diff options
| -rw-r--r-- | interface-definitions/interfaces-l2tpv3.xml.in | 3 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-l2tpv3.py | 252 | 
2 files changed, 48 insertions, 207 deletions
| diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in index 30dd9b604..3a878ad76 100644 --- a/interface-definitions/interfaces-l2tpv3.xml.in +++ b/interface-definitions/interfaces-l2tpv3.xml.in @@ -29,6 +29,7 @@                  <validator name="numeric" argument="--range 1-65535"/>                </constraint>              </properties> +            <defaultValue>5000</defaultValue>            </leafNode>            #include <include/interface-disable.xml.i>            <leafNode name="encapsulation"> @@ -50,6 +51,7 @@                </constraint>                <constraintErrorMessage>Encapsulation must be UDP or IP</constraintErrorMessage>              </properties> +            <defaultValue>udp</defaultValue>            </leafNode>            <node name="ipv6">              <children> @@ -138,6 +140,7 @@                  <validator name="numeric" argument="--range 1-65535"/>                </constraint>              </properties> +            <defaultValue>5000</defaultValue>            </leafNode>            <leafNode name="tunnel-id">              <properties> diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 866419f2c..0978df5b6 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -21,196 +21,65 @@ from copy import deepcopy  from netifaces import interfaces  from vyos.config import Config -from vyos.ifconfig import L2TPv3If, Interface -from vyos import ConfigError -from vyos.util import call +from vyos.configdict import get_interface_dict +from vyos.configdict import leaf_node_changed +from vyos.configverify import verify_address +from vyos.configverify import verify_bridge_delete +from vyos.ifconfig import L2TPv3If  from vyos.util import check_kmod -from vyos.validate import is_member, is_addr_assigned - +from vyos.validate import is_addr_assigned +from vyos import ConfigError  from vyos import airbag  airbag.enable()  k_mod = ['l2tp_eth', 'l2tp_netlink', 'l2tp_ip', 'l2tp_ip6'] -default_config_data = { -    'address': [], -    'deleted': False, -    'description': '', -    'disable': False, -    'encapsulation': 'udp', -    'local_address': '', -    'local_port': 5000, -    'intf': '', -    'ipv6_accept_ra': 1, -    'ipv6_autoconf': 0, -    'ipv6_eui64_prefix': [], -    'ipv6_forwarding': 1, -    'ipv6_dup_addr_detect': 1, -    'is_bridge_member': False, -    'mtu': 1488, -    'peer_session_id': '', -    'peer_tunnel_id': '', -    'remote_address': '', -    'remote_port': 5000, -    'session_id': '', -    'tunnel_id': '' -}  def get_config(): -    l2tpv3 = deepcopy(default_config_data) +    """ +    Retrive CLI config as dictionary. Dictionary can never be empty, as at least the +    interface name will be added or a deleted flag +    """      conf = Config() +    base = ['interfaces', 'l2tpv3'] +    l2tpv3 = get_interface_dict(conf, base) -    # determine tagNode instance -    if 'VYOS_TAGNODE_VALUE' not in os.environ: -        raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified') - -    l2tpv3['intf'] = os.environ['VYOS_TAGNODE_VALUE'] - -    # check if interface is member of a bridge -    l2tpv3['is_bridge_member'] = is_member(conf, l2tpv3['intf'], 'bridge') - -    # Check if interface has been removed -    if not conf.exists('interfaces l2tpv3 ' + l2tpv3['intf']): -        l2tpv3['deleted'] = True -        interface = l2tpv3['intf'] - -        # to delete the l2tpv3 interface we need the current tunnel_id and session_id -        if conf.exists_effective(f'interfaces l2tpv3 {interface} tunnel-id'): -            l2tpv3['tunnel_id'] = conf.return_effective_value(f'interfaces l2tpv3 {interface} tunnel-id') - -        if conf.exists_effective(f'interfaces l2tpv3 {interface} session-id'): -            l2tpv3['session_id'] = conf.return_effective_value(f'interfaces l2tpv3 {interface} session-id') - -        return l2tpv3 - -    # set new configuration level -    conf.set_level('interfaces l2tpv3 ' + l2tpv3['intf']) - -    # retrieve configured interface addresses -    if conf.exists('address'): -        l2tpv3['address'] = conf.return_values('address') - -    # retrieve interface description -    if conf.exists('description'): -        l2tpv3['description'] = conf.return_value('description') - -    # get tunnel destination port -    if conf.exists('destination-port'): -        l2tpv3['remote_port'] = int(conf.return_value('destination-port')) - -    # Disable this interface -    if conf.exists('disable'): -        l2tpv3['disable'] = True - -    # get tunnel encapsulation type -    if conf.exists('encapsulation'): -        l2tpv3['encapsulation'] = conf.return_value('encapsulation') - -    # get tunnel local ip address -    if conf.exists('local-ip'): -        l2tpv3['local_address'] = conf.return_value('local-ip') - -    # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) -    if conf.exists('ipv6 address autoconf'): -        l2tpv3['ipv6_autoconf'] = 1 - -    # Get prefixes for IPv6 addressing based on MAC address (EUI-64) -    if conf.exists('ipv6 address eui64'): -        l2tpv3['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64') - -    # Remove the default link-local address if set. -    if not ( conf.exists('ipv6 address no-default-link-local') or -            l2tpv3['is_bridge_member'] ): -        # add the link-local by default to make IPv6 work -        l2tpv3['ipv6_eui64_prefix'].append('fe80::/64') - -    # Disable IPv6 forwarding on this interface -    if conf.exists('ipv6 disable-forwarding'): -        l2tpv3['ipv6_forwarding'] = 0 +    # L2TPv3 is "special" the default MTU is 1488 - update accordingly +    # as the config_level is already st in get_interface_dict() - we can use [] +    tmp = conf.get_config_dict([], key_mangling=('-', '_'), get_first_key=True) +    if 'mtu' not in tmp: +        l2tpv3['mtu'] = '1488' -    # IPv6 Duplicate Address Detection (DAD) tries -    if conf.exists('ipv6 dup-addr-detect-transmits'): -        l2tpv3['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) +    # To delete an l2tpv3 interface we need the current tunnel and session-id +    if 'deleted' in l2tpv3: +        tmp = leaf_node_changed(conf, ['tunnel-id']) +        l2tpv3.update({'tunnel_id': tmp}) -    # to make IPv6 SLAAC and DHCPv6 work with forwarding=1, -    # accept_ra must be 2 -    if l2tpv3['ipv6_autoconf'] or 'dhcpv6' in l2tpv3['address']: -        l2tpv3['ipv6_accept_ra'] = 2 - -    # Maximum Transmission Unit (MTU) -    if conf.exists('mtu'): -        l2tpv3['mtu'] = int(conf.return_value('mtu')) - -    # Remote session id -    if conf.exists('peer-session-id'): -        l2tpv3['peer_session_id'] = conf.return_value('peer-session-id') - -    # Remote tunnel id -    if conf.exists('peer-tunnel-id'): -        l2tpv3['peer_tunnel_id'] = conf.return_value('peer-tunnel-id') - -    # Remote address of L2TPv3 tunnel -    if conf.exists('remote-ip'): -        l2tpv3['remote_address'] = conf.return_value('remote-ip') - -    # Local session id -    if conf.exists('session-id'): -        l2tpv3['session_id'] = conf.return_value('session-id') - -    # get local tunnel port -    if conf.exists('source-port'): -        l2tpv3['local_port'] = conf.return_value('source-port') - -    # get local tunnel id -    if conf.exists('tunnel-id'): -        l2tpv3['tunnel_id'] = conf.return_value('tunnel-id') +        tmp = leaf_node_changed(conf, ['session-id']) +        l2tpv3.update({'session_id': tmp})      return l2tpv3 -  def verify(l2tpv3): -    interface = l2tpv3['intf'] - -    if l2tpv3['deleted']: -        if l2tpv3['is_bridge_member']: -            raise ConfigError(( -                f'Interface "{l2tpv3["intf"]}" cannot be deleted as it is a ' -                f'member of bridge "{l2tpv3["is_bridge_member"]}"!')) - +    if 'deleted' in l2tpv3: +        verify_bridge_delete(l2tpv3)          return None -    if not l2tpv3['local_address']: -        raise ConfigError(f'Must configure the l2tpv3 local-ip for {interface}') +    interface = l2tpv3['ifname'] -    if not is_addr_assigned(l2tpv3['local_address']): -        raise ConfigError(f'Must use a configured IP on l2tpv3 local-ip for {interface}') +    for key in ['local_ip', 'remote_ip', 'tunnel_id', 'peer_tunnel_id', +                'session_id', 'peer_session_id']: +        if key not in l2tpv3: +            tmp = key.replace('_', '-') +            raise ConfigError(f'L2TPv3 {tmp} must be configured!') -    if not l2tpv3['remote_address']: -        raise ConfigError(f'Must configure the l2tpv3 remote-ip for {interface}') - -    if not l2tpv3['tunnel_id']: -        raise ConfigError(f'Must configure the l2tpv3 tunnel-id for {interface}') - -    if not l2tpv3['peer_tunnel_id']: -        raise ConfigError(f'Must configure the l2tpv3 peer-tunnel-id for {interface}') - -    if not l2tpv3['session_id']: -        raise ConfigError(f'Must configure the l2tpv3 session-id for {interface}') - -    if not l2tpv3['peer_session_id']: -        raise ConfigError(f'Must configure the l2tpv3 peer-session-id for {interface}') - -    if ( l2tpv3['is_bridge_member'] -            and ( l2tpv3['address'] -                or l2tpv3['ipv6_eui64_prefix'] -                or l2tpv3['ipv6_autoconf'] ) ): -        raise ConfigError(( -            f'Cannot assign address to interface "{l2tpv3["intf"]}" ' -            f'as it is a member of bridge "{l2tpv3["is_bridge_member"]}"!')) +    if not is_addr_assigned(l2tpv3['local_ip']): +        raise ConfigError('L2TPv3 local-ip address ' +                          '"{local_ip}" is not configured!'.format(**l2tpv3)) +    verify_address(l2tpv3)      return None -  def generate(l2tpv3):      return None @@ -221,59 +90,28 @@ def apply(l2tpv3):      conf = deepcopy(L2TPv3If.get_config())      # Check if L2TPv3 interface already exists -    if l2tpv3['intf'] in interfaces(): +    if l2tpv3['ifname'] in interfaces():          # L2TPv3 is picky when changing tunnels/sessions, thus we can simply          # always delete it first.          conf['session_id'] = l2tpv3['session_id']          conf['tunnel_id'] = l2tpv3['tunnel_id'] -        l = L2TPv3If(l2tpv3['intf'], **conf) +        l = L2TPv3If(l2tpv3['ifname'], **conf)          l.remove() -    if not l2tpv3['deleted']: +    if 'deleted' not in l2tpv3:          conf['peer_tunnel_id'] = l2tpv3['peer_tunnel_id'] -        conf['local_port'] = l2tpv3['local_port'] -        conf['remote_port'] = l2tpv3['remote_port'] +        conf['local_port'] = l2tpv3['source_port'] +        conf['remote_port'] = l2tpv3['destination_port']          conf['encapsulation'] = l2tpv3['encapsulation'] -        conf['local_address'] = l2tpv3['local_address'] -        conf['remote_address'] = l2tpv3['remote_address'] +        conf['local_address'] = l2tpv3['local_ip'] +        conf['remote_address'] = l2tpv3['remote_ip']          conf['session_id'] = l2tpv3['session_id']          conf['tunnel_id'] = l2tpv3['tunnel_id']          conf['peer_session_id'] = l2tpv3['peer_session_id']          # Finally create the new interface -        l = L2TPv3If(l2tpv3['intf'], **conf) -        # update interface description used e.g. by SNMP -        l.set_alias(l2tpv3['description']) -        # Maximum Transfer Unit (MTU) -        l.set_mtu(l2tpv3['mtu']) -        # IPv6 accept RA -        l.set_ipv6_accept_ra(l2tpv3['ipv6_accept_ra']) -        # IPv6 address autoconfiguration -        l.set_ipv6_autoconf(l2tpv3['ipv6_autoconf']) -        # IPv6 forwarding -        l.set_ipv6_forwarding(l2tpv3['ipv6_forwarding']) -        # IPv6 Duplicate Address Detection (DAD) tries -        l.set_ipv6_dad_messages(l2tpv3['ipv6_dup_addr_detect']) - -        # Configure interface address(es) - no need to implicitly delete the -        # old addresses as they have already been removed by deleting the -        # interface above -        for addr in l2tpv3['address']: -            l.add_addr(addr) - -        # IPv6 EUI-based addresses -        for addr in l2tpv3['ipv6_eui64_prefix']: -            l.add_ipv6_eui64_address(addr) - -        # As the interface is always disabled first when changing parameters -        # we will only re-enable the interface if it is not  administratively -        # disabled -        if not l2tpv3['disable']: -            l.set_admin_state('up') - -        # re-add ourselves to any bridge we might have fallen out of -        if l2tpv3['is_bridge_member']: -            l.add_to_bridge(l2tpv3['is_bridge_member']) +        l = L2TPv3If(l2tpv3['ifname'], **conf) +        l.update(l2tpv3)      return None | 
