diff options
-rw-r--r-- | Makefile | 1 | ||||
-rw-r--r-- | debian/control | 1 | ||||
-rwxr-xr-x | debian/rules | 4 | ||||
-rw-r--r-- | interface-definitions/igmp-proxy.xml | 100 | ||||
-rw-r--r-- | op-mode-definitions/show-ip-multicast.xml | 30 | ||||
-rwxr-xr-x | src/conf_mode/igmp_proxy.py | 179 | ||||
-rwxr-xr-x | src/etc/init.d/igmpproxy | 166 | ||||
-rwxr-xr-x | src/op_mode/show-igmpproxy.py | 241 |
8 files changed, 722 insertions, 0 deletions
@@ -28,6 +28,7 @@ op_mode_definitions: rm -f $(OP_TMPL_DIR)/set/node.def rm -f $(OP_TMPL_DIR)/show/node.def rm -f $(OP_TMPL_DIR)/show/interfaces/node.def + rm -f $(OP_TMPL_DIR)/show/ip/node.def rm -f $(OP_TMPL_DIR)/reset/node.def rm -f $(OP_TMPL_DIR)/restart/node.def rm -f $(OP_TMPL_DIR)/monitor/node.def diff --git a/debian/control b/debian/control index 05b4f5320..a68598fd5 100644 --- a/debian/control +++ b/debian/control @@ -46,6 +46,7 @@ Depends: python3, keepalived (>=2.0.5), wireguard, tftpd-hpa, + igmpproxy, ${shlibs:Depends}, ${misc:Depends} Description: VyOS configuration scripts and data diff --git a/debian/rules b/debian/rules index 15dfec551..663aff4d9 100755 --- a/debian/rules +++ b/debian/rules @@ -64,3 +64,7 @@ override_dh_auto_install: # Install data files mkdir -p $(DIR)/$(VYOS_DATA_DIR) cp -r data/* $(DIR)/$(VYOS_DATA_DIR) + + # Install etc configuration files + mkdir -p $(DIR)/etc + cp -r src/etc/* $(DIR)/etc diff --git a/interface-definitions/igmp-proxy.xml b/interface-definitions/igmp-proxy.xml new file mode 100644 index 000000000..ab56019b4 --- /dev/null +++ b/interface-definitions/igmp-proxy.xml @@ -0,0 +1,100 @@ +<?xml version="1.0"?> +<!-- IGMP Proxy configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="igmp-proxy" owner="${vyos_conf_scripts_dir}/igmp_proxy.py"> + <properties> + <help>Internet Group Management Protocol (IGMP) proxy parameters</help> + <priority>740</priority> + </properties> + <children> + <leafNode name="disable"> + <properties> + <help>Option to disable IGMP proxy</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-quickleave"> + <properties> + <help>Option to disable "quickleave"</help> + <valueless/> + </properties> + </leafNode> + <tagNode name="interface"> + <properties> + <help>Interface for IGMP proxy [REQUIRED]</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <leafNode name="alt-subnet"> + <properties> + <help>Allowed unicast sources for multicast traffic to be proxy'ed</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="role"> + <properties> + <help>Role of this IGMP interface</help> + <completionHelp> + <list>upstream downstream disabled</list> + </completionHelp> + <valueHelp> + <format>upstream</format> + <description>Upstream interface (only 1 allowed)</description> + </valueHelp> + <valueHelp> + <format>downstream</format> + <description>Downstream interface(s) (default)</description> + </valueHelp> + <valueHelp> + <format>disabled</format> + <description>Disabled interface</description> + </valueHelp> + <constraint> + <regex>(upstream|downstream|disabled)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="threshold"> + <properties> + <help>TTL threshold</help> + <valueHelp> + <format>1-255</format> + <description>TTL threshold for the interfaces (default: 1)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + <constraintErrorMessage>threshold must be between 1 and 255</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="whitelist"> + <properties> + <help>Group to whitelist</help> + <valueHelp> + <format>ipv4net</format> + <description>IPv4 network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/show-ip-multicast.xml b/op-mode-definitions/show-ip-multicast.xml new file mode 100644 index 000000000..07102bfa6 --- /dev/null +++ b/op-mode-definitions/show-ip-multicast.xml @@ -0,0 +1,30 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="show"> + <children> + <node name="ip"> + <children> + <node name="multicast"> + <properties> + <help>Show IP multicast</help> + </properties> + <children> + <leafNode name="interface"> + <properties> + <help>Show multicast interfaces</help> + </properties> + <command>if ps -C igmpproxy &>/dev/null; then ${vyos_op_scripts_dir}/show-igmpproxy.py --interface; else echo IGMP proxy not configured; fi</command> + </leafNode> + <leafNode name="mfc"> + <properties> + <help>Show multicast fowarding cache</help> + </properties> + <command>if ps -C igmpproxy &>/dev/null; then ${vyos_op_scripts_dir}/show-igmpproxy.py --mfc; else echo IGMP proxy not configured; fi</command> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/src/conf_mode/igmp_proxy.py b/src/conf_mode/igmp_proxy.py new file mode 100755 index 000000000..b994369af --- /dev/null +++ b/src/conf_mode/igmp_proxy.py @@ -0,0 +1,179 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# + +import sys +import os +import jinja2 + +from vyos.config import Config +from vyos import ConfigError + +config_file = r'/etc/igmpproxy.conf' + +# Please be careful if you edit the template. +config_tmpl = """ +######################################################## +# +# autogenerated by igmp_proxy.py +# +# The configuration file must define one upstream +# interface, and one or more downstream interfaces. +# +# If multicast traffic originates outside the +# upstream subnet, the "altnet" option can be +# used in order to define legal multicast sources. +# (Se example...) +# +# The "quickleave" should be used to avoid saturation +# of the upstream link. The option should only +# be used if it's absolutely nessecary to +# accurately imitate just one Client. +# +######################################################## + +{% if not disable_quickleave -%} +quickleave +{% endif -%} + +{% for i in interface %} +# Configuration for {{ i.interface }} ({{ i.role }} interface) +{% if i.role == 'disabled' -%} +phyint {{ i.interface }} disabled +{%- else -%} +phyint {{ i.interface }} {{ i.role }} ratelimit 0 threshold {{ i.threshold }} +{%- endif -%} +{%- for subnet in i.alt_subnet %} + altnet {{ subnet }} +{%- endfor %} +{%- for subnet in i.whitelist %} + whitelist {{ subnet }} +{%- endfor %} +{% endfor %} +""" + +default_config_data = { + 'disable': False, + 'disable_quickleave': False, + 'interface': [], +} + +def get_config(): + igmp_proxy = default_config_data + conf = Config() + if not conf.exists('protocols igmp-proxy'): + return None + else: + conf.set_level('protocols igmp-proxy') + + # Network interfaces to listen on + if conf.exists('disable'): + igmp_proxy['disable'] = True + + # Option to disable "quickleave" + if conf.exists('disable-quickleave'): + igmp_proxy['disable_quickleave'] = True + + for intf in conf.list_nodes('interface'): + conf.set_level('protocols igmp-proxy interface {0}'.format(intf)) + interface = { + 'interface': intf, + 'alt_subnet': [], + 'role': 'downstream', + 'threshold': '1', + 'whitelist': [] + } + + if conf.exists('alt-subnet'): + interface['alt_subnet'] = conf.return_values('alt-subnet') + + if conf.exists('role'): + interface['role'] = conf.return_value('role') + + if conf.exists('threshold'): + interface['threshold'] = conf.return_value('threshold') + + if conf.exists('whitelist'): + interface['whitelist'] = conf.return_values('whitelist') + + # Append interface configuration to global configuration list + igmp_proxy['interface'].append(interface) + + return igmp_proxy + +def verify(igmp_proxy): + # bail out early - looks like removal from running config + if igmp_proxy is None: + return None + + # bail out early - service is disabled + if igmp_proxy['disable']: + return None + + # at least two interfaces are required, one upstream and one downstream + if len(igmp_proxy['interface']) < 2: + raise ConfigError('Must define an upstream and at least 1 downstream interface!') + + upstream = 0 + for i in igmp_proxy['interface']: + if "upstream" == i['role']: + upstream += 1 + + if upstream == 0: + raise ConfigError('At least 1 upstream interface is required!') + elif upstream > 1: + raise ConfigError('Only 1 upstream interface allowed!') + + return None + +def generate(igmp_proxy): + # bail out early - looks like removal from running config + if igmp_proxy is None: + return None + + # bail out early - service is disabled, but inform user + if igmp_proxy['disable']: + print('Warning: IGMP Proxy will be deactivated because it is disabled') + return None + + tmpl = jinja2.Template(config_tmpl) + config_text = tmpl.render(igmp_proxy) + with open(config_file, 'w') as f: + f.write(config_text) + + return None + +def apply(igmp_proxy): + if igmp_proxy is None or igmp_proxy['disable']: + # IGMP Proxy support is removed in the commit + os.system('sudo systemctl stop igmpproxy.service') + if os.path.exists(config_file): + os.unlink(config_file) + else: + os.system('sudo systemctl restart igmpproxy.service') + + return None + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + sys.exit(1) diff --git a/src/etc/init.d/igmpproxy b/src/etc/init.d/igmpproxy new file mode 100755 index 000000000..4a2c94a4d --- /dev/null +++ b/src/etc/init.d/igmpproxy @@ -0,0 +1,166 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: igmpproxy +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: IGMP multicast routing daemon +# Description: IGMPproxy is a simple dynamic Multicast Routing Daemon +# using only IGMP signalling. It's intended for simple +# forwarding of Multicast traffic between networks. +### END INIT INFO + +# Author: Pali Rohár <pali.rohar@gmail.com> + +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="igmpproxy" +NAME=igmpproxy +DAEMON=/sbin/igmpproxy +DAEMON_ARGS="/etc/igmpproxy.conf" +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -m -- \ + $DAEMON_OPTS $DAEMON_ARGS \ + || return 2 + # The above code will not work for interpreted scripts, use the next + # six lines below instead (Ref: #643337, start-stop-daemon(8) ) + #start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON \ + # --name $NAME --test > /dev/null \ + # || return 1 + #start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON \ + # --name $NAME -- $DAEMON_ARGS \ + # || return 2 + + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/src/op_mode/show-igmpproxy.py b/src/op_mode/show-igmpproxy.py new file mode 100755 index 000000000..a021fcdde --- /dev/null +++ b/src/op_mode/show-igmpproxy.py @@ -0,0 +1,241 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# File: show-igmpproxy +# Purpose: +# Display istatistics from IPv4 IGMP proxy. +# Used by the "run show ip multicast" command tree. + +import sys +import jinja2 +import argparse +import ipaddress +import socket + +import vyos.config + +# Output Template for "show ip multicast interface" command +# +# Example: +# Interface BytesIn PktsIn BytesOut PktsOut Local +# eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65 +# eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201 +# eth0.3 0.0b 0 0.0b 0 xxx.xxx.x.7 +# tun1 0.0b 0 0.0b 0 xxx.xxx.xxx.2 +vif_out_tmpl = """ +{%- for r in data %} +{{ "%-10s"|format(r.interface) }} {{ "%-12s"|format(r.bytes_in) }} {{ "%-12s"|format(r.pkts_in) }} {{ "%-12s"|format(r.bytes_out) }} {{ "%-12s"|format(r.pkts_out) }} {{ "%-15s"|format(r.loc) }} +{%- endfor %} +""" + +# Output Template for "show ip multicast mfc" command +# +# Example: +# Group Origin In Out Pkts Bytes Wrong +# xxx.xxx.xxx.250 xxx.xx.xxx.75 -- +# xxx.xxx.xx.124 xx.xxx.xxx.26 -- +mfc_out_tmpl = """ +{%- for r in data %} +{{ "%-15s"|format(r.group) }} {{ "%-15s"|format(r.origin) }} {{ "%-12s"|format(r.pkts) }} {{ "%-12s"|format(r.bytes) }} {{ "%-12s"|format(r.wrong) }} {{ "%-10s"|format(r.iif) }} {{ "%-20s"|format(r.oifs|join(', ')) }} +{%- endfor %} +""" + +parser = argparse.ArgumentParser() +parser.add_argument("--interface", action="store_true", help="Interface Statistics") +parser.add_argument("--mfc", action="store_true", help="Multicast Forwarding Cache") + +def byte_string(size): + # convert size to integer + size = int(size) + + # One Terrabyte + s_TB = 1024 * 1024 * 1024 * 1024 + # One Gigabyte + s_GB = 1024 * 1024 * 1024 + # One Megabyte + s_MB = 1024 * 1024 + # One Kilobyte + s_KB = 1024 + # One Byte + s_B = 1 + + if size > s_TB: + return str(round((size/s_TB), 2)) + 'TB' + elif size > s_GB: + return str(round((size/s_GB), 2)) + 'GB' + elif size > s_MB: + return str(round((size/s_MB), 2)) + 'MB' + elif size > s_KB: + return str(round((size/s_KB), 2)) + 'KB' + else: + return str(round((size/s_B), 2)) + 'b' + + return None + +def kernel2ip(addr): + """ + Convert any given addr from Linux Kernel to a proper, IPv4 address + using the correct host byte order. + """ + + # Convert from hex 'FE000A0A' to decimal '4261415434' + addr = int(addr, 16) + # Kernel ABI _always_ uses network byteorder + addr = socket.ntohl(addr) + + return ipaddress.IPv4Address( addr ) + +def do_mr_vif(): + """ + Read contents of file /proc/net/ip_mr_vif and print a more human + friendly version to the command line. IPv4 addresses present as + 32bit integers in hex format are converted to IPv4 notation, too. + """ + + with open('/proc/net/ip_mr_vif', 'r') as f: + lines = len(f.readlines()) + if lines < 2: + return None + + result = { + 'data': [] + } + + # Build up table format string + table_format = { + 'interface': 'Interface', + 'pkts_in' : 'PktsIn', + 'pkts_out' : 'PktsOut', + 'bytes_in' : 'BytesIn', + 'bytes_out': 'BytesOut', + 'loc' : 'Local' + } + result['data'].append(table_format) + + # read and parse information from /proc filesystema + with open('/proc/net/ip_mr_vif', 'r') as f: + header_line = next(f) + for line in f: + data = { + 'interface': line.split()[1], + 'pkts_in' : line.split()[3], + 'pkts_out' : line.split()[5], + + # convert raw byte number to something more human readable + # Note: could be replaced by Python3 hurry.filesize module + 'bytes_in' : byte_string( line.split()[2] ), + 'bytes_out': byte_string( line.split()[4] ), + + # convert IP address from hex 'FE000A0A' to decimal '4261415434' + 'loc' : kernel2ip( line.split()[7] ), + } + result['data'].append(data) + + return result + +def do_mr_mfc(): + """ + Read contents of file /proc/net/ip_mr_cache and print a more human + friendly version to the command line. IPv4 addresses present as + 32bit integers in hex format are converted to IPv4 notation, too. + """ + + with open('/proc/net/ip_mr_cache', 'r') as f: + lines = len(f.readlines()) + if lines < 2: + return None + + # We need this to convert from interface index to a real interface name + # Thus we also skip the format identifier on list index 0 + vif = do_mr_vif()['data'][1:] + + result = { + 'data': [] + } + + # Build up table format string + table_format = { + 'group' : 'Group', + 'origin': 'Origin', + 'iif' : 'In', + 'oifs' : ['Out'], + 'pkts' : 'Pkts', + 'bytes' : 'Bytes', + 'wrong' : 'Wrong' + } + result['data'].append(table_format) + + # read and parse information from /proc filesystem + with open('/proc/net/ip_mr_cache', 'r') as f: + header_line = next(f) + for line in f: + data = { + # convert IP address from hex 'FE000A0A' to decimal '4261415434' + 'group' : kernel2ip( line.split()[0] ), + 'origin': kernel2ip( line.split()[1] ), + + 'iif' : '--', + 'pkts' : '', + 'bytes' : '', + 'wrong' : '', + 'oifs' : [] + } + + iif = int( line.split()[2] ) + if not ((iif == -1) or (iif == 65535)): + data['pkts'] = line.split()[3] + data['bytes'] = byte_string( line.split()[4] ) + data['wrong'] = line.split()[5] + + # convert index to real interface name + data['iif'] = vif[iif]['interface'] + + # convert each output interface index to a real interface name + for oif in line.split()[6:]: + idx = int( oif.split(':')[0] ) + data['oifs'].append( vif[idx]['interface'] ) + + result['data'].append(data) + + return result + +if __name__ == '__main__': + args = parser.parse_args() + + # Do nothing if service is not configured + c = vyos.config.Config() + if not c.exists_effective('protocols igmp-proxy'): + print("IGMP proxy is not configured") + sys.exit(0) + + if args.interface: + data = do_mr_vif() + if data: + tmpl = jinja2.Template(vif_out_tmpl) + print(tmpl.render(data)) + + sys.exit(0) + elif args.mfc: + data = do_mr_mfc() + if data: + tmpl = jinja2.Template(mfc_out_tmpl) + print(tmpl.render(data)) + + sys.exit(0) + else: + parser.print_help() + sys.exit(1) + |