diff options
| -rw-r--r-- | interface-definitions/container.xml.in | 2 | ||||
| -rw-r--r-- | interface-definitions/include/haproxy/rule-backend.xml.i | 2 | ||||
| -rw-r--r-- | interface-definitions/include/haproxy/rule-frontend.xml.i | 2 | ||||
| -rw-r--r-- | interface-definitions/xml-component-version.xml.in | 50 | ||||
| -rw-r--r-- | python/vyos/ifconfig/interface.py | 14 | ||||
| -rwxr-xr-x | scripts/transclude-template | 5 | ||||
| -rw-r--r-- | smoketest/config-tests/bgp-big-as-cloud | 56 | ||||
| -rw-r--r-- | smoketest/config-tests/dialup-router-complex | 22 | ||||
| -rw-r--r-- | smoketest/config-tests/dialup-router-wireguard-ipv6 | 16 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_nat.py | 2 | ||||
| -rwxr-xr-x | src/conf_mode/vrf.py | 5 |
11 files changed, 65 insertions, 111 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index ad1815604..04318a7c9 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -131,7 +131,7 @@ <properties> <help>Add custom environment variables</help> <constraint> - <regex>[-_a-zA-Z0-9]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> <constraintErrorMessage>Environment variable name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/haproxy/rule-backend.xml.i b/interface-definitions/include/haproxy/rule-backend.xml.i index b2be4fde4..1df9d5dcf 100644 --- a/interface-definitions/include/haproxy/rule-backend.xml.i +++ b/interface-definitions/include/haproxy/rule-backend.xml.i @@ -47,7 +47,7 @@ <properties> <help>Server name</help> <constraint> - <regex>[-_a-zA-Z0-9]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> </properties> diff --git a/interface-definitions/include/haproxy/rule-frontend.xml.i b/interface-definitions/include/haproxy/rule-frontend.xml.i index dfe33d389..eabdd8632 100644 --- a/interface-definitions/include/haproxy/rule-frontend.xml.i +++ b/interface-definitions/include/haproxy/rule-frontend.xml.i @@ -47,7 +47,7 @@ <properties> <help>Backend name</help> <constraint> - <regex>[-_a-zA-Z0-9]+</regex> + #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i> </constraint> <constraintErrorMessage>Server name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage> <completionHelp> diff --git a/interface-definitions/xml-component-version.xml.in b/interface-definitions/xml-component-version.xml.in index 67d86a1d0..70957c5fa 100644 --- a/interface-definitions/xml-component-version.xml.in +++ b/interface-definitions/xml-component-version.xml.in @@ -1,52 +1,4 @@ <?xml version="1.0"?> <interfaceDefinition> - #include <include/version/bgp-version.xml.i> - #include <include/version/broadcast-relay-version.xml.i> - #include <include/version/cluster-version.xml.i> - #include <include/version/config-management-version.xml.i> - #include <include/version/conntrack-sync-version.xml.i> - #include <include/version/conntrack-version.xml.i> - #include <include/version/container-version.xml.i> - #include <include/version/dhcp-relay-version.xml.i> - #include <include/version/dhcp-server-version.xml.i> - #include <include/version/dhcpv6-server-version.xml.i> - #include <include/version/dns-dynamic-version.xml.i> - #include <include/version/dns-forwarding-version.xml.i> - #include <include/version/firewall-version.xml.i> - #include <include/version/flow-accounting-version.xml.i> - #include <include/version/https-version.xml.i> - #include <include/version/interfaces-version.xml.i> - #include <include/version/ids-version.xml.i> - #include <include/version/ipoe-server-version.xml.i> - #include <include/version/ipsec-version.xml.i> - #include <include/version/openvpn-version.xml.i> - #include <include/version/isis-version.xml.i> - #include <include/version/l2tp-version.xml.i> - #include <include/version/lldp-version.xml.i> - #include <include/version/mdns-version.xml.i> - #include <include/version/monitoring-version.xml.i> - #include <include/version/nat66-version.xml.i> - #include <include/version/nat-version.xml.i> - #include <include/version/ntp-version.xml.i> - #include <include/version/openconnect-version.xml.i> - #include <include/version/ospf-version.xml.i> - #include <include/version/pim-version.xml.i> - #include <include/version/policy-version.xml.i> - #include <include/version/pppoe-server-version.xml.i> - #include <include/version/pptp-version.xml.i> - #include <include/version/qos-version.xml.i> - #include <include/version/quagga-version.xml.i> - #include <include/version/rip-version.xml.i> - #include <include/version/rpki-version.xml.i> - #include <include/version/salt-version.xml.i> - #include <include/version/snmp-version.xml.i> - #include <include/version/ssh-version.xml.i> - #include <include/version/sstp-version.xml.i> - #include <include/version/system-version.xml.i> - #include <include/version/vrf-version.xml.i> - #include <include/version/vrrp-version.xml.i> - #include <include/version/vyos-accel-ppp-version.xml.i> - #include <include/version/wanloadbalance-version.xml.i> - #include <include/version/webproxy-version.xml.i> - #include <include/version/reverseproxy-version.xml.i> + #include <include/version/*> </interfaceDefinition> diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 07075fd1b..cb73e2597 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -1,4 +1,4 @@ -# Copyright 2019-2024 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2025 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -1410,13 +1410,11 @@ class Interface(Control): tmp = get_interface_address(self.ifname) if tmp and 'addr_info' in tmp: for address_dict in tmp['addr_info']: - if address_dict['family'] == 'inet': - # Only remove dynamic assigned addresses - if 'dynamic' not in address_dict: - continue - address = address_dict['local'] - prefixlen = address_dict['prefixlen'] - self.del_addr(f'{address}/{prefixlen}') + # Only remove dynamic assigned addresses + if address_dict['family'] == 'inet' and 'dynamic' in address_dict: + address = address_dict['local'] + prefixlen = address_dict['prefixlen'] + self.del_addr(f'{address}/{prefixlen}') # cleanup old config files for file in [dhclient_config_file, systemd_override_file, dhclient_lease_file]: diff --git a/scripts/transclude-template b/scripts/transclude-template index 5c6668a84..767583acd 100755 --- a/scripts/transclude-template +++ b/scripts/transclude-template @@ -23,6 +23,7 @@ import os import re import sys +import glob regexp = re.compile(r'^ *#include <(.+)>$') @@ -34,7 +35,9 @@ def parse_file(filename): if line: result = regexp.match(line) if result: - lines += parse_file(os.path.join(directory, result.group(1))) + res = os.path.join(directory, result.group(1)) + for g in sorted(glob.glob(res)): + lines += parse_file(g) else: lines += line else: diff --git a/smoketest/config-tests/bgp-big-as-cloud b/smoketest/config-tests/bgp-big-as-cloud index 8de0cdb02..03efef868 100644 --- a/smoketest/config-tests/bgp-big-as-cloud +++ b/smoketest/config-tests/bgp-big-as-cloud @@ -198,44 +198,44 @@ set firewall zone management from peers firewall ipv6-name 'peers-to-management- set firewall zone management from peers firewall name 'peers-to-management-4' set firewall zone management from servers firewall ipv6-name 'servers-to-management-6' set firewall zone management from servers firewall name 'servers-to-management-4' -set firewall zone management interface 'eth0' +set firewall zone management member interface 'eth0' set firewall zone peers default-action 'reject' set firewall zone peers from management firewall ipv6-name 'management-to-peers-6' set firewall zone peers from management firewall name 'management-to-peers-4' set firewall zone peers from servers firewall ipv6-name 'servers-to-peers-6' set firewall zone peers from servers firewall name 'servers-to-peers-4' -set firewall zone peers interface 'eth0.4088' -set firewall zone peers interface 'eth0.4089' -set firewall zone peers interface 'eth0.11' -set firewall zone peers interface 'eth0.838' -set firewall zone peers interface 'eth0.886' +set firewall zone peers member interface 'eth0.4088' +set firewall zone peers member interface 'eth0.4089' +set firewall zone peers member interface 'eth0.11' +set firewall zone peers member interface 'eth0.838' +set firewall zone peers member interface 'eth0.886' set firewall zone servers default-action 'reject' set firewall zone servers from management firewall ipv6-name 'management-to-servers-6' set firewall zone servers from management firewall name 'management-to-servers-4' set firewall zone servers from peers firewall ipv6-name 'peers-to-servers-6' set firewall zone servers from peers firewall name 'peers-to-servers-4' -set firewall zone servers interface 'eth0.1001' -set firewall zone servers interface 'eth0.105' -set firewall zone servers interface 'eth0.102' -set firewall zone servers interface 'eth0.1019' -set firewall zone servers interface 'eth0.1014' -set firewall zone servers interface 'eth0.1020' -set firewall zone servers interface 'eth0.1018' -set firewall zone servers interface 'eth0.1013' -set firewall zone servers interface 'eth0.1012' -set firewall zone servers interface 'eth0.1011' -set firewall zone servers interface 'eth0.1010' -set firewall zone servers interface 'eth0.1009' -set firewall zone servers interface 'eth0.1006' -set firewall zone servers interface 'eth0.1005' -set firewall zone servers interface 'eth0.1017' -set firewall zone servers interface 'eth0.1016' -set firewall zone servers interface 'eth0.1002' -set firewall zone servers interface 'eth0.1015' -set firewall zone servers interface 'eth0.1003' -set firewall zone servers interface 'eth0.1004' -set firewall zone servers interface 'eth0.1007' -set firewall zone servers interface 'eth0.1008' +set firewall zone servers member interface 'eth0.1001' +set firewall zone servers member interface 'eth0.105' +set firewall zone servers member interface 'eth0.102' +set firewall zone servers member interface 'eth0.1019' +set firewall zone servers member interface 'eth0.1014' +set firewall zone servers member interface 'eth0.1020' +set firewall zone servers member interface 'eth0.1018' +set firewall zone servers member interface 'eth0.1013' +set firewall zone servers member interface 'eth0.1012' +set firewall zone servers member interface 'eth0.1011' +set firewall zone servers member interface 'eth0.1010' +set firewall zone servers member interface 'eth0.1009' +set firewall zone servers member interface 'eth0.1006' +set firewall zone servers member interface 'eth0.1005' +set firewall zone servers member interface 'eth0.1017' +set firewall zone servers member interface 'eth0.1016' +set firewall zone servers member interface 'eth0.1002' +set firewall zone servers member interface 'eth0.1015' +set firewall zone servers member interface 'eth0.1003' +set firewall zone servers member interface 'eth0.1004' +set firewall zone servers member interface 'eth0.1007' +set firewall zone servers member interface 'eth0.1008' set high-availability vrrp group 11-4 address 192.0.68.1/27 set high-availability vrrp group 11-4 interface 'eth0.11' set high-availability vrrp group 11-4 priority '200' diff --git a/smoketest/config-tests/dialup-router-complex b/smoketest/config-tests/dialup-router-complex index 4416ef82e..c693cc382 100644 --- a/smoketest/config-tests/dialup-router-complex +++ b/smoketest/config-tests/dialup-router-complex @@ -508,7 +508,7 @@ set firewall zone DMZ from GUEST firewall name 'GUEST-DMZ' set firewall zone DMZ from LAN firewall name 'LAN-DMZ' set firewall zone DMZ from LOCAL firewall name 'LOCAL-DMZ' set firewall zone DMZ from WAN firewall name 'WAN-DMZ' -set firewall zone DMZ interface 'eth0.50' +set firewall zone DMZ member interface 'eth0.50' set firewall zone GUEST default-action 'drop' set firewall zone GUEST from DMZ firewall name 'DMZ-GUEST' set firewall zone GUEST from IOT firewall name 'IOT-GUEST' @@ -517,13 +517,13 @@ set firewall zone GUEST from LOCAL firewall ipv6-name 'ALLOW-ALL-6' set firewall zone GUEST from LOCAL firewall name 'LOCAL-GUEST' set firewall zone GUEST from WAN firewall ipv6-name 'ALLOW-ESTABLISHED-6' set firewall zone GUEST from WAN firewall name 'WAN-GUEST' -set firewall zone GUEST interface 'eth0.20' +set firewall zone GUEST member interface 'eth0.20' set firewall zone IOT default-action 'drop' set firewall zone IOT from GUEST firewall name 'GUEST-IOT' set firewall zone IOT from LAN firewall name 'LAN-IOT' set firewall zone IOT from LOCAL firewall name 'LOCAL-IOT' set firewall zone IOT from WAN firewall name 'WAN-IOT' -set firewall zone IOT interface 'eth0.35' +set firewall zone IOT member interface 'eth0.35' set firewall zone LAN default-action 'drop' set firewall zone LAN from DMZ firewall name 'DMZ-LAN' set firewall zone LAN from GUEST firewall name 'GUEST-LAN' @@ -532,13 +532,13 @@ set firewall zone LAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6' set firewall zone LAN from LOCAL firewall name 'LOCAL-LAN' set firewall zone LAN from WAN firewall ipv6-name 'ALLOW-ESTABLISHED-6' set firewall zone LAN from WAN firewall name 'WAN-LAN' -set firewall zone LAN interface 'eth0.5' -set firewall zone LAN interface 'eth0.10' -set firewall zone LAN interface 'eth0.100' -set firewall zone LAN interface 'eth0.201' -set firewall zone LAN interface 'eth0.202' -set firewall zone LAN interface 'eth0.203' -set firewall zone LAN interface 'eth0.204' +set firewall zone LAN member interface 'eth0.5' +set firewall zone LAN member interface 'eth0.10' +set firewall zone LAN member interface 'eth0.100' +set firewall zone LAN member interface 'eth0.201' +set firewall zone LAN member interface 'eth0.202' +set firewall zone LAN member interface 'eth0.203' +set firewall zone LAN member interface 'eth0.204' set firewall zone LOCAL default-action 'drop' set firewall zone LOCAL from DMZ firewall name 'DMZ-LOCAL' set firewall zone LOCAL from GUEST firewall ipv6-name 'ALLOW-ESTABLISHED-6' @@ -558,7 +558,7 @@ set firewall zone WAN from LAN firewall ipv6-name 'ALLOW-ALL-6' set firewall zone WAN from LAN firewall name 'LAN-WAN' set firewall zone WAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6' set firewall zone WAN from LOCAL firewall name 'LOCAL-WAN' -set firewall zone WAN interface 'pppoe0' +set firewall zone WAN member interface 'pppoe0' set interfaces dummy dum0 address '172.16.254.30/32' set interfaces ethernet eth0 duplex 'auto' set interfaces ethernet eth0 speed 'auto' diff --git a/smoketest/config-tests/dialup-router-wireguard-ipv6 b/smoketest/config-tests/dialup-router-wireguard-ipv6 index c2cf2e9d8..3e298fb82 100644 --- a/smoketest/config-tests/dialup-router-wireguard-ipv6 +++ b/smoketest/config-tests/dialup-router-wireguard-ipv6 @@ -391,7 +391,7 @@ set firewall zone DMZ from GUEST firewall name 'GUEST-DMZ' set firewall zone DMZ from LAN firewall name 'LAN-DMZ' set firewall zone DMZ from LOCAL firewall name 'LOCAL-DMZ' set firewall zone DMZ from WAN firewall name 'WAN-DMZ' -set firewall zone DMZ interface 'eth0.50' +set firewall zone DMZ member interface 'eth0.50' set firewall zone GUEST default-action 'drop' set firewall zone GUEST from DMZ firewall name 'DMZ-GUEST' set firewall zone GUEST from LAN firewall name 'LAN-GUEST' @@ -399,7 +399,7 @@ set firewall zone GUEST from LOCAL firewall ipv6-name 'ALLOW-ALL-6' set firewall zone GUEST from LOCAL firewall name 'LOCAL-GUEST' set firewall zone GUEST from WAN firewall ipv6-name 'ALLOW-ESTABLISHED-6' set firewall zone GUEST from WAN firewall name 'WAN-GUEST' -set firewall zone GUEST interface 'eth1.20' +set firewall zone GUEST member interface 'eth1.20' set firewall zone LAN default-action 'drop' set firewall zone LAN from DMZ firewall name 'DMZ-LAN' set firewall zone LAN from GUEST firewall name 'GUEST-LAN' @@ -407,10 +407,10 @@ set firewall zone LAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6' set firewall zone LAN from LOCAL firewall name 'LOCAL-LAN' set firewall zone LAN from WAN firewall ipv6-name 'ALLOW-ESTABLISHED-6' set firewall zone LAN from WAN firewall name 'WAN-LAN' -set firewall zone LAN interface 'eth0.5' -set firewall zone LAN interface 'eth0.10' -set firewall zone LAN interface 'wg100' -set firewall zone LAN interface 'wg200' +set firewall zone LAN member interface 'eth0.5' +set firewall zone LAN member interface 'eth0.10' +set firewall zone LAN member interface 'wg100' +set firewall zone LAN member interface 'wg200' set firewall zone LOCAL default-action 'drop' set firewall zone LOCAL from DMZ firewall name 'DMZ-LOCAL' set firewall zone LOCAL from GUEST firewall ipv6-name 'ALLOW-ESTABLISHED-6' @@ -428,8 +428,8 @@ set firewall zone WAN from LAN firewall ipv6-name 'ALLOW-ALL-6' set firewall zone WAN from LAN firewall name 'LAN-WAN' set firewall zone WAN from LOCAL firewall ipv6-name 'ALLOW-ALL-6' set firewall zone WAN from LOCAL firewall name 'LOCAL-WAN' -set firewall zone WAN interface 'pppoe0' -set firewall zone WAN interface 'wg666' +set firewall zone WAN member interface 'pppoe0' +set firewall zone WAN member interface 'wg666' set interfaces dummy dum0 address '172.16.254.30/32' set interfaces ethernet eth0 duplex 'auto' set interfaces ethernet eth0 offload gro diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py index 0beafcc6c..b33ef2617 100755 --- a/smoketest/scripts/cli/test_nat.py +++ b/smoketest/scripts/cli/test_nat.py @@ -84,7 +84,7 @@ class TestNAT(VyOSUnitTestSHIM.TestCase): address_group = 'smoketest_addr' address_group_member = '192.0.2.1' interface_group = 'smoketest_ifaces' - interface_group_member = 'bond.99' + interface_group_member = 'eth0' self.cli_set(['firewall', 'group', 'address-group', address_group, 'address', address_group_member]) self.cli_set(['firewall', 'group', 'interface-group', interface_group, 'interface', interface_group_member]) diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py index 74780b601..8baf55857 100755 --- a/src/conf_mode/vrf.py +++ b/src/conf_mode/vrf.py @@ -149,8 +149,9 @@ def verify(vrf): f'static routes installed!') if 'name' in vrf: - reserved_names = ["add", "all", "broadcast", "default", "delete", "dev", - "get", "inet", "mtu", "link", "type", "vrf"] + reserved_names = ['add', 'all', 'broadcast', 'default', 'delete', 'dev', + 'down', 'get', 'inet', 'link', 'mtu', 'type', 'up', 'vrf'] + table_ids = [] vnis = [] for name, vrf_config in vrf['name'].items(): |