eca (patch)
tree: b89f9b47d85bc00c758bd2388574270d20858079 /src
parent: e890527d730053ed73227180c77d9dbbb9393ce0 (diff)
parent: 4ffec67d04670192d9b722353cbaef04cb0ba129 (diff)
download: vyos-1x-aebb458262072457c6a3840d1b17031fbd780eca.tar.gz
vyos-1x-aebb458262072457c6a3840d1b17031fbd780eca.zip
7 files changed, 66 insertions, 99 deletions
diff --git a/src/conf_mode/vpn_l2tp.py b/src/conf_mode/vpn_l2tp.py
index 03a27d3cd..1a91951b4 100755
--- a/src/conf_mode/vpn_l2tp.py
+++ b/src/conf_mode/vpn_l2tp.py
@@ -71,7 +71,7 @@ def verify(l2tp):
             raise ConfigError('DA/CoE server key required!')
 
     if dict_search('authentication.mode', l2tp) in ['local', 'noauth']:
-        if not l2tp['client_ip_pool'] and not l2tp['client_ipv6_pool']:
+        if not dict_search('client_ip_pool', l2tp) and not dict_search('client_ipv6_pool', l2tp):
             raise ConfigError(
                 "L2TP local auth mode requires local client-ip-pool or client-ipv6-pool to be configured!")
         if dict_search('client_ip_pool', l2tp) and not dict_search('default_pool', l2tp):
diff --git a/src/migration-scripts/ipoe-server/1-to-2 b/src/migration-scripts/ipoe-server/1-to-2
index c8cec6835..11d7911e9 100755
--- a/src/migration-scripts/ipoe-server/1-to-2
+++ b/src/migration-scripts/ipoe-server/1-to-2
@@ -57,7 +57,7 @@ for pool_name in config.list_nodes(namedpools_base):
     pool_path = namedpools_base + [pool_name]
     if config.exists(pool_path + ['subnet']):
         subnet = config.return_value(pool_path + ['subnet'])
-        config.set(pool_base + [pool_name, 'range'], value=subnet)
+        config.set(pool_base + [pool_name, 'range'], value=subnet, replace=False)
         # Get netmask from subnet
         mask = subnet.split("/")[1]
     if config.exists(pool_path + ['next-pool']):
diff --git a/src/migration-scripts/l2tp/4-to-5 b/src/migration-scripts/l2tp/4-to-5
index 496dc83d6..3176f895a 100755
--- a/src/migration-scripts/l2tp/4-to-5
+++ b/src/migration-scripts/l2tp/4-to-5
@@ -24,7 +24,7 @@ import os
 from sys import argv
 from sys import exit
 from vyos.configtree import ConfigTree
-
+from vyos.base import Warning
 
 if len(argv) < 2:
     print("Must specify file name!")
@@ -45,33 +45,33 @@ if not config.exists(pool_base):
     exit(0)
 default_pool = ''
 range_pool_name = 'default-range-pool'
-subnet_base_name = 'default-subnet-pool'
-number = 1
-subnet_pool_name = f'{subnet_base_name}-{number}'
-prev_subnet_pool = subnet_pool_name
-if config.exists(pool_base + ['subnet']):
-    default_pool = subnet_pool_name
-    for subnet in config.return_values(pool_base + ['subnet']):
-        config.set(pool_base + [subnet_pool_name, 'range'], value=subnet)
-        if prev_subnet_pool != subnet_pool_name:
-            config.set(pool_base + [prev_subnet_pool, 'next-pool'],
-                       value=subnet_pool_name)
-            prev_subnet_pool = subnet_pool_name
-        number += 1
-        subnet_pool_name = f'{subnet_base_name}-{number}'
-
-    config.delete(pool_base + ['subnet'])
 
 if config.exists(pool_base + ['start']) and config.exists(pool_base + ['stop']):
+    def is_legalrange(ip1: str, ip2: str, mask: str):
+        from ipaddress import IPv4Interface
+        interface1 = IPv4Interface(f'{ip1}/{mask}')
+
+        interface2 = IPv4Interface(f'{ip2}/{mask}')
+        return interface1.network.network_address == interface2.network.network_address and interface2.ip > interface1.ip
+
     start_ip = config.return_value(pool_base + ['start'])
     stop_ip = config.return_value(pool_base + ['stop'])
-    ip_range = f'{start_ip}-{stop_ip}'
+    if is_legalrange(start_ip, stop_ip,'24'):
+        ip_range = f'{start_ip}-{stop_ip}'
+        config.set(pool_base + [range_pool_name, 'range'], value=ip_range, replace=False)
+        default_pool = range_pool_name
+    else:
+        Warning(
+            f'L2TP client-ip-pool range start-ip:{start_ip} and stop-ip:{stop_ip} can not be migrated.')
+
     config.delete(pool_base + ['start'])
     config.delete(pool_base + ['stop'])
-    config.set(pool_base + [range_pool_name, 'range'], value=ip_range)
-    if default_pool:
-        config.set(pool_base + [range_pool_name, 'next-pool'],
-                   value=default_pool)
+
+if config.exists(pool_base + ['subnet']):
+    for subnet in config.return_values(pool_base + ['subnet']):
+        config.set(pool_base + [range_pool_name, 'range'], value=subnet, replace=False)
+
+    config.delete(pool_base + ['subnet'])
     default_pool = range_pool_name
 
 if default_pool:
diff --git a/src/migration-scripts/pppoe-server/6-to-7 b/src/migration-scripts/pppoe-server/6-to-7
index d856c1f34..b94ce57f9 100755
--- a/src/migration-scripts/pppoe-server/6-to-7
+++ b/src/migration-scripts/pppoe-server/6-to-7
@@ -29,7 +29,7 @@ import os
 from sys import argv
 from sys import exit
 from vyos.configtree import ConfigTree
-
+from vyos.base import Warning
 
 if len(argv) < 2:
     print("Must specify file name!")
@@ -48,38 +48,35 @@ if not config.exists(base):
 
 if not config.exists(pool_base):
     exit(0)
+
 default_pool = ''
 range_pool_name = 'default-range-pool'
 
-subnet_base_name = 'default-subnet-pool'
-number = 1
-subnet_pool_name = f'{subnet_base_name}-{number}'
-prev_subnet_pool = subnet_pool_name
 #Default nameless pools migrations
-if config.exists(pool_base + ['subnet']):
-    default_pool = subnet_pool_name
-    for subnet in config.return_values(pool_base + ['subnet']):
-        config.set(pool_base + [subnet_pool_name, 'range'], value=subnet)
-        if prev_subnet_pool != subnet_pool_name:
-            config.set(pool_base + [prev_subnet_pool, 'next-pool'],
-                       value=subnet_pool_name)
-            prev_subnet_pool = subnet_pool_name
-        number += 1
-        subnet_pool_name = f'{subnet_base_name}-{number}'
-
-    config.delete(pool_base + ['subnet'])
-
 if config.exists(pool_base + ['start']) and config.exists(pool_base + ['stop']):
+    def is_legalrange(ip1: str, ip2: str, mask: str):
+        from ipaddress import IPv4Interface
+        interface1 = IPv4Interface(f'{ip1}/{mask}')
+        interface2 = IPv4Interface(f'{ip2}/{mask}')
+        return interface1.network.network_address == interface2.network.network_address and interface2.ip > interface1.ip
+
     start_ip = config.return_value(pool_base + ['start'])
     stop_ip = config.return_value(pool_base + ['stop'])
-    ip_range = f'{start_ip}-{stop_ip}'
+    if is_legalrange(start_ip, stop_ip, '24'):
+        ip_range = f'{start_ip}-{stop_ip}'
+        config.set(pool_base + [range_pool_name, 'range'], value=ip_range, replace=False)
+        default_pool = range_pool_name
+    else:
+        Warning(
+            f'PPPoE client-ip-pool range start-ip:{start_ip} and stop-ip:{stop_ip} can not be migrated.')
     config.delete(pool_base + ['start'])
     config.delete(pool_base + ['stop'])
-    config.set(pool_base + [range_pool_name, 'range'], value=ip_range)
-    if default_pool:
-        config.set(pool_base + [range_pool_name, 'next-pool'],
-                   value=default_pool)
+
+if config.exists(pool_base + ['subnet']):
     default_pool = range_pool_name
+    for subnet in config.return_values(pool_base + ['subnet']):
+        config.set(pool_base + [range_pool_name, 'range'], value=subnet, replace=False)
+    config.delete(pool_base + ['subnet'])
 
 gateway = ''
 if config.exists(base + ['gateway-address']):
@@ -97,7 +94,7 @@ if config.exists(namedpools_base):
         pool_path = namedpools_base + [pool_name]
         if config.exists(pool_path + ['subnet']):
             subnet = config.return_value(pool_path + ['subnet'])
-            config.set(pool_base + [pool_name, 'range'], value=subnet)
+            config.set(pool_base + [pool_name, 'range'], value=subnet, replace=False)
         if config.exists(pool_path + ['next-pool']):
             next_pool = config.return_value(pool_path + ['next-pool'])
             config.set(pool_base + [pool_name, 'next-pool'], value=next_pool)
diff --git a/src/migration-scripts/pptp/2-to-3 b/src/migration-scripts/pptp/2-to-3
index 98dc5c2a6..091cb68ec 100755
--- a/src/migration-scripts/pptp/2-to-3
+++ b/src/migration-scripts/pptp/2-to-3
@@ -23,7 +23,7 @@ import os
 from sys import argv
 from sys import exit
 from vyos.configtree import ConfigTree
-
+from vyos.base import Warning
 
 if len(argv) < 2:
     print("Must specify file name!")
@@ -46,13 +46,24 @@ if not config.exists(pool_base):
 range_pool_name = 'default-range-pool'
 
 if config.exists(pool_base + ['start']) and config.exists(pool_base + ['stop']):
+    def is_legalrange(ip1: str, ip2: str, mask: str):
+        from ipaddress import IPv4Interface
+        interface1 = IPv4Interface(f'{ip1}/{mask}')
+        interface2 = IPv4Interface(f'{ip2}/{mask}')
+        return interface1.network.network_address == interface2.network.network_address and interface2.ip > interface1.ip
+
     start_ip = config.return_value(pool_base + ['start'])
     stop_ip = config.return_value(pool_base + ['stop'])
-    ip_range = f'{start_ip}-{stop_ip}'
+    if is_legalrange(start_ip, stop_ip, '24'):
+        ip_range = f'{start_ip}-{stop_ip}'
+        config.set(pool_base + [range_pool_name, 'range'], value=ip_range, replace=False)
+        config.set(base + ['default-pool'], value=range_pool_name)
+    else:
+        Warning(
+            f'PPTP client-ip-pool range start-ip:{start_ip} and stop-ip:{stop_ip} can not be migrated.')
+
     config.delete(pool_base + ['start'])
     config.delete(pool_base + ['stop'])
-    config.set(pool_base + [range_pool_name, 'range'], value=ip_range)
-    config.set(base + ['default-pool'], value=range_pool_name)
 # format as tag node
 config.set_tag(pool_base)
 
diff --git a/src/migration-scripts/sstp/4-to-5 b/src/migration-scripts/sstp/4-to-5
index 3a86c79ec..95e482713 100755
--- a/src/migration-scripts/sstp/4-to-5
+++ b/src/migration-scripts/sstp/4-to-5
@@ -43,21 +43,12 @@ if not config.exists(base):
 if not config.exists(pool_base):
     exit(0)
 
-subnet_base_name = 'default-subnet-pool'
-number = 1
-subnet_pool_name = f'{subnet_base_name}-{number}'
-prev_subnet_pool = subnet_pool_name
+range_pool_name = 'default-range-pool'
+
 if config.exists(pool_base + ['subnet']):
-    default_pool = subnet_pool_name
+    default_pool = range_pool_name
     for subnet in config.return_values(pool_base + ['subnet']):
-        config.set(pool_base + [subnet_pool_name, 'range'], value=subnet)
-        if prev_subnet_pool != subnet_pool_name:
-            config.set(pool_base + [prev_subnet_pool, 'next-pool'],
-                       value=subnet_pool_name)
-            prev_subnet_pool = subnet_pool_name
-        number += 1
-        subnet_pool_name = f'{subnet_base_name}-{number}'
-
+        config.set(pool_base + [range_pool_name, 'range'], value=subnet, replace=False)
     config.delete(pool_base + ['subnet'])
     config.set(base + ['default-pool'], value=default_pool)
 # format as tag node
diff --git a/src/validators/ipv4-range-mask b/src/validators/ipv4-range-mask
index 7bb4539af..9373328ff 100755
--- a/src/validators/ipv4-range-mask
+++ b/src/validators/ipv4-range-mask
@@ -1,12 +1,5 @@
 #!/bin/bash
 
-# snippet from https://stackoverflow.com/questions/10768160/ip-address-converter
-ip2dec () {
-    local a b c d ip=$@
-    IFS=. read -r a b c d <<< "$ip"
-    printf '%d\n' "$((a * 256 ** 3 + b * 256 ** 2 + c * 256 + d))"
-}
-
 error_exit() {
   echo "Error: $1 is not a valid IPv4 address range or these IPs are not under /$2"
   exit 1
@@ -22,37 +15,12 @@ do
         r) range=${OPTARG}
     esac
 done
-if [[ "${range}" =~ "-" ]]&&[[ ! -z ${mask} ]]; then
-  # This only works with real bash (<<<) - split IP addresses into array with
-  # hyphen as delimiter
-  readarray -d - -t strarr <<< ${range}
-
-  ipaddrcheck --is-ipv4-single ${strarr[0]}
-  if [ $? -gt 0 ]; then
-    error_exit ${range} ${mask}
-  fi
 
-  ipaddrcheck --is-ipv4-single ${strarr[1]}
+if [[ "${range}" =~ "-" ]]&&[[ ! -z ${mask} ]]; then
+  ipaddrcheck --range-prefix-length ${mask} --is-ipv4-range ${range}
   if [ $? -gt 0 ]; then
     error_exit ${range} ${mask}
   fi
-
-  ${vyos_validators_dir}/numeric --range 0-32 ${mask} > /dev/null
-   if [ $? -ne 0 ]; then
-     error_exit ${range} ${mask}
-   fi
-
-  is_in_24=$( grepcidr ${strarr[0]}"/"${mask} <(echo ${strarr[1]}) )
-  if [ -z $is_in_24 ]; then
-    error_exit ${range} ${mask}
-  fi
-
-  start=$(ip2dec ${strarr[0]})
-  stop=$(ip2dec ${strarr[1]})
-  if [ $start -ge $stop ]; then
-    error_exit ${range} ${mask}
-  fi
-
   exit 0
 fi
author	Christian Breunig <christian@breunig.cc>	2024-01-10 19:59:20 +0100
committer	GitHub <noreply@github.com>	2024-01-10 19:59:20 +0100
commit	aebb458262072457c6a3840d1b17031fbd780eca (patch)
tree	b89f9b47d85bc00c758bd2388574270d20858079 /src
parent	e890527d730053ed73227180c77d9dbbb9393ce0 (diff)
parent	4ffec67d04670192d9b722353cbaef04cb0ba129 (diff)
download	vyos-1x-aebb458262072457c6a3840d1b17031fbd780eca.tar.gz vyos-1x-aebb458262072457c6a3840d1b17031fbd780eca.zip