diff options
| -rw-r--r-- | data/templates/frr/ospfd.frr.j2 | 2 | ||||
| -rw-r--r-- | op-mode-definitions/install-mok.xml.in | 2 | ||||
| -rw-r--r-- | op-mode-definitions/show-interfaces-bonding.xml.in | 2 | ||||
| -rw-r--r-- | op-mode-definitions/show-interfaces-pppoe.xml.in | 2 | ||||
| -rw-r--r-- | op-mode-definitions/show-interfaces-sstpc.xml.in | 2 | ||||
| -rw-r--r-- | op-mode-definitions/show-login.xml.in | 6 | ||||
| -rw-r--r-- | op-mode-definitions/suricata.xml.in | 2 | ||||
| -rw-r--r-- | op-mode-definitions/vpn-ipsec.xml.in | 18 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_protocols_ospf.py | 18 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces_wwan.py | 5 | ||||
| -rwxr-xr-x | src/conf_mode/protocols_ospf.py | 13 | ||||
| -rwxr-xr-x | src/op_mode/install_mok.sh | 7 | ||||
| -rwxr-xr-x | src/op_mode/show_bonding_detail.sh | 7 | ||||
| -rwxr-xr-x | src/op_mode/show_ppp_stats.sh | 5 | ||||
| -rwxr-xr-x | src/op_mode/update_suricata.sh | 8 |
15 files changed, 75 insertions, 24 deletions
diff --git a/data/templates/frr/ospfd.frr.j2 b/data/templates/frr/ospfd.frr.j2 index bc2c74b10..79824fb64 100644 --- a/data/templates/frr/ospfd.frr.j2 +++ b/data/templates/frr/ospfd.frr.j2 @@ -82,7 +82,7 @@ router ospf {{ 'vrf ' ~ vrf if vrf is vyos_defined }} {% for area_id, area_config in area.items() %} {% if area_config.area_type is vyos_defined %} {% for type, type_config in area_config.area_type.items() if type != 'normal' %} - area {{ area_id }} {{ type }} {{ 'no-summary' if type_config.no_summary is vyos_defined }} + area {{ area_id }} {{ type }} {{ 'translate-' + type_config.translate if type_config.translate is vyos_defined }} {{ 'no-summary' if type_config.no_summary is vyos_defined }} {% if type_config.default_cost is vyos_defined %} area {{ area_id }} default-cost {{ type_config.default_cost }} {% endif %} diff --git a/op-mode-definitions/install-mok.xml.in b/op-mode-definitions/install-mok.xml.in index 906c34d8d..ab8e5d3db 100644 --- a/op-mode-definitions/install-mok.xml.in +++ b/op-mode-definitions/install-mok.xml.in @@ -6,7 +6,7 @@ <properties> <help>Install Secure Boot MOK (Machine Owner Key)</help> </properties> - <command>if test -f /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; then mokutil --ignore-keyring --import /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; else echo "Secure Boot Machine Owner Key not found"; fi</command> + <command>${vyos_op_scripts_dir}/install_mok.sh</command> </leafNode> </children> </node> diff --git a/op-mode-definitions/show-interfaces-bonding.xml.in b/op-mode-definitions/show-interfaces-bonding.xml.in index a9af13145..839a4cd91 100644 --- a/op-mode-definitions/show-interfaces-bonding.xml.in +++ b/op-mode-definitions/show-interfaces-bonding.xml.in @@ -23,7 +23,7 @@ <properties> <help>Show detailed interface information</help> </properties> - <command>if [ -f "/proc/net/bonding/$4" ]; then cat "/proc/net/bonding/$4"; else echo "Interface $4 does not exist!"; fi</command> + <command>${vyos_op_scripts_dir}/show_bonding_detail.sh "$4"</command> </leafNode> <node name="lacp"> <properties> diff --git a/op-mode-definitions/show-interfaces-pppoe.xml.in b/op-mode-definitions/show-interfaces-pppoe.xml.in index c1f502cb3..0904418bf 100644 --- a/op-mode-definitions/show-interfaces-pppoe.xml.in +++ b/op-mode-definitions/show-interfaces-pppoe.xml.in @@ -26,7 +26,7 @@ <path>interfaces pppoe</path> </completionHelp> </properties> - <command>if [ -d "/sys/class/net/$4" ]; then /usr/sbin/pppstats "$4"; fi</command> + <command>${vyos_op_scripts_dir}/show_ppp_stats.sh "$4"</command> </leafNode> #include <include/show-interface-type-event-log.xml.i> </children> diff --git a/op-mode-definitions/show-interfaces-sstpc.xml.in b/op-mode-definitions/show-interfaces-sstpc.xml.in index 3bd7a8247..61451db93 100644 --- a/op-mode-definitions/show-interfaces-sstpc.xml.in +++ b/op-mode-definitions/show-interfaces-sstpc.xml.in @@ -26,7 +26,7 @@ <path>interfaces sstpc</path> </completionHelp> </properties> - <command>if [ -d "/sys/class/net/$4" ]; then /usr/sbin/pppstats "$4"; fi</command> + <command>${vyos_op_scripts_dir}/show_ppp_stats.sh "$4"</command> </leafNode> #include <include/show-interface-type-event-log.xml.i> </children> diff --git a/op-mode-definitions/show-login.xml.in b/op-mode-definitions/show-login.xml.in index 6d8c782c4..664677bc6 100644 --- a/op-mode-definitions/show-login.xml.in +++ b/op-mode-definitions/show-login.xml.in @@ -14,12 +14,6 @@ </properties> <command>/usr/bin/id -Gn</command> </leafNode> - <leafNode name="level"> - <properties> - <help>Show current login level</help> - </properties> - <command>if [ -n "$VYATTA_USER_LEVEL_DIR" ]; then basename $VYATTA_USER_LEVEL_DIR; fi</command> - </leafNode> <leafNode name="user"> <properties> <help>Show current login user id</help> diff --git a/op-mode-definitions/suricata.xml.in b/op-mode-definitions/suricata.xml.in index 493aef08b..74e54fb9c 100644 --- a/op-mode-definitions/suricata.xml.in +++ b/op-mode-definitions/suricata.xml.in @@ -6,7 +6,7 @@ <properties> <help>Update Suricata</help> </properties> - <command>if test -f /run/suricata/suricata.yaml; then suricata-update --suricata-conf /run/suricata/suricata.yaml; systemctl restart suricata; else echo "Service Suricata not configured"; fi </command> + <command>${vyos_op_scripts_dir}/update_suricata.sh</command> </node> </children> </node> diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in index 2c0827b20..af7f12ba8 100644 --- a/op-mode-definitions/vpn-ipsec.xml.in +++ b/op-mode-definitions/vpn-ipsec.xml.in @@ -183,7 +183,7 @@ <properties> <help>Show summary of IKE process information</help> </properties> - <command>if systemctl is-active --quiet strongswan ; then systemctl status strongswan ; else echo "Process is not running" ; fi</command> + <command>systemctl status strongswan</command> </node> </children> </node> @@ -213,25 +213,25 @@ <properties> <help>Show detail active IKEv2 RA sessions</help> </properties> - <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_detail; else echo "IPsec process not running" ; fi</command> + <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail</command> </node> <tagNode name="connection-id"> <properties> <help>Show detail active IKEv2 RA sessions by connection-id</help> </properties> - <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --conn-id="$6"; else echo "IPsec process not running" ; fi</command> + <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail --conn-id="$6"</command> </tagNode> <node name="summary"> <properties> <help>Show active IKEv2 RA sessions summary</help> </properties> - <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_summary; else echo "IPsec process not running" ; fi</command> + <command>${vyos_op_scripts_dir}/ipsec.py show_ra_summary; else echo "IPsec process not running"</command> </node> <tagNode name="username"> <properties> <help>Show detail active IKEv2 RA sessions by username</help> </properties> - <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --username="$6"; else echo "IPsec process not running" ; fi</command> + <command>${vyos_op_scripts_dir}/ipsec.py show_ra_detail --username="$6"</command> </tagNode> </children> </node> @@ -268,12 +268,12 @@ --> <node name="detail"> <properties> - <help>Show Verbose Detail on all active IPsec Security Associations (SA)</help> + <help>Show verbose details on all active IPsec security associations (SA)</help> </properties> - <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_sa_detail ; else echo "IPsec process not running" ; fi</command> + <command>${vyos_op_scripts_dir}/ipsec.py show_sa_detail</command> </node> </children> - <command>if systemctl is-active --quiet strongswan ; then ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi</command> + <command>${vyos_op_scripts_dir}/ipsec.py show_sa</command> </node> <node name="state"> <properties> @@ -285,7 +285,7 @@ <properties> <help>Show status of IPsec process</help> </properties> - <command>if systemctl is-active --quiet strongswan >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(/usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi</command> + <command>/usr/sbin/ipsec status</command> </node> </children> </node> diff --git a/smoketest/scripts/cli/test_protocols_ospf.py b/smoketest/scripts/cli/test_protocols_ospf.py index ea55fa031..fc59171e4 100755 --- a/smoketest/scripts/cli/test_protocols_ospf.py +++ b/smoketest/scripts/cli/test_protocols_ospf.py @@ -574,5 +574,23 @@ class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase): self.assertIn(f'router ospf', frrconfig) self.assertIn(f' network {network} area {area1}', frrconfig) + def test_ospf_18_area_translate_no_summary(self): + area = '11' + area_type = 'nssa' + network = '100.64.0.0/10' + + self.cli_set(base_path + ['area', area, 'area-type', area_type, 'no-summary']) + self.cli_set(base_path + ['area', area, 'area-type', area_type, 'translate', 'never']) + self.cli_set(base_path + ['area', area, 'network', network]) + + # commit changes + self.cli_commit() + + # Verify FRR ospfd configuration + frrconfig = self.getFRRconfig('router ospf', endsection='^exit') + self.assertIn(f'router ospf', frrconfig) + self.assertIn(f' area {area} {area_type} translate-never no-summary', frrconfig) + self.assertIn(f' network {network} area {area}', frrconfig) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/interfaces_wwan.py b/src/conf_mode/interfaces_wwan.py index ddbebfb4a..fb71731d8 100755 --- a/src/conf_mode/interfaces_wwan.py +++ b/src/conf_mode/interfaces_wwan.py @@ -29,6 +29,7 @@ from vyos.configverify import verify_vrf from vyos.configverify import verify_mtu_ipv6 from vyos.ifconfig import WWANIf from vyos.utils.dict import dict_search +from vyos.utils.network import is_wwan_connected from vyos.utils.process import cmd from vyos.utils.process import call from vyos.utils.process import DEVNULL @@ -137,7 +138,7 @@ def apply(wwan): break sleep(0.250) - if 'shutdown_required' in wwan: + if 'shutdown_required' in wwan or (not is_wwan_connected(wwan['ifname'])): # we only need the modem number. wwan0 -> 0, wwan1 -> 1 modem = wwan['ifname'].lstrip('wwan') base_cmd = f'mmcli --modem {modem}' @@ -159,7 +160,7 @@ def apply(wwan): return None - if 'shutdown_required' in wwan: + if 'shutdown_required' in wwan or (not is_wwan_connected(wwan['ifname'])): ip_type = 'ipv4' slaac = dict_search('ipv6.address.autoconf', wwan) != None if 'address' in wwan: diff --git a/src/conf_mode/protocols_ospf.py b/src/conf_mode/protocols_ospf.py index c06c0aafc..467c9611b 100755 --- a/src/conf_mode/protocols_ospf.py +++ b/src/conf_mode/protocols_ospf.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2024 VyOS maintainers and contributors +# Copyright (C) 2021-2025 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -17,6 +17,7 @@ from sys import exit from sys import argv +from vyos.base import Warning from vyos.config import Config from vyos.configverify import verify_common_route_maps from vyos.configverify import verify_route_map @@ -62,6 +63,16 @@ def verify(config_dict): if 'area' in ospf: networks = [] for area, area_config in ospf['area'].items(): + # Implemented as warning to not break existing configurations + if area == '0' and dict_search('area_type.nssa', area_config) != None: + Warning('You cannot configure NSSA to backbone!') + # Implemented as warning to not break existing configurations + if area == '0' and dict_search('area_type.stub', area_config) != None: + Warning('You cannot configure STUB to backbone!') + # Implemented as warning to not break existing configurations + if len(area_config['area_type']) > 1: + Warning(f'Only one area-type is supported for area "{area}"!') + if 'import_list' in area_config: acl_import = area_config['import_list'] if acl_import: verify_access_list(acl_import, ospf) diff --git a/src/op_mode/install_mok.sh b/src/op_mode/install_mok.sh new file mode 100755 index 000000000..29f78cd1f --- /dev/null +++ b/src/op_mode/install_mok.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +if test -f /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; then + mokutil --ignore-keyring --import /var/lib/shim-signed/mok/vyos-dev-2025-shim.der; +else + echo "Secure Boot Machine Owner Key not found"; +fi diff --git a/src/op_mode/show_bonding_detail.sh b/src/op_mode/show_bonding_detail.sh new file mode 100755 index 000000000..62265daa2 --- /dev/null +++ b/src/op_mode/show_bonding_detail.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ -f "/proc/net/bonding/$1" ]; then + cat "/proc/net/bonding/$1"; +else + echo "Interface $1 does not exist!"; +fi diff --git a/src/op_mode/show_ppp_stats.sh b/src/op_mode/show_ppp_stats.sh new file mode 100755 index 000000000..d9c17f966 --- /dev/null +++ b/src/op_mode/show_ppp_stats.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +if [ -d "/sys/class/net/$1" ]; then + /usr/sbin/pppstats "$1"; +fi diff --git a/src/op_mode/update_suricata.sh b/src/op_mode/update_suricata.sh new file mode 100755 index 000000000..6e4e605f4 --- /dev/null +++ b/src/op_mode/update_suricata.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +if test -f /run/suricata/suricata.yaml; then + suricata-update --suricata-conf /run/suricata/suricata.yaml; + systemctl restart suricata; +else + echo "Service Suricata not configured"; +fi |