14 files changed, 66 insertions, 24 deletions

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 000000000..d77275d38
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,20 @@
+name: Build
+on:
+  push:
+    branches:
+      - current
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/README.md b/README.md
index 0e7daa491..cc6c4e319 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # vyos-1x: VyOS command definitions, configuration scripts, and data
 
-[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=vyos%3Avyos-1x&metric=coverage)](https://sonarcloud.io/component_measures?id=vyos%3Avyos-1x&metric=coverage)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=vyos_vyos-1x&metric=coverage)](https://sonarcloud.io/component_measures?id=vyos_vyos-1x&metric=coverage)
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fvyos%2Fvyos-1x.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fvyos%2Fvyos-1x?ref=badge_shield)
 
 VyOS 1.1.x had its codebase split into way too many submodules for no good
diff --git a/interface-definitions/include/constraint/interface-name.xml.in b/interface-definitions/include/constraint/interface-name.xml.in
index 2d1f7b757..e540e4418 100644
--- a/interface-definitions/include/constraint/interface-name.xml.in
+++ b/interface-definitions/include/constraint/interface-name.xml.in
@@ -1,4 +1,4 @@
 <!-- include start from constraint/interface-name.xml.in -->
-<regex>(bond|br|dum|en|ersp|eth|gnv|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex>
+<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex>
 <validator name="file-path --lookup-path /sys/class/net --directory"/>
 <!-- include end -->
diff --git a/interface-definitions/include/firewall/connection-mark.xml.i b/interface-definitions/include/firewall/connection-mark.xml.i
index 2cb826635..69f7fe62c 100644
--- a/interface-definitions/include/firewall/connection-mark.xml.i
+++ b/interface-definitions/include/firewall/connection-mark.xml.i
@@ -3,11 +3,11 @@
   <properties>
     <help>Connection mark</help>
     <valueHelp>
-      <format>u32:1-2147483647</format>
+      <format>u32:0-2147483647</format>
       <description>Connection-mark to match</description>
     </valueHelp>
     <constraint>
-      <validator name="numeric" argument="--range 1-2147483647"/>
+      <validator name="numeric" argument="--range 0-2147483647"/>
     </constraint>
     <multi/>
   </properties>
diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i
index 6973d7a8f..216ec9bea 100644
--- a/interface-definitions/include/policy/route-common.xml.i
+++ b/interface-definitions/include/policy/route-common.xml.i
@@ -163,11 +163,11 @@
       <properties>

         <help>Connection marking</help>

         <valueHelp>

-          <format>u32:1-2147483647</format>

+          <format>u32:0-2147483647</format>

           <description>Connection marking</description>

         </valueHelp>

         <constraint>

-          <validator name="numeric" argument="--range 1-2147483647"/>

+          <validator name="numeric" argument="--range 0-2147483647"/>

         </constraint>

       </properties>

     </leafNode>

diff --git a/interface-definitions/system-time-zone.xml.in b/interface-definitions/system-time-zone.xml.in
index ff815c9d3..f6b291984 100644
--- a/interface-definitions/system-time-zone.xml.in
+++ b/interface-definitions/system-time-zone.xml.in
@@ -7,7 +7,7 @@
           <help>Local time zone (default UTC)</help>
           <priority>100</priority>
           <completionHelp>
-            <script>find /usr/share/zoneinfo/posix -type f -or -type l | sed -e s:/usr/share/zoneinfo/posix/:: | sort</script>
+            <script>timedatectl list-timezones</script>
           </completionHelp>
           <constraint>
             <validator name="timezone" argument="--validate"/>
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index fcc8cc733..8fddd91d0 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -36,8 +36,14 @@ def verify_mtu(config):
         mtu = int(config['mtu'])
 
         tmp = Interface(config['ifname'])
-        min_mtu = tmp.get_min_mtu()
-        max_mtu = tmp.get_max_mtu()
+        # Not all interfaces support min/max MTU
+        # https://vyos.dev/T5011
+        try:
+            min_mtu = tmp.get_min_mtu()
+            max_mtu = tmp.get_max_mtu()
+        except: # Fallback to defaults
+            min_mtu = 68
+            max_mtu = 9000
 
         if mtu < min_mtu:
             raise ConfigError(f'Interface MTU too low, ' \
diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py
index 5258a2cb1..f776240a1 100644
--- a/python/vyos/ifconfig/tunnel.py
+++ b/python/vyos/ifconfig/tunnel.py
@@ -162,6 +162,15 @@ class TunnelIf(Interface):
         """ Get a synthetic MAC address. """
         return self.get_mac_synthetic()
 
+    def set_multicast(self):
+        """ Set multicast """
+        if self.config.get('multicast', 'disable') == 'enable':
+            cmd = 'ip link set dev {ifname} multicast on'
+        else:
+            cmd = 'ip link set dev {ifname} multicast off'
+
+        self._cmd(cmd.format(**self.config))
+
     def update(self, config):
         """ General helper function which works on a dictionary retrived by
         get_config_dict(). It's main intention is to consolidate the scattered
@@ -170,5 +179,8 @@ class TunnelIf(Interface):
         # Adjust iproute2 tunnel parameters if necessary
         self._change_options()
 
+        # Add multicast
+        self.set_multicast()
+
         # call base class first
         super().update(config)
diff --git a/sonar-project.properties b/sonar-project.properties
index eddfd5e1e..8ff358515 100644
--- a/sonar-project.properties
+++ b/sonar-project.properties
@@ -1,7 +1,8 @@
-sonar.projectKey=vyos:vyos-1x
+sonar.projectKey=vyos_vyos-1x
 sonar.projectName=vyos-1x
 sonar.projectVersion=1.2.0
 sonar.organization=vyos
+sonar.python.version=3.9
 
 sonar.sources=src/conf_mode,src/op_mode,src/completion,src/helpers,src/validators
 sonar.language=py
@@ -17,5 +18,4 @@ sonar.host.url=https://sonarcloud.io
 sonar.python.pylint=/usr/local/bin/pylint
 sonar.python.pylint_config=.pylintrc
 sonar.python.pylint.reportPath=pylint-report.txt	
-sonar.python.xunit.reportPath=nosetests.xml
-sonar.python.coverage.reportPath=coverage.xml
+sonar.python.coverage.reportPaths=coverage.xml
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 08861053d..90e5f84f2 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021-2022 VyOS maintainers and contributors
+# Copyright (C) 2021-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -84,16 +84,16 @@ def get_config(config=None):
             # tagNodes in place, it is better to blend in the defaults manually.
             if 'port' in container['name'][name]:
                 for port in container['name'][name]['port']:
-                    default_values = defaults(base + ['name', 'port'])
+                    default_values_port = defaults(base + ['name', 'port'])
                     container['name'][name]['port'][port] = dict_merge(
-                        default_values, container['name'][name]['port'][port])
+                        default_values_port, container['name'][name]['port'][port])
             # XXX: T2665: we can not safely rely on the defaults() when there are
             # tagNodes in place, it is better to blend in the defaults manually.
             if 'volume' in container['name'][name]:
                 for volume in container['name'][name]['volume']:
-                    default_values = defaults(base + ['name', 'volume'])
+                    default_values_volume = defaults(base + ['name', 'volume'])
                     container['name'][name]['volume'][volume] = dict_merge(
-                        default_values, container['name'][name]['volume'][volume])
+                        default_values_volume, container['name'][name]['volume'][volume])
 
     # Delete container network, delete containers
     tmp = node_changed(conf, base + ['network'])
diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py
index 8263358ea..d207c63df 100755
--- a/src/conf_mode/vpn_ipsec.py
+++ b/src/conf_mode/vpn_ipsec.py
@@ -540,8 +540,7 @@ def generate(ipsec):
     cleanup_pki_files()
 
     if not ipsec:
-        for config_file in [ipsec_conf, ipsec_secrets, charon_dhcp_conf,
-                            charon_radius_conf, interface_conf, swanctl_conf]:
+        for config_file in [charon_dhcp_conf, charon_radius_conf, interface_conf, swanctl_conf]:
             if os.path.isfile(config_file):
                 os.unlink(config_file)
         render(charon_conf, 'ipsec/charon.j2', {'install_routes': default_install_routes})
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 855eb99f9..bf5d3ac84 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -105,8 +105,11 @@ def T2665_default_dict_cleanup(origin: dict, default_values: dict) -> dict:
     return origin
 
 
-def get_config():
-    conf = Config()
+def get_config(config=None):
+    if config:
+        conf = config
+    else:
+        conf = Config()
     base = ['vpn', 'openconnect']
     if not conf.exists(base):
         return None
diff --git a/src/op_mode/openvpn.py b/src/op_mode/openvpn.py
index 3797a7153..d957a1d01 100755
--- a/src/op_mode/openvpn.py
+++ b/src/op_mode/openvpn.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2022 VyOS maintainers and contributors
+# Copyright (C) 2022-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -153,6 +153,8 @@ def _get_raw_data(mode: str) -> dict:
         d = data[intf]
         d['local_host'] = conf_dict[intf].get('local-host', '')
         d['local_port'] = conf_dict[intf].get('local-port', '')
+        if conf.exists(f'interfaces openvpn {intf} server client'):
+            d['configured_clients'] = conf.list_nodes(f'interfaces openvpn {intf} server client')
         if mode in ['client', 'site-to-site']:
             for client in d['clients']:
                 if 'shared-secret-key-file' in list(conf_dict[intf]):
diff --git a/src/validators/timezone b/src/validators/timezone
index baf5abca2..107571181 100755
--- a/src/validators/timezone
+++ b/src/validators/timezone
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019 VyOS maintainers and contributors
+# Copyright (C) 2019-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -25,7 +25,7 @@ if __name__ == '__main__':
     parser.add_argument("--validate", action="store", required=True, help="Check if timezone is valid")
     args = parser.parse_args()
 
-    tz_data = cmd('find /usr/share/zoneinfo/posix -type f -or -type l | sed -e s:/usr/share/zoneinfo/posix/::')
+    tz_data = cmd('timedatectl list-timezones')
     tz_data = tz_data.split('\n')
 
     if args.validate not in tz_data: