diff options
| -rw-r--r-- | data/templates/frr/static_mcast.frr.j2 | 9 | ||||
| -rwxr-xr-x[-rw-r--r--] | interface-definitions/firewall.xml.in | 2 | ||||
| -rwxr-xr-x[-rw-r--r--] | python/vyos/template.py | 3 | ||||
| -rw-r--r-- | python/vyos/utils/file.py | 2 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_protocols_static_multicast.py | 49 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_system_conntrack.py | 1 | ||||
| -rwxr-xr-x | src/conf_mode/protocols_static_multicast.py | 27 |
7 files changed, 76 insertions, 17 deletions
diff --git a/data/templates/frr/static_mcast.frr.j2 b/data/templates/frr/static_mcast.frr.j2 index 491d4b54a..54b2790b0 100644 --- a/data/templates/frr/static_mcast.frr.j2 +++ b/data/templates/frr/static_mcast.frr.j2 @@ -1,13 +1,4 @@ ! -{% for route_gr in old_mroute %} -{% for nh in old_mroute[route_gr] %} -{% if old_mroute[route_gr][nh] %} -no ip mroute {{ route_gr }} {{ nh }} {{ old_mroute[route_gr][nh] }} -{% else %} -no ip mroute {{ route_gr }} {{ nh }} -{% endif %} -{% endfor %} -{% endfor %} {% for route_gr in mroute %} {% for nh in mroute[route_gr] %} {% if mroute[route_gr][nh] %} diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index 24e63c5ec..1e452aeb0 100644..100755 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -2,7 +2,7 @@ <interfaceDefinition> <node name="firewall" owner="${vyos_conf_scripts_dir}/firewall.py"> <properties> - <priority>319</priority> + <priority>489</priority> <help>Firewall</help> </properties> <children> diff --git a/python/vyos/template.py b/python/vyos/template.py index a4fff649c..2a99eef9d 100644..100755 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -692,7 +692,8 @@ def conntrack_rule(rule_conf, rule_id, action, ipv6=False): else: for protocol, protocol_config in rule_conf['protocol'].items(): proto = protocol - output.append(f'meta l4proto {proto}') + if proto != 'all': + output.append(f'meta l4proto {proto}') tcp_flags = dict_search_args(rule_conf, 'tcp', 'flags') if tcp_flags and action != 'timeout': diff --git a/python/vyos/utils/file.py b/python/vyos/utils/file.py index 0818f1b81..e16d5b40d 100644 --- a/python/vyos/utils/file.py +++ b/python/vyos/utils/file.py @@ -51,7 +51,7 @@ def write_file(fname, data, defaultonfailure=None, user=None, group=None, mode=N If directory of file is not present, it is auto-created. """ dirname = os.path.dirname(fname) - if not os.path.isdir(dirname): + if dirname and not os.path.isdir(dirname): os.makedirs(dirname, mode=0o755, exist_ok=False) chown(dirname, user, group) diff --git a/smoketest/scripts/cli/test_protocols_static_multicast.py b/smoketest/scripts/cli/test_protocols_static_multicast.py new file mode 100755 index 000000000..9fdda236f --- /dev/null +++ b/smoketest/scripts/cli/test_protocols_static_multicast.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2024 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import unittest + +from base_vyostest_shim import VyOSUnitTestSHIM + + +base_path = ['protocols', 'static', 'multicast'] + + +class TestProtocolsStaticMulticast(VyOSUnitTestSHIM.TestCase): + + def tearDown(self): + self.cli_delete(base_path) + self.cli_commit() + + mroute = self.getFRRconfig('ip mroute', end='') + self.assertFalse(mroute) + + def test_01_static_multicast(self): + + self.cli_set(base_path + ['route', '224.202.0.0/24', 'next-hop', '224.203.0.1']) + self.cli_set(base_path + ['interface-route', '224.203.0.0/24', 'next-hop-interface', 'eth0']) + + self.cli_commit() + + # Verify FRR bgpd configuration + frrconfig = self.getFRRconfig('ip mroute', end='') + + self.assertIn('ip mroute 224.202.0.0/24 224.203.0.1', frrconfig) + self.assertIn('ip mroute 224.203.0.0/24 eth0', frrconfig) + + +if __name__ == '__main__': + unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_system_conntrack.py b/smoketest/scripts/cli/test_system_conntrack.py index 7870561e7..1902c32f2 100755 --- a/smoketest/scripts/cli/test_system_conntrack.py +++ b/smoketest/scripts/cli/test_system_conntrack.py @@ -254,6 +254,7 @@ class TestSystemConntrack(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '2', 'source', 'address', '192.0.2.1']) self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '2', 'destination', 'group', 'address-group', address_group]) + self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '2', 'protocol', 'all']) self.cli_set(base_path + ['ignore', 'ipv6', 'rule', '11', 'source', 'address', 'fe80::1']) self.cli_set(base_path + ['ignore', 'ipv6', 'rule', '11', 'destination', 'address', 'fe80::2']) diff --git a/src/conf_mode/protocols_static_multicast.py b/src/conf_mode/protocols_static_multicast.py index 7f6ae3680..2bf794042 100755 --- a/src/conf_mode/protocols_static_multicast.py +++ b/src/conf_mode/protocols_static_multicast.py @@ -20,9 +20,10 @@ from ipaddress import IPv4Address from sys import exit from vyos import ConfigError +from vyos import frr from vyos.config import Config from vyos.utils.process import call -from vyos.template import render +from vyos.template import render, render_to_string from vyos import airbag airbag.enable() @@ -92,23 +93,39 @@ def verify(mroute): if IPv4Address(route[0]) < IPv4Address('224.0.0.0'): raise ConfigError(route + " not a multicast network") + def generate(mroute): if mroute is None: return None - render(config_file, 'frr/static_mcast.frr.j2', mroute) + mroute['new_frr_config'] = render_to_string('frr/static_mcast.frr.j2', mroute) return None + def apply(mroute): if mroute is None: return None + static_daemon = 'staticd' + + frr_cfg = frr.FRRConfig() + frr_cfg.load_configuration(static_daemon) - if os.path.exists(config_file): - call(f'vtysh -d staticd -f {config_file}') - os.remove(config_file) + if 'old_mroute' in mroute: + for route_gr in mroute['old_mroute']: + for nh in mroute['old_mroute'][route_gr]: + if mroute['old_mroute'][route_gr][nh]: + frr_cfg.modify_section(f'^ip mroute {route_gr} {nh} {mroute["old_mroute"][route_gr][nh]}') + else: + frr_cfg.modify_section(f'^ip mroute {route_gr} {nh}') + + if 'new_frr_config' in mroute: + frr_cfg.add_before(frr.default_add_before, mroute['new_frr_config']) + + frr_cfg.commit_configuration(static_daemon) return None + if __name__ == '__main__': try: c = get_config() |