diff options
| -rw-r--r-- | .github/workflows/build.yml | 20 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | data/templates/openvpn/server.conf.j2 | 3 | ||||
| -rw-r--r-- | interface-definitions/include/constraint/interface-name.xml.in | 2 | ||||
| -rw-r--r-- | interface-definitions/system-time-zone.xml.in | 2 | ||||
| -rw-r--r-- | python/vyos/accel_ppp.py | 3 | ||||
| -rw-r--r-- | python/vyos/ifconfig/tunnel.py | 12 | ||||
| -rw-r--r-- | sonar-project.properties | 6 | ||||
| -rwxr-xr-x | src/conf_mode/container.py | 10 | ||||
| -rwxr-xr-x | src/conf_mode/vpn_ipsec.py | 3 | ||||
| -rwxr-xr-x | src/conf_mode/vpn_openconnect.py | 7 | ||||
| -rwxr-xr-x | src/op_mode/accelppp.py | 38 | ||||
| -rwxr-xr-x | src/op_mode/openvpn.py | 4 | ||||
| -rwxr-xr-x | src/validators/timezone | 4 |
14 files changed, 90 insertions, 26 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..d77275d38 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,20 @@ +name: Build +on: + push: + branches: + - current + pull_request: + types: [opened, synchronize, reopened] +jobs: + sonarcloud: + name: SonarCloud + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -1,6 +1,6 @@ # vyos-1x: VyOS command definitions, configuration scripts, and data -[](https://sonarcloud.io/component_measures?id=vyos%3Avyos-1x&metric=coverage) +[](https://sonarcloud.io/component_measures?id=vyos_vyos-1x&metric=coverage) [](https://app.fossa.io/projects/git%2Bgithub.com%2Fvyos%2Fvyos-1x?ref=badge_shield) VyOS 1.1.x had its codebase split into way too many submodules for no good diff --git a/data/templates/openvpn/server.conf.j2 b/data/templates/openvpn/server.conf.j2 index 6dd4ef88d..af866f2a6 100644 --- a/data/templates/openvpn/server.conf.j2 +++ b/data/templates/openvpn/server.conf.j2 @@ -213,6 +213,9 @@ keysize 256 data-ciphers {{ encryption.ncp_ciphers | openvpn_ncp_ciphers }} {% endif %} {% endif %} +# https://vyos.dev/T5027 +# Required to support BF-CBC (default ciphername when none given) +providers legacy default {% if hash is vyos_defined %} auth {{ hash }} diff --git a/interface-definitions/include/constraint/interface-name.xml.in b/interface-definitions/include/constraint/interface-name.xml.in index 2d1f7b757..e540e4418 100644 --- a/interface-definitions/include/constraint/interface-name.xml.in +++ b/interface-definitions/include/constraint/interface-name.xml.in @@ -1,4 +1,4 @@ <!-- include start from constraint/interface-name.xml.in --> -<regex>(bond|br|dum|en|ersp|eth|gnv|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex> +<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex> <validator name="file-path --lookup-path /sys/class/net --directory"/> <!-- include end --> diff --git a/interface-definitions/system-time-zone.xml.in b/interface-definitions/system-time-zone.xml.in index ff815c9d3..f6b291984 100644 --- a/interface-definitions/system-time-zone.xml.in +++ b/interface-definitions/system-time-zone.xml.in @@ -7,7 +7,7 @@ <help>Local time zone (default UTC)</help> <priority>100</priority> <completionHelp> - <script>find /usr/share/zoneinfo/posix -type f -or -type l | sed -e s:/usr/share/zoneinfo/posix/:: | sort</script> + <script>timedatectl list-timezones</script> </completionHelp> <constraint> <validator name="timezone" argument="--validate"/> diff --git a/python/vyos/accel_ppp.py b/python/vyos/accel_ppp.py index bfc8ee5a9..0af311e57 100644 --- a/python/vyos/accel_ppp.py +++ b/python/vyos/accel_ppp.py @@ -38,6 +38,9 @@ def get_server_statistics(accel_statistics, pattern, sep=':') -> dict: if key in ['starting', 'active', 'finishing']: stat_dict['sessions'][key] = value.strip() continue + if key == 'cpu': + stat_dict['cpu_load_percentage'] = int(re.sub(r'%', '', value.strip())) + continue stat_dict[key] = value.strip() return stat_dict diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py index 5258a2cb1..f776240a1 100644 --- a/python/vyos/ifconfig/tunnel.py +++ b/python/vyos/ifconfig/tunnel.py @@ -162,6 +162,15 @@ class TunnelIf(Interface): """ Get a synthetic MAC address. """ return self.get_mac_synthetic() + def set_multicast(self): + """ Set multicast """ + if self.config.get('multicast', 'disable') == 'enable': + cmd = 'ip link set dev {ifname} multicast on' + else: + cmd = 'ip link set dev {ifname} multicast off' + + self._cmd(cmd.format(**self.config)) + def update(self, config): """ General helper function which works on a dictionary retrived by get_config_dict(). It's main intention is to consolidate the scattered @@ -170,5 +179,8 @@ class TunnelIf(Interface): # Adjust iproute2 tunnel parameters if necessary self._change_options() + # Add multicast + self.set_multicast() + # call base class first super().update(config) diff --git a/sonar-project.properties b/sonar-project.properties index eddfd5e1e..8ff358515 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,7 +1,8 @@ -sonar.projectKey=vyos:vyos-1x +sonar.projectKey=vyos_vyos-1x sonar.projectName=vyos-1x sonar.projectVersion=1.2.0 sonar.organization=vyos +sonar.python.version=3.9 sonar.sources=src/conf_mode,src/op_mode,src/completion,src/helpers,src/validators sonar.language=py @@ -17,5 +18,4 @@ sonar.host.url=https://sonarcloud.io sonar.python.pylint=/usr/local/bin/pylint sonar.python.pylint_config=.pylintrc sonar.python.pylint.reportPath=pylint-report.txt -sonar.python.xunit.reportPath=nosetests.xml -sonar.python.coverage.reportPath=coverage.xml +sonar.python.coverage.reportPaths=coverage.xml diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py index 08861053d..90e5f84f2 100755 --- a/src/conf_mode/container.py +++ b/src/conf_mode/container.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2022 VyOS maintainers and contributors +# Copyright (C) 2021-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -84,16 +84,16 @@ def get_config(config=None): # tagNodes in place, it is better to blend in the defaults manually. if 'port' in container['name'][name]: for port in container['name'][name]['port']: - default_values = defaults(base + ['name', 'port']) + default_values_port = defaults(base + ['name', 'port']) container['name'][name]['port'][port] = dict_merge( - default_values, container['name'][name]['port'][port]) + default_values_port, container['name'][name]['port'][port]) # XXX: T2665: we can not safely rely on the defaults() when there are # tagNodes in place, it is better to blend in the defaults manually. if 'volume' in container['name'][name]: for volume in container['name'][name]['volume']: - default_values = defaults(base + ['name', 'volume']) + default_values_volume = defaults(base + ['name', 'volume']) container['name'][name]['volume'][volume] = dict_merge( - default_values, container['name'][name]['volume'][volume]) + default_values_volume, container['name'][name]['volume'][volume]) # Delete container network, delete containers tmp = node_changed(conf, base + ['network']) diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 8263358ea..d207c63df 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -540,8 +540,7 @@ def generate(ipsec): cleanup_pki_files() if not ipsec: - for config_file in [ipsec_conf, ipsec_secrets, charon_dhcp_conf, - charon_radius_conf, interface_conf, swanctl_conf]: + for config_file in [charon_dhcp_conf, charon_radius_conf, interface_conf, swanctl_conf]: if os.path.isfile(config_file): os.unlink(config_file) render(charon_conf, 'ipsec/charon.j2', {'install_routes': default_install_routes}) diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py index 855eb99f9..bf5d3ac84 100755 --- a/src/conf_mode/vpn_openconnect.py +++ b/src/conf_mode/vpn_openconnect.py @@ -105,8 +105,11 @@ def T2665_default_dict_cleanup(origin: dict, default_values: dict) -> dict: return origin -def get_config(): - conf = Config() +def get_config(config=None): + if config: + conf = config + else: + conf = Config() base = ['vpn', 'openconnect'] if not conf.exists(base): return None diff --git a/src/op_mode/accelppp.py b/src/op_mode/accelppp.py index 2fd045dc3..87a25bb96 100755 --- a/src/op_mode/accelppp.py +++ b/src/op_mode/accelppp.py @@ -27,29 +27,51 @@ from vyos.util import rc_cmd accel_dict = { 'ipoe': { 'port': 2002, - 'path': 'service ipoe-server' + 'path': 'service ipoe-server', + 'base_path': 'service ipoe-server' }, 'pppoe': { 'port': 2001, - 'path': 'service pppoe-server' + 'path': 'service pppoe-server', + 'base_path': 'service pppoe-server' }, 'pptp': { 'port': 2003, - 'path': 'vpn pptp' + 'path': 'vpn pptp', + 'base_path': 'vpn pptp' }, 'l2tp': { 'port': 2004, - 'path': 'vpn l2tp' + 'path': 'vpn l2tp', + 'base_path': 'vpn l2tp remote-access' }, 'sstp': { 'port': 2005, - 'path': 'vpn sstp' + 'path': 'vpn sstp', + 'base_path': 'vpn sstp' } } -def _get_raw_statistics(accel_output, pattern): - return vyos.accel_ppp.get_server_statistics(accel_output, pattern, sep=':') +def _get_config_settings(protocol): + '''Get config dict from VyOS configuration''' + conf = ConfigTreeQuery() + base_path = accel_dict[protocol]['base_path'] + data = conf.get_config_dict(base_path, + key_mangling=('-', '_'), + get_first_key=True, + no_tag_node_value_mangle=True) + if conf.exists(f'{base_path} authentication local-users'): + # Delete sensitive data + del data['authentication']['local_users'] + return {'config_option': data} + + +def _get_raw_statistics(accel_output, pattern, protocol): + return { + **vyos.accel_ppp.get_server_statistics(accel_output, pattern, sep=':'), + **_get_config_settings(protocol) + } def _get_raw_sessions(port): @@ -103,7 +125,7 @@ def show_statistics(raw: bool, protocol: str): rc, output = rc_cmd(f'/usr/bin/accel-cmd -p {port} show stat') if raw: - return _get_raw_statistics(output, pattern) + return _get_raw_statistics(output, pattern, protocol) return output diff --git a/src/op_mode/openvpn.py b/src/op_mode/openvpn.py index 3797a7153..d957a1d01 100755 --- a/src/op_mode/openvpn.py +++ b/src/op_mode/openvpn.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -153,6 +153,8 @@ def _get_raw_data(mode: str) -> dict: d = data[intf] d['local_host'] = conf_dict[intf].get('local-host', '') d['local_port'] = conf_dict[intf].get('local-port', '') + if conf.exists(f'interfaces openvpn {intf} server client'): + d['configured_clients'] = conf.list_nodes(f'interfaces openvpn {intf} server client') if mode in ['client', 'site-to-site']: for client in d['clients']: if 'shared-secret-key-file' in list(conf_dict[intf]): diff --git a/src/validators/timezone b/src/validators/timezone index baf5abca2..107571181 100755 --- a/src/validators/timezone +++ b/src/validators/timezone @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -25,7 +25,7 @@ if __name__ == '__main__': parser.add_argument("--validate", action="store", required=True, help="Check if timezone is valid") args = parser.parse_args() - tz_data = cmd('find /usr/share/zoneinfo/posix -type f -or -type l | sed -e s:/usr/share/zoneinfo/posix/::') + tz_data = cmd('timedatectl list-timezones') tz_data = tz_data.split('\n') if args.validate not in tz_data: |