summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-05-07 12:45:08 +0200
committerChristian Poessinger <christian@poessinger.com>2022-05-07 12:45:08 +0200
commitda9fb81131db0e4ca3566cac31257ee212638406 (patch)
tree7f770f082133aeda60a92d8ba703bff5be2f8cfa /src
parent9395a96ce86a53ee75ce8b8ed7feea20ee603764 (diff)
downloadvyos-1x-da9fb81131db0e4ca3566cac31257ee212638406.tar.gz
vyos-1x-da9fb81131db0e4ca3566cac31257ee212638406.zip
vrf: T4419: support to disable IP forwarding within a given VRF
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/vrf.py14
1 files changed, 12 insertions, 2 deletions
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index f2d041083..972d0289b 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -83,7 +83,8 @@ def get_config(config=None):
conf = Config()
base = ['vrf']
- vrf = conf.get_config_dict(base, get_first_key=True)
+ vrf = conf.get_config_dict(base, key_mangling=('-', '_'),
+ no_tag_node_value_mangle=True, get_first_key=True)
# determine which VRF has been removed
for name in node_changed(conf, base + ['name']):
@@ -152,7 +153,7 @@ def apply(vrf):
# set the default VRF global behaviour
bind_all = '0'
- if 'bind-to-all' in vrf:
+ if 'bind_to_all' in vrf:
bind_all = '1'
sysctl_write('net.ipv4.tcp_l3mdev_accept', bind_all)
sysctl_write('net.ipv4.udp_l3mdev_accept', bind_all)
@@ -222,6 +223,15 @@ def apply(vrf):
# add VRF description if available
vrf_if.set_alias(config.get('description', ''))
+ # Enable/Disable IPv4 forwarding
+ tmp = dict_search('ip.disable_forwarding', config)
+ value = '0' if (tmp != None) else '1'
+ vrf_if.set_ipv4_forwarding(value)
+ # Enable/Disable IPv6 forwarding
+ tmp = dict_search('ipv6.disable_forwarding', config)
+ value = '0' if (tmp != None) else '1'
+ vrf_if.set_ipv6_forwarding(value)
+
# Enable/Disable of an interface must always be done at the end of the
# derived class to make use of the ref-counting set_admin_state()
# function. We will only enable the interface if 'up' was called as