diff options
| -rw-r--r-- | Makefile | 1 | ||||
| -rw-r--r-- | debian/control | 1 | ||||
| -rw-r--r-- | interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i | 2 | ||||
| -rw-r--r-- | interface-definitions/include/address-ipv4-ipv6.xml.i | 2 | ||||
| -rw-r--r-- | interface-definitions/include/rip-redistribute.xml.i | 24 | ||||
| -rw-r--r-- | interface-definitions/protocols-rip.xml.in | 406 | ||||
| -rw-r--r-- | op-mode-definitions/show-log.xml | 79 | ||||
| -rw-r--r-- | op-mode-definitions/show-login.xml | 33 | ||||
| -rw-r--r-- | op-mode-definitions/show-monitoring.xml | 13 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-bonding.py | 19 | ||||
| -rwxr-xr-x | src/op_mode/show_current_user.sh | 18 |
11 files changed, 585 insertions, 13 deletions
@@ -73,6 +73,7 @@ interface_definitions: $(BUILD_DIR) $(obj) rm -f $(TMPL_DIR)/interfaces/wirelessmodem/node.tag/ipv6/node.def rm -f $(TMPL_DIR)/protocols/node.def mv $(TMPL_DIR)/protocols/nbgp $(TMPL_DIR)/protocols/.nbgp + mv $(TMPL_DIR)/protocols/nrip $(TMPL_DIR)/protocols/.nrip rm -f $(TMPL_DIR)/protocols/static/node.def rm -f $(TMPL_DIR)/system/node.def rm -f $(TMPL_DIR)/vpn/node.def diff --git a/debian/control b/debian/control index bb6116251..85dd919a5 100644 --- a/debian/control +++ b/debian/control @@ -41,7 +41,6 @@ Depends: python3, easy-rsa, ipaddrcheck, tcpdump, - tshark, isc-dhcp-client, wide-dhcpv6-client, bmon, diff --git a/interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i b/interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i index fb46f2c09..cca824d89 100644 --- a/interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i +++ b/interface-definitions/include/address-ipv4-ipv6-dhcp.xml.i @@ -21,7 +21,7 @@ <description>Dynamic Host Configuration Protocol for IPv6</description> </valueHelp> <constraint> - <validator name="ip-cidr"/> + <validator name="ip-host"/> <regex>(dhcp|dhcpv6)</regex> </constraint> <multi/> diff --git a/interface-definitions/include/address-ipv4-ipv6.xml.i b/interface-definitions/include/address-ipv4-ipv6.xml.i index aa84a5640..a891085bd 100644 --- a/interface-definitions/include/address-ipv4-ipv6.xml.i +++ b/interface-definitions/include/address-ipv4-ipv6.xml.i @@ -10,7 +10,7 @@ <description>IPv6 address and prefix length</description> </valueHelp> <constraint> - <validator name="ip-cidr"/> + <validator name="ip-host"/> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/rip-redistribute.xml.i b/interface-definitions/include/rip-redistribute.xml.i new file mode 100644 index 000000000..d94dfa5a8 --- /dev/null +++ b/interface-definitions/include/rip-redistribute.xml.i @@ -0,0 +1,24 @@ +<leafNode name="metric"> + <properties> + <help>Metric for redistributed routes</help> + <valueHelp> + <format><1-16></format> + <description>Redistribute route metric</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16"/> + </constraint> + </properties> +</leafNode> +<leafNode name="route-map"> + <properties> + <help>Route map reference</help> + <valueHelp> + <format><text></format> + <description>Route map reference</description> + </valueHelp> + <completionHelp> + <path>policy route-map</path> + </completionHelp> + </properties> +</leafNode> diff --git a/interface-definitions/protocols-rip.xml.in b/interface-definitions/protocols-rip.xml.in new file mode 100644 index 000000000..a9c295f4c --- /dev/null +++ b/interface-definitions/protocols-rip.xml.in @@ -0,0 +1,406 @@ +<!-- Routing Information Protocol (RIP) configuration --> +<interfaceDefinition> + <node name="protocols"> + <children> + <node name="nrip" owner="${vyos_conf_scripts_dir}/protocols_rip.py"> + <properties> + <help>Routing Information Protocol (RIP) parameters</help> + </properties> + <children> + <leafNode name="default-distance"> + <properties> + <help>Administrative distance</help> + <valueHelp> + <format><1-255></format> + <description>Administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + <node name="default-information"> + <properties> + <help>Control distribution of default route</help> + </properties> + <children> + <leafNode name="originate"> + <properties> + <help>Distribute a default route</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + <leafNode name="default-metric"> + <properties> + <help>Metric of redistributed routes</help> + <valueHelp> + <format><1-16></format> + <description>Redistributed routes metric</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-16"/> + </constraint> + </properties> + </leafNode> + <node name="distribute-list"> + <properties> + <help>Filter networks in routing updates</help> + </properties> + <children> + <node name="access-list"> + <properties> + <help>Access-list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Access list to apply to input packets</help> + <valueHelp> + <format><0-4294967295></format> + <description>Access list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Access list to apply to output packets</help> + <valueHelp> + <format><0-4294967295></format> + <description>Access list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <tagNode name="interface"> + <properties> + <help>Apply filtering to an interface</help> + <valueHelp> + <format><text></format> + <description>Apply filtering to an interface</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + </properties> + <children> + <node name="access-list"> + <properties> + <help>Access list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Access list to apply to input packets</help> + <valueHelp> + <format><0-4294967295></format> + <description>Access list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Access list to apply to output packets</help> + <valueHelp> + <format><0-4294967295></format> + <description>Access list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + <constraint> + <validator name="numeric" argument="--range 0-4294967295"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <node name="prefix-list"> + <properties> + <help>Prefix-list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Prefix-list to apply to input packets</help> + <valueHelp> + <format><text></format> + <description>Prefix-list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Prefix-list to apply to output packets</help> + <valueHelp> + <format><text></format> + <description>Prefix-list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </tagNode> + <node name="prefix-list"> + <properties> + <help>Prefix-list</help> + </properties> + <children> + <leafNode name="in"> + <properties> + <help>Prefix-list to apply to input packets</help> + <valueHelp> + <format><text></format> + <description>Prefix-list to apply to input packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="out"> + <properties> + <help>Prefix-list to apply to output packets</help> + <valueHelp> + <format><text></format> + <description>Prefix-list to apply to output packets</description> + </valueHelp> + <completionHelp> + <path>policy prefix-list</path> + </completionHelp> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="interface"> + <properties> + <help>Interface name</help> + <valueHelp> + <format><text></format> + <description>Apply filtering to an interface</description> + </valueHelp> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="neighbor"> + <properties> + <help>Neighbor router</help> + <valueHelp> + <format>ipv4</format> + <description>Neighbor router</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="network"> + <properties> + <help>RIP network</help> + <valueHelp> + <format>ipv4net</format> + <description>RIP network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <tagNode name="network-distance"> + <properties> + <help>Source network</help> + <valueHelp> + <format>ipv4net</format> + <description>Source network</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + </properties> + <children> + <leafNode name="access-list"> + <properties> + <help>Access list</help> + <valueHelp> + <format><text></format> + <description>Access list</description> + </valueHelp> + <completionHelp> + <path>policy access-list</path> + </completionHelp> + </properties> + </leafNode> + <leafNode name="distance"> + <properties> + <help>Administrative distance for network</help> + <valueHelp> + <format><1-255></format> + <description>Administrative distance</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="passive-interface"> + <properties> + <help>Passive interface</help> + <valueHelp> + <format><text></format> + <description>Suppress routing updates on interface</description> + </valueHelp> + <valueHelp> + <format>default</format> + <description>Suppress routing updates on all interfaces by default</description> + </valueHelp> + <completionHelp> + <list>default</list> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <node name="redistribute"> + <properties> + <help>Redistribute information from another routing protocol</help> + </properties> + <children> + <node name="bgp"> + <properties> + <help>Redistribute BGP routes</help> + </properties> + <children> + #include <include/rip-redistribute.xml.i> + </children> + </node> + <node name="connected"> + <properties> + <help>Redistribute connected routes</help> + </properties> + <children> + #include <include/rip-redistribute.xml.i> + </children> + </node> + <node name="kernel"> + <properties> + <help>Redistribute kernel routes</help> + </properties> + <children> + #include <include/rip-redistribute.xml.i> + </children> + </node> + <node name="ospf"> + <properties> + <help>Redistribute OSPF routes</help> + </properties> + <children> + #include <include/rip-redistribute.xml.i> + </children> + </node> + <node name="static"> + <properties> + <help>Redistribute static routes</help> + </properties> + <children> + #include <include/rip-redistribute.xml.i> + </children> + </node> + </children> + </node> + <leafNode name="route"> + <properties> + <help>RIP static route</help> + <valueHelp> + <format>ipv4net</format> + <description>RIP static route</description> + </valueHelp> + <constraint> + <validator name="ipv4-prefix"/> + </constraint> + <multi/> + </properties> + </leafNode> + <node name="timers"> + <properties> + <help>RIP timer values</help> + </properties> + <children> + <leafNode name="garbage-collection"> + <properties> + <help>Garbage collection timer</help> + <valueHelp> + <format><5-2147483647></format> + <description>Garbage colletion time (default 120)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-2147483647"/> + </constraint> + </properties> + </leafNode> + <leafNode name="timeout"> + <properties> + <help>Routing information timeout timer</help> + <valueHelp> + <format><5-2147483647></format> + <description>Routing information timeout timer (default 180)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-2147483647"/> + </constraint> + </properties> + </leafNode> + <leafNode name="update"> + <properties> + <help>Routing table update timer</help> + <valueHelp> + <format><5-2147483647></format> + <description>Routing table update timer in seconds (default 30)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 5-2147483647"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/show-log.xml b/op-mode-definitions/show-log.xml index 87d78cc49..0c4da647b 100644 --- a/op-mode-definitions/show-log.xml +++ b/op-mode-definitions/show-log.xml @@ -38,12 +38,91 @@ </properties> <command>cat $(printf "%s\n" /var/log/messages* | sort -nr) | grep dhcpd</command> </leafNode> + <node name="firewall"> + <properties> + <help>Show log for Firewall</help> + </properties> + <children> + <tagNode name="ipv6-name"> + <properties> + <help>Show log for a specified firewall (IPv6)</help> + <completionHelp> + <path>firewall ipv6-name</path> + </completionHelp> + </properties> + <command>cat $(printf "%s\n" /var/log/messages* | sort -nr ) | egrep "\[$5-([0-9]+|default)-[ADR]\]"</command> + <children> + <tagNode name="rule"> + <properties> + <help>Show log for a rule in the specified firewall</help> + <completionHelp> + <path>firewall ipv6-name ${COMP_WORDS[4]} rule</path> + </completionHelp> + </properties> + <command>cat $(printf "%s\n" /var/log/messages* | sort -nr) | grep -e "\[$5-$7-[ADR]\]"</command> + </tagNode> + </children> + </tagNode> + <tagNode name="name"> + <properties> + <help>Show log for a specified firewall (IPv4)</help> + <completionHelp> + <path>firewall name</path> + </completionHelp> + </properties> + <command>cat $(printf "%s\n" /var/log/messages* | sort -nr ) | egrep "\[$5-([0-9]+|default)-[ADR]\]"</command> + <children> + <tagNode name="rule"> + <properties> + <help>Show log for a rule in the specified firewall</help> + <completionHelp> + <path>firewall name ${COMP_WORDS[4]} rule</path> + </completionHelp> + </properties> + <command>cat $(printf "%s\n" /var/log/messages* | sort -nr) | egrep "\[$5-$7-[ADR]\]"</command> + </tagNode> + </children> + </tagNode> + </children> + </node> <leafNode name="https"> <properties> <help>Show log for HTTPs</help> </properties> <command>cat $(printf "%s\n" /var/log/messages* | sort -nr) | grep -e nginx</command> </leafNode> + <tagNode name="image"> + <properties> + <help>Show contents of master log file for image</help> + <completionHelp> + <script>compgen -f /lib/live/mount/persistence/boot/ | grep -v grub | sed -e s@/lib/live/mount/persistence/boot/@@</script> + </completionHelp> + </properties> + <command>less $_vyatta_less_options --prompt=".log, page %dt of %D" -- /lib/live/mount/persistence/boot/$4/rw/var/log/messages</command> + <children> + <leafNode name="all"> + <properties> + <help>Show contents of all master log files for image</help> + </properties> + <command>eval $(lesspipe); less $_vyatta_less_options --prompt=".log?m, file %i of %m., page %dt of %D" -- `printf "%s\n" /lib/live/mount/persistence/boot/$4/rw/var/log/messages* | sort -nr`</command> + </leafNode> + <leafNode name="authorization"> + <properties> + <help>Show listing of authorization attempts for image</help> + </properties> + <command>less $_vyatta_less_options --prompt=".log, page %dt of %D" -- /lib/live/mount/persistence/boot/$4/rw/var/log/auth.log</command> + </leafNode> + <tagNode name="tail"> + <properties> + <help>Show last changes to messages</help> + <completionHelp> + <list><NUMBER></list> + </completionHelp> + </properties> + <command>tail -n "$6" /lib/live/mount/persistence/boot/$4/rw/var/log/messages | ${VYATTA_PAGER:-cat}</command> + </tagNode> + </children> + </tagNode> <leafNode name="lldp"> <properties> <help>Show log for LLDP</help> diff --git a/op-mode-definitions/show-login.xml b/op-mode-definitions/show-login.xml new file mode 100644 index 000000000..6d8c782c4 --- /dev/null +++ b/op-mode-definitions/show-login.xml @@ -0,0 +1,33 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="show"> + <children> + <node name="login"> + <properties> + <help>Show current login credentials</help> + </properties> + <command>${vyos_op_scripts_dir}/show_current_user.sh</command> + <children> + <leafNode name="groups"> + <properties> + <help>Show current login group information</help> + </properties> + <command>/usr/bin/id -Gn</command> + </leafNode> + <leafNode name="level"> + <properties> + <help>Show current login level</help> + </properties> + <command>if [ -n "$VYATTA_USER_LEVEL_DIR" ]; then basename $VYATTA_USER_LEVEL_DIR; fi</command> + </leafNode> + <leafNode name="user"> + <properties> + <help>Show current login user id</help> + </properties> + <command>/usr/bin/id -un</command> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> diff --git a/op-mode-definitions/show-monitoring.xml b/op-mode-definitions/show-monitoring.xml new file mode 100644 index 000000000..2651b3438 --- /dev/null +++ b/op-mode-definitions/show-monitoring.xml @@ -0,0 +1,13 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="show"> + <children> + <leafNode name="monitoring"> + <properties> + <help>Show currently monitored services</help> + </properties> + <command>vtysh -c "show debugging"</command> + </leafNode> + </children> + </node> +</interfaceDefinition> diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index c2081b8c3..a16c4e105 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -128,16 +128,15 @@ def get_config(): bond['mode'] = get_bond_mode(act_mode) # determine bond member interfaces (currently configured) - if conf.exists('member interface'): - bond['member'] = conf.return_values('member interface') - - # We can not call conf.return_effective_values() as it would not work - # on reboots. Reboots/First boot will return that running config and - # saved config is the same, thus on a reboot the bond members will - # not be added all (https://phabricator.vyos.net/T2030) - live_members = BondIf(bond['intf']).get_slaves() - if not (bond['member'] == live_members): - bond['shutdown_required'] = True + bond['member'] = conf.return_values('member interface') + + # We can not call conf.return_effective_values() as it would not work + # on reboots. Reboots/First boot will return that running config and + # saved config is the same, thus on a reboot the bond members will + # not be added all (https://phabricator.vyos.net/T2030) + live_members = BondIf(bond['intf']).get_slaves() + if not (bond['member'] == live_members): + bond['shutdown_required'] = True # Primary device interface if conf.exists('primary'): diff --git a/src/op_mode/show_current_user.sh b/src/op_mode/show_current_user.sh new file mode 100755 index 000000000..93e6efa61 --- /dev/null +++ b/src/op_mode/show_current_user.sh @@ -0,0 +1,18 @@ +#! /bin/bash + +echo -n "login : " ; who -m + +if [ -n "$VYATTA_USER_LEVEL_DIR" ] +then + echo -n "level : " + basename $VYATTA_USER_LEVEL_DIR +fi + +echo -n "user : " ; id -un +echo -n "groups : " ; id -Gn + +if id -Z >/dev/null 2>&1 +then + echo -n "context : " + id -Z +fi |