summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--data/templates/accel-ppp/chap-secrets.ipoe.j22
-rw-r--r--data/templates/load-balancing/nftables-wlb.j210
-rw-r--r--interface-definitions/include/ip-address.xml.i14
-rw-r--r--interface-definitions/service_dhcp-server.xml.in13
-rw-r--r--interface-definitions/service_ipoe-server.xml.in13
-rw-r--r--python/vyos/ifconfig/wireguard.py78
-rwxr-xr-xsmoketest/scripts/cli/test_service_ipoe-server.py4
-rwxr-xr-xsrc/conf_mode/system_sflow.py2
-rwxr-xr-xsrc/etc/netplug/vyos-netplug-dhcp-client13
-rwxr-xr-xsrc/services/vyos-domain-resolver12
10 files changed, 118 insertions, 43 deletions
diff --git a/data/templates/accel-ppp/chap-secrets.ipoe.j2 b/data/templates/accel-ppp/chap-secrets.ipoe.j2
index dd85160c0..59b9dfc8d 100644
--- a/data/templates/accel-ppp/chap-secrets.ipoe.j2
+++ b/data/templates/accel-ppp/chap-secrets.ipoe.j2
@@ -6,7 +6,7 @@
{% if mac_config.vlan is vyos_defined %}
{% set iface = iface ~ '.' ~ mac_config.vlan %}
{% endif %}
-{{ "%-11s" | format(iface) }} * {{ mac | lower }} {{ mac_config.static_ip if mac_config.static_ip is vyos_defined else '*' }} {{ mac_config.rate_limit.download ~ '/' ~ mac_config.rate_limit.upload if mac_config.rate_limit.download is vyos_defined and mac_config.rate_limit.upload is vyos_defined }}
+{{ "%-11s" | format(iface) }} * {{ mac | lower }} {{ mac_config.ip_address if mac_config.ip_address is vyos_defined else '*' }} {{ mac_config.rate_limit.download ~ '/' ~ mac_config.rate_limit.upload if mac_config.rate_limit.download is vyos_defined and mac_config.rate_limit.upload is vyos_defined }}
{% endfor %}
{% endif %}
{% endfor %}
diff --git a/data/templates/load-balancing/nftables-wlb.j2 b/data/templates/load-balancing/nftables-wlb.j2
index 75604aca1..b3d7c3376 100644
--- a/data/templates/load-balancing/nftables-wlb.j2
+++ b/data/templates/load-balancing/nftables-wlb.j2
@@ -25,7 +25,7 @@ table ip vyos_wanloadbalance {
{% if rule is vyos_defined %}
{% for rule_id, rule_conf in rule.items() %}
{% if rule_conf.exclude is vyos_defined %}
- {{ rule_conf | wlb_nft_rule(rule_id, exclude=True, action='accept') }}
+ {{ rule_conf | wlb_nft_rule(rule_id, exclude=True, action='return') }}
{% else %}
{% set limit = rule_conf.limit is vyos_defined %}
{{ rule_conf | wlb_nft_rule(rule_id, limit=limit, weight=True, health_state=health_state) }}
@@ -38,13 +38,13 @@ table ip vyos_wanloadbalance {
chain wlb_mangle_output {
type filter hook output priority -150; policy accept;
{% if enable_local_traffic is vyos_defined %}
- meta mark != 0x0 counter accept
- meta l4proto icmp counter accept
- ip saddr 127.0.0.0/8 ip daddr 127.0.0.0/8 counter accept
+ meta mark != 0x0 counter return
+ meta l4proto icmp counter return
+ ip saddr 127.0.0.0/8 ip daddr 127.0.0.0/8 counter return
{% if rule is vyos_defined %}
{% for rule_id, rule_conf in rule.items() %}
{% if rule_conf.exclude is vyos_defined %}
- {{ rule_conf | wlb_nft_rule(rule_id, local=True, exclude=True, action='accept') }}
+ {{ rule_conf | wlb_nft_rule(rule_id, local=True, exclude=True, action='return') }}
{% else %}
{% set limit = rule_conf.limit is vyos_defined %}
{{ rule_conf | wlb_nft_rule(rule_id, local=True, limit=limit, weight=True, health_state=health_state) }}
diff --git a/interface-definitions/include/ip-address.xml.i b/interface-definitions/include/ip-address.xml.i
new file mode 100644
index 000000000..6027e97ee
--- /dev/null
+++ b/interface-definitions/include/ip-address.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from ip-address.xml.i -->
+<leafNode name="ip-address">
+ <properties>
+ <help>Fixed IP address of static mapping</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>IPv4 address used in static mapping</description>
+ </valueHelp>
+ <constraint>
+ <validator name="ipv4-address"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/service_dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in
index cb5f9a804..9a194de4f 100644
--- a/interface-definitions/service_dhcp-server.xml.in
+++ b/interface-definitions/service_dhcp-server.xml.in
@@ -211,18 +211,7 @@
#include <include/dhcp/option-v4.xml.i>
#include <include/generic-description.xml.i>
#include <include/generic-disable-node.xml.i>
- <leafNode name="ip-address">
- <properties>
- <help>Fixed IP address of static mapping</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address used in static mapping</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/ip-address.xml.i>
#include <include/interface/mac.xml.i>
#include <include/interface/duid.xml.i>
</children>
diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in
index 6cc4471af..fe9d32bbd 100644
--- a/interface-definitions/service_ipoe-server.xml.in
+++ b/interface-definitions/service_ipoe-server.xml.in
@@ -70,18 +70,7 @@
<constraintErrorMessage>VLAN IDs need to be in range 1-4094</constraintErrorMessage>
</properties>
</leafNode>
- <leafNode name="static-ip">
- <properties>
- <help>Static client IP address</help>
- <valueHelp>
- <format>ipv4</format>
- <description>IPv4 address</description>
- </valueHelp>
- <constraint>
- <validator name="ipv4-address"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/ip-address.xml.i>
</children>
</tagNode>
</children>
diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py
index fed7a5f84..be9bffd20 100644
--- a/python/vyos/ifconfig/wireguard.py
+++ b/python/vyos/ifconfig/wireguard.py
@@ -77,6 +77,84 @@ class WireGuardOperational(Operational):
}
return output
+ def show_interface(self):
+ from vyos.config import Config
+
+ c = Config()
+
+ wgdump = self._dump().get(self.config['ifname'], None)
+
+ c.set_level(['interfaces', 'wireguard', self.config['ifname']])
+ description = c.return_effective_value(['description'])
+ ips = c.return_effective_values(['address'])
+ hostnames = c.return_effective_values(['host-name'])
+
+ answer = 'interface: {}\n'.format(self.config['ifname'])
+ if description:
+ answer += ' description: {}\n'.format(description)
+ if ips:
+ answer += ' address: {}\n'.format(', '.join(ips))
+ if hostnames:
+ answer += ' hostname: {}\n'.format(', '.join(hostnames))
+
+ answer += ' public key: {}\n'.format(wgdump['public_key'])
+ answer += ' private key: (hidden)\n'
+ answer += ' listening port: {}\n'.format(wgdump['listen_port'])
+ answer += '\n'
+
+ for peer in c.list_effective_nodes(['peer']):
+ if wgdump['peers']:
+ pubkey = c.return_effective_value(['peer', peer, 'public-key'])
+ if pubkey in wgdump['peers']:
+ wgpeer = wgdump['peers'][pubkey]
+
+ answer += ' peer: {}\n'.format(peer)
+ answer += ' public key: {}\n'.format(pubkey)
+
+ """ figure out if the tunnel is recently active or not """
+ status = 'inactive'
+ if wgpeer['latest_handshake'] is None:
+ """ no handshake ever """
+ status = 'inactive'
+ else:
+ if int(wgpeer['latest_handshake']) > 0:
+ delta = timedelta(
+ seconds=int(time.time() - wgpeer['latest_handshake'])
+ )
+ answer += ' latest handshake: {}\n'.format(delta)
+ if time.time() - int(wgpeer['latest_handshake']) < (60 * 5):
+ """ Five minutes and the tunnel is still active """
+ status = 'active'
+ else:
+ """ it's been longer than 5 minutes """
+ status = 'inactive'
+ elif int(wgpeer['latest_handshake']) == 0:
+ """ no handshake ever """
+ status = 'inactive'
+ answer += ' status: {}\n'.format(status)
+
+ if wgpeer['endpoint'] is not None:
+ answer += ' endpoint: {}\n'.format(wgpeer['endpoint'])
+
+ if wgpeer['allowed_ips'] is not None:
+ answer += ' allowed ips: {}\n'.format(
+ ','.join(wgpeer['allowed_ips']).replace(',', ', ')
+ )
+
+ if wgpeer['transfer_rx'] > 0 or wgpeer['transfer_tx'] > 0:
+ rx_size = size(wgpeer['transfer_rx'], system=alternative)
+ tx_size = size(wgpeer['transfer_tx'], system=alternative)
+ answer += ' transfer: {} received, {} sent\n'.format(
+ rx_size, tx_size
+ )
+
+ if wgpeer['persistent_keepalive'] is not None:
+ answer += ' persistent keepalive: every {} seconds\n'.format(
+ wgpeer['persistent_keepalive']
+ )
+ answer += '\n'
+ return answer
+
def get_latest_handshakes(self):
"""Get latest handshake time for each peer"""
output = {}
diff --git a/smoketest/scripts/cli/test_service_ipoe-server.py b/smoketest/scripts/cli/test_service_ipoe-server.py
index 67e8ca93f..3b3c205cd 100755
--- a/smoketest/scripts/cli/test_service_ipoe-server.py
+++ b/smoketest/scripts/cli/test_service_ipoe-server.py
@@ -260,7 +260,7 @@ delegate={delegate_2_prefix},{delegate_mask},name={pool_name}"""
tmp = ','.join(vlans)
self.assertIn(f'{interface},{tmp}', conf['ipoe']['vlan-mon'])
- def test_ipoe_server_static_client_ip(self):
+ def test_ipoe_server_static_client_ip_address(self):
mac_address = '08:00:27:2f:d8:06'
ip_address = '192.0.2.100'
@@ -274,7 +274,7 @@ delegate={delegate_2_prefix},{delegate_mask},name={pool_name}"""
interface,
'mac',
mac_address,
- 'static-ip',
+ 'ip-address',
ip_address,
]
)
diff --git a/src/conf_mode/system_sflow.py b/src/conf_mode/system_sflow.py
index 41119b494..a22dac36f 100755
--- a/src/conf_mode/system_sflow.py
+++ b/src/conf_mode/system_sflow.py
@@ -54,7 +54,7 @@ def verify(sflow):
# Check if configured sflow agent-address exist in the system
if 'agent_address' in sflow:
tmp = sflow['agent_address']
- if not is_addr_assigned(tmp):
+ if not is_addr_assigned(tmp, include_vrf=True):
raise ConfigError(
f'Configured "sflow agent-address {tmp}" does not exist in the system!'
)
diff --git a/src/etc/netplug/vyos-netplug-dhcp-client b/src/etc/netplug/vyos-netplug-dhcp-client
index 83fed70f0..4cc824afd 100755
--- a/src/etc/netplug/vyos-netplug-dhcp-client
+++ b/src/etc/netplug/vyos-netplug-dhcp-client
@@ -19,21 +19,22 @@ import sys
from time import sleep
-from vyos.configquery import ConfigTreeQuery
+from vyos.config import Config
from vyos.configdict import get_interface_dict
from vyos.ifconfig import Interface
from vyos.ifconfig import Section
from vyos.utils.boot import boot_configuration_complete
from vyos.utils.commit import commit_in_progress
from vyos import airbag
+
airbag.enable()
if len(sys.argv) < 3:
- airbag.noteworthy("Must specify both interface and link status!")
+ airbag.noteworthy('Must specify both interface and link status!')
sys.exit(1)
if not boot_configuration_complete():
- airbag.noteworthy("System bootup not yet finished...")
+ airbag.noteworthy('System bootup not yet finished...')
sys.exit(1)
interface = sys.argv[1]
@@ -47,8 +48,10 @@ while commit_in_progress():
sleep(1)
in_out = sys.argv[2]
-config = ConfigTreeQuery()
+config = Config()
interface_path = ['interfaces'] + Section.get_config_path(interface).split()
-_, interface_config = get_interface_dict(config, interface_path[:-1], ifname=interface, with_pki=True)
+_, interface_config = get_interface_dict(
+ config, interface_path[:-1], ifname=interface, with_pki=True
+)
Interface(interface).update(interface_config)
diff --git a/src/services/vyos-domain-resolver b/src/services/vyos-domain-resolver
index bfc8caa0a..48c6b86d8 100755
--- a/src/services/vyos-domain-resolver
+++ b/src/services/vyos-domain-resolver
@@ -65,13 +65,15 @@ def get_config(conf, node):
node_config = dict_merge(default_values, node_config)
- global timeout, cache
+ if node == base_firewall and 'global_options' in node_config:
+ global_config = node_config['global_options']
+ global timeout, cache
- if 'resolver_interval' in node_config:
- timeout = int(node_config['resolver_interval'])
+ if 'resolver_interval' in global_config:
+ timeout = int(global_config['resolver_interval'])
- if 'resolver_cache' in node_config:
- cache = True
+ if 'resolver_cache' in global_config:
+ cache = True
fqdn_config_parse(node_config, node[0])
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-26 22:34:55 +0000