diff options
| -rw-r--r-- | python/vyos/ifconfig/vti.py | 7 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-vti.py | 10 | ||||
| -rwxr-xr-x | src/etc/ipsec.d/vti-up-down | 26 |
3 files changed, 26 insertions, 17 deletions
diff --git a/python/vyos/ifconfig/vti.py b/python/vyos/ifconfig/vti.py index a217d28ea..470ebbff3 100644 --- a/python/vyos/ifconfig/vti.py +++ b/python/vyos/ifconfig/vti.py @@ -33,7 +33,7 @@ class VTIIf(Interface): # - https://man7.org/linux/man-pages/man8/ip-link.8.html # - https://man7.org/linux/man-pages/man8/ip-tunnel.8.html mapping = { - 'source_interface' : 'dev', + 'source_interface' : 'dev', } if_id = self.ifname.lstrip('vti') @@ -50,8 +50,3 @@ class VTIIf(Interface): self._cmd(cmd.format(**self.config)) self.set_interface('admin_state', 'down') - - def set_admin_state(self, state): - # function is not implemented for VTI interfaces as this is entirely - # handled by the ipsec up/down scripts - pass diff --git a/src/conf_mode/interfaces-vti.py b/src/conf_mode/interfaces-vti.py index 1b38304c1..57950ffea 100755 --- a/src/conf_mode/interfaces-vti.py +++ b/src/conf_mode/interfaces-vti.py @@ -45,13 +45,13 @@ def generate(vti): return None def apply(vti): - if vti['ifname'] in interfaces(): - # Always delete the VTI interface in advance + # Remove macsec interface + if 'deleted' in vti: VTIIf(**vti).remove() + return None - if 'deleted' not in vti: - tmp = VTIIf(**vti) - tmp.update(vti) + tmp = VTIIf(**vti) + tmp.update(vti) return None diff --git a/src/etc/ipsec.d/vti-up-down b/src/etc/ipsec.d/vti-up-down index 2b66dd9e6..281c9bf2b 100755 --- a/src/etc/ipsec.d/vti-up-down +++ b/src/etc/ipsec.d/vti-up-down @@ -19,7 +19,15 @@ import os import sys -from vyos.util import call, get_interface_config, get_interface_address +from syslog import syslog +from syslog import openlog +from syslog import LOG_PID +from syslog import LOG_INFO + +from vyos.configquery import ConfigTreeQuery +from vyos.util import call +from vyos.util import get_interface_config +from vyos.util import get_interface_address def get_dhcp_address(interface): addr = get_interface_address(interface) @@ -35,7 +43,8 @@ if __name__ == '__main__': interface = sys.argv[1] dhcp_interface = sys.argv[2] - print(f'vti-up-down: start: {verb} {connection} {interface}') + openlog(ident=f'vti-up-down', logoption=LOG_PID, facility=LOG_INFO) + syslog(f'Interface {interface} {verb} {connection}') if verb in ['up-client', 'up-host']: call('sudo ip route delete default table 220') @@ -43,19 +52,24 @@ if __name__ == '__main__': vti_link = get_interface_config(interface) if not vti_link: - print('vti-up-down: interface not found') + syslog(f'Interface {interface} not found') sys.exit(0) vti_link_up = (vti_link['operstate'] == 'UP' if 'operstate' in vti_link else False) + config = ConfigTreeQuery() + vti_dict = config.get_config_dict(['interfaces', 'vti', interface], + get_first_key=True) + if verb in ['up-client', 'up-host']: if not vti_link_up: if dhcp_interface != 'no': local_ip = get_dhcp_address(dhcp_interface) call(f'sudo ip tunnel change {interface} local {local_ip}') - call(f'sudo ip link set {interface} up') + if 'disable' not in vti_dict: + call(f'sudo ip link set {interface} up') + else: + syslog(f'Interface {interface} is admin down ...') elif verb in ['down-client', 'down-host']: if vti_link_up: call(f'sudo ip link set {interface} down') - - print('vti-up-down: finish')
\ No newline at end of file |