diff options
-rw-r--r-- | .github/workflows/check-unused-imports.yml | 4 | ||||
-rw-r--r-- | .github/workflows/codeql.yml | 8 | ||||
-rw-r--r-- | .github/workflows/package-smoketest.yml | 4 | ||||
-rw-r--r-- | .github/workflows/sonarcloud.yml | 8 | ||||
-rw-r--r-- | interface-definitions/interfaces_vxlan.xml.in | 28 | ||||
-rw-r--r-- | python/vyos/ifconfig/vxlan.py | 20 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_vxlan.py | 47 | ||||
-rwxr-xr-x | src/conf_mode/interfaces_vxlan.py | 29 |
8 files changed, 138 insertions, 10 deletions
diff --git a/.github/workflows/check-unused-imports.yml b/.github/workflows/check-unused-imports.yml index 3f6e8757e..76bba94be 100644 --- a/.github/workflows/check-unused-imports.yml +++ b/.github/workflows/check-unused-imports.yml @@ -3,6 +3,10 @@ on: pull_request_target: branches: - current + paths: + - '**' + - '!.github/**' + - '!**/*.md' workflow_dispatch: permissions: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 00387f725..143029c14 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -3,9 +3,17 @@ name: "Perform CodeQL Analysis" on: push: branches: [ "current" ] + paths: + - '**' + - '!.github/**' + - '!**/*.md' pull_request: # The branches below must be a subset of the branches above branches: [ "current" ] + paths: + - '**' + - '!.github/**' + - '!**/*.md' schedule: - cron: '22 10 * * 0' diff --git a/.github/workflows/package-smoketest.yml b/.github/workflows/package-smoketest.yml index 68f914108..824cd64b1 100644 --- a/.github/workflows/package-smoketest.yml +++ b/.github/workflows/package-smoketest.yml @@ -4,6 +4,10 @@ on: pull_request_target: branches: - current + paths: + - '**' + - '!.github/**' + - '!**/*.md' permissions: pull-requests: write diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 5fa005631..a8eaca777 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -3,8 +3,16 @@ on: push: branches: - current + paths: + - '**' + - '!.github/**' + - '!**/*.md' pull_request_target: types: [opened, synchronize, reopened] + paths: + - '**' + - '!.github/**' + - '!**/*.md' jobs: sonar-cloud: name: SonarCloud diff --git a/interface-definitions/interfaces_vxlan.xml.in b/interface-definitions/interfaces_vxlan.xml.in index 504c08e7e..937acb123 100644 --- a/interface-definitions/interfaces_vxlan.xml.in +++ b/interface-definitions/interfaces_vxlan.xml.in @@ -117,15 +117,35 @@ <format>u32:0-4094</format> <description>Virtual Local Area Network (VLAN) ID</description> </valueHelp> + <valueHelp> + <format><start-end></format> + <description>VLAN IDs range (use '-' as delimiter)</description> + </valueHelp> <constraint> - <validator name="numeric" argument="--range 0-4094"/> + <validator name="numeric" argument="--allow-range --range 0-4094"/> </constraint> - <constraintErrorMessage>VLAN ID must be between 0 and 4094</constraintErrorMessage> + <constraintErrorMessage>Not a valid VLAN ID or range, VLAN ID must be between 0 and 4094</constraintErrorMessage> </properties> <children> - #include <include/vni.xml.i> + <leafNode name="vni"> + <properties> + <help>Virtual Network Identifier</help> + <valueHelp> + <format>u32:0-16777214</format> + <description>VXLAN virtual network identifier</description> + </valueHelp> + <valueHelp> + <format><start-end></format> + <description>VXLAN virtual network IDs range (use '-' as delimiter)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--allow-range --range 0-16777214"/> + </constraint> + <constraintErrorMessage>Not a valid VXLAN virtual network ID or range</constraintErrorMessage> + </properties> + </leafNode> </children> - </tagNode> + </tagNode> </children> </tagNode> </children> diff --git a/python/vyos/ifconfig/vxlan.py b/python/vyos/ifconfig/vxlan.py index 918aea202..1023c58d1 100644 --- a/python/vyos/ifconfig/vxlan.py +++ b/python/vyos/ifconfig/vxlan.py @@ -134,6 +134,19 @@ class VXLANIf(Interface): Controls whether vlan to tunnel mapping is enabled on the port. By default this flag is off. """ + def range_to_dict(vlan_to_vni): + """ Converts dict of ranges to dict """ + result_dict = {} + for vlan, vlan_conf in vlan_to_vni.items(): + vni = vlan_conf['vni'] + vlan_range, vni_range = vlan.split('-'), vni.split('-') + if len(vlan_range) > 1: + vlan_range = range(int(vlan_range[0]), int(vlan_range[1]) + 1) + vni_range = range(int(vni_range[0]), int(vni_range[1]) + 1) + dict_to_add = {str(k): {'vni': str(v)} for k, v in zip(vlan_range, vni_range)} + result_dict.update(dict_to_add) + return result_dict + if not isinstance(state, bool): raise ValueError('Value out of range') @@ -142,7 +155,7 @@ class VXLANIf(Interface): if dict_search('parameters.vni_filter', self.config) != None: cur_vni_filter = get_vxlan_vni_filter(self.ifname) - for vlan, vlan_config in self.config['vlan_to_vni_removed'].items(): + for vlan, vlan_config in range_to_dict(self.config['vlan_to_vni_removed']).items(): # If VNI filtering is enabled, remove matching VNI filter if cur_vni_filter != None: vni = vlan_config['vni'] @@ -159,10 +172,11 @@ class VXLANIf(Interface): if 'vlan_to_vni' in self.config: # Determine current OS Kernel configured VLANs + vlan_vni_mapping = range_to_dict(self.config['vlan_to_vni']) os_configured_vlan_ids = get_vxlan_vlan_tunnels(self.ifname) - add_vlan = list_diff(list(self.config['vlan_to_vni'].keys()), os_configured_vlan_ids) + add_vlan = list_diff(list(vlan_vni_mapping.keys()), os_configured_vlan_ids) - for vlan, vlan_config in self.config['vlan_to_vni'].items(): + for vlan, vlan_config in vlan_vni_mapping.items(): # VLAN mapping already exists - skip if vlan not in add_vlan: continue diff --git a/smoketest/scripts/cli/test_interfaces_vxlan.py b/smoketest/scripts/cli/test_interfaces_vxlan.py index 18676491b..b2076b43b 100755 --- a/smoketest/scripts/cli/test_interfaces_vxlan.py +++ b/smoketest/scripts/cli/test_interfaces_vxlan.py @@ -27,6 +27,13 @@ from vyos.utils.network import get_vxlan_vni_filter from vyos.template import is_ipv6 from base_interfaces_test import BasicInterfaceTest +def convert_to_list(ranges_to_convert): + result_list = [] + for r in ranges_to_convert: + ranges = r.split('-') + result_list.extend([str(i) for i in range(int(ranges[0]), int(ranges[1]) + 1)]) + return result_list + class VXLANInterfaceTest(BasicInterfaceTest.TestCase): @classmethod def setUpClass(cls): @@ -153,6 +160,11 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase): '31': '10031', } + vlan_to_vni_ranges = { + '40-43': '10040-10043', + '45-47': '10045-10047' + } + self.cli_set(self._base_path + [interface, 'parameters', 'external']) self.cli_set(self._base_path + [interface, 'source-address', source_address]) @@ -185,6 +197,26 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase): tmp = get_vxlan_vlan_tunnels('vxlan0') self.assertEqual(tmp, list(vlan_to_vni)) + # add ranged VLAN - VNI mapping + for vlan, vni in vlan_to_vni_ranges.items(): + self.cli_set(self._base_path + [interface, 'vlan-to-vni', vlan, 'vni', vni]) + self.cli_commit() + + tmp = get_vxlan_vlan_tunnels('vxlan0') + vlans_list = convert_to_list(vlan_to_vni_ranges.keys()) + self.assertEqual(tmp, list(vlan_to_vni) + vlans_list) + + # check validate() - cannot map VNI range to a single VLAN id + self.cli_set(self._base_path + [interface, 'vlan-to-vni', '100', 'vni', '100-102']) + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_delete(self._base_path + [interface, 'vlan-to-vni', '100']) + + # check validate() - cannot map VLAN to VNI with different ranges + self.cli_set(self._base_path + [interface, 'vlan-to-vni', '100-102', 'vni', '100-105']) + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_delete(['interfaces', 'bridge', bridge]) def test_vxlan_neighbor_suppress(self): @@ -287,6 +319,12 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase): '60': '10060', '69': '10069', } + + vlan_to_vni_ranges = { + '70-73': '10070-10073', + '75-77': '10075-10077' + } + for vlan, vni in vlan_to_vni.items(): self.cli_set(self._base_path + [interface, 'vlan-to-vni', vlan, 'vni', vni]) # we need a bridge ... @@ -313,6 +351,15 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase): tmp = get_vxlan_vni_filter(interface) self.assertListEqual(list(vlan_to_vni.values()), tmp) + # add ranged VLAN - VNI mapping + for vlan, vni in vlan_to_vni_ranges.items(): + self.cli_set(self._base_path + [interface, 'vlan-to-vni', vlan, 'vni', vni]) + self.cli_commit() + + tmp = get_vxlan_vni_filter(interface) + vnis_list = convert_to_list(vlan_to_vni_ranges.values()) + self.assertListEqual(list(vlan_to_vni.values()) + vnis_list, tmp) + self.cli_delete(['interfaces', 'bridge', bridge]) if __name__ == '__main__': diff --git a/src/conf_mode/interfaces_vxlan.py b/src/conf_mode/interfaces_vxlan.py index 39365968a..aca0a20e4 100755 --- a/src/conf_mode/interfaces_vxlan.py +++ b/src/conf_mode/interfaces_vxlan.py @@ -178,13 +178,36 @@ def verify(vxlan): 'is member of a bridge interface!') vnis_used = [] + vlans_used = [] for vif, vif_config in vxlan['vlan_to_vni'].items(): if 'vni' not in vif_config: raise ConfigError(f'Must define VNI for VLAN "{vif}"!') vni = vif_config['vni'] - if vni in vnis_used: - raise ConfigError(f'VNI "{vni}" is already assigned to a different VLAN!') - vnis_used.append(vni) + + err_msg = f'VLAN range "{vif}" does not match VNI range "{vni}"!' + vif_range, vni_range = list(map(int, vif.split('-'))), list(map(int, vni.split('-'))) + + if len(vif_range) != len(vni_range): + raise ConfigError(err_msg) + + if len(vif_range) > 1: + if vni_range[0] > vni_range[-1] or vif_range[0] > vif_range[-1]: + raise ConfigError('The upper bound of the range must be greater than the lower bound!') + vni_range = range(vni_range[0], vni_range[1] + 1) + vif_range = range(vif_range[0], vif_range[1] + 1) + + if len(vif_range) != len(vni_range): + raise ConfigError(err_msg) + + for vni_id in vni_range: + if vni_id in vnis_used: + raise ConfigError(f'VNI "{vni_id}" is already assigned to a different VLAN!') + vnis_used.append(vni_id) + + for vif_id in vif_range: + if vif_id in vlans_used: + raise ConfigError(f'VLAN "{vif_id}" is already in use!') + vlans_used.append(vif_id) if dict_search('parameters.neighbor_suppress', vxlan) != None: if 'is_bridge_member' not in vxlan: |