diff options
| -rw-r--r-- | data/config-mode-dependencies.json | 3 | ||||
| -rw-r--r-- | data/templates/firewall/nftables-policy.j2 | 8 | ||||
| -rw-r--r-- | data/templates/frr/ospfd.frr.j2 | 8 | ||||
| -rw-r--r-- | interface-definitions/include/ospf/protocol-common-config.xml.i | 52 | ||||
| -rw-r--r-- | interface-definitions/include/policy/tag.xml.i | 14 | ||||
| -rw-r--r-- | interface-definitions/netns.xml.in | 2 | ||||
| -rw-r--r-- | interface-definitions/policy.xml.in | 26 | ||||
| -rw-r--r-- | interface-definitions/vpp.xml.in | 2 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_policy_route.py | 16 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_protocols_ospf.py | 23 | ||||
| -rwxr-xr-x | src/conf_mode/protocols_ospf.py | 7 | ||||
| -rwxr-xr-x | src/conf_mode/vpp.py | 19 |
12 files changed, 134 insertions, 46 deletions
diff --git a/data/config-mode-dependencies.json b/data/config-mode-dependencies.json index ccee359d1..91a757c16 100644 --- a/data/config-mode-dependencies.json +++ b/data/config-mode-dependencies.json @@ -28,5 +28,8 @@ "wireguard": ["interfaces-wireguard"], "wireless": ["interfaces-wireless"], "wwan": ["interfaces-wwan"] + }, + "vpp": { + "ethernet": ["interfaces-ethernet"] } } diff --git a/data/templates/firewall/nftables-policy.j2 b/data/templates/firewall/nftables-policy.j2 index 7a89d29e4..1c9bda64f 100644 --- a/data/templates/firewall/nftables-policy.j2 +++ b/data/templates/firewall/nftables-policy.j2 @@ -11,7 +11,7 @@ table ip vyos_mangle { type filter hook prerouting priority -150; policy accept; {% if route is vyos_defined %} {% for route_text, conf in route.items() if conf.interface is vyos_defined %} - iifname { {{ conf.interface | join(",") }} } counter jump VYOS_PBR_{{ route_text }} + iifname { {{ conf.interface | join(",") }} } counter jump VYOS_PBR_UD_{{ route_text }} {% endfor %} {% endif %} } @@ -22,7 +22,7 @@ table ip vyos_mangle { {% if route is vyos_defined %} {% for route_text, conf in route.items() %} - chain VYOS_PBR_{{ route_text }} { + chain VYOS_PBR_UD_{{ route_text }} { {% if conf.rule is vyos_defined %} {% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} {{ rule_conf | nft_rule(route_text, rule_id, 'ip') }} @@ -40,7 +40,7 @@ table ip6 vyos_mangle { type filter hook prerouting priority -150; policy accept; {% if route6 is vyos_defined %} {% for route_text, conf in route6.items() if conf.interface is vyos_defined %} - iifname { {{ ",".join(conf.interface) }} } counter jump VYOS_PBR6_{{ route_text }} + iifname { {{ ",".join(conf.interface) }} } counter jump VYOS_PBR6_UD_{{ route_text }} {% endfor %} {% endif %} } @@ -51,7 +51,7 @@ table ip6 vyos_mangle { {% if route6 is vyos_defined %} {% for route_text, conf in route6.items() %} - chain VYOS_PBR6_{{ route_text }} { + chain VYOS_PBR6_UD_{{ route_text }} { {% if conf.rule is vyos_defined %} {% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} {{ rule_conf | nft_rule(route_text, rule_id, 'ip6') }} diff --git a/data/templates/frr/ospfd.frr.j2 b/data/templates/frr/ospfd.frr.j2 index 3f97b7325..1ee8d8752 100644 --- a/data/templates/frr/ospfd.frr.j2 +++ b/data/templates/frr/ospfd.frr.j2 @@ -72,6 +72,9 @@ router ospf {{ 'vrf ' ~ vrf if vrf is vyos_defined }} {% endfor %} {% endfor %} {% endif %} +{% if aggregation.timer is vyos_defined %} + aggregation timer {{ aggregation.timer }} +{% endif %} {% if area is vyos_defined %} {% for area_id, area_config in area.items() %} {% if area_config.area_type is vyos_defined %} @@ -200,6 +203,11 @@ router ospf {{ 'vrf ' ~ vrf if vrf is vyos_defined }} {% if refresh.timers is vyos_defined %} refresh timer {{ refresh.timers }} {% endif %} +{% if summary_address is vyos_defined %} +{% for prefix, prefix_options in summary_address.items() %} + summary-address {{ prefix }} {{ 'tag ' + prefix_options.tag if prefix_options.tag is vyos_defined }}{{ 'no-advertise' if prefix_options.no_advertise is vyos_defined }} +{% endfor %} +{% endif %} {% if segment_routing is vyos_defined %} {% if segment_routing.maximum_label_depth is vyos_defined %} segment-routing node-msd {{ segment_routing.maximum_label_depth }} diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i index b7f22cb88..3492b873f 100644 --- a/interface-definitions/include/ospf/protocol-common-config.xml.i +++ b/interface-definitions/include/ospf/protocol-common-config.xml.i @@ -1,4 +1,24 @@ <!-- include start from ospf/protocol-common-config.xml.i --> +<node name="aggregation"> + <properties> + <help>External route aggregation</help> + </properties> + <children> + <leafNode name="timer"> + <properties> + <help>Delay timer</help> + <valueHelp> + <format>u32:5-1800</format> + <description>Timer interval in seconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-1800"/> + </constraint> + </properties> + <defaultValue>5</defaultValue> + </leafNode> + </children> +</node> <tagNode name="access-list"> <properties> <help>Access list to filter networks in routing updates</help> @@ -816,6 +836,38 @@ </leafNode> </children> </node> +<tagNode name="summary-address"> + <properties> + <help>External summary address</help> + <valueHelp> + <format>ipv4net</format> + <description>OSPF area number in dotted decimal notation</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="no-advertise"> + <properties> + <help>Don not advertise summary route</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="tag"> + <properties> + <help>Router tag</help> + <valueHelp> + <format>u32:1-4294967295</format> + <description>Router tag value</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> +</tagNode> <node name="timers"> <properties> <help>Adjust routing timers</help> diff --git a/interface-definitions/include/policy/tag.xml.i b/interface-definitions/include/policy/tag.xml.i new file mode 100644 index 000000000..ec25b9391 --- /dev/null +++ b/interface-definitions/include/policy/tag.xml.i @@ -0,0 +1,14 @@ +<!-- include start from policy/tag.xml.i --> +<leafNode name="tag"> + <properties> + <help>Route tag value</help> + <valueHelp> + <format>u32:1-65535</format> + <description>Route tag</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/netns.xml.in b/interface-definitions/netns.xml.in index 87880e96a..5d958968f 100644 --- a/interface-definitions/netns.xml.in +++ b/interface-definitions/netns.xml.in @@ -3,7 +3,7 @@ <node name="netns" owner="${vyos_conf_scripts_dir}/netns.py"> <properties> <help>Network namespace</help> - <priority>299</priority> + <priority>291</priority> </properties> <children> <tagNode name="name"> diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index aa39950c2..c470cfdb3 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -1052,18 +1052,7 @@ </constraint> </properties> </leafNode> - <leafNode name="tag"> - <properties> - <help>Route tag to match</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Route tag</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> + #include <include/policy/tag.xml.i> </children> </node> <node name="on-match"> @@ -1548,18 +1537,7 @@ </constraint> </properties> </leafNode> - <leafNode name="tag"> - <properties> - <help>Tag value for routing protocol</help> - <valueHelp> - <format>u32:1-65535</format> - <description>Tag value</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-65535"/> - </constraint> - </properties> - </leafNode> + #include <include/policy/tag.xml.i> <leafNode name="weight"> <properties> <help>BGP weight attribute</help> diff --git a/interface-definitions/vpp.xml.in b/interface-definitions/vpp.xml.in index 51ab776c3..3f0758c0a 100644 --- a/interface-definitions/vpp.xml.in +++ b/interface-definitions/vpp.xml.in @@ -3,7 +3,7 @@ <node name="vpp" owner="${vyos_conf_scripts_dir}/vpp.py"> <properties> <help>Accelerated data-plane</help> - <priority>1280</priority> + <priority>295</priority> </properties> <children> <node name="cpu"> diff --git a/smoketest/scripts/cli/test_policy_route.py b/smoketest/scripts/cli/test_policy_route.py index a3df6bf4d..c83e633b2 100755 --- a/smoketest/scripts/cli/test_policy_route.py +++ b/smoketest/scripts/cli/test_policy_route.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2022 VyOS maintainers and contributors +# Copyright (C) 2021-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -100,7 +100,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): self.cli_commit() nftables_search = [ - [f'iifname "{interface}"','jump VYOS_PBR_smoketest'], + [f'iifname "{interface}"','jump VYOS_PBR_UD_smoketest'], ['ip daddr @N_smoketest_network1', 'ip saddr @N_smoketest_network'], ] @@ -119,7 +119,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): mark_hex = "{0:#010x}".format(int(mark)) nftables_search = [ - [f'iifname "{interface}"','jump VYOS_PBR_smoketest'], + [f'iifname "{interface}"','jump VYOS_PBR_UD_smoketest'], ['ip daddr 172.16.10.10', 'ip saddr 172.16.20.10', 'meta mark set ' + mark_hex], ] @@ -138,7 +138,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): mark_hex_set = "{0:#010x}".format(int(conn_mark_set)) nftables_search = [ - [f'iifname "{interface}"','jump VYOS_PBR_smoketest'], + [f'iifname "{interface}"','jump VYOS_PBR_UD_smoketest'], ['ip daddr 172.16.10.10', 'ip saddr 172.16.20.10', 'ct mark ' + mark_hex, 'ct mark set ' + mark_hex_set], ] @@ -164,7 +164,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): # IPv4 nftables_search = [ - [f'iifname "{interface}"', 'jump VYOS_PBR_smoketest'], + [f'iifname "{interface}"', 'jump VYOS_PBR_UD_smoketest'], ['tcp flags syn / syn,ack', 'tcp dport 8888', 'meta mark set ' + mark_hex] ] @@ -173,7 +173,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): # IPv6 nftables6_search = [ - [f'iifname "{interface}"', 'jump VYOS_PBR6_smoketest'], + [f'iifname "{interface}"', 'jump VYOS_PBR6_UD_smoketest'], ['meta l4proto { tcp, udp }', 'th dport 8888', 'meta mark set ' + mark_hex] ] @@ -246,7 +246,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): # IPv4 nftables_search = [ - ['iifname { "' + interface + '", "' + interface_wc + '" }', 'jump VYOS_PBR_smoketest'], + ['iifname { "' + interface + '", "' + interface_wc + '" }', 'jump VYOS_PBR_UD_smoketest'], ['meta l4proto udp', 'drop'], ['tcp flags syn / syn,ack', 'meta mark set ' + mark_hex], ['ct state new', 'tcp dport 22', 'ip saddr 198.51.100.0/24', 'ip ttl > 2', 'meta mark set ' + mark_hex], @@ -258,7 +258,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): # IPv6 nftables6_search = [ - [f'iifname "{interface_wc}"', 'jump VYOS_PBR6_smoketest'], + [f'iifname "{interface_wc}"', 'jump VYOS_PBR6_UD_smoketest'], ['meta l4proto udp', 'drop'], ['tcp flags syn / syn,ack', 'meta mark set ' + mark_hex], ['ct state new', 'tcp dport 22', 'ip6 saddr 2001:db8::/64', 'ip6 hoplimit > 2', 'meta mark set ' + mark_hex], diff --git a/smoketest/scripts/cli/test_protocols_ospf.py b/smoketest/scripts/cli/test_protocols_ospf.py index 6fe6dd979..e4907596e 100755 --- a/smoketest/scripts/cli/test_protocols_ospf.py +++ b/smoketest/scripts/cli/test_protocols_ospf.py @@ -159,6 +159,12 @@ class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase): on_startup = '30' on_shutdown = '60' refresh = '50' + aggregation_timer = '100' + summary_nets = { + '10.0.1.0/24' : {}, + '10.0.2.0/24' : {'tag' : '50'}, + '10.0.3.0/24' : {'no_advertise' : {}}, + } self.cli_set(base_path + ['distance', 'global', global_distance]) self.cli_set(base_path + ['distance', 'ospf', 'external', external]) @@ -170,6 +176,15 @@ class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['mpls-te', 'enable']) self.cli_set(base_path + ['refresh', 'timers', refresh]) + self.cli_set(base_path + ['aggregation', 'timer', aggregation_timer]) + + for summary, summary_options in summary_nets.items(): + self.cli_set(base_path + ['summary-address', summary]) + if 'tag' in summary_options: + self.cli_set(base_path + ['summary-address', summary, 'tag', summary_options['tag']]) + if 'no_advertise' in summary_options: + self.cli_set(base_path + ['summary-address', summary, 'no-advertise']) + # commit changes self.cli_commit() @@ -184,6 +199,14 @@ class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase): self.assertIn(f' max-metric router-lsa on-shutdown {on_shutdown}', frrconfig) self.assertIn(f' refresh timer {refresh}', frrconfig) + self.assertIn(f' aggregation timer {aggregation_timer}', frrconfig) + for summary, summary_options in summary_nets.items(): + self.assertIn(f' summary-address {summary}', frrconfig) + if 'tag' in summary_options: + tag = summary_options['tag'] + self.assertIn(f' summary-address {summary} tag {tag}', frrconfig) + if 'no_advertise' in summary_options: + self.assertIn(f' summary-address {summary} no-advertise', frrconfig) # enable inter-area self.cli_set(base_path + ['distance', 'ospf', 'inter-area', inter_area]) diff --git a/src/conf_mode/protocols_ospf.py b/src/conf_mode/protocols_ospf.py index b73483470..460c9f1a4 100755 --- a/src/conf_mode/protocols_ospf.py +++ b/src/conf_mode/protocols_ospf.py @@ -250,6 +250,13 @@ def verify(ospf): raise ConfigError(f'Segment routing prefix {prefix} cannot have both explicit-null '\ f'and no-php-flag configured at the same time.') + # Check route summarisation + if 'summary_address' in ospf: + for prefix, prefix_options in ospf['summary_address'].items(): + if {'tag', 'no_advertise'} <= set(prefix_options): + raise ConfigError(f'Can not set both "tag" and "no-advertise" for Type-5 '\ + f'and Type-7 route summarisation of "{prefix}"!') + return None def generate(ospf): diff --git a/src/conf_mode/vpp.py b/src/conf_mode/vpp.py index 62ec4c162..dc13f4e60 100755 --- a/src/conf_mode/vpp.py +++ b/src/conf_mode/vpp.py @@ -21,13 +21,11 @@ from pathlib import Path from re import search as re_search, MULTILINE as re_M from vyos.config import Config +from vyos.configdep import set_dependents, call_dependents from vyos.configdict import dict_merge from vyos.configdict import node_changed from vyos.ifconfig import Section -from vyos.ifconfig import EthernetIf -from vyos.ifconfig import interface -from vyos.util import call -from vyos.util import rc_cmd +from vyos.util import call, rc_cmd, boot_configuration_complete from vyos.template import render from vyos.xml import defaults @@ -48,7 +46,6 @@ MIN_TOTAL_MEMORY = 6 def _get_pci_address_by_interface(iface) -> str: - from vyos.util import rc_cmd rc, out = rc_cmd(f'ethtool -i {iface}') # if ethtool command was successful if rc == 0 and out: @@ -87,6 +84,9 @@ def get_config(config=None): 'iface_name': removed_iface, 'iface_pci_addr': pci_address }) + # add an interface to a list of interfaces that need + # to be reinitialized after the commit + set_dependents('ethernet', conf, removed_iface) if not conf.exists(base): return {'removed_ifaces': removed_ifaces} @@ -107,6 +107,9 @@ def get_config(config=None): for iface, iface_config in config['interface'].items(): default_values_iface = defaults(base + ['interface']) config['interface'][iface] = dict_merge(default_values_iface, config['interface'][iface]) + # add an interface to a list of interfaces that need + # to be reinitialized after the commit + set_dependents('ethernet', conf, iface) # Get PCI address auto for iface, iface_config in config['interface'].items(): @@ -186,9 +189,9 @@ def apply(config): if iface not in Section.interfaces(): vpp_control.lcp_pair_add(iface, iface) - # update interface config - #e = EthernetIf(iface) - #e.update(config['other_interfaces'][iface]) + # reinitialize interfaces, but not during the first boot + if boot_configuration_complete(): + call_dependents() if __name__ == '__main__': |