Merge pull request #747 from c-po/vxlan-tunnel-parameters

vyos.ifconfig: cleanup and tunnel refactoring

10 files changed, 106 insertions, 163 deletions

diff --git a/src/conf_mode/interfaces-erspan.py b/src/conf_mode/interfaces-erspan.py
index 2d65b834c..97ae3cf55 100755
--- a/src/conf_mode/interfaces-erspan.py
+++ b/src/conf_mode/interfaces-erspan.py
@@ -48,7 +48,7 @@ def get_config(config=None):
         conf = Config()
     base = ['interfaces', 'erspan']
     erspan = get_interface_dict(conf, base)
-    
+
     tmp = leaf_node_changed(conf, ['encapsulation'])
     if tmp:
         erspan.update({'encapsulation_changed': {}})
@@ -58,30 +58,30 @@ def get_config(config=None):
 def verify(erspan):
     if 'deleted' in erspan:
         return None
-    
+
     if 'encapsulation' not in erspan:
         raise ConfigError('Unable to detect the following ERSPAN tunnel encapsulation'\
                           '{ifname}!'.format(**erspan))
 
     verify_mtu_ipv6(erspan)
     verify_tunnel(erspan)
-    
+
     key = dict_search('parameters.ip.key',erspan)
     if key == None:
         raise ConfigError('parameters.ip.key is mandatory for ERSPAN tunnel')
-            
+
 
 def generate(erspan):
     return None
 
 def apply(erspan):
-    if 'deleted' in erspan or 'encapsulation_changed' in erspan: 
-        if erspan['ifname'] in interfaces(): 
-            tmp = Interface(erspan['ifname']) 
-            tmp.remove() 
-        if 'deleted' in erspan: 
-            return None 
-    
+    if 'deleted' in erspan or 'encapsulation_changed' in erspan:
+        if erspan['ifname'] in interfaces():
+            tmp = Interface(erspan['ifname'])
+            tmp.remove()
+        if 'deleted' in erspan:
+            return None
+
     dispatch = {
         'erspan': ERSpanIf,
         'ip6erspan': ER6SpanIf
@@ -90,14 +90,8 @@ def apply(erspan):
     # We need to re-map the tunnel encapsulation proto to a valid interface class
     encap = erspan['encapsulation']
     klass = dispatch[encap]
-    
-    conf = deepcopy(erspan)
-    
-    conf.update(klass.get_config())
-    
-    del conf['ifname']
-    
-    erspan_tunnel = klass(erspan['ifname'],**conf)
+
+    erspan_tunnel = klass(**erspan)
     erspan_tunnel.change_options()
     erspan_tunnel.update(erspan)
 
diff --git a/src/conf_mode/interfaces-geneve.py b/src/conf_mode/interfaces-geneve.py
index 979a5612e..2a63b60aa 100755
--- a/src/conf_mode/interfaces-geneve.py
+++ b/src/conf_mode/interfaces-geneve.py
@@ -72,18 +72,8 @@ def apply(geneve):
         g.remove()
 
     if 'deleted' not in geneve:
-        # This is a special type of interface which needs additional parameters
-        # when created using iproute2. Instead of passing a ton of arguments,
-        # use a dictionary provided by the interface class which holds all the
-        # options necessary.
-        conf = GeneveIf.get_config()
-
-        # Assign GENEVE instance configuration parameters to config dict
-        conf['vni'] = geneve['vni']
-        conf['remote'] = geneve['remote']
-
         # Finally create the new interface
-        g = GeneveIf(geneve['ifname'], **conf)
+        g = GeneveIf(**geneve)
         g.update(geneve)
 
     return None
diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py
index 7b3afa058..5bae66074 100755
--- a/src/conf_mode/interfaces-l2tpv3.py
+++ b/src/conf_mode/interfaces-l2tpv3.py
@@ -83,34 +83,16 @@ def generate(l2tpv3):
     return None
 
 def apply(l2tpv3):
-    # This is a special type of interface which needs additional parameters
-    # when created using iproute2. Instead of passing a ton of arguments,
-    # use a dictionary provided by the interface class which holds all the
-    # options necessary.
-    conf = L2TPv3If.get_config()
-
     # Check if L2TPv3 interface already exists
     if l2tpv3['ifname'] in interfaces():
         # L2TPv3 is picky when changing tunnels/sessions, thus we can simply
         # always delete it first.
-        conf['session_id'] = l2tpv3['session_id']
-        conf['tunnel_id'] = l2tpv3['tunnel_id']
-        l = L2TPv3If(l2tpv3['ifname'], **conf)
+        l = L2TPv3If(**l2tpv3)
         l.remove()
 
     if 'deleted' not in l2tpv3:
-        conf['peer_tunnel_id'] = l2tpv3['peer_tunnel_id']
-        conf['local_port'] = l2tpv3['source_port']
-        conf['remote_port'] = l2tpv3['destination_port']
-        conf['encapsulation'] = l2tpv3['encapsulation']
-        conf['local_address'] = l2tpv3['local_ip']
-        conf['remote_address'] = l2tpv3['remote_ip']
-        conf['session_id'] = l2tpv3['session_id']
-        conf['tunnel_id'] = l2tpv3['tunnel_id']
-        conf['peer_session_id'] = l2tpv3['peer_session_id']
-
         # Finally create the new interface
-        l = L2TPv3If(l2tpv3['ifname'], **conf)
+        l = L2TPv3If(**l2tpv3)
         l.update(l2tpv3)
 
     return None
diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py
index bfebed7e4..eab69f36e 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces-macsec.py
@@ -115,17 +115,9 @@ def apply(macsec):
             os.unlink(wpa_suppl_conf.format(**macsec))
 
     else:
-        # This is a special type of interface which needs additional parameters
-        # when created using iproute2. Instead of passing a ton of arguments,
-        # use a dictionary provided by the interface class which holds all the
-        # options necessary.
-        conf = MACsecIf.get_config()
-        conf['source_interface'] = macsec['source_interface']
-        conf['security_cipher'] = macsec['security']['cipher']
-
         # It is safe to "re-create" the interface always, there is a sanity
         # check that the interface will only be create if its non existent
-        i = MACsecIf(macsec['ifname'], **conf)
+        i = MACsecIf(**macsec)
         i.update(macsec)
 
         call('systemctl restart wpa_supplicant-macsec@{source_interface}'
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index ee6f05fcd..4afb85526 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -502,10 +502,7 @@ def apply(openvpn):
     # existed - nevertheless, spawn new OpenVPN process
     call(f'systemctl start openvpn@{interface}.service')
 
-    conf = VTunIf.get_config()
-    conf['device_type'] = openvpn['device_type']
-
-    o = VTunIf(interface, **conf)
+    o = VTunIf(**openvpn)
     o.update(openvpn)
 
     return None
diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py
index ddbef56ac..34a054837 100755
--- a/src/conf_mode/interfaces-pseudo-ethernet.py
+++ b/src/conf_mode/interfaces-pseudo-ethernet.py
@@ -75,19 +75,9 @@ def apply(peth):
     if 'mode_old' in peth:
         MACVLANIf(peth['ifname']).remove()
 
-    # This is a special type of interface which needs additional parameters
-    # when created using iproute2. Instead of passing a ton of arguments,
-    # use a dictionary provided by the interface class which holds all the
-    # options necessary.
-    conf = MACVLANIf.get_config()
-
-    # Assign MACVLAN instance configuration parameters to config dict
-    conf['source_interface'] = peth['source_interface']
-    conf['mode'] = peth['mode']
-
     # It is safe to "re-create" the interface always, there is a sanity check
     # that the interface will only be create if its non existent
-    p = MACVLANIf(peth['ifname'], **conf)
+    p = MACVLANIf(**peth)
     p.update(peth)
     return None
 
diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py
index 87da214a8..2d2f29f94 100755
--- a/src/conf_mode/interfaces-tunnel.py
+++ b/src/conf_mode/interfaces-tunnel.py
@@ -31,21 +31,25 @@ from vyos.configverify import verify_mtu_ipv6
 from vyos.configverify import verify_vrf
 from vyos.configverify import verify_tunnel
 from vyos.ifconfig import Interface
-from vyos.ifconfig import GREIf
-from vyos.ifconfig import GRETapIf
-from vyos.ifconfig import IPIPIf
-from vyos.ifconfig import IP6GREIf
-from vyos.ifconfig import IPIP6If
-from vyos.ifconfig import IP6IP6If
-from vyos.ifconfig import SitIf
-from vyos.ifconfig import Sit6RDIf
+from vyos.ifconfig import TunnelIf
 from vyos.template import is_ipv4
 from vyos.template import is_ipv6
+from vyos.util import cmd
 from vyos.util import dict_search
 from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
 
+def get_tunnel_encapsulation(interface):
+    """ Returns the used encapsulation protocol for given interface.
+        If interface does not exist, None is returned.
+    """
+    if not os.path.exists(f'/sys/class/net/{interface}'):
+        return None
+    from json import loads
+    tmp = loads(cmd(f'ip -d -j link show {interface}'))[0]
+    return tmp['linkinfo']['info_kind']
+
 def get_config(config=None):
     """
     Retrive CLI config as dictionary. Dictionary can never be empty, as at least
@@ -79,8 +83,8 @@ def verify(tunnel):
         return None
 
     if 'encapsulation' not in tunnel:
-        raise ConfigError('Must configure the tunnel encapsulation for '\
-                          '{ifname}!'.format(**tunnel))
+        error = 'Must configure encapsulation for "{ifname}"!'
+        raise ConfigError(error.format(**tunnel))
 
     verify_mtu_ipv6(tunnel)
     verify_address(tunnel)
@@ -103,67 +107,20 @@ def generate(tunnel):
     return None
 
 def apply(tunnel):
-    if 'deleted' in tunnel or 'encapsulation_changed' in tunnel:
-        if tunnel['ifname'] in interfaces():
-            tmp = Interface(tunnel['ifname'])
+    interface = tunnel['ifname']
+    # If a gretap tunnel is already existing we can not "simply" change local or
+    # remote addresses. This returns "Operation not supported" by the Kernel.
+    # There is no other solution to destroy and recreate the tunnel.
+    encap = get_tunnel_encapsulation(interface)
+
+    if 'deleted' in tunnel or 'encapsulation_changed' in tunnel or encap == 'gretap':
+        if interface in interfaces():
+            tmp = Interface(interface)
             tmp.remove()
         if 'deleted' in tunnel:
             return None
 
-    dispatch = {
-        'gre': GREIf,
-        'gre-bridge': GRETapIf,
-        'ipip': IPIPIf,
-        'ipip6': IPIP6If,
-        'ip6ip6': IP6IP6If,
-        'ip6gre': IP6GREIf,
-        'sit': SitIf,
-    }
-
-    # We need to re-map the tunnel encapsulation proto to a valid interface class
-    encap = tunnel['encapsulation']
-    klass = dispatch[encap]
-
-    # This is a special type of interface which needs additional parameters
-    # when created using iproute2. Instead of passing a ton of arguments,
-    # use a dictionary provided by the interface class which holds all the
-    # options necessary.
-    conf = klass.get_config()
-
-    # Copy/re-assign our dictionary values to values understood by the
-    # derived _Tunnel classes
-    mapping = {
-        # this                       :  get_config()
-        'local_ip'                   : 'local',
-        'remote_ip'                  : 'remote',
-        'source_interface'           : 'dev',
-        'parameters.ip.ttl'          : 'ttl',
-        'parameters.ip.tos'          : 'tos',
-        'parameters.ip.key'          : 'key',
-    }
-
-    # Add additional IPv6 options if tunnel is IPv6 aware
-    if tunnel['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre']:
-        mappingv6 = {
-            # this                       :  get_config()
-            'parameters.ipv6.encaplimit' : 'encaplimit',
-            'parameters.ipv6.flowlabel'  : 'flowlabel',
-            'parameters.ipv6.hoplimit'   : 'hoplimit',
-            'parameters.ipv6.tclass'     : 'flowlabel'
-        }
-        mapping.update(mappingv6)
-
-    for our_key, their_key in mapping.items():
-        if dict_search(our_key, tunnel) and their_key in conf:
-            conf[their_key] = dict_search(our_key, tunnel)
-
-    if dict_search('parameters.ip.no_pmtu_discovery', tunnel) != None:
-        if 'pmtudisc' in conf['raw']:
-            conf['raw'].remove('pmtudisc')
-        conf['raw'].append('nopmtudisc')
-
-    tun = klass(tunnel['ifname'], **conf)
-    tun.change_options()
+    tun = TunnelIf(**tunnel)
     tun.update(tunnel)
 
     return None
diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py
index 9a6d72772..8e6247a30 100755
--- a/src/conf_mode/interfaces-vxlan.py
+++ b/src/conf_mode/interfaces-vxlan.py
@@ -90,19 +90,8 @@ def apply(vxlan):
         v.remove()
 
     if 'deleted' not in vxlan:
-        # This is a special type of interface which needs additional parameters
-        # when created using iproute2. Instead of passing a ton of arguments,
-        # use a dictionary provided by the interface class which holds all the
-        # options necessary.
-        conf = VXLANIf.get_config()
-
-        # Assign VXLAN instance configuration parameters to config dict
-        for tmp in ['vni', 'group', 'source_address', 'source_interface', 'remote', 'port']:
-            if tmp in vxlan:
-                conf[tmp] = vxlan[tmp]
-
         # Finally create the new interface
-        v = VXLANIf(vxlan['ifname'], **conf)
+        v = VXLANIf(**vxlan)
         v.update(vxlan)
 
     return None
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index b25fcd4e0..7b3de6e8a 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -255,17 +255,8 @@ def apply(wifi):
     if 'deleted' in wifi:
         WiFiIf(interface).remove()
     else:
-        # This is a special type of interface which needs additional parameters
-        # when created using iproute2. Instead of passing a ton of arguments,
-        # use a dictionary provided by the interface class which holds all the
-        # options necessary.
-        conf = WiFiIf.get_config()
-
-        # Assign WiFi instance configuration parameters to config dict
-        conf['phy'] = wifi['physical_device']
-
         # Finally create the new interface
-        w = WiFiIf(interface, **conf)
+        w = WiFiIf(**wifi)
         w.update(wifi)
 
         # Enable/Disable interface - interface is always placed in
diff --git a/src/migration-scripts/interfaces/19-to-20 b/src/migration-scripts/interfaces/19-to-20
new file mode 100755
index 000000000..ed2780b92
--- /dev/null
+++ b/src/migration-scripts/interfaces/19-to-20
@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from sys import argv
+from sys import exit
+from vyos.configtree import ConfigTree
+
+if __name__ == '__main__':
+    if (len(argv) < 1):
+        print("Must specify file name!")
+        exit(1)
+
+    file_name = argv[1]
+    with open(file_name, 'r') as f:
+        config_file = f.read()
+
+    config = ConfigTree(config_file)
+    base = ['interfaces', 'tunnel']
+
+    if not config.exists(base):
+        # Nothing to do
+        exit(0)
+
+    #
+    # Migrate "interface tunnel <tunX> encapsulation gre-bridge" to gretap
+    # Migrate "interface tunnel <tunX> local-ip" to source-address
+    # Migrate "interface tunnel <tunX> remote-ip" to remote
+    for interface in config.list_nodes(base):
+        encap_path = base + [interface, 'encapsulation']
+        if config.exists(encap_path):
+            tmp = config.return_value(encap_path)
+            if tmp == 'gre-bridge':
+                config.set(encap_path, value='gretap')
+
+        local_ip_path = base + [interface, 'local-ip']
+        if config.exists(local_ip_path):
+            config.rename(local_ip_path, 'source-address')
+
+        remote_ip_path = base + [interface, 'remote-ip']
+        if config.exists(remote_ip_path):
+            config.rename(remote_ip_path, 'remote')
+
+    try:
+        with open(file_name, 'w') as f:
+            f.write(config.to_string())
+    except OSError as e:
+        print("Failed to save the modified config: {}".format(e))
+        exit(1)