summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/templates/accel-ppp/pppoe.config.j210
-rw-r--r--data/templates/chrony/override.conf.j25
-rw-r--r--data/templates/dynamic-dns/ddclient.conf.j22
-rw-r--r--debian/control4
-rw-r--r--interface-definitions/include/accel-ppp/auth-mode.xml.i8
-rw-r--r--interface-definitions/include/firewall/connection-mark.xml.i4
-rw-r--r--interface-definitions/include/policy/route-common.xml.i4
-rw-r--r--interface-definitions/include/qos/hfsc-m1.xml.i2
-rw-r--r--interface-definitions/include/qos/hfsc-m2.xml.i2
-rw-r--r--interface-definitions/interfaces-macsec.xml.in4
-rw-r--r--interface-definitions/service-ipoe-server.xml.in24
-rw-r--r--interface-definitions/system-option.xml.in8
-rw-r--r--python/vyos/config_mgmt.py43
-rw-r--r--python/vyos/configtree.py32
-rw-r--r--python/vyos/configverify.py21
-rw-r--r--python/vyos/ifconfig/tunnel.py12
-rwxr-xr-xsmoketest/bin/vyos-smoketest2
-rwxr-xr-xsmoketest/scripts/cli/test_load_balancing_wan.py11
-rwxr-xr-xsmoketest/scripts/cli/test_service_dns_dynamic.py2
-rwxr-xr-xsrc/conf_mode/container.py10
-rw-r--r--src/etc/systemd/system/ddclient.service.d/override.conf2
-rwxr-xr-xsrc/op_mode/openvpn.py4
-rwxr-xr-xsrc/services/vyos-http-api-server4
-rw-r--r--src/tests/test_configverify.py5
-rw-r--r--src/xdp/common/common_libbpf.c15
-rw-r--r--src/xdp/common/common_user_bpf_xdp.c47
-rw-r--r--src/xdp/common/xdp_stats_kern.h12
-rw-r--r--src/xdp/xdp_prog_kern.c30
28 files changed, 182 insertions, 147 deletions
diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2
index 811c4ccc0..dd53edd28 100644
--- a/data/templates/accel-ppp/pppoe.config.j2
+++ b/data/templates/accel-ppp/pppoe.config.j2
@@ -30,6 +30,11 @@ syslog=accel-pppoe,daemon
copy=1
level=5
+{% if authentication.mode is vyos_defined("noauth") %}
+[auth]
+noauth=1
+{% endif %}
+
{% if snmp.master_agent is vyos_defined %}
[snmp]
master=1
@@ -133,7 +138,10 @@ pado-delay={{ pado_delay_param.value }}
called-sid={{ authentication.radius.called_sid_format }}
{% endif %}
-{% if authentication.mode is vyos_defined("local") %}
+{% if authentication.mode is vyos_defined("local") or authentication.mode is vyos_defined("noauth") %}
+{% if authentication.mode is vyos_defined("noauth") %}
+noauth=1
+{% endif %}
{% if client_ip_pool.name is vyos_defined %}
{% for pool, pool_config in client_ip_pool.name.items() %}
{% if pool_config.subnet is vyos_defined %}
diff --git a/data/templates/chrony/override.conf.j2 b/data/templates/chrony/override.conf.j2
index 9eaea7608..0ab8f0824 100644
--- a/data/templates/chrony/override.conf.j2
+++ b/data/templates/chrony/override.conf.j2
@@ -5,6 +5,7 @@ ConditionPathExists={{ config_file }}
After=vyos-router.service
[Service]
+User=root
EnvironmentFile=
ExecStart=
ExecStart={{ vrf_command }}/usr/sbin/chronyd -F 1 -f {{ config_file }}
@@ -13,5 +14,5 @@ PIDFile={{ config_file | replace('.conf', '.pid') }}
Restart=always
RestartSec=10
# Required for VRF support
-ProtectControlGroups=No
-
+ProcSubset=all
+ProtectControlGroups=no
diff --git a/data/templates/dynamic-dns/ddclient.conf.j2 b/data/templates/dynamic-dns/ddclient.conf.j2
index 3c2d17cbb..c2c9b1dd6 100644
--- a/data/templates/dynamic-dns/ddclient.conf.j2
+++ b/data/templates/dynamic-dns/ddclient.conf.j2
@@ -10,7 +10,7 @@ ssl=yes
{% set web_skip = ", web-skip='" ~ iface_config.use_web.skip ~ "'" if iface_config.use_web.skip is vyos_defined else '' %}
use=web, web='{{ iface_config.use_web.url }}'{{ web_skip }}
{% else %}
-{{ 'usev6=if' if iface_config.ipv6_enable is vyos_defined else 'use=if' }}, if={{ iface }}
+{{ 'usev6=ifv6' if iface_config.ipv6_enable is vyos_defined else 'use=if' }}, if={{ iface }}
{% endif %}
{% if iface_config.rfc2136 is vyos_defined %}
diff --git a/debian/control b/debian/control
index 2b940a412..fb29697d4 100644
--- a/debian/control
+++ b/debian/control
@@ -8,6 +8,7 @@ Build-Depends:
fakeroot,
gcc-multilib [amd64],
clang [amd64],
+ iproute2,
llvm [amd64],
libbpf-dev [amd64],
libelf-dev (>= 0.2) [amd64],
@@ -45,7 +46,6 @@ Depends:
conserver-client,
conserver-server,
console-data,
- crda,
cron,
curl,
dbus,
@@ -79,7 +79,7 @@ Depends:
lcdproc,
lcdproc-extra-drivers,
libatomic1,
- libbpf0 [amd64],
+ libbpf1 [amd64],
libcharon-extra-plugins (>=5.9),
libcharon-extauth-plugins (>=5.9),
libndp-tools,
diff --git a/interface-definitions/include/accel-ppp/auth-mode.xml.i b/interface-definitions/include/accel-ppp/auth-mode.xml.i
index c1a87cfe3..ccaed6f04 100644
--- a/interface-definitions/include/accel-ppp/auth-mode.xml.i
+++ b/interface-definitions/include/accel-ppp/auth-mode.xml.i
@@ -10,11 +10,15 @@
<format>radius</format>
<description>Use RADIUS server for user autentication</description>
</valueHelp>
+ <valueHelp>
+ <format>noauth</format>
+ <description>Authentication disabled</description>
+ </valueHelp>
<constraint>
- <regex>(local|radius)</regex>
+ <regex>(local|radius|noauth)</regex>
</constraint>
<completionHelp>
- <list>local radius</list>
+ <list>local radius noauth</list>
</completionHelp>
</properties>
<defaultValue>local</defaultValue>
diff --git a/interface-definitions/include/firewall/connection-mark.xml.i b/interface-definitions/include/firewall/connection-mark.xml.i
index 2cb826635..69f7fe62c 100644
--- a/interface-definitions/include/firewall/connection-mark.xml.i
+++ b/interface-definitions/include/firewall/connection-mark.xml.i
@@ -3,11 +3,11 @@
<properties>
<help>Connection mark</help>
<valueHelp>
- <format>u32:1-2147483647</format>
+ <format>u32:0-2147483647</format>
<description>Connection-mark to match</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1-2147483647"/>
+ <validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
<multi/>
</properties>
diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i
index 6973d7a8f..216ec9bea 100644
--- a/interface-definitions/include/policy/route-common.xml.i
+++ b/interface-definitions/include/policy/route-common.xml.i
@@ -163,11 +163,11 @@
<properties>
<help>Connection marking</help>
<valueHelp>
- <format>u32:1-2147483647</format>
+ <format>u32:0-2147483647</format>
<description>Connection marking</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1-2147483647"/>
+ <validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/qos/hfsc-m1.xml.i b/interface-definitions/include/qos/hfsc-m1.xml.i
index 749d01f57..677d817ba 100644
--- a/interface-definitions/include/qos/hfsc-m1.xml.i
+++ b/interface-definitions/include/qos/hfsc-m1.xml.i
@@ -27,6 +27,6 @@
<description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description>
</valueHelp>
</properties>
- <defaultValue>100%</defaultValue>
+ <defaultValue>100%%</defaultValue>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/qos/hfsc-m2.xml.i b/interface-definitions/include/qos/hfsc-m2.xml.i
index 24e8f5d63..7690df4b0 100644
--- a/interface-definitions/include/qos/hfsc-m2.xml.i
+++ b/interface-definitions/include/qos/hfsc-m2.xml.i
@@ -27,6 +27,6 @@
<description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description>
</valueHelp>
</properties>
- <defaultValue>100%</defaultValue>
+ <defaultValue>100%%</defaultValue>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in
index 4b4f9149d..6bc28e44b 100644
--- a/interface-definitions/interfaces-macsec.xml.in
+++ b/interface-definitions/interfaces-macsec.xml.in
@@ -75,10 +75,10 @@
<help>Secure Connectivity Association Key Name</help>
<valueHelp>
<format>txt</format>
- <description>32-byte (256-bit) hex-string (64 hex-digits)</description>
+ <description>1..32-bytes (8..256 bit) hex-string (2..64 hex-digits)</description>
</valueHelp>
<constraint>
- <regex>[A-Fa-f0-9]{64}</regex>
+ <regex>[A-Fa-f0-9]{2,64}</regex>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service-ipoe-server.xml.in
index ca4929249..ebe99d3aa 100644
--- a/interface-definitions/service-ipoe-server.xml.in
+++ b/interface-definitions/service-ipoe-server.xml.in
@@ -117,29 +117,7 @@
<help>Client authentication methods</help>
</properties>
<children>
- <leafNode name="mode">
- <properties>
- <help>Authetication mode</help>
- <completionHelp>
- <list>local radius noauth</list>
- </completionHelp>
- <constraint>
- <regex>(local|radius|noauth)</regex>
- </constraint>
- <valueHelp>
- <format>local</format>
- <description>Authentication based on local definition</description>
- </valueHelp>
- <valueHelp>
- <format>radius</format>
- <description>Authentication based on a RADIUS server</description>
- </valueHelp>
- <valueHelp>
- <format>noauth</format>
- <description>Authentication disabled</description>
- </valueHelp>
- </properties>
- </leafNode>
+ #include <include/accel-ppp/auth-mode.xml.i>
<tagNode name="interface">
<properties>
<help>Network interface for client MAC addresses</help>
diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system-option.xml.in
index bb15e467e..0fa349e0b 100644
--- a/interface-definitions/system-option.xml.in
+++ b/interface-definitions/system-option.xml.in
@@ -36,13 +36,17 @@
<properties>
<help>System keyboard layout, type ISO2</help>
<completionHelp>
- <list>us fr de es fi jp106 no dk dvorak</list>
+ <list>us uk fr de es fi jp106 no dk dvorak</list>
</completionHelp>
<valueHelp>
<format>us</format>
<description>United States</description>
</valueHelp>
<valueHelp>
+ <format>uk</format>
+ <description>United Kingdom</description>
+ </valueHelp>
+ <valueHelp>
<format>fr</format>
<description>France</description>
</valueHelp>
@@ -75,7 +79,7 @@
<description>Dvorak</description>
</valueHelp>
<constraint>
- <regex>(us|fr|de|es|fi|jp106|no|dk|dvorak)</regex>
+ <regex>(us|uk|fr|de|es|fi|jp106|no|dk|dvorak)</regex>
</constraint>
<constraintErrorMessage>Invalid keyboard layout</constraintErrorMessage>
</properties>
diff --git a/python/vyos/config_mgmt.py b/python/vyos/config_mgmt.py
index 22a49ff50..fade3081c 100644
--- a/python/vyos/config_mgmt.py
+++ b/python/vyos/config_mgmt.py
@@ -24,7 +24,7 @@ from datetime import datetime
from tabulate import tabulate
from vyos.config import Config
-from vyos.configtree import ConfigTree
+from vyos.configtree import ConfigTree, ConfigTreeError, show_diff
from vyos.defaults import directories
from vyos.util import is_systemd_service_active, ask_yes_no, rc_cmd
@@ -93,15 +93,7 @@ class ConfigMgmt:
# a call to compare without args is edit_level aware
edit_level = os.getenv('VYATTA_EDIT_LEVEL', '')
- edit_path = [l for l in edit_level.split('/') if l]
- if edit_path:
- eff_conf = config.show_config(edit_path, effective=True)
- self.edit_level_active_config = ConfigTree(eff_conf)
- conf = config.show_config(edit_path)
- self.edit_level_working_config = ConfigTree(conf)
- else:
- self.edit_level_active_config = None
- self.edit_level_working_config = None
+ self.edit_path = [l for l in edit_level.split('/') if l]
self.active_config = config._running_config
self.working_config = config._session_config
@@ -241,14 +233,8 @@ Proceed ?'''
revision n vs. revision m; working version vs. active version;
or working version vs. saved version.
"""
- from difflib import unified_diff
-
- ct1 = self.edit_level_active_config
- if ct1 is None:
- ct1 = self.active_config
- ct2 = self.edit_level_working_config
- if ct2 is None:
- ct2 = self.working_config
+ ct1 = self.active_config
+ ct2 = self.working_config
msg = 'No changes between working and active configurations.\n'
if saved:
ct1 = self._get_saved_config_tree()
@@ -268,19 +254,16 @@ Proceed ?'''
ct1 = self._get_config_tree_revision(rev2)
msg = f'No changes between revisions {rev2} and {rev1} configurations.\n'
- if commands:
- lines1 = ct1.to_commands().splitlines(keepends=True)
- lines2 = ct2.to_commands().splitlines(keepends=True)
- else:
- lines1 = ct1.to_string().splitlines(keepends=True)
- lines2 = ct2.to_string().splitlines(keepends=True)
-
out = ''
- comp = unified_diff(lines1, lines2)
- for line in comp:
- if re.match(r'(\-\-)|(\+\+)|(@@)', line):
- continue
- out += line
+ path = [] if commands else self.edit_path
+ try:
+ if commands:
+ out = show_diff(ct1, ct2, path=path, commands=True)
+ else:
+ out = show_diff(ct1, ct2, path=path)
+ except ConfigTreeError as e:
+ return e, 1
+
if out:
msg = out
diff --git a/python/vyos/configtree.py b/python/vyos/configtree.py
index f2358ee4f..c0b3ebd78 100644
--- a/python/vyos/configtree.py
+++ b/python/vyos/configtree.py
@@ -16,7 +16,7 @@ import os
import re
import json
-from ctypes import cdll, c_char_p, c_void_p, c_int
+from ctypes import cdll, c_char_p, c_void_p, c_int, c_bool
LIBPATH = '/usr/lib/libvyosconfig.so.0'
@@ -322,6 +322,36 @@ class ConfigTree(object):
subt = ConfigTree(address=res)
return subt
+def show_diff(left, right, path=[], commands=False, libpath=LIBPATH):
+ if left is None:
+ left = ConfigTree(config_string='\n')
+ if right is None:
+ right = ConfigTree(config_string='\n')
+ if not (isinstance(left, ConfigTree) and isinstance(right, ConfigTree)):
+ raise TypeError("Arguments must be instances of ConfigTree")
+ if path:
+ if (not left.exists(path)) and (not right.exists(path)):
+ raise ConfigTreeError(f"Path {path} doesn't exist")
+
+ check_path(path)
+ path_str = " ".join(map(str, path)).encode()
+
+ __lib = cdll.LoadLibrary(libpath)
+ __show_diff = __lib.show_diff
+ __show_diff.argtypes = [c_bool, c_char_p, c_void_p, c_void_p]
+ __show_diff.restype = c_char_p
+ __get_error = __lib.get_error
+ __get_error.argtypes = []
+ __get_error.restype = c_char_p
+
+ res = __show_diff(commands, path_str, left._get_config(), right._get_config())
+ res = res.decode()
+ if res == "#1@":
+ msg = __get_error().decode()
+ raise ConfigTreeError(msg)
+
+ return res
+
class DiffTree:
def __init__(self, left, right, path=[], libpath=LIBPATH):
if left is None:
diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py
index 30bdd2d47..8fddd91d0 100644
--- a/python/vyos/configverify.py
+++ b/python/vyos/configverify.py
@@ -36,8 +36,14 @@ def verify_mtu(config):
mtu = int(config['mtu'])
tmp = Interface(config['ifname'])
- min_mtu = tmp.get_min_mtu()
- max_mtu = tmp.get_max_mtu()
+ # Not all interfaces support min/max MTU
+ # https://vyos.dev/T5011
+ try:
+ min_mtu = tmp.get_min_mtu()
+ max_mtu = tmp.get_max_mtu()
+ except: # Fallback to defaults
+ min_mtu = 68
+ max_mtu = 9000
if mtu < min_mtu:
raise ConfigError(f'Interface MTU too low, ' \
@@ -420,11 +426,12 @@ def verify_accel_ppp_base_service(config, local_users=True):
if 'gateway_address' in config:
gateway = True
else:
- if dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name']):
- for _, v in config['client_ip_pool']['name'].items():
- if 'gateway_address' in v:
- gateway = True
- break
+ if 'client_ip_pool' in config:
+ if dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name']):
+ for _, v in config['client_ip_pool']['name'].items():
+ if 'gateway_address' in v:
+ gateway = True
+ break
if not gateway:
raise ConfigError('Server requires gateway-address to be configured!')
diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py
index 5258a2cb1..f776240a1 100644
--- a/python/vyos/ifconfig/tunnel.py
+++ b/python/vyos/ifconfig/tunnel.py
@@ -162,6 +162,15 @@ class TunnelIf(Interface):
""" Get a synthetic MAC address. """
return self.get_mac_synthetic()
+ def set_multicast(self):
+ """ Set multicast """
+ if self.config.get('multicast', 'disable') == 'enable':
+ cmd = 'ip link set dev {ifname} multicast on'
+ else:
+ cmd = 'ip link set dev {ifname} multicast off'
+
+ self._cmd(cmd.format(**self.config))
+
def update(self, config):
""" General helper function which works on a dictionary retrived by
get_config_dict(). It's main intention is to consolidate the scattered
@@ -170,5 +179,8 @@ class TunnelIf(Interface):
# Adjust iproute2 tunnel parameters if necessary
self._change_options()
+ # Add multicast
+ self.set_multicast()
+
# call base class first
super().update(config)
diff --git a/smoketest/bin/vyos-smoketest b/smoketest/bin/vyos-smoketest
index cb039db42..135388afe 100755
--- a/smoketest/bin/vyos-smoketest
+++ b/smoketest/bin/vyos-smoketest
@@ -26,7 +26,7 @@ for root, dirs, files in os.walk('/usr/libexec/vyos/tests/smoke'):
test_file = os.path.join(root, name)
mode = os.stat(test_file).st_mode
- if mode & S_IXOTH:
+ if name.startswith("test_") and mode & S_IXOTH:
print('Running Testcase: ' + test_file)
process = Popen([test_file], stdout=PIPE)
(output, err) = process.communicate()
diff --git a/smoketest/scripts/cli/test_load_balancing_wan.py b/smoketest/scripts/cli/test_load_balancing_wan.py
index 33c69c595..0e1806f66 100755
--- a/smoketest/scripts/cli/test_load_balancing_wan.py
+++ b/smoketest/scripts/cli/test_load_balancing_wan.py
@@ -143,15 +143,15 @@ class TestLoadBalancingWan(VyOSUnitTestSHIM.TestCase):
container_iface3 = 'ceth2'
mangle_isp1 = """table ip mangle {
chain ISP_veth1 {
- counter ct mark set 0xc9
- counter meta mark set 0xc9
+ counter ct mark set 0xc9
+ counter meta mark set 0xc9
counter accept
}
}"""
mangle_isp2 = """table ip mangle {
chain ISP_veth2 {
- counter ct mark set 0xca
- counter meta mark set 0xca
+ counter ct mark set 0xca
+ counter meta mark set 0xca
counter accept
}
}"""
@@ -163,7 +163,7 @@ class TestLoadBalancingWan(VyOSUnitTestSHIM.TestCase):
}"""
mangle_wanloadbalance_pre = """table ip mangle {
chain WANLOADBALANCE_PRE {
- iifname "veth3" ip saddr 198.51.100.0/24 ct state new counter jump ISP_veth1
+ iifname "veth3" ip saddr 198.51.100.0/24 ct state new meta random & 2147483647 < 1073741824 counter jump ISP_veth1
iifname "veth3" ip saddr 198.51.100.0/24 ct state new counter jump ISP_veth2
iifname "veth3" ip saddr 198.51.100.0/24 counter meta mark set ct mark
}
@@ -177,7 +177,6 @@ class TestLoadBalancingWan(VyOSUnitTestSHIM.TestCase):
nat_vyos_pre_snat_hook = """table ip nat {
chain VYOS_PRE_SNAT_HOOK {
type nat hook postrouting priority srcnat - 1; policy accept;
- counter jump WANLOADBALANCE
return
}
}"""
diff --git a/smoketest/scripts/cli/test_service_dns_dynamic.py b/smoketest/scripts/cli/test_service_dns_dynamic.py
index 90d10d40b..57705e26f 100755
--- a/smoketest/scripts/cli/test_service_dns_dynamic.py
+++ b/smoketest/scripts/cli/test_service_dns_dynamic.py
@@ -155,7 +155,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
self.assertEqual(login, user)
self.assertEqual(pwd, f"'{password}'")
self.assertEqual(server, srv)
- self.assertEqual(usev6, f"if, if={interface}")
+ self.assertEqual(usev6, f"ifv6, if={interface}")
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 08861053d..90e5f84f2 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021-2022 VyOS maintainers and contributors
+# Copyright (C) 2021-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -84,16 +84,16 @@ def get_config(config=None):
# tagNodes in place, it is better to blend in the defaults manually.
if 'port' in container['name'][name]:
for port in container['name'][name]['port']:
- default_values = defaults(base + ['name', 'port'])
+ default_values_port = defaults(base + ['name', 'port'])
container['name'][name]['port'][port] = dict_merge(
- default_values, container['name'][name]['port'][port])
+ default_values_port, container['name'][name]['port'][port])
# XXX: T2665: we can not safely rely on the defaults() when there are
# tagNodes in place, it is better to blend in the defaults manually.
if 'volume' in container['name'][name]:
for volume in container['name'][name]['volume']:
- default_values = defaults(base + ['name', 'volume'])
+ default_values_volume = defaults(base + ['name', 'volume'])
container['name'][name]['volume'][volume] = dict_merge(
- default_values, container['name'][name]['volume'][volume])
+ default_values_volume, container['name'][name]['volume'][volume])
# Delete container network, delete containers
tmp = node_changed(conf, base + ['network'])
diff --git a/src/etc/systemd/system/ddclient.service.d/override.conf b/src/etc/systemd/system/ddclient.service.d/override.conf
index d9c9963b0..09d929d39 100644
--- a/src/etc/systemd/system/ddclient.service.d/override.conf
+++ b/src/etc/systemd/system/ddclient.service.d/override.conf
@@ -8,4 +8,4 @@ WorkingDirectory=/run/ddclient
PIDFile=
PIDFile=/run/ddclient/ddclient.pid
ExecStart=
-ExecStart=/usr/sbin/ddclient -cache /run/ddclient/ddclient.cache -pid /run/ddclient/ddclient.pid -file /run/ddclient/ddclient.conf
+ExecStart=/usr/bin/ddclient -cache /run/ddclient/ddclient.cache -pid /run/ddclient/ddclient.pid -file /run/ddclient/ddclient.conf
diff --git a/src/op_mode/openvpn.py b/src/op_mode/openvpn.py
index 3797a7153..d957a1d01 100755
--- a/src/op_mode/openvpn.py
+++ b/src/op_mode/openvpn.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2022 VyOS maintainers and contributors
+# Copyright (C) 2022-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -153,6 +153,8 @@ def _get_raw_data(mode: str) -> dict:
d = data[intf]
d['local_host'] = conf_dict[intf].get('local-host', '')
d['local_port'] = conf_dict[intf].get('local-port', '')
+ if conf.exists(f'interfaces openvpn {intf} server client'):
+ d['configured_clients'] = conf.list_nodes(f'interfaces openvpn {intf} server client')
if mode in ['client', 'site-to-site']:
for client in d['clients']:
if 'shared-secret-key-file' in list(conf_dict[intf]):
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index f59e089ae..cd73f38ec 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -425,7 +425,7 @@ async def validation_exception_handler(request, exc):
return error(400, str(exc.errors()[0]))
@app.post('/configure')
-def configure_op(data: Union[ConfigureModel, ConfigureListModel]):
+async def configure_op(data: Union[ConfigureModel, ConfigureListModel]):
session = app.state.vyos_session
env = session.get_session_env()
config = vyos.config.Config(session_env=env)
@@ -494,7 +494,7 @@ def configure_op(data: Union[ConfigureModel, ConfigureListModel]):
return success(None)
@app.post("/retrieve")
-def retrieve_op(data: RetrieveModel):
+async def retrieve_op(data: RetrieveModel):
session = app.state.vyos_session
env = session.get_session_env()
config = vyos.config.Config(session_env=env)
diff --git a/src/tests/test_configverify.py b/src/tests/test_configverify.py
index ad7e053db..6fb43ece2 100644
--- a/src/tests/test_configverify.py
+++ b/src/tests/test_configverify.py
@@ -27,11 +27,6 @@ class TestDictSearch(TestCase):
def test_dh_key_none(self):
self.assertFalse(verify_diffie_hellman_length('/tmp/non_existing_file', '1024'))
- def test_dh_key_256(self):
- key_len = '256'
- cmd(f'openssl dhparam -out {dh_file} {key_len}')
- self.assertTrue(verify_diffie_hellman_length(dh_file, key_len))
-
def test_dh_key_512(self):
key_len = '512'
cmd(f'openssl dhparam -out {dh_file} {key_len}')
diff --git a/src/xdp/common/common_libbpf.c b/src/xdp/common/common_libbpf.c
index 5788ecd9e..443ca4c66 100644
--- a/src/xdp/common/common_libbpf.c
+++ b/src/xdp/common/common_libbpf.c
@@ -24,10 +24,6 @@ static inline bool IS_ERR_OR_NULL(const void *ptr)
int bpf_prog_load_xattr_maps(const struct bpf_prog_load_attr_maps *attr,
struct bpf_object **pobj, int *prog_fd)
{
- struct bpf_object_open_attr open_attr = {
- .file = attr->file,
- .prog_type = attr->prog_type,
- };
struct bpf_program *prog, *first_prog = NULL;
enum bpf_attach_type expected_attach_type;
enum bpf_prog_type prog_type;
@@ -41,10 +37,13 @@ int bpf_prog_load_xattr_maps(const struct bpf_prog_load_attr_maps *attr,
if (!attr->file)
return -EINVAL;
+ obj = bpf_object__open_file(attr->file, NULL);
- obj = bpf_object__open_xattr(&open_attr);
- if (IS_ERR_OR_NULL(obj))
- return -ENOENT;
+ if (libbpf_get_error(obj))
+ return -EINVAL;
+
+ prog = bpf_object__next_program(obj, NULL);
+ bpf_program__set_type(prog, attr->prog_type);
bpf_object__for_each_program(prog, obj) {
/*
@@ -82,7 +81,7 @@ int bpf_prog_load_xattr_maps(const struct bpf_prog_load_attr_maps *attr,
bpf_map__for_each(map, obj) {
const char* mapname = bpf_map__name(map);
- if (!bpf_map__is_offload_neutral(map))
+ if (bpf_map__type(map) != BPF_MAP_TYPE_PERF_EVENT_ARRAY)
bpf_map__set_ifindex(map, attr->ifindex);
/* Was: map->map_ifindex = attr->ifindex; */
diff --git a/src/xdp/common/common_user_bpf_xdp.c b/src/xdp/common/common_user_bpf_xdp.c
index faf7f4f91..524f08c9d 100644
--- a/src/xdp/common/common_user_bpf_xdp.c
+++ b/src/xdp/common/common_user_bpf_xdp.c
@@ -21,7 +21,7 @@ int xdp_link_attach(int ifindex, __u32 xdp_flags, int prog_fd)
int err;
/* libbpf provide the XDP net_device link-level hook attach helper */
- err = bpf_set_link_xdp_fd(ifindex, prog_fd, xdp_flags);
+ err = bpf_xdp_attach(ifindex, prog_fd, xdp_flags, NULL);
if (err == -EEXIST && !(xdp_flags & XDP_FLAGS_UPDATE_IF_NOEXIST)) {
/* Force mode didn't work, probably because a program of the
* opposite type is loaded. Let's unload that and try loading
@@ -32,9 +32,9 @@ int xdp_link_attach(int ifindex, __u32 xdp_flags, int prog_fd)
xdp_flags &= ~XDP_FLAGS_MODES;
xdp_flags |= (old_flags & XDP_FLAGS_SKB_MODE) ? XDP_FLAGS_DRV_MODE : XDP_FLAGS_SKB_MODE;
- err = bpf_set_link_xdp_fd(ifindex, -1, xdp_flags);
+ err = bpf_xdp_detach(ifindex, xdp_flags, NULL);
if (!err)
- err = bpf_set_link_xdp_fd(ifindex, prog_fd, old_flags);
+ err = bpf_xdp_attach(ifindex, prog_fd, old_flags, NULL);
}
if (err < 0) {
fprintf(stderr, "ERR: "
@@ -65,7 +65,7 @@ int xdp_link_detach(int ifindex, __u32 xdp_flags, __u32 expected_prog_id)
__u32 curr_prog_id;
int err;
- err = bpf_get_link_xdp_id(ifindex, &curr_prog_id, xdp_flags);
+ err = bpf_xdp_query_id(ifindex, xdp_flags, &curr_prog_id);
if (err) {
fprintf(stderr, "ERR: get link xdp id failed (err=%d): %s\n",
-err, strerror(-err));
@@ -86,7 +86,7 @@ int xdp_link_detach(int ifindex, __u32 xdp_flags, __u32 expected_prog_id)
return EXIT_FAIL;
}
- if ((err = bpf_set_link_xdp_fd(ifindex, -1, xdp_flags)) < 0) {
+ if ((err = bpf_xdp_detach(ifindex, xdp_flags, NULL)) < 0) {
fprintf(stderr, "ERR: %s() link set xdp failed (err=%d): %s\n",
__func__, err, strerror(-err));
return EXIT_FAIL_XDP;
@@ -109,22 +109,28 @@ struct bpf_object *load_bpf_object_file(const char *filename, int ifindex)
* hardware offloading XDP programs (note this sets libbpf
* bpf_program->prog_ifindex and foreach bpf_map->map_ifindex).
*/
- struct bpf_prog_load_attr prog_load_attr = {
- .prog_type = BPF_PROG_TYPE_XDP,
- .ifindex = ifindex,
- };
- prog_load_attr.file = filename;
+ struct bpf_program *prog;
+ obj = bpf_object__open_file(filename, NULL);
+
+ if (libbpf_get_error(obj))
+ return NULL;
+
+ prog = bpf_object__next_program(obj, NULL);
+ bpf_program__set_type(prog, BPF_PROG_TYPE_XDP);
+ bpf_program__set_ifindex(prog, ifindex);
/* Use libbpf for extracting BPF byte-code from BPF-ELF object, and
* loading this into the kernel via bpf-syscall
*/
- err = bpf_prog_load_xattr(&prog_load_attr, &obj, &first_prog_fd);
+ err = bpf_object__load(obj);
if (err) {
fprintf(stderr, "ERR: loading BPF-OBJ file(%s) (%d): %s\n",
filename, err, strerror(-err));
return NULL;
}
+ first_prog_fd = bpf_program__fd(prog);
+
/* Notice how a pointer to a libbpf bpf_object is returned */
return obj;
}
@@ -136,12 +142,15 @@ static struct bpf_object *open_bpf_object(const char *file, int ifindex)
struct bpf_map *map;
struct bpf_program *prog, *first_prog = NULL;
- struct bpf_object_open_attr open_attr = {
- .file = file,
- .prog_type = BPF_PROG_TYPE_XDP,
- };
+ obj = bpf_object__open_file(file, NULL);
- obj = bpf_object__open_xattr(&open_attr);
+ if (libbpf_get_error(obj))
+ return NULL;
+
+ prog = bpf_object__next_program(obj, NULL);
+ bpf_program__set_type(prog, BPF_PROG_TYPE_XDP);
+
+ err = bpf_object__load(obj);
if (IS_ERR_OR_NULL(obj)) {
err = -PTR_ERR(obj);
fprintf(stderr, "ERR: opening BPF-OBJ file(%s) (%d): %s\n",
@@ -157,7 +166,7 @@ static struct bpf_object *open_bpf_object(const char *file, int ifindex)
}
bpf_object__for_each_map(map, obj) {
- if (!bpf_map__is_offload_neutral(map))
+ if (bpf_map__type(map) != BPF_MAP_TYPE_PERF_EVENT_ARRAY)
bpf_map__set_ifindex(map, ifindex);
}
@@ -264,10 +273,10 @@ struct bpf_object *load_bpf_and_xdp_attach(struct config *cfg)
if (cfg->progsec[0])
/* Find a matching BPF prog section name */
- bpf_prog = bpf_object__find_program_by_title(bpf_obj, cfg->progsec);
+ bpf_prog = bpf_object__find_program_by_name(bpf_obj, cfg->progsec);
else
/* Find the first program */
- bpf_prog = bpf_program__next(NULL, bpf_obj);
+ bpf_prog = bpf_object__next_program(bpf_obj, NULL);
if (!bpf_prog) {
fprintf(stderr, "ERR: couldn't find a program in ELF section '%s'\n", cfg->progsec);
diff --git a/src/xdp/common/xdp_stats_kern.h b/src/xdp/common/xdp_stats_kern.h
index 4e08551a0..c061a149d 100644
--- a/src/xdp/common/xdp_stats_kern.h
+++ b/src/xdp/common/xdp_stats_kern.h
@@ -13,12 +13,12 @@
#endif
/* Keeps stats per (enum) xdp_action */
-struct bpf_map_def SEC("maps") xdp_stats_map = {
- .type = BPF_MAP_TYPE_PERCPU_ARRAY,
- .key_size = sizeof(__u32),
- .value_size = sizeof(struct datarec),
- .max_entries = XDP_ACTION_MAX,
-};
+struct {
+ __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
+ __type(key, __u32);
+ __type(value, struct datarec);
+ __uint(max_entries, XDP_ACTION_MAX);
+} xdp_stats_map SEC(".maps");
static __always_inline
__u32 xdp_stats_record_action(struct xdp_md *ctx, __u32 action)
diff --git a/src/xdp/xdp_prog_kern.c b/src/xdp/xdp_prog_kern.c
index a1eb395af..59308325d 100644
--- a/src/xdp/xdp_prog_kern.c
+++ b/src/xdp/xdp_prog_kern.c
@@ -16,19 +16,19 @@
#define memcpy(dest, src, n) __builtin_memcpy((dest), (src), (n))
#endif
-struct bpf_map_def SEC("maps") tx_port = {
- .type = BPF_MAP_TYPE_DEVMAP,
- .key_size = sizeof(int),
- .value_size = sizeof(int),
- .max_entries = 256,
-};
-
-struct bpf_map_def SEC("maps") redirect_params = {
- .type = BPF_MAP_TYPE_HASH,
- .key_size = ETH_ALEN,
- .value_size = ETH_ALEN,
- .max_entries = 1,
-};
+struct {
+ __uint(type, BPF_MAP_TYPE_DEVMAP);
+ __type(key, int);
+ __type(value, int);
+ __uint(max_entries, 256);
+} tx_port SEC(".maps");
+
+struct {
+ __uint(type, BPF_MAP_TYPE_HASH);
+ __type(key, ETH_ALEN);
+ __type(value, ETH_ALEN);
+ __uint(max_entries, 1);
+} redirect_params SEC(".maps");
static __always_inline __u16 csum_fold_helper(__u32 csum)
{
@@ -208,8 +208,12 @@ out:
return xdp_stats_record_action(ctx, action);
}
+#ifndef AF_INET
#define AF_INET 2
+#endif
+#ifndef AF_INET6
#define AF_INET6 10
+#endif
#define IPV6_FLOWINFO_MASK bpf_htonl(0x0FFFFFFF)
/* from include/net/ip.h */