diff options
| -rw-r--r-- | data/templates/frr/bgp.frr.tmpl | 4 | ||||
| -rw-r--r-- | interface-definitions/system-ip.xml.in | 3 | ||||
| -rw-r--r-- | python/vyos/ifconfig/interface.py | 13 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_system_ip.py | 79 | ||||
| -rwxr-xr-x | src/conf_mode/protocols_bgp.py | 44 | ||||
| -rwxr-xr-x | src/conf_mode/system-ip.py | 79 |
6 files changed, 159 insertions, 63 deletions
diff --git a/data/templates/frr/bgp.frr.tmpl b/data/templates/frr/bgp.frr.tmpl index 86e1aa366..16355a1e5 100644 --- a/data/templates/frr/bgp.frr.tmpl +++ b/data/templates/frr/bgp.frr.tmpl @@ -114,9 +114,9 @@ {% endif %} {% if config.address_family[af].prefix_list is defined and config.address_family[af].prefix_list is not none %} {% if config.address_family[af].prefix_list.export is defined and config.address_family[af].prefix_list.export is not none %} - neighbor {{ neighbor }} route-map {{ config.address_family[af].prefix_list.export }} out + neighbor {{ neighbor }} prefix-list {{ config.address_family[af].prefix_list.export }} out {% elif config.address_family[af].prefix_list.import is defined and config.address_family[af].prefix_list.import is not none %} - neighbor {{ neighbor }} route-map {{ config.address_family[af].prefix_list.export }} in + neighbor {{ neighbor }} prefix-list {{ config.address_family[af].prefix_list.import }} in {% endif %} {% endif %} {% if config.address_family[af].soft_reconfiguration is defined and config.address_family[af].soft_reconfiguration.inbound is defined %} diff --git a/interface-definitions/system-ip.xml.in b/interface-definitions/system-ip.xml.in index 14b3b8a07..0bd461042 100644 --- a/interface-definitions/system-ip.xml.in +++ b/interface-definitions/system-ip.xml.in @@ -15,7 +15,7 @@ <children> <leafNode name="table-size"> <properties> - <help>Maximum number of entries to keep in the ARP cache</help> + <help>Maximum number of entries to keep in the ARP cache (default: 8192)</help> <completionHelp> <list>1024 2048 4096 8192 16384 32768</list> </completionHelp> @@ -23,6 +23,7 @@ <regex>(1024|2048|4096|8192|16384|32768)</regex> </constraint> </properties> + <defaultValue>8192</defaultValue> </leafNode> </children> </node> diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index b8c962575..6e6a83f36 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -40,6 +40,7 @@ from vyos.util import read_file from vyos.template import is_ipv4 from vyos.template import is_ipv6 from vyos.validate import is_intf_addr_assigned +from vyos.validate import is_ipv6_link_local from vyos.validate import assert_boolean from vyos.validate import assert_list from vyos.validate import assert_mac @@ -564,7 +565,6 @@ class Interface(Control): prefixlen = prefix.split('/')[1] self.del_addr(f'{eui64}/{prefixlen}') - def set_ipv6_forwarding(self, forwarding): """ Configure IPv6 interface-specific Host/Router behaviour. @@ -1057,7 +1057,14 @@ class Interface(Control): # list of addresses which are no longer in the dict so they can be removed cur_addr = self.get_addr() for addr in list_diff(cur_addr, new_addr): - self.del_addr(addr) + # we will delete all interface specific IP addresses if they are not + # explicitly configured on the CLI + if is_ipv6_link_local(addr): + eui64 = mac2eui64(self.get_mac(), 'fe80::/64') + if addr != f'{eui64}/64': + self.del_addr(addr) + else: + self.del_addr(addr) for addr in new_addr: self.add_addr(addr) @@ -1157,7 +1164,7 @@ class Interface(Control): tmp = dict_search('ipv6.address.no_default_link_local', config) # we must check explicitly for None type as if the key is set we will # get an empty dict (<class 'dict'>) - if tmp is not None: + if isinstance(tmp, dict): self.del_ipv6_eui64_address('fe80::/64') else: self.add_ipv6_eui64_address('fe80::/64') diff --git a/smoketest/scripts/cli/test_system_ip.py b/smoketest/scripts/cli/test_system_ip.py new file mode 100755 index 000000000..4fcaaa465 --- /dev/null +++ b/smoketest/scripts/cli/test_system_ip.py @@ -0,0 +1,79 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 Francois Mertz fireboxled@gmail.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import unittest + +from vyos.configsession import ConfigSession +from vyos.util import read_file + +base_path = ['system', 'ip'] + +class TestSystemIP(unittest.TestCase): + def setUp(self): + self.session = ConfigSession(os.getpid()) + + def tearDown(self): + self.session.delete(base_path) + self.session.commit() + del self.session + + def test_system_ip_forwarding(self): + """ Test if IPv4 forwarding can be disabled globally, default is '1' + which means forwearding enabled """ + all_forwarding = '/proc/sys/net/ipv4/conf/all/forwarding' + self.assertEqual(read_file(all_forwarding), '1') + + self.session.set(base_path + ['disable-forwarding']) + self.session.commit() + + self.assertEqual(read_file(all_forwarding), '0') + + def test_system_ip_multipath(self): + """ test IPv4 multipathing options, options default to off -> '0' """ + use_neigh = '/proc/sys/net/ipv4/fib_multipath_use_neigh' + hash_policy = '/proc/sys/net/ipv4/fib_multipath_hash_policy' + + self.assertEqual(read_file(use_neigh), '0') + self.assertEqual(read_file(hash_policy), '0') + + self.session.set(base_path + ['multipath', 'ignore-unreachable-nexthops']) + self.session.set(base_path + ['multipath', 'layer4-hashing']) + self.session.commit() + + self.assertEqual(read_file(use_neigh), '1') + self.assertEqual(read_file(hash_policy), '1') + + def test_system_ip_arp_table_size(self): + """ Maximum number of entries to keep in the ARP cache, the default is 8k """ + + gc_thresh3 = '/proc/sys/net/ipv4/neigh/default/gc_thresh3' + gc_thresh2 = '/proc/sys/net/ipv4/neigh/default/gc_thresh2' + gc_thresh1 = '/proc/sys/net/ipv4/neigh/default/gc_thresh1' + self.assertEqual(read_file(gc_thresh3), '8192') + self.assertEqual(read_file(gc_thresh2), '4096') + self.assertEqual(read_file(gc_thresh1), '1024') + + for size in [1024, 2048, 4096, 8192, 16384, 32768]: + self.session.set(base_path + ['arp', 'table-size', str(size)]) + self.session.commit() + + self.assertEqual(read_file(gc_thresh3), str(size)) + self.assertEqual(read_file(gc_thresh2), str(size // 2)) + self.assertEqual(read_file(gc_thresh1), str(size // 8)) + +if __name__ == '__main__': + unittest.main() diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 642738b09..a3f32fd2d 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -60,12 +60,22 @@ def verify(bgp): if neigh not in asn_config: continue - for neighbor, config in asn_config[neigh].items(): - if 'remote_as' not in config and 'peer_group' not in config: - raise ConfigError(f'BGP remote-as must be specified for "{neighbor}"!') + #for neighbor, config in asn_config[neigh].items(): + ''' + # These checks need to be modified. Because peer-group can be declared without 'remote-as'. + # When 'remote-as' configured for specific neighbor in peer-group. For example + # - if 'remote_as' in config and 'peer_group' in config: - raise ConfigError(f'BGP peer-group member "{neighbor}" cannot override remote-as of peer-group!') + set protocols nbgp 65001 neighbor 100.64.0.2 peer-group 'FOO' + set protocols nbgp 65001 neighbor 100.64.0.2 remote-as '65002' + set protocols nbgp 65001 peer-group FOO + + ''' + #if 'remote_as' not in config and 'peer_group' not in config: + # raise ConfigError(f'BGP remote-as must be specified for "{neighbor}"!') + + #if 'remote_as' in config and 'peer_group' in config: + # raise ConfigError(f'BGP peer-group member "{neighbor}" cannot override remote-as of peer-group!') return None @@ -87,24 +97,26 @@ def generate(bgp): def apply(bgp): # Save original configuration prior to starting any commit actions - frr_cfg = {} - frr_cfg['original_config'] = frr.get_configuration(daemon='bgpd') - frr_cfg['modified_config'] = frr.replace_section(frr_cfg['original_config'], bgp['new_frr_config'], from_re='router bgp .*') + frr_cfg = frr.FRRConfig() + frr_cfg.load_configuration(daemon='bgpd') + frr_cfg.modify_section(f'router bgp \S+', '') + frr_cfg.add_before(r'(ip prefix-list .*|route-map .*|line vty)', bgp['new_frr_config']) + frr_cfg.commit_configuration(daemon='bgpd') + + # If FRR config is blank, rerun the blank commit x times due to frr-reload + # behavior/bug not properly clearing out on one commit. + if bgp['new_frr_config'] == '': + for a in range(5): + frr_cfg.commit_configuration(daemon='bgpd') # Debugging + ''' print('') print('--------- DEBUGGING ----------') print(f'Existing config:\n{frr_cfg["original_config"]}\n\n') print(f'Replacement config:\n{bgp["new_frr_config"]}\n\n') print(f'Modified config:\n{frr_cfg["modified_config"]}\n\n') - - # FRR mark configuration will test for syntax errors and throws an - # exception if any syntax errors is detected - frr.mark_configuration(frr_cfg['modified_config']) - - # Commit resulting configuration to FRR, this will throw CommitError - # on failure - frr.reload_configuration(frr_cfg['modified_config'], daemon='bgpd') + ''' return None diff --git a/src/conf_mode/system-ip.py b/src/conf_mode/system-ip.py index 64c9e6d05..190a0daca 100755 --- a/src/conf_mode/system-ip.py +++ b/src/conf_mode/system-ip.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -14,68 +14,65 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import os - from sys import exit -from copy import deepcopy + from vyos.config import Config -from vyos import ConfigError +from vyos.configdict import dict_merge from vyos.util import call - +from vyos.util import dict_search +from vyos.xml import defaults +from vyos import ConfigError from vyos import airbag airbag.enable() -default_config_data = { - 'arp_table': 8192, - 'ipv4_forward': '1', - 'mp_unreach_nexthop': '0', - 'mp_layer4_hashing': '0' -} - def sysctl(name, value): - call('sysctl -wq {}={}'.format(name, value)) + call(f'sysctl -wq {name}={value}') def get_config(config=None): - ip_opt = deepcopy(default_config_data) if config: conf = config else: conf = Config() - conf.set_level('system ip') - if conf.exists(''): - if conf.exists('arp table-size'): - ip_opt['arp_table'] = int(conf.return_value('arp table-size')) - - if conf.exists('disable-forwarding'): - ip_opt['ipv4_forward'] = '0' + base = ['system', 'ip'] - if conf.exists('multipath ignore-unreachable-nexthops'): - ip_opt['mp_unreach_nexthop'] = '1' + opt = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) + # We have gathered the dict representation of the CLI, but there are default + # options which we need to update into the dictionary retrived. + default_values = defaults(base) + opt = dict_merge(default_values, opt) - if conf.exists('multipath layer4-hashing'): - ip_opt['mp_layer4_hashing'] = '1' + return opt - return ip_opt - -def verify(ip_opt): +def verify(opt): pass -def generate(ip_opt): +def generate(opt): pass -def apply(ip_opt): - # apply ARP threshold values - sysctl('net.ipv4.neigh.default.gc_thresh3', ip_opt['arp_table']) - sysctl('net.ipv4.neigh.default.gc_thresh2', ip_opt['arp_table'] // 2) - sysctl('net.ipv4.neigh.default.gc_thresh1', ip_opt['arp_table'] // 8) +def apply(opt): + size = int(dict_search('arp.table_size', opt)) + if size: + # apply ARP threshold values + sysctl('net.ipv4.neigh.default.gc_thresh3', str(size)) + sysctl('net.ipv4.neigh.default.gc_thresh2', str(size // 2)) + sysctl('net.ipv4.neigh.default.gc_thresh1', str(size // 8)) # enable/disable IPv4 forwarding - with open('/proc/sys/net/ipv4/conf/all/forwarding', 'w') as f: - f.write(ip_opt['ipv4_forward']) - - # configure multipath - sysctl('net.ipv4.fib_multipath_use_neigh', ip_opt['mp_unreach_nexthop']) - sysctl('net.ipv4.fib_multipath_hash_policy', ip_opt['mp_layer4_hashing']) + tmp = '1' + if 'disable_forwarding' in opt: + tmp = '0' + sysctl('net.ipv4.conf.all.forwarding', tmp) + + tmp = '0' + # configure multipath - dict_search() returns an empty dict if key was found + if isinstance(dict_search('multipath.ignore_unreachable_nexthops', opt), dict): + tmp = '1' + sysctl('net.ipv4.fib_multipath_use_neigh', tmp) + + tmp = '0' + if isinstance(dict_search('multipath.ignore_unreachable_nexthops', opt), dict): + tmp = '1' + sysctl('net.ipv4.fib_multipath_hash_policy', tmp) if __name__ == '__main__': try: |