diff options
Diffstat (limited to 'python')
30 files changed, 1110 insertions, 922 deletions
diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index e5e758a8b..5acb1fdfe 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -126,14 +126,14 @@ def leaf_node_changed(conf, path): return None -def node_changed(conf, path): +def node_changed(conf, path, key_mangling=None): """ Check if a leaf node was altered. If it has been altered - values has been changed, or it was added/removed, we will return the old value. If nothing has been changed, None is returned """ from vyos.configdiff import get_config_diff, Diff - D = get_config_diff(conf, key_mangling=('-', '_')) + D = get_config_diff(conf, key_mangling) D.set_level(conf.get_level()) # get_child_nodes() will return dict_keys(), mangle this into a list with PEP448 keys = D.get_child_nodes_diff(path, expand_nodes=Diff.DELETE)['delete'].keys() @@ -272,9 +272,9 @@ def has_vlan_subinterface_configured(conf, intf): old_level = conf.get_level() conf.set_level([]) - intfpath = 'interfaces ' + Section.get_config_path(intf) - if ( conf.exists(f'{intfpath} vif') or - conf.exists(f'{intfpath} vif-s')): + intfpath = ['interfaces', Section.section(intf), intf] + if ( conf.exists(intfpath + ['vif']) or + conf.exists(intfpath + ['vif-s'])): ret = True conf.set_level(old_level) diff --git a/python/vyos/configquery.py b/python/vyos/configquery.py new file mode 100644 index 000000000..ed7346f1f --- /dev/null +++ b/python/vyos/configquery.py @@ -0,0 +1,90 @@ +# Copyright 2021 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library. If not, see <http://www.gnu.org/licenses/>. + +''' +A small library that allows querying existence or value(s) of config +settings from op mode, and execution of arbitrary op mode commands. +''' + +from subprocess import STDOUT +from vyos.util import popen + + +class ConfigQueryError(Exception): + pass + +class GenericConfigQuery: + def __init__(self): + pass + + def exists(self, path: list): + raise NotImplementedError + + def value(self, path: list): + raise NotImplementedError + + def values(self, path: list): + raise NotImplementedError + +class GenericOpRun: + def __init__(self): + pass + + def run(self, path: list, **kwargs): + raise NotImplementedError + +class CliShellApiConfigQuery(GenericConfigQuery): + def __init__(self): + super().__init__() + + def exists(self, path: list): + cmd = ' '.join(path) + (_, err) = popen(f'cli-shell-api existsActive {cmd}') + if err: + return False + return True + + def value(self, path: list): + cmd = ' '.join(path) + (out, err) = popen(f'cli-shell-api returnActiveValue {cmd}') + if err: + raise ConfigQueryError('No value for given path') + return out + + def values(self, path: list): + cmd = ' '.join(path) + (out, err) = popen(f'cli-shell-api returnActiveValues {cmd}') + if err: + raise ConfigQueryError('No values for given path') + return out + +class VbashOpRun(GenericOpRun): + def __init__(self): + super().__init__() + + def run(self, path: list, **kwargs): + cmd = ' '.join(path) + (out, err) = popen(f'. /opt/vyatta/share/vyatta-op/functions/interpreter/vyatta-op-run; _vyatta_op_run {cmd}', stderr=STDOUT, **kwargs) + if err: + raise ConfigQueryError(out) + return out + +def query_context(config_query_class=CliShellApiConfigQuery, + op_run_class=VbashOpRun): + query = config_query_class() + run = op_run_class() + return query, run + + diff --git a/python/vyos/configsession.py b/python/vyos/configsession.py index 82b9355a3..670e6c7fc 100644 --- a/python/vyos/configsession.py +++ b/python/vyos/configsession.py @@ -129,9 +129,9 @@ class ConfigSession(object): def __run_command(self, cmd_list): p = subprocess.Popen(cmd_list, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, env=self.__session_env) + (stdout_data, stderr_data) = p.communicate() + output = stdout_data.decode() result = p.wait() - output = p.stdout.read().decode() - p.communicate() if result != 0: raise ConfigSessionError(output) return output diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index b4447306e..718b7445d 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -80,7 +80,7 @@ def verify_vrf(config): recurring validation of VRF configuration. """ from netifaces import interfaces - if 'vrf' in config: + if 'vrf' in config and config['vrf'] != 'default': if config['vrf'] not in interfaces(): raise ConfigError('VRF "{vrf}" does not exist'.format(**config)) @@ -89,6 +89,50 @@ def verify_vrf(config): 'Interface "{ifname}" cannot be both a member of VRF "{vrf}" ' 'and bridge "{is_bridge_member}"!'.format(**config)) +def verify_tunnel(config): + """ + This helper is used to verify the common part of the tunnel + """ + from vyos.template import is_ipv4 + from vyos.template import is_ipv6 + + if 'encapsulation' not in config: + raise ConfigError('Must configure the tunnel encapsulation for '\ + '{ifname}!'.format(**config)) + + if 'source_address' not in config and 'dhcp_interface' not in config: + raise ConfigError('source-address is mandatory for tunnel') + + if 'remote' not in config and config['encapsulation'] != 'gre': + raise ConfigError('remote ip address is mandatory for tunnel') + + if {'source_address', 'dhcp_interface'} <= set(config): + raise ConfigError('Can not use both source-address and dhcp-interface') + + if config['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre', 'ip6gretap', 'ip6erspan']: + error_ipv6 = 'Encapsulation mode requires IPv6' + if 'source_address' in config and not is_ipv6(config['source_address']): + raise ConfigError(f'{error_ipv6} source-address') + + if 'remote' in config and not is_ipv6(config['remote']): + raise ConfigError(f'{error_ipv6} remote') + else: + error_ipv4 = 'Encapsulation mode requires IPv4' + if 'source_address' in config and not is_ipv4(config['source_address']): + raise ConfigError(f'{error_ipv4} source-address') + + if 'remote' in config and not is_ipv4(config['remote']): + raise ConfigError(f'{error_ipv4} remote address') + + if config['encapsulation'] in ['sit', 'gretap', 'ip6gretap']: + if 'source_interface' in config: + encapsulation = config['encapsulation'] + raise ConfigError(f'Option source-interface can not be used with ' \ + f'encapsulation "{encapsulation}"!') + elif config['encapsulation'] == 'gre': + if 'source_address' in config and is_ipv6(config['source_address']): + raise ConfigError('Can not use local IPv6 address is for mGRE tunnels') + def verify_eapol(config): """ Common helper function used by interface implementations to perform @@ -136,15 +180,14 @@ def verify_bridge_delete(config): 'Interface "{ifname}" cannot be deleted as it is a ' 'member of bridge "{is_bridge_member}"!'.format(**config)) -def verify_interface_exists(config): +def verify_interface_exists(ifname): """ Common helper function used by interface implementations to perform recurring validation if an interface actually exists. """ from netifaces import interfaces - if not config['ifname'] in interfaces(): - raise ConfigError('Interface "{ifname}" does not exist!' - .format(**config)) + if ifname not in interfaces(): + raise ConfigError(f'Interface "{ifname}" does not exist!') def verify_source_interface(config): """ @@ -210,6 +253,13 @@ def verify_vlan_config(config): Common helper function used by interface implementations to perform recurring validation of interface VLANs """ + + # VLAN and Q-in-Q IDs are not allowed to overlap + if 'vif' in config and 'vif_s' in config: + duplicate = list(set(config['vif']) & set(config['vif_s'])) + if duplicate: + raise ConfigError(f'Duplicate VLAN id "{duplicate[0]}" used for vif and vif-s interfaces!') + # 802.1q VLANs for vlan in config.get('vif', {}): vlan = config['vif'][vlan] @@ -218,17 +268,17 @@ def verify_vlan_config(config): verify_vrf(vlan) # 802.1ad (Q-in-Q) VLANs - for vlan in config.get('vif_s', {}): - vlan = config['vif_s'][vlan] - verify_dhcpv6(vlan) - verify_address(vlan) - verify_vrf(vlan) - - for vlan in config.get('vif_s', {}).get('vif_c', {}): - vlan = config['vif_c'][vlan] - verify_dhcpv6(vlan) - verify_address(vlan) - verify_vrf(vlan) + for s_vlan in config.get('vif_s', {}): + s_vlan = config['vif_s'][s_vlan] + verify_dhcpv6(s_vlan) + verify_address(s_vlan) + verify_vrf(s_vlan) + + for c_vlan in s_vlan.get('vif_c', {}): + c_vlan = s_vlan['vif_c'][c_vlan] + verify_dhcpv6(c_vlan) + verify_address(c_vlan) + verify_vrf(c_vlan) def verify_accel_ppp_base_service(config): """ @@ -308,3 +358,26 @@ def verify_diffie_hellman_length(file, min_keysize): return False +def verify_route_maps(config): + """ + Common helper function used by routing protocol implementations to perform + recurring validation if the specified route-map for either zebra to kernel + installation exists (this is the top-level route_map key) or when a route + is redistributed with a route-map that it exists! + """ + if 'route_map' in config: + route_map = config['route_map'] + # Check if the specified route-map exists, if not error out + if dict_search(f'policy.route_map.{route_map}', config) == None: + raise ConfigError(f'Specified route-map "{route_map}" does not exist!') + + if 'redistribute' in config: + for protocol, protocol_config in config['redistribute'].items(): + if 'route_map' in protocol_config: + # A hyphen in a route-map name will be converted to _, take care + # about this effect during validation + route_map = protocol_config['route_map'].replace('-','_') + # Check if the specified route-map exists, if not error out + if dict_search(f'policy.route_map.{route_map}', config) == None: + raise ConfigError(f'Redistribution route-map "{route_map}" ' \ + f'for "{protocol}" does not exist!') diff --git a/python/vyos/ethtool.py b/python/vyos/ethtool.py new file mode 100644 index 000000000..136feae8d --- /dev/null +++ b/python/vyos/ethtool.py @@ -0,0 +1,101 @@ +# Copyright 2021 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +from vyos.util import popen + +class Ethtool: + """ + Class is used to retrive and cache information about an ethernet adapter + """ + + # dictionary containing driver featurs, it will be populated on demand and + # the content will look like: + # { + # 'tls-hw-tx-offload': {'fixed': True, 'on': False}, + # 'tx-checksum-fcoe-crc': {'fixed': True, 'on': False}, + # 'tx-checksum-ip-generic': {'fixed': False, 'on': True}, + # 'tx-checksum-ipv4': {'fixed': True, 'on': False}, + # 'tx-checksum-ipv6': {'fixed': True, 'on': False}, + # 'tx-checksum-sctp': {'fixed': True, 'on': False}, + # 'tx-checksumming': {'fixed': False, 'on': True}, + # 'tx-esp-segmentation': {'fixed': True, 'on': False}, + # } + features = { } + ring_buffers = { } + + def __init__(self, ifname): + # Now populate features dictionaty + out, err = popen(f'ethtool -k {ifname}') + # skip the first line, it only says: "Features for eth0": + for line in out.splitlines()[1:]: + if ":" in line: + key, value = [s.strip() for s in line.strip().split(":", 1)] + fixed = "fixed" in value + if fixed: + value = value.split()[0].strip() + self.features[key.strip()] = { + "on": value == "on", + "fixed": fixed + } + + out, err = popen(f'ethtool -g {ifname}') + # We are only interested in line 2-5 which contains the device maximum + # ringbuffers + for line in out.splitlines()[2:6]: + if ':' in line: + key, value = [s.strip() for s in line.strip().split(":", 1)] + key = key.lower().replace(' ', '_') + self.ring_buffers[key] = int(value) + + + def is_fixed_lro(self): + # in case of a missing configuration, rather return "fixed". In Ethtool + # terminology "fixed" means the setting can not be changed by the user. + return self.features.get('large-receive-offload', True).get('fixed', True) + + def is_fixed_gro(self): + # in case of a missing configuration, rather return "fixed". In Ethtool + # terminology "fixed" means the setting can not be changed by the user. + return self.features.get('generic-receive-offload', True).get('fixed', True) + + def is_fixed_gso(self): + # in case of a missing configuration, rather return "fixed". In Ethtool + # terminology "fixed" means the setting can not be changed by the user. + return self.features.get('generic-segmentation-offload', True).get('fixed', True) + + def is_fixed_sg(self): + # in case of a missing configuration, rather return "fixed". In Ethtool + # terminology "fixed" means the setting can not be changed by the user. + return self.features.get('scatter-gather', True).get('fixed', True) + + def is_fixed_tso(self): + # in case of a missing configuration, rather return "fixed". In Ethtool + # terminology "fixed" means the setting can not be changed by the user. + return self.features.get('tcp-segmentation-offload', True).get('fixed', True) + + def is_fixed_ufo(self): + # in case of a missing configuration, rather return "fixed". In Ethtool + # terminology "fixed" means the setting can not be changed by the user. + return self.features.get('udp-fragmentation-offload', True).get('fixed', True) + + def get_rx_buffer(self): + # Configuration of RX ring-buffers is not supported on every device, + # thus when it's impossible return None + return self.ring_buffers.get('rx', None) + + def get_tx_buffer(self): + # Configuration of TX ring-buffers is not supported on every device, + # thus when it's impossible return None + return self.ring_buffers.get('tx', None) diff --git a/python/vyos/frr.py b/python/vyos/frr.py index 3bab64301..668489636 100644 --- a/python/vyos/frr.py +++ b/python/vyos/frr.py @@ -68,15 +68,26 @@ Apply the new configuration: import tempfile import re from vyos import util +from vyos.util import chown import logging +from logging.handlers import SysLogHandler +import os LOG = logging.getLogger(__name__) +DEBUG = os.path.exists('/tmp/vyos.frr.debug') +if DEBUG: + LOG.setLevel(logging.DEBUG) + ch = SysLogHandler(address='/dev/log') + ch2 = logging.StreamHandler() + LOG.addHandler(ch) + LOG.addHandler(ch2) _frr_daemons = ['zebra', 'bgpd', 'fabricd', 'isisd', 'ospf6d', 'ospfd', 'pbrd', 'pimd', 'ripd', 'ripngd', 'sharpd', 'staticd', 'vrrpd', 'ldpd'] path_vtysh = '/usr/bin/vtysh' path_frr_reload = '/usr/lib/frr/frr-reload.py' +path_config = '/run/frr' class FrrError(Exception): @@ -175,21 +186,53 @@ def reload_configuration(config, daemon=None): f.write(config) f.flush() + LOG.debug(f'reload_configuration: Reloading config using temporary file: {f.name}') cmd = f'{path_frr_reload} --reload' if daemon: cmd += f' --daemon {daemon}' + + if DEBUG: + cmd += f' --debug --stdout' + cmd += f' {f.name}' + LOG.debug(f'reload_configuration: Executing command against frr-reload: "{cmd}"') output, code = util.popen(cmd, stderr=util.STDOUT) f.close() + for i, e in enumerate(output.split('\n')): + LOG.debug(f'frr-reload output: {i:3} {e}') if code == 1: - raise CommitError(f'Configuration FRR failed while commiting code: {repr(output)}') + raise CommitError(f'Configuration FRR failed while commiting code, please enabling debugging to examine logs') elif code: raise OSError(code, output) return output +def save_configuration(daemon=None): + """Save FRR configuration to /run/frr/{daemon}.conf + It save configuration on each commit. + """ + if daemon and daemon not in _frr_daemons: + raise ValueError(f'The specified daemon type is not supported {repr(daemon)}') + + cmd = f"{path_vtysh} -d {daemon} -c 'show run no-header'" + output, code = util.popen(cmd, stderr=util.STDOUT) + if code: + raise OSError(code, output) + + daemon_conf = f'{path_config}/{daemon}.conf' + + with open(daemon_conf, "w") as f: + f.write(output) + # Set permissions (frr:frr) for /run/frr/{daemon}.conf + if os.path.exists(daemon_conf): + chown(daemon_conf, 'frr', 'frr') + config = output + + return config + + def execute(command): """ Run commands inside vtysh command: str containing commands to execute inside a vtysh session @@ -382,6 +425,11 @@ class FRRConfig: raise ValueError( 'The config element needs to be a string or list type object') + if config: + LOG.debug(f'__init__: frr library initiated with initial config') + for i, e in enumerate(self.config): + LOG.debug(f'__init__: initial {i:3} {e}') + def load_configuration(self, daemon=None): '''Load the running configuration from FRR into the config object daemon: str with name of the FRR Daemon to load configuration from or @@ -390,9 +438,16 @@ class FRRConfig: Using this overwrites the current loaded config objects and replaces the original loaded config ''' self.imported_config = get_configuration(daemon=daemon) - LOG.debug(f'load_configuration: Configuration loaded from FRR: {self.imported_config}') + if daemon: + LOG.debug(f'load_configuration: Configuration loaded from FRR daemon {daemon}') + else: + LOG.debug(f'load_configuration: Configuration loaded from FRR integrated config') + self.original_config = self.imported_config.split('\n') self.config = self.original_config.copy() + + for i, e in enumerate(self.imported_config.split('\n')): + LOG.debug(f'load_configuration: loaded {i:3} {e}') return def test_configuration(self): @@ -408,6 +463,8 @@ class FRRConfig: None to use the consolidated config ''' LOG.debug('commit_configuration: Commiting configuration') + for i, e in enumerate(self.config): + LOG.debug(f'commit_configuration: new_config {i:3} {e}') reload_configuration('\n'.join(self.config), daemon=daemon) def modify_section(self, start_pattern, replacement=[], stop_pattern=r'\S+', remove_stop_mark=False, count=0): @@ -459,7 +516,8 @@ class FRRConfig: start = _find_first_element(self.config, before_pattern) if start < 0: return False - + for i, e in enumerate(addition, start=start): + LOG.debug(f'add_before: add {i:3} {e}') self.config[start:start] = addition return True diff --git a/python/vyos/ifconfig/__init__.py b/python/vyos/ifconfig/__init__.py index 9cd8d44c1..f5dfa8e05 100644 --- a/python/vyos/ifconfig/__init__.py +++ b/python/vyos/ifconfig/__init__.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -31,14 +31,9 @@ from vyos.ifconfig.wireguard import WireGuardIf from vyos.ifconfig.vtun import VTunIf from vyos.ifconfig.vti import VTIIf from vyos.ifconfig.pppoe import PPPoEIf -from vyos.ifconfig.tunnel import GREIf -from vyos.ifconfig.tunnel import GRETapIf -from vyos.ifconfig.tunnel import IP6GREIf -from vyos.ifconfig.tunnel import IPIPIf -from vyos.ifconfig.tunnel import IPIP6If -from vyos.ifconfig.tunnel import IP6IP6If -from vyos.ifconfig.tunnel import SitIf -from vyos.ifconfig.tunnel import Sit6RDIf +from vyos.ifconfig.tunnel import TunnelIf +from vyos.ifconfig.erspan import ERSpanIf +from vyos.ifconfig.erspan import ER6SpanIf from vyos.ifconfig.wireless import WiFiIf from vyos.ifconfig.l2tpv3 import L2TPv3If from vyos.ifconfig.macsec import MACsecIf diff --git a/python/vyos/ifconfig/bond.py b/python/vyos/ifconfig/bond.py index 709222b09..bfa3b0025 100644 --- a/python/vyos/ifconfig/bond.py +++ b/python/vyos/ifconfig/bond.py @@ -1,4 +1,4 @@ -# Copyright 2019-2020 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -31,9 +31,7 @@ class BondIf(Interface): monitoring may be performed. """ - default = { - 'type': 'bond', - } + iftype = 'bond' definition = { **Interface.definition, ** { @@ -343,9 +341,6 @@ class BondIf(Interface): if 'shutdown_required' in config: self.set_admin_state('down') - # call base class first - super().update(config) - # ARP monitor targets need to be synchronized between sysfs and CLI. # Unfortunately an address can't be send twice to sysfs as this will # result in the following exception: OSError: [Errno 22] Invalid argument. @@ -404,12 +399,5 @@ class BondIf(Interface): value = config.get('primary') if value: self.set_primary(value) - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) + # call base class first + super().update(config) diff --git a/python/vyos/ifconfig/bridge.py b/python/vyos/ifconfig/bridge.py index 76520f2ba..14f64a8de 100644 --- a/python/vyos/ifconfig/bridge.py +++ b/python/vyos/ifconfig/bridge.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -22,6 +22,7 @@ from vyos.validate import assert_positive from vyos.util import cmd from vyos.util import dict_search from vyos.configdict import get_vlan_ids +from vyos.configdict import list_diff @Interface.register class BridgeIf(Interface): @@ -33,10 +34,7 @@ class BridgeIf(Interface): The Linux bridge code implements a subset of the ANSI/IEEE 802.1d standard. """ - - default = { - 'type': 'bridge', - } + iftype = 'bridge' definition = { **Interface.definition, **{ @@ -235,11 +233,6 @@ class BridgeIf(Interface): interface setup code and provide a single point of entry when workin on any interface. """ - # call base class first - super().update(config) - - ifname = config['ifname'] - # Set ageing time value = config.get('aging') self.set_ageing_time(value) @@ -274,20 +267,37 @@ class BridgeIf(Interface): for member in (tmp or []): if member in interfaces(): self.del_port(member) - vlan_filter = 0 - vlan_del = set() - vlan_add = set() + # enable/disable Vlan Filter + vlan_filter = '1' if 'enable_vlan' in config else '0' + self.set_vlan_filter(vlan_filter) + + ifname = config['ifname'] + if int(vlan_filter): + add_vlan = [] + cur_vlan_ids = get_vlan_ids(ifname) + + tmp = dict_search('vif', config) + if tmp: + for vif, vif_config in tmp.items(): + add_vlan.append(vif) + + # Remove redundant VLANs from the system + for vlan in list_diff(cur_vlan_ids, add_vlan): + cmd = f'bridge vlan del dev {ifname} vid {vlan} self' + self._cmd(cmd) + + for vlan in add_vlan: + cmd = f'bridge vlan add dev {ifname} vid {vlan} self' + self._cmd(cmd) + + # VLAN of bridge parent interface is always 1 + # VLAN 1 is the default VLAN for all unlabeled packets + cmd = f'bridge vlan add dev {ifname} vid 1 pvid untagged self' + self._cmd(cmd) tmp = dict_search('member.interface', config) if tmp: - if self.get_vlan_filter(): - bridge_vlan_ids = get_vlan_ids(ifname) - # Delete VLAN ID for the bridge - if 1 in bridge_vlan_ids: - bridge_vlan_ids.remove(1) - for vlan in bridge_vlan_ids: - vlan_del.add(str(vlan)) for interface, interface_config in tmp.items(): # if interface does yet not exist bail out early and @@ -302,9 +312,15 @@ class BridgeIf(Interface): # not have any addresses configured by CLI so just flush any # remaining ones lower.flush_addrs() + # enslave interface port to bridge self.add_port(interface) + # always set private-vlan/port isolation + tmp = dict_search('isolated', interface_config) + value = 'on' if (tmp != None) else 'off' + lower.set_port_isolation(value) + # set bridge port path cost if 'cost' in interface_config: value = interface_config.get('cost') @@ -315,70 +331,40 @@ class BridgeIf(Interface): value = interface_config.get('priority') lower.set_path_priority(value) - tmp = dict_search('native_vlan_removed', interface_config) - - for vlan_id in (tmp or []): - cmd = f'bridge vlan del dev {interface} vid {vlan_id}' - self._cmd(cmd) - cmd = f'bridge vlan add dev {interface} vid 1 pvid untagged master' - self._cmd(cmd) - vlan_del.add(vlan_id) - vlan_add.add(1) - - tmp = dict_search('allowed_vlan_removed', interface_config) - - - for vlan_id in (tmp or []): - cmd = f'bridge vlan del dev {interface} vid {vlan_id}' - self._cmd(cmd) - vlan_del.add(vlan_id) - - if 'native_vlan' in interface_config: - vlan_filter = 1 - cmd = f'bridge vlan del dev {interface} vid 1' - self._cmd(cmd) - vlan_id = interface_config['native_vlan'] - if int(vlan_id) != 1: - if 1 in vlan_add: - vlan_add.remove(1) - vlan_del.add(1) - cmd = f'bridge vlan add dev {interface} vid {vlan_id} pvid untagged master' - self._cmd(cmd) - vlan_add.add(vlan_id) - if vlan_id in vlan_del: - vlan_del.remove(vlan_id) - - if 'allowed_vlan' in interface_config: - vlan_filter = 1 - if 'native_vlan' not in interface_config: - cmd = f'bridge vlan del dev {interface} vid 1' + if int(vlan_filter): + add_vlan = [] + native_vlan_id = None + allowed_vlan_ids= [] + cur_vlan_ids = get_vlan_ids(interface) + + if 'native_vlan' in interface_config: + vlan_id = interface_config['native_vlan'] + add_vlan.append(vlan_id) + native_vlan_id = vlan_id + + if 'allowed_vlan' in interface_config: + for vlan in interface_config['allowed_vlan']: + vlan_range = vlan.split('-') + if len(vlan_range) == 2: + for vlan_add in range(int(vlan_range[0]),int(vlan_range[1]) + 1): + add_vlan.append(str(vlan_add)) + allowed_vlan_ids.append(str(vlan_add)) + else: + add_vlan.append(vlan) + allowed_vlan_ids.append(vlan) + + # Remove redundant VLANs from the system + for vlan in list_diff(cur_vlan_ids, add_vlan): + cmd = f'bridge vlan del dev {interface} vid {vlan} master' self._cmd(cmd) - vlan_del.add(1) - for vlan in interface_config['allowed_vlan']: + + for vlan in allowed_vlan_ids: cmd = f'bridge vlan add dev {interface} vid {vlan} master' self._cmd(cmd) - vlan_add.add(vlan) - if vlan in vlan_del: - vlan_del.remove(vlan) - - for vlan in vlan_del: - cmd = f'bridge vlan del dev {ifname} vid {vlan} self' - self._cmd(cmd) - - for vlan in vlan_add: - cmd = f'bridge vlan add dev {ifname} vid {vlan} self' - self._cmd(cmd) - - # enable/disable Vlan Filter - self.set_vlan_filter(vlan_filter) - + # Setting native VLAN to system + if native_vlan_id: + cmd = f'bridge vlan add dev {interface} vid {native_vlan_id} pvid untagged master' + self._cmd(cmd) - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) + # call base class first + super().update(config) diff --git a/python/vyos/ifconfig/control.py b/python/vyos/ifconfig/control.py index 43136f361..d41dfef47 100644 --- a/python/vyos/ifconfig/control.py +++ b/python/vyos/ifconfig/control.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public diff --git a/python/vyos/ifconfig/dummy.py b/python/vyos/ifconfig/dummy.py index 19ef9d304..d45769931 100644 --- a/python/vyos/ifconfig/dummy.py +++ b/python/vyos/ifconfig/dummy.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -23,9 +23,7 @@ class DummyIf(Interface): packets through without actually transmitting them. """ - default = { - 'type': 'dummy', - } + iftype = 'dummy' definition = { **Interface.definition, **{ @@ -33,22 +31,3 @@ class DummyIf(Interface): 'prefixes': ['dum', ], }, } - - def update(self, config): - """ General helper function which works on a dictionary retrived by - get_config_dict(). It's main intention is to consolidate the scattered - interface setup code and provide a single point of entry when workin - on any interface. """ - - # call base class first - super().update(config) - - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) diff --git a/python/vyos/ifconfig/erspan.py b/python/vyos/ifconfig/erspan.py new file mode 100755 index 000000000..03b2acdbf --- /dev/null +++ b/python/vyos/ifconfig/erspan.py @@ -0,0 +1,170 @@ +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see <http://www.gnu.org/licenses/>. + +# https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels/#erspan +# http://vger.kernel.org/lpc_net2018_talks/erspan-linux-presentation.pdf + +from copy import deepcopy + +from netaddr import EUI +from netaddr import mac_unix_expanded +from random import getrandbits + +from vyos.util import dict_search +from vyos.ifconfig.interface import Interface +from vyos.validate import assert_list + +@Interface.register +class _ERSpan(Interface): + """ + _ERSpan: private base class for ERSPAN tunnels + """ + iftype = 'erspan' + definition = { + **Interface.definition, + **{ + 'section': 'erspan', + 'prefixes': ['ersp',], + }, + } + + def __init__(self,ifname,**config): + self.config = deepcopy(config) if config else {} + super().__init__(ifname, **self.config) + + def change_options(self): + pass + + def _create(self): + pass + +class ERSpanIf(_ERSpan): + """ + ERSpanIf: private base class for ERSPAN Over GRE and IPv4 tunnels + """ + + def _create(self): + ifname = self.config['ifname'] + source_address = self.config['source_address'] + remote = self.config['remote'] + key = self.config['parameters']['ip']['key'] + version = self.config['parameters']['version'] + command = f'ip link add dev {ifname} type erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}' + + if int(version) == 1: + idx=dict_search('parameters.erspan.idx',self.config) + if idx: + command += f' erspan {idx}' + elif int(version) == 2: + direction=dict_search('parameters.erspan.direction',self.config) + if direction: + command += f' erspan_dir {direction}' + hwid=dict_search('parameters.erspan.hwid',self.config) + if hwid: + command += f' erspan_hwid {hwid}' + + ttl = dict_search('parameters.ip.ttl',self.config) + if ttl: + command += f' ttl {ttl}' + tos = dict_search('parameters.ip.tos',self.config) + if tos: + command += f' tos {tos}' + + self._cmd(command) + + def change_options(self): + ifname = self.config['ifname'] + source_address = self.config['source_address'] + remote = self.config['remote'] + key = self.config['parameters']['ip']['key'] + version = self.config['parameters']['version'] + command = f'ip link set dev {ifname} type erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}' + + if int(version) == 1: + idx=dict_search('parameters.erspan.idx',self.config) + if idx: + command += f' erspan {idx}' + elif int(version) == 2: + direction=dict_search('parameters.erspan.direction',self.config) + if direction: + command += f' erspan_dir {direction}' + hwid=dict_search('parameters.erspan.hwid',self.config) + if hwid: + command += f' erspan_hwid {hwid}' + + ttl = dict_search('parameters.ip.ttl',self.config) + if ttl: + command += f' ttl {ttl}' + tos = dict_search('parameters.ip.tos',self.config) + if tos: + command += f' tos {tos}' + + self._cmd(command) + +class ER6SpanIf(_ERSpan): + """ + ER6SpanIf: private base class for ERSPAN Over GRE and IPv6 tunnels + """ + + def _create(self): + ifname = self.config['ifname'] + source_address = self.config['source_address'] + remote = self.config['remote'] + key = self.config['parameters']['ip']['key'] + version = self.config['parameters']['version'] + command = f'ip link add dev {ifname} type ip6erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}' + + if int(version) == 1: + idx=dict_search('parameters.erspan.idx',self.config) + if idx: + command += f' erspan {idx}' + elif int(version) == 2: + direction=dict_search('parameters.erspan.direction',self.config) + if direction: + command += f' erspan_dir {direction}' + hwid=dict_search('parameters.erspan.hwid',self.config) + if hwid: + command += f' erspan_hwid {hwid}' + + ttl = dict_search('parameters.ip.ttl',self.config) + if ttl: + command += f' ttl {ttl}' + tos = dict_search('parameters.ip.tos',self.config) + if tos: + command += f' tos {tos}' + + self._cmd(command) + + def change_options(self): + ifname = self.config['ifname'] + source_address = self.config['source_address'] + remote = self.config['remote'] + key = self.config['parameters']['ip']['key'] + version = self.config['parameters']['version'] + command = f'ip link set dev {ifname} type ip6erspan local {source_address} remote {remote} seq key {key} erspan_ver {version}' + + if int(version) == 1: + idx=dict_search('parameters.erspan.idx',self.config) + if idx: + command += f' erspan {idx}' + elif int(version) == 2: + direction=dict_search('parameters.erspan.direction',self.config) + if direction: + command += f' erspan_dir {direction}' + hwid=dict_search('parameters.erspan.hwid',self.config) + if hwid: + command += f' erspan_hwid {hwid}' + + self._cmd(command) diff --git a/python/vyos/ifconfig/ethernet.py b/python/vyos/ifconfig/ethernet.py index 547b54b84..b89ca5a5c 100644 --- a/python/vyos/ifconfig/ethernet.py +++ b/python/vyos/ifconfig/ethernet.py @@ -26,10 +26,7 @@ class EthernetIf(Interface): """ Abstraction of a Linux Ethernet Interface """ - - default = { - 'type': 'ethernet', - } + iftype = 'ethernet' definition = { **Interface.definition, **{ @@ -321,9 +318,6 @@ class EthernetIf(Interface): interface setup code and provide a single point of entry when workin on any interface. """ - # call base class first - super().update(config) - # disable ethernet flow control (pause frames) value = 'off' if 'disable_flow_control' in config else 'on' self.set_flow_control(value) @@ -357,12 +351,5 @@ class EthernetIf(Interface): for b_type in config['ring_buffer']: self.set_ring_buffer(b_type, config['ring_buffer'][b_type]) - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) + # call base class first + super().update(config) diff --git a/python/vyos/ifconfig/geneve.py b/python/vyos/ifconfig/geneve.py index 5c4597be8..7cb3968df 100644 --- a/python/vyos/ifconfig/geneve.py +++ b/python/vyos/ifconfig/geneve.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -13,7 +13,8 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. -from vyos.ifconfig.interface import Interface +from vyos.ifconfig import Interface +from vyos.util import dict_search @Interface.register class GeneveIf(Interface): @@ -26,14 +27,7 @@ class GeneveIf(Interface): https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels/#geneve https://lwn.net/Articles/644938/ """ - - default = { - 'type': 'geneve', - 'vni': 0, - 'remote': '', - } - options = Interface.options + \ - ['vni', 'remote'] + iftype = 'geneve' definition = { **Interface.definition, **{ @@ -44,27 +38,27 @@ class GeneveIf(Interface): } def _create(self): - cmd = 'ip link add name {ifname} type geneve id {vni} remote {remote}'.format(**self.config) - self._cmd(cmd) + # This table represents a mapping from VyOS internal config dict to + # arguments used by iproute2. For more information please refer to: + # - https://man7.org/linux/man-pages/man8/ip-link.8.html + mapping = { + 'parameters.ip.dont_fragment': 'df set', + 'parameters.ip.tos' : 'tos', + 'parameters.ip.ttl' : 'ttl', + 'parameters.ipv6.flowlabel' : 'flowlabel', + } + + cmd = 'ip link add name {ifname} type {type} id {vni} remote {remote}' + for vyos_key, iproute2_key in mapping.items(): + # dict_search will return an empty dict "{}" for valueless nodes like + # "parameters.nolearning" - thus we need to test the nodes existence + # by using isinstance() + tmp = dict_search(vyos_key, self.config) + if isinstance(tmp, dict): + cmd += f' {iproute2_key}' + elif tmp != None: + cmd += f' {iproute2_key} {tmp}' + self._cmd(cmd.format(**self.config)) # interface is always A/D down. It needs to be enabled explicitly self.set_admin_state('down') - - def update(self, config): - """ General helper function which works on a dictionary retrived by - get_config_dict(). It's main intention is to consolidate the scattered - interface setup code and provide a single point of entry when workin - on any interface. """ - - # call base class first - super().update(config) - - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) diff --git a/python/vyos/ifconfig/input.py b/python/vyos/ifconfig/input.py index a6e566d87..db7d2b6b4 100644 --- a/python/vyos/ifconfig/input.py +++ b/python/vyos/ifconfig/input.py @@ -17,9 +17,6 @@ from vyos.ifconfig.interface import Interface @Interface.register class InputIf(Interface): - default = { - 'type': '', - } definition = { **Interface.definition, **{ diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 4c05ac613..ff05cab0e 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -1,4 +1,4 @@ -# Copyright 2019-2020 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -60,7 +60,6 @@ class Interface(Control): options = ['debug', 'create'] required = [] default = { - 'type': '', 'debug': True, 'create': True, } @@ -79,6 +78,14 @@ class Interface(Control): 'shellcmd': 'ip -json link show dev {ifname}', 'format': lambda j: 'up' if 'UP' in jmespath.search('[*].flags | [0]', json.loads(j)) else 'down', }, + 'alias': { + 'shellcmd': 'ip -json -detail link list dev {ifname}', + 'format': lambda j: jmespath.search('[*].ifalias | [0]', json.loads(j)) or '', + }, + 'mac': { + 'shellcmd': 'ip -json -detail link list dev {ifname}', + 'format': lambda j: jmespath.search('[*].address | [0]', json.loads(j)), + }, 'min_mtu': { 'shellcmd': 'ip -json -detail link list dev {ifname}', 'format': lambda j: jmespath.search('[*].min_mtu | [0]', json.loads(j)), @@ -87,6 +94,14 @@ class Interface(Control): 'shellcmd': 'ip -json -detail link list dev {ifname}', 'format': lambda j: jmespath.search('[*].max_mtu | [0]', json.loads(j)), }, + 'mtu': { + 'shellcmd': 'ip -json -detail link list dev {ifname}', + 'format': lambda j: jmespath.search('[*].mtu | [0]', json.loads(j)), + }, + 'oper_state': { + 'shellcmd': 'ip -json -detail link list dev {ifname}', + 'format': lambda j: jmespath.search('[*].operstate | [0]', json.loads(j)), + }, } _command_set = { @@ -94,40 +109,29 @@ class Interface(Control): 'validate': lambda v: assert_list(v, ['up', 'down']), 'shellcmd': 'ip link set dev {ifname} {value}', }, + 'alias': { + 'convert': lambda name: name if name else '', + 'shellcmd': 'ip link set dev {ifname} alias "{value}"', + }, + 'bridge_port_isolation': { + 'validate': lambda v: assert_list(v, ['on', 'off']), + 'shellcmd': 'bridge link set dev {ifname} isolated {value}', + }, 'mac': { 'validate': assert_mac, 'shellcmd': 'ip link set dev {ifname} address {value}', }, + 'mtu': { + 'validate': assert_mtu, + 'shellcmd': 'ip link set dev {ifname} mtu {value}', + }, 'vrf': { 'convert': lambda v: f'master {v}' if v else 'nomaster', 'shellcmd': 'ip link set dev {ifname} {value}', }, } - _sysfs_get = { - 'alias': { - 'location': '/sys/class/net/{ifname}/ifalias', - }, - 'mac': { - 'location': '/sys/class/net/{ifname}/address', - }, - 'mtu': { - 'location': '/sys/class/net/{ifname}/mtu', - }, - 'oper_state':{ - 'location': '/sys/class/net/{ifname}/operstate', - }, - } - _sysfs_set = { - 'alias': { - 'convert': lambda name: name if name else '\0', - 'location': '/sys/class/net/{ifname}/ifalias', - }, - 'mtu': { - 'validate': assert_mtu, - 'location': '/sys/class/net/{ifname}/mtu', - }, 'arp_cache_tmo': { 'convert': lambda tmo: (int(tmo) * 1000), 'location': '/proc/sys/net/ipv4/neigh/{ifname}/base_reachable_time_ms', @@ -231,26 +235,21 @@ class Interface(Control): >>> from vyos.ifconfig import Interface >>> i = Interface('eth0') """ + self.config = deepcopy(kargs) + self.config['ifname'] = self.ifname = ifname - self.config = deepcopy(self.default) - for k in self.options: - if k in kargs: - self.config[k] = kargs[k] - - # make sure the ifname is the first argument and not from the dict - self.config['ifname'] = ifname self._admin_state_down_cnt = 0 # we must have updated config before initialising the Interface super().__init__(**kargs) - self.ifname = ifname if not self.exists(ifname): - # Any instance of Interface, such as Interface('eth0') - # can be used safely to access the generic function in this class - # as 'type' is unset, the class can not be created - if not self.config['type']: + # Any instance of Interface, such as Interface('eth0') can be used + # safely to access the generic function in this class as 'type' is + # unset, the class can not be created + if not self.iftype: raise Exception(f'interface "{ifname}" not found') + self.config['type'] = self.iftype # Should an Instance of a child class (EthernetIf, DummyIf, ..) # be required, then create should be set to False to not accidentally create it. @@ -694,6 +693,20 @@ class Interface(Control): """ self.set_interface('path_priority', priority) + def set_port_isolation(self, on_or_off): + """ + Controls whether a given port will be isolated, which means it will be + able to communicate with non-isolated ports only. By default this flag + is off. + + Use enable=1 to enable or enable=0 to disable + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth1').set_port_isolation('on') + """ + self.set_interface('bridge_port_isolation', on_or_off) + def set_proxy_arp(self, enable): """ Set per interface proxy ARP configuration @@ -899,49 +912,42 @@ class Interface(Control): if 'priority' in bridge_config: self.set_path_cost(bridge_config['priority']) - vlan_filter = 0 - vlan_add = set() - - del_ifname_vlan_ids = get_vlan_ids(ifname) bridge_vlan_filter = Section.klass(bridge)(bridge, create=True).get_vlan_filter() - if bridge_vlan_filter: - if 1 in del_ifname_vlan_ids: - del_ifname_vlan_ids.remove(1) - vlan_filter = 1 - - for vlan in del_ifname_vlan_ids: - cmd = f'bridge vlan del dev {ifname} vid {vlan}' - self._cmd(cmd) - - if 'native_vlan' in bridge_config: - vlan_filter = 1 - cmd = f'bridge vlan del dev {self.ifname} vid 1' - self._cmd(cmd) - vlan_id = bridge_config['native_vlan'] - cmd = f'bridge vlan add dev {self.ifname} vid {vlan_id} pvid untagged master' - self._cmd(cmd) - vlan_add.add(vlan_id) - - if 'allowed_vlan' in bridge_config: - vlan_filter = 1 - if 'native_vlan' not in bridge_config: - cmd = f'bridge vlan del dev {self.ifname} vid 1' + if int(bridge_vlan_filter): + cur_vlan_ids = get_vlan_ids(ifname) + add_vlan = [] + native_vlan_id = None + allowed_vlan_ids= [] + + if 'native_vlan' in bridge_config: + vlan_id = bridge_config['native_vlan'] + add_vlan.append(vlan_id) + native_vlan_id = vlan_id + + if 'allowed_vlan' in bridge_config: + for vlan in bridge_config['allowed_vlan']: + vlan_range = vlan.split('-') + if len(vlan_range) == 2: + for vlan_add in range(int(vlan_range[0]),int(vlan_range[1]) + 1): + add_vlan.append(str(vlan_add)) + allowed_vlan_ids.append(str(vlan_add)) + else: + add_vlan.append(vlan) + allowed_vlan_ids.append(vlan) + + # Remove redundant VLANs from the system + for vlan in list_diff(cur_vlan_ids, add_vlan): + cmd = f'bridge vlan del dev {ifname} vid {vlan} master' self._cmd(cmd) - for vlan in bridge_config['allowed_vlan']: - cmd = f'bridge vlan add dev {self.ifname} vid {vlan} master' - self._cmd(cmd) - vlan_add.add(vlan) - if vlan_filter: - # Setting VLAN ID for the bridge - for vlan in vlan_add: - cmd = f'bridge vlan add dev {bridge} vid {vlan} self' + for vlan in allowed_vlan_ids: + cmd = f'bridge vlan add dev {ifname} vid {vlan} master' + self._cmd(cmd) + # Setting native VLAN to system + if native_vlan_id: + cmd = f'bridge vlan add dev {ifname} vid {native_vlan_id} pvid untagged master' self._cmd(cmd) - - # enable/disable Vlan Filter - # When the VLAN aware option is not detected, the setting of `bridge` should not be overwritten - Section.klass(bridge)(bridge, create=True).set_vlan_filter(vlan_filter) def set_dhcp(self, enable): """ @@ -957,6 +963,9 @@ class Interface(Control): pid_file = f'{config_base}_{ifname}.pid' lease_file = f'{config_base}_{ifname}.leases' + # Stop client with old config files to get the right IF_METRIC. + self._cmd(f'systemctl stop dhclient@{ifname}.service') + if enable and 'disable' not in self._config: if dict_search('dhcp_options.host_name', self._config) == None: # read configured system hostname. @@ -975,10 +984,8 @@ class Interface(Control): # 'up' check is mandatory b/c even if the interface is A/D, as soon as # the DHCP client is started the interface will be placed in u/u state. # This is not what we intended to do when disabling an interface. - return self._cmd(f'systemctl restart dhclient@{ifname}.service') + return self._cmd(f'systemctl start dhclient@{ifname}.service') else: - self._cmd(f'systemctl stop dhclient@{ifname}.service') - # cleanup old config files for file in [config_file, options_file, pid_file, lease_file]: if os.path.isfile(file): @@ -1021,9 +1028,11 @@ class Interface(Control): source_if = next(iter(self._config['is_mirror_intf'])) config = self._config['is_mirror_intf'][source_if].get('mirror', None) + # Please do not clear the 'set $? = 0 '. It's meant to force a return of 0 # Remove existing mirroring rules - delete_tc_cmd = f'tc qdisc del dev {source_if} handle ffff: ingress; ' - delete_tc_cmd += f'tc qdisc del dev {source_if} handle 1: root prio' + delete_tc_cmd = f'tc qdisc del dev {source_if} handle ffff: ingress 2> /dev/null;' + delete_tc_cmd += f'tc qdisc del dev {source_if} handle 1: root prio 2> /dev/null;' + delete_tc_cmd += 'set $?=0' self._popen(delete_tc_cmd) # Bail out early if nothing needs to be configured @@ -1060,6 +1069,10 @@ class Interface(Control): if not isinstance(state, bool): raise ValueError("Value out of range") + # https://phabricator.vyos.net/T3448 - there is (yet) no RPI support for XDP + if not os.path.exists('/usr/sbin/xdp_loader'): + return + ifname = self.config['ifname'] cmd = f'xdp_loader -d {ifname} -U --auto-mode' if state: @@ -1078,6 +1091,10 @@ class Interface(Control): interface setup code and provide a single point of entry when workin on any interface. """ + if self.debug: + import pprint + pprint.pprint(config) + # Cache the configuration - it will be reused inside e.g. DHCP handler # XXX: maybe pass the option via __init__ in the future and rename this # method to apply()? @@ -1108,9 +1125,10 @@ class Interface(Control): self.del_addr('dhcp') # always ensure DHCPv6 client is stopped (when not configured as client - # for IPv6 address or prefix delegation + # for IPv6 address or prefix delegation) dhcpv6pd = dict_search('dhcpv6_options.pd', config) - if 'dhcpv6' not in new_addr or dhcpv6pd == None: + dhcpv6pd = dhcpv6pd != None and len(dhcpv6pd) != 0 + if 'dhcpv6' not in new_addr and not dhcpv6pd: self.del_addr('dhcpv6') # determine IP addresses which are assigned to the interface and build a @@ -1130,7 +1148,7 @@ class Interface(Control): self.add_addr(addr) # start DHCPv6 client when only PD was configured - if dhcpv6pd != None: + if dhcpv6pd: self.set_dhcpv6(True) # There are some items in the configuration which can only be applied @@ -1246,6 +1264,16 @@ class Interface(Control): # configure port mirror self.set_mirror() + # Enable/Disable of an interface must always be done at the end of the + # derived class to make use of the ref-counting set_admin_state() + # function. We will only enable the interface if 'up' was called as + # often as 'down'. This is required by some interface implementations + # as certain parameters can only be changed when the interface is + # in admin-down state. This ensures the link does not flap during + # reconfiguration. + state = 'down' if 'disable' in config else 'up' + self.set_admin_state(state) + # remove no longer required 802.1ad (Q-in-Q VLANs) ifname = config['ifname'] for vif_s_id in config.get('vif_s_remove', {}): @@ -1299,38 +1327,7 @@ class Interface(Control): class VLANIf(Interface): """ Specific class which abstracts 802.1q and 802.1ad (Q-in-Q) VLAN interfaces """ - default = { - 'type': 'vlan', - 'source_interface': '', - 'vlan_id': '', - 'protocol': '', - 'ingress_qos': '', - 'egress_qos': '', - } - - options = Interface.options + \ - ['source_interface', 'vlan_id', 'protocol', 'ingress_qos', 'egress_qos'] - - def remove(self): - """ - Remove interface from operating system. Removing the interface - deconfigures all assigned IP addresses and clear possible DHCP(v6) - client processes. - - Example: - >>> from vyos.ifconfig import Interface - >>> VLANIf('eth0.10').remove - """ - # Do we have sub interfaces (VLANs)? As interfaces need to be deleted - # "in order" starting from Q-in-Q we delete them first. - for upper in glob(f'/sys/class/net/{self.ifname}/upper*'): - # an upper interface could be named: upper_bond0.1000.1100, thus - # we need top drop the upper_ prefix - vif_c = os.path.basename(upper) - vif_c = vif_c.replace('upper_', '') - VLANIf(vif_c).remove() - - super().remove() + iftype = 'vlan' def _create(self): # bail out early if interface already exists @@ -1338,11 +1335,11 @@ class VLANIf(Interface): return cmd = 'ip link add link {source_interface} name {ifname} type vlan id {vlan_id}' - if self.config['protocol']: + if 'protocol' in self.config: cmd += ' protocol {protocol}' - if self.config['ingress_qos']: + if 'ingress_qos' in self.config: cmd += ' ingress-qos-map {ingress_qos}' - if self.config['egress_qos']: + if 'egress_qos' in self.config: cmd += ' egress-qos-map {egress_qos}' self._cmd(cmd.format(**self.config)) @@ -1374,22 +1371,3 @@ class VLANIf(Interface): def set_mirror(self): return - - def update(self, config): - """ General helper function which works on a dictionary retrived by - get_config_dict(). It's main intention is to consolidate the scattered - interface setup code and provide a single point of entry when workin - on any interface. """ - - # call base class first - super().update(config) - - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) diff --git a/python/vyos/ifconfig/l2tpv3.py b/python/vyos/ifconfig/l2tpv3.py index 8ed3d5afb..7ff0fdd0e 100644 --- a/python/vyos/ifconfig/l2tpv3.py +++ b/python/vyos/ifconfig/l2tpv3.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -24,19 +24,7 @@ class L2TPv3If(Interface): either hot standby or load balancing services. Additionally, link integrity monitoring may be performed. """ - - default = { - 'type': 'l2tp', - 'peer_tunnel_id': '', - 'local_port': 0, - 'remote_port': 0, - 'encapsulation': 'udp', - 'local_address': '', - 'remote_address': '', - 'session_id': '', - 'tunnel_id': '', - 'peer_session_id': '' - } + iftype = 'l2tp' definition = { **Interface.definition, **{ @@ -45,20 +33,16 @@ class L2TPv3If(Interface): 'bridgeable': True, } } - options = Interface.options + \ - ['tunnel_id', 'peer_tunnel_id', 'local_port', 'remote_port', - 'encapsulation', 'local_address', 'remote_address', 'session_id', - 'peer_session_id'] def _create(self): # create tunnel interface cmd = 'ip l2tp add tunnel tunnel_id {tunnel_id}' cmd += ' peer_tunnel_id {peer_tunnel_id}' - cmd += ' udp_sport {local_port}' - cmd += ' udp_dport {remote_port}' + cmd += ' udp_sport {source_port}' + cmd += ' udp_dport {destination_port}' cmd += ' encap {encapsulation}' - cmd += ' local {local_address}' - cmd += ' remote {remote_address}' + cmd += ' local {source_address}' + cmd += ' remote {remote}' self._cmd(cmd.format(**self.config)) # setup session @@ -82,36 +66,15 @@ class L2TPv3If(Interface): >>> i.remove() """ - if self.exists(self.config['ifname']): + if self.exists(self.ifname): # interface is always A/D down. It needs to be enabled explicitly self.set_admin_state('down') - if self.config['tunnel_id'] and self.config['session_id']: + if {'tunnel_id', 'session_id'} <= set(self.config): cmd = 'ip l2tp del session tunnel_id {tunnel_id}' cmd += ' session_id {session_id}' self._cmd(cmd.format(**self.config)) - if self.config['tunnel_id']: + if 'tunnel_id' in self.config: cmd = 'ip l2tp del tunnel tunnel_id {tunnel_id}' self._cmd(cmd.format(**self.config)) - - - def update(self, config): - """ General helper function which works on a dictionary retrived by - get_config_dict(). It's main intention is to consolidate the scattered - interface setup code and provide a single point of entry when workin - on any interface. """ - - # call base class first - super().update(config) - - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) - diff --git a/python/vyos/ifconfig/loopback.py b/python/vyos/ifconfig/loopback.py index 0e632d826..192c12f5c 100644 --- a/python/vyos/ifconfig/loopback.py +++ b/python/vyos/ifconfig/loopback.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -22,9 +22,8 @@ class LoopbackIf(Interface): uses to communicate with itself. """ _persistent_addresses = ['127.0.0.1/8', '::1/128'] - default = { - 'type': 'loopback', - } + iftype = 'loopback' + definition = { **Interface.definition, **{ @@ -33,9 +32,6 @@ class LoopbackIf(Interface): 'bridgeable': True, } } - - name = 'loopback' - def remove(self): """ Loopback interface can not be deleted from operating system. We can @@ -70,13 +66,3 @@ class LoopbackIf(Interface): # call base class super().update(config) - - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) diff --git a/python/vyos/ifconfig/macsec.py b/python/vyos/ifconfig/macsec.py index 456686ea6..1a78d18d8 100644 --- a/python/vyos/ifconfig/macsec.py +++ b/python/vyos/ifconfig/macsec.py @@ -1,4 +1,4 @@ -# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2020-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -27,12 +27,7 @@ class MACsecIf(Interface): other security solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are used for their own specific use cases. """ - - default = { - 'type': 'macsec', - 'security_cipher': '', - 'source_interface': '' - } + iftype = 'macsec' definition = { **Interface.definition, **{ @@ -40,8 +35,6 @@ class MACsecIf(Interface): 'prefixes': ['macsec', ], }, } - options = Interface.options + \ - ['security_cipher', 'source_interface'] def _create(self): """ @@ -49,28 +42,9 @@ class MACsecIf(Interface): down by default. """ # create tunnel interface - cmd = 'ip link add link {source_interface} {ifname} type {type}' - cmd += ' cipher {security_cipher}' - self._cmd(cmd.format(**self.config)) + cmd = 'ip link add link {source_interface} {ifname} type {type}'.format(**self.config) + cmd += f' cipher {self.config["security"]["cipher"]}' + self._cmd(cmd) # interface is always A/D down. It needs to be enabled explicitly self.set_admin_state('down') - - def update(self, config): - """ General helper function which works on a dictionary retrived by - get_config_dict(). It's main intention is to consolidate the scattered - interface setup code and provide a single point of entry when workin - on any interface. """ - - # call base class first - super().update(config) - - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) diff --git a/python/vyos/ifconfig/macvlan.py b/python/vyos/ifconfig/macvlan.py index 2447fec77..776014bc3 100644 --- a/python/vyos/ifconfig/macvlan.py +++ b/python/vyos/ifconfig/macvlan.py @@ -1,4 +1,4 @@ -# Copyright 2019-2020 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -20,13 +20,7 @@ class MACVLANIf(Interface): """ Abstraction of a Linux MACvlan interface """ - - default = { - 'type': 'macvlan', - 'address': '', - 'source_interface': '', - 'mode': '', - } + iftype = 'macvlan' definition = { **Interface.definition, **{ @@ -34,39 +28,13 @@ class MACVLANIf(Interface): 'prefixes': ['peth', ], }, } - options = Interface.options + \ - ['source_interface', 'mode'] def _create(self): # please do not change the order when assembling the command - cmd = 'ip link add {ifname}' - if self.config['source_interface']: - cmd += ' link {source_interface}' - cmd += ' type macvlan' - if self.config['mode']: - cmd += ' mode {mode}' + cmd = 'ip link add {ifname} link {source_interface} type {type} mode {mode}' self._cmd(cmd.format(**self.config)) def set_mode(self, mode): ifname = self.config['ifname'] cmd = f'ip link set dev {ifname} type macvlan mode {mode}' return self._cmd(cmd) - - def update(self, config): - """ General helper function which works on a dictionary retrived by - get_config_dict(). It's main intention is to consolidate the scattered - interface setup code and provide a single point of entry when workin - on any interface. """ - - # call base class first - super().update(config) - - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) diff --git a/python/vyos/ifconfig/pppoe.py b/python/vyos/ifconfig/pppoe.py index 787245696..65575cf99 100644 --- a/python/vyos/ifconfig/pppoe.py +++ b/python/vyos/ifconfig/pppoe.py @@ -13,10 +13,8 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. - from vyos.ifconfig.interface import Interface - @Interface.register class PPPoEIf(Interface): default = { diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py index 00dc36420..e5e1300b2 100644 --- a/python/vyos/ifconfig/tunnel.py +++ b/python/vyos/ifconfig/tunnel.py @@ -1,4 +1,4 @@ -# Copyright 2019-2020 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -16,13 +16,12 @@ # https://developers.redhat.com/blog/2019/05/17/an-introduction-to-linux-virtual-interfaces-tunnels/ # https://community.hetzner.com/tutorials/linux-setup-gre-tunnel -from copy import deepcopy - from netaddr import EUI from netaddr import mac_unix_expanded from random import getrandbits from vyos.ifconfig.interface import Interface +from vyos.util import dict_search from vyos.validate import assert_list def enable_to_on(value): @@ -32,11 +31,10 @@ def enable_to_on(value): return 'off' raise ValueError(f'expect enable or disable but got "{value}"') - @Interface.register -class _Tunnel(Interface): +class TunnelIf(Interface): """ - _Tunnel: private base class for tunnels + Tunnel: private base class for tunnels https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/tunnel.c https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/ip6tunnel.c """ @@ -48,45 +46,111 @@ class _Tunnel(Interface): }, } + # This table represents a mapping from VyOS internal config dict to + # arguments used by iproute2. For more information please refer to: + # - https://man7.org/linux/man-pages/man8/ip-link.8.html + # - https://man7.org/linux/man-pages/man8/ip-tunnel.8.html + mapping = { + 'source_address' : 'local', + 'source_interface' : 'dev', + 'remote' : 'remote', + 'parameters.ip.key' : 'key', + 'parameters.ip.tos' : 'tos', + 'parameters.ip.ttl' : 'ttl', + } + mapping_ipv4 = { + 'parameters.ip.key' : 'key', + 'parameters.ip.no_pmtu_discovery' : 'nopmtudisc', + 'parameters.ip.tos' : 'tos', + 'parameters.ip.ttl' : 'ttl', + } + mapping_ipv6 = { + 'parameters.ipv6.encaplimit' : 'encaplimit', + 'parameters.ipv6.flowlabel' : 'flowlabel', + 'parameters.ipv6.hoplimit' : 'hoplimit', + 'parameters.ipv6.tclass' : 'tclass', + } + # TODO: This is surely used for more than tunnels # TODO: could be refactored elsewhere - _command_set = {**Interface._command_set, **{ - 'multicast': { - 'validate': lambda v: assert_list(v, ['enable', 'disable']), - 'convert': enable_to_on, - 'shellcmd': 'ip link set dev {ifname} multicast {value}', - }, - 'allmulticast': { - 'validate': lambda v: assert_list(v, ['enable', 'disable']), - 'convert': enable_to_on, - 'shellcmd': 'ip link set dev {ifname} allmulticast {value}', - }, - }} + _command_set = { + **Interface._command_set, + **{ + 'multicast': { + 'validate': lambda v: assert_list(v, ['enable', 'disable']), + 'convert': enable_to_on, + 'shellcmd': 'ip link set dev {ifname} multicast {value}', + }, + 'allmulticast': { + 'validate': lambda v: assert_list(v, ['enable', 'disable']), + 'convert': enable_to_on, + 'shellcmd': 'ip link set dev {ifname} allmulticast {value}', + }, + } + } - def __init__(self, ifname, **config): - self.config = deepcopy(config) if config else {} - super().__init__(ifname, **config) + def __init__(self, ifname, **kargs): + # T3357: we do not have the 'encapsulation' in kargs when calling this + # class from op-mode like "show interfaces tunnel" + if 'encapsulation' in kargs: + self.iftype = kargs['encapsulation'] + # The gretap interface has the possibility to act as L2 bridge + if self.iftype in ['gretap', 'ip6gretap']: + # no multicast, ttl or tos for gretap + self.definition = { + **TunnelIf.definition, + **{ + 'bridgeable': True, + }, + } + + super().__init__(ifname, **kargs) def _create(self): - create = 'ip tunnel add {ifname} mode {type}' + if self.config['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre']: + mapping = { **self.mapping, **self.mapping_ipv6 } + else: + mapping = { **self.mapping, **self.mapping_ipv4 } + + cmd = 'ip tunnel add {ifname} mode {encapsulation}' + if self.iftype in ['gretap', 'ip6gretap']: + cmd = 'ip link add name {ifname} type {encapsulation}' + for vyos_key, iproute2_key in mapping.items(): + # dict_search will return an empty dict "{}" for valueless nodes like + # "parameters.nolearning" - thus we need to test the nodes existence + # by using isinstance() + tmp = dict_search(vyos_key, self.config) + if isinstance(tmp, dict): + cmd += f' {iproute2_key}' + elif tmp != None: + cmd += f' {iproute2_key} {tmp}' + + self._cmd(cmd.format(**self.config)) - # add " option-name option-name-value ..." for all options set - options = " ".join(["{} {}".format(k, self.config[k]) - for k in self.options if k in self.config and self.config[k]]) - self._cmd('{} {}'.format(create.format(**self.config), options)) self.set_admin_state('down') - def change_options(self): - change = 'ip tunnel cha {ifname} mode {type}' - - # add " option-name option-name-value ..." for all options set - options = " ".join(["{} {}".format(k, self.config[k]) - for k in self.options if k in self.config and self.config[k]]) - self._cmd('{} {}'.format(change.format(**self.config), options)) - - @classmethod - def get_config(cls): - return dict(zip(cls.options, ['']*len(cls.options))) + def _change_options(self): + # gretap interfaces do not support changing any parameter + if self.iftype in ['gretap', 'ip6gretap']: + return + + if self.config['encapsulation'] in ['ipip6', 'ip6ip6', 'ip6gre']: + mapping = { **self.mapping, **self.mapping_ipv6 } + else: + mapping = { **self.mapping, **self.mapping_ipv4 } + + cmd = 'ip tunnel change {ifname} mode {encapsulation}' + for vyos_key, iproute2_key in mapping.items(): + # dict_search will return an empty dict "{}" for valueless nodes like + # "parameters.nolearning" - thus we need to test the nodes existence + # by using isinstance() + tmp = dict_search(vyos_key, self.config) + if isinstance(tmp, dict): + cmd += f' {iproute2_key}' + elif tmp != None: + cmd += f' {iproute2_key} {tmp}' + + self._cmd(cmd.format(**self.config)) def get_mac(self): """ @@ -117,130 +181,8 @@ class _Tunnel(Interface): get_config_dict(). It's main intention is to consolidate the scattered interface setup code and provide a single point of entry when workin on any interface. """ + # Adjust iproute2 tunnel parameters if necessary + self._change_options() # call base class first super().update(config) - - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) - -class GREIf(_Tunnel): - """ - GRE: Generic Routing Encapsulation - - For more information please refer to: - RFC1701, RFC1702, RFC2784 - https://tools.ietf.org/html/rfc2784 - https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/link_gre.c - """ - - default = {'type': 'gre'} - options = ['local', 'remote', 'dev', 'ttl', 'tos', 'key'] - -# GreTap also called GRE Bridge -class GRETapIf(_Tunnel): - """ - GRETapIF: GreIF using TAP instead of TUN - - https://en.wikipedia.org/wiki/TUN/TAP - """ - - # no multicast, ttl or tos for gretap - - definition = { - **_Tunnel.definition, - **{ - 'bridgeable': True, - }, - } - - default = {'type': 'gretap'} - options = ['local', 'remote', 'ttl',] - -class IP6GREIf(_Tunnel): - """ - IP6Gre: IPv6 Support for Generic Routing Encapsulation (GRE) - - For more information please refer to: - https://tools.ietf.org/html/rfc7676 - https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/link_gre6.c - """ - - default = {'type': 'ip6gre'} - options = ['local', 'remote', 'dev', 'encaplimit', - 'hoplimit', 'tclass', 'flowlabel'] - -class IPIPIf(_Tunnel): - """ - IPIP: IP Encapsulation within IP - - For more information please refer to: - https://tools.ietf.org/html/rfc2003 - """ - - # IPIP does not allow to pass multicast, unlike GRE - # but the interface itself can be set with multicast - - default = {'type': 'ipip'} - options = ['local', 'remote', 'dev', 'ttl', 'tos', 'key'] - -class IPIP6If(_Tunnel): - """ - IPIP6: IPv4 over IPv6 tunnel - - For more information please refer to: - https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/link_ip6tnl.c - """ - - default = {'type': 'ipip6'} - options = ['local', 'remote', 'dev', 'encaplimit', - 'hoplimit', 'tclass', 'flowlabel'] - -class IP6IP6If(IPIP6If): - """ - IP6IP6: IPv6 over IPv6 tunnel - - For more information please refer to: - https://tools.ietf.org/html/rfc2473 - """ - default = {'type': 'ip6ip6'} - - -class SitIf(_Tunnel): - """ - Sit: Simple Internet Transition - - For more information please refer to: - https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/ip/link_iptnl.c - """ - - default = {'type': 'sit'} - options = ['local', 'remote', 'dev', 'ttl', 'tos', 'key'] - -class Sit6RDIf(SitIf): - """ - Sit6RDIf: Simple Internet Transition with 6RD - - https://en.wikipedia.org/wiki/IPv6_rapid_deployment - """ - # TODO: check if key can really be used with 6RD - options = ['remote', 'ttl', 'tos', 'key', '6rd-prefix', '6rd-relay-prefix'] - - def _create(self): - # do not call _Tunnel.create, building fully here - - create = 'ip tunnel add {ifname} mode {type} remote {remote}' - self._cmd(create.format(**self.config)) - self.set_interface('state','down') - - set6rd = 'ip tunnel 6rd dev {ifname} 6rd-prefix {6rd-prefix}' - if '6rd-relay-prefix' in self.config: - set6rd += ' 6rd-relay-prefix {6rd-relay-prefix}' - self._cmd(set6rd.format(**self.config)) diff --git a/python/vyos/ifconfig/vti.py b/python/vyos/ifconfig/vti.py index d0745898c..e2090c889 100644 --- a/python/vyos/ifconfig/vti.py +++ b/python/vyos/ifconfig/vti.py @@ -1,4 +1,4 @@ -# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -17,9 +17,7 @@ from vyos.ifconfig.interface import Interface @Interface.register class VTIIf(Interface): - default = { - 'type': 'vti', - } + iftype = 'vti' definition = { **Interface.definition, **{ diff --git a/python/vyos/ifconfig/vtun.py b/python/vyos/ifconfig/vtun.py index 99a592b3e..6fb414e56 100644 --- a/python/vyos/ifconfig/vtun.py +++ b/python/vyos/ifconfig/vtun.py @@ -1,4 +1,4 @@ -# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2020-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -17,10 +17,7 @@ from vyos.ifconfig.interface import Interface @Interface.register class VTunIf(Interface): - default = { - 'type': 'vtun', - 'device_type': 'tun', - } + iftype = 'vtun' definition = { **Interface.definition, **{ @@ -29,7 +26,6 @@ class VTunIf(Interface): 'bridgeable': True, }, } - options = Interface.options + ['device_type'] def _create(self): """ Depending on OpenVPN operation mode the interface is created @@ -51,22 +47,3 @@ class VTunIf(Interface): def del_addr(self, addr): # IP addresses are managed by OpenVPN daemon pass - - def update(self, config): - """ General helper function which works on a dictionary retrived by - get_config_dict(). It's main intention is to consolidate the scattered - interface setup code and provide a single point of entry when workin - on any interface. """ - - # call base class first - super().update(config) - - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) diff --git a/python/vyos/ifconfig/vxlan.py b/python/vyos/ifconfig/vxlan.py index ad1f605ed..d73fb47b8 100644 --- a/python/vyos/ifconfig/vxlan.py +++ b/python/vyos/ifconfig/vxlan.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -14,7 +14,8 @@ # License along with this library. If not, see <http://www.gnu.org/licenses/>. from vyos import ConfigError -from vyos.ifconfig.interface import Interface +from vyos.ifconfig import Interface +from vyos.util import dict_search @Interface.register class VXLANIf(Interface): @@ -38,16 +39,7 @@ class VXLANIf(Interface): https://www.kernel.org/doc/Documentation/networking/vxlan.txt """ - default = { - 'type': 'vxlan', - 'group': '', - 'port': 8472, # The Linux implementation of VXLAN pre-dates - # the IANA's selection of a standard destination port - 'remote': '', - 'source_address': '', - 'source_interface': '', - 'vni': 0 - } + iftype = 'vxlan' definition = { **Interface.definition, **{ @@ -56,60 +48,34 @@ class VXLANIf(Interface): 'bridgeable': True, } } - options = Interface.options + \ - ['group', 'remote', 'source_interface', 'port', 'vni', 'source_address'] - - mapping = { - 'ifname': 'add', - 'vni': 'id', - 'port': 'dstport', - 'source_address': 'local', - 'source_interface': 'dev', - } def _create(self): - cmdline = ['ifname', 'type', 'vni', 'port'] - - if self.config['source_address']: - cmdline.append('source_address') - - if self.config['remote']: - cmdline.append('remote') - - if self.config['group'] or self.config['source_interface']: - if self.config['group'] and self.config['source_interface']: - cmdline.append('group') - cmdline.append('source_interface') - else: - ifname = self.config['ifname'] - raise ConfigError( - f'VXLAN "{ifname}" is missing mandatory underlay multicast' - 'group or source interface for a multicast network.') - - cmd = 'ip link' - for key in cmdline: - value = self.config.get(key, '') - if not value: - continue - cmd += ' {} {}'.format(self.mapping.get(key, key), value) - - self._cmd(cmd) - - def update(self, config): - """ General helper function which works on a dictionary retrived by - get_config_dict(). It's main intention is to consolidate the scattered - interface setup code and provide a single point of entry when workin - on any interface. """ - - # call base class first - super().update(config) + # This table represents a mapping from VyOS internal config dict to + # arguments used by iproute2. For more information please refer to: + # - https://man7.org/linux/man-pages/man8/ip-link.8.html + mapping = { + 'source_address' : 'local', + 'source_interface' : 'dev', + 'remote' : 'remote', + 'group' : 'group', + 'parameters.ip.dont_fragment': 'df set', + 'parameters.ip.tos' : 'tos', + 'parameters.ip.ttl' : 'ttl', + 'parameters.ipv6.flowlabel' : 'flowlabel', + 'parameters.nolearning' : 'nolearning', + } - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) + cmd = 'ip link add {ifname} type {type} id {vni} dstport {port}' + for vyos_key, iproute2_key in mapping.items(): + # dict_search will return an empty dict "{}" for valueless nodes like + # "parameters.nolearning" - thus we need to test the nodes existence + # by using isinstance() + tmp = dict_search(vyos_key, self.config) + if isinstance(tmp, dict): + cmd += f' {iproute2_key}' + elif tmp != None: + cmd += f' {iproute2_key} {tmp}' + + self._cmd(cmd.format(**self.config)) + # interface is always A/D down. It needs to be enabled explicitly + self.set_admin_state('down') diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py index 9ee798ee8..e5b9c4408 100644 --- a/python/vyos/ifconfig/wireguard.py +++ b/python/vyos/ifconfig/wireguard.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -148,18 +148,7 @@ class WireGuardOperational(Operational): @Interface.register class WireGuardIf(Interface): OperationalClass = WireGuardOperational - - default = { - 'type': 'wireguard', - 'port': 0, - 'private_key': None, - 'pubkey': None, - 'psk': '', - 'allowed_ips': [], - 'fwmark': 0x00, - 'endpoint': None, - 'keepalive': 0 - } + iftype = 'wireguard' definition = { **Interface.definition, **{ @@ -168,9 +157,6 @@ class WireGuardIf(Interface): 'bridgeable': False, } } - options = Interface.options + \ - ['port', 'private_key', 'pubkey', 'psk', - 'allowed_ips', 'fwmark', 'endpoint', 'keepalive'] def get_mac(self): """ @@ -261,14 +247,3 @@ class WireGuardIf(Interface): # call base class super().update(config) - - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) - diff --git a/python/vyos/ifconfig/wireless.py b/python/vyos/ifconfig/wireless.py index 37703d242..748b6e02d 100644 --- a/python/vyos/ifconfig/wireless.py +++ b/python/vyos/ifconfig/wireless.py @@ -1,4 +1,4 @@ -# Copyright 2020 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2020-2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -20,11 +20,7 @@ class WiFiIf(Interface): """ Handle WIFI/WLAN interfaces. """ - - default = { - 'type': 'wifi', - 'phy': 'phy0' - } + iftype = 'wifi' definition = { **Interface.definition, **{ @@ -33,14 +29,10 @@ class WiFiIf(Interface): 'bridgeable': True, } } - options = Interface.options + \ - ['phy', 'op_mode'] - def _create(self): # all interfaces will be added in monitor mode - cmd = 'iw phy {phy} interface add {ifname} type monitor' \ - .format(**self.config) - self._cmd(cmd) + cmd = 'iw phy {physical_device} interface add {ifname} type monitor' + self._cmd(cmd.format(**self.config)) # wireless interface is administratively down by default self.set_admin_state('down') @@ -71,24 +63,3 @@ class WiFiIf(Interface): # re-add ourselves to any bridge we might have fallen out of if bridge_member: self.add_to_bridge(bridge_member) - - # Enable/Disable of an interface must always be done at the end of the - # derived class to make use of the ref-counting set_admin_state() - # function. We will only enable the interface if 'up' was called as - # often as 'down'. This is required by some interface implementations - # as certain parameters can only be changed when the interface is - # in admin-down state. This ensures the link does not flap during - # reconfiguration. - state = 'down' if 'disable' in config else 'up' - self.set_admin_state(state) - - -@Interface.register -class WiFiModemIf(WiFiIf): - definition = { - **WiFiIf.definition, - **{ - 'section': 'wirelessmodem', - 'prefixes': ['wlm', ], - } - } diff --git a/python/vyos/remote.py b/python/vyos/remote.py index 3f46d979b..18e772cc8 100644 --- a/python/vyos/remote.py +++ b/python/vyos/remote.py @@ -1,4 +1,4 @@ -# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2021 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -13,131 +13,110 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see <http://www.gnu.org/licenses/>. -import sys import os -import re -import fileinput +import sys +import tempfile +from ftplib import FTP +import urllib.parse +import urllib.request from vyos.util import cmd -from vyos.util import DEVNULL - - -def check_and_add_host_key(host_name): +from paramiko import SSHClient + +def upload_ftp(local_path, hostname, remote_path,\ + username='anonymous', password='', port=21): + with open(local_path, 'rb') as file: + with FTP() as conn: + conn.connect(hostname, port) + conn.login(username, password) + conn.storbinary(f'STOR {remote_path}', file) + +def download_ftp(local_path, hostname, remote_path,\ + username='anonymous', password='', port=21): + with open(local_path, 'wb') as file: + with FTP() as conn: + conn.connect(hostname, port) + conn.login(username, password) + conn.retrbinary(f'RETR {remote_path}', file.write) + +def upload_sftp(local_path, hostname, remote_path,\ + username=None, password=None, port=22): + with SSHClient() as ssh: + ssh.load_system_host_keys() + ssh.connect(hostname, port, username, password) + with ssh.open_sftp() as sftp: + sftp.put(local_path, remote_path) + +def download_sftp(local_path, hostname, remote_path,\ + username=None, password=None, port=22): + with SSHClient() as ssh: + ssh.load_system_host_keys() + ssh.connect(hostname, port, username, password) + with ssh.open_sftp() as sftp: + sftp.get(remote_path, local_path) + +def upload_tftp(local_path, hostname, remote_path, port=69): + with open(local_path, 'rb') as file: + cmd(f'curl -s -T - tftp://{hostname}:{port}/{remote_path}', stderr=None, input=file.read()).encode() + +def download_tftp(local_path, hostname, remote_path, port=69): + with open(local_path, 'wb') as file: + file.write(cmd(f'curl -s tftp://{hostname}:{port}/{remote_path}', stderr=None).encode()) + +def download_http(urlstring, local_path): + with open(local_path, 'wb') as file: + with urllib.request.urlopen(urlstring) as response: + file.write(response.read()) + +def download(local_path, urlstring): """ - Filter host keys and prompt for adding key to known_hosts file, if - needed. + Dispatch the appropriate download function for the given URL and save to local path. """ - known_hosts = '{}/.ssh/known_hosts'.format(os.getenv('HOME')) - if not os.path.exists(known_hosts): - mode = 0o600 - os.mknod(known_hosts, 0o600) - - keyscan_cmd = 'ssh-keyscan -t rsa {}'.format(host_name) - - try: - host_key = cmd(keyscan_cmd, stderr=DEVNULL) - except OSError: - sys.exit("Can not get RSA host key") - - # libssh2 (jessie; stretch) does not recognize ec host keys, and curl - # will fail with error 51 if present in known_hosts file; limit to rsa. - usable_keys = False - offending_keys = [] - for line in fileinput.input(known_hosts, inplace=True): - if host_name in line and 'ssh-rsa' in line: - if line.split()[-1] != host_key.split()[-1]: - offending_keys.append(line) - continue - else: - usable_keys = True - if host_name in line and not 'ssh-rsa' in line: - continue - - sys.stdout.write(line) - - if usable_keys: - return - - if offending_keys: - print("Host key has changed!") - print("If you trust the host key fingerprint below, continue.") - - fingerprint_cmd = 'ssh-keygen -lf /dev/stdin' - try: - fingerprint = cmd(fingerprint_cmd, stderr=DEVNULL, input=host_key) - except OSError: - sys.exit("Can not get RSA host key fingerprint.") - - print("RSA host key fingerprint is {}".format(fingerprint.split()[1])) - response = input("Do you trust this host? [y]/n ") - - if not response or response == 'y': - with open(known_hosts, 'a+') as f: - print("Adding {} to the list of known" - " hosts.".format(host_name)) - f.write(host_key) + url = urllib.parse.urlparse(urlstring) + if url.scheme == 'http' or url.scheme == 'https': + download_http(urlstring, local_path) + elif url.scheme == 'ftp': + username = url.username if url.username else 'anonymous' + download_ftp(local_path, url.hostname, url.path, username, url.password) + elif url.scheme == 'sftp' or url.scheme == 'scp': + download_sftp(local_path, url.hostname, url.path, url.username, password) + elif url.scheme == 'tftp': + download_tftp(local_path, url.hostname, url.path) else: - sys.exit("Host not trusted") + ValueError(f'Unsupported URL scheme: {url.scheme}') -def get_remote_config(remote_file): - """ Invoke curl to download remote (config) file. +def upload(local_path, urlstring): + """ + Dispatch the appropriate upload function for the given URL and upload from local path. + """ + url = urllib.parse.urlparse(urlstring) + if url.scheme == 'ftp': + username = url.username if url.username else 'anonymous' + upload_ftp(local_path, url.hostname, url.path, username, url.password) + elif url.scheme == 'sftp' or url.scheme == 'scp': + upload_sftp(local_path, url.hostname, url.path, url.username, password) + elif url.scheme == 'tftp': + upload_tftp(local_path, url.hostname, url.path) + else: + ValueError(f'Unsupported URL scheme: {url.scheme}') +def get_remote_config(urlstring): + """ + Download remote (config) file and return the contents. Args: remote file URI: scp://<user>[:<passwd>]@<host>/<file> sftp://<user>[:<passwd>]@<host>/<file> http://<host>/<file> https://<host>/<file> - ftp://<user>[:<passwd>]@<host>/<file> + ftp://[<user>[:<passwd>]@]<host>/<file> tftp://<host>/<file> """ - request = dict.fromkeys(['protocol', 'user', 'host', 'file']) - protocols = ['scp', 'sftp', 'http', 'https', 'ftp', 'tftp'] - or_protocols = '|'.join(protocols) - - request_match = re.match(r'(' + or_protocols + r')://(.*?)(/.*)', - remote_file) - if request_match: - (request['protocol'], request['host'], - request['file']) = request_match.groups() - else: - print("Malformed URI") - sys.exit(1) - - user_match = re.search(r'(.*)@(.*)', request['host']) - if user_match: - request['user'] = user_match.groups()[0] - request['host'] = user_match.groups()[1] - - remote_file = '{0}://{1}{2}'.format(request['protocol'], request['host'], request['file']) - - if request['protocol'] in ('scp', 'sftp'): - check_and_add_host_key(request['host']) - - redirect_opt = '' - - if request['protocol'] in ('http', 'https'): - redirect_opt = '-L' - # Try header first, and look for 'OK' or 'Moved' codes: - curl_cmd = 'curl {0} -q -I {1}'.format(redirect_opt, remote_file) - try: - curl_output = cmd(curl_cmd) - except OSError: - sys.exit(1) - - return_vals = re.findall(r'^HTTP\/\d+\.?\d\s+(\d+)\s+(.*)$', - curl_output, re.MULTILINE) - for val in return_vals: - if int(val[0]) not in [200, 301, 302]: - print('HTTP error: {0} {1}'.format(*val)) - sys.exit(1) - - if request['user']: - curl_cmd = 'curl -# -u {0} {1}'.format(request['user'], remote_file) - else: - curl_cmd = 'curl {0} -# {1}'.format(redirect_opt, remote_file) - + url = urllib.parse.urlparse(urlstring) + temp = tempfile.NamedTemporaryFile(delete=False).name try: - return cmd(curl_cmd, stderr=None) - except OSError: - return None + download(temp, urlstring) + with open(temp, 'r') as file: + return file.read() + finally: + os.remove(temp) diff --git a/python/vyos/template.py b/python/vyos/template.py index bf087c223..85e4d12b3 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -131,6 +131,13 @@ def address_from_cidr(prefix): from ipaddress import ip_network return str(ip_network(prefix).network_address) +@register_filter('bracketize_ipv6') +def bracketize_ipv6(address): + """ Place a passed IPv6 address into [] brackets, do nothing for IPv4 """ + if is_ipv6(address): + return f'[{address}]' + return address + @register_filter('netmask_from_cidr') def netmask_from_cidr(prefix): """ Take CIDR prefix and convert the prefix length to a "subnet mask". @@ -149,7 +156,9 @@ def netmask_from_ipv4(address): Example: - 172.18.201.10 -> 255.255.255.128 """ - from netifaces import interfaces, ifaddresses, AF_INET + from netifaces import interfaces + from netifaces import ifaddresses + from netifaces import AF_INET for interface in interfaces(): tmp = ifaddresses(interface) if AF_INET in tmp: @@ -160,6 +169,30 @@ def netmask_from_ipv4(address): raise ValueError +@register_filter('is_ip_network') +def is_ip_network(addr): + """ Take IP(v4/v6) address and validate if the passed argument is a network + or a host address. + + Example: + - 192.0.2.0 -> False + - 192.0.2.10/24 -> False + - 192.0.2.0/24 -> True + - 2001:db8:: -> False + - 2001:db8::100 -> False + - 2001:db8::/48 -> True + - 2001:db8:1000::/64 -> True + """ + try: + from ipaddress import ip_network + # input variables must contain a / to indicate its CIDR notation + if len(addr.split('/')) != 2: + raise ValueError() + ip_network(addr) + return True + except: + return False + @register_filter('network_from_ipv4') def network_from_ipv4(address): """ Take IP address and search all attached interface IP addresses for the @@ -248,6 +281,20 @@ def dec_ip(address, decrement): from ipaddress import ip_interface return str(ip_interface(address).ip - int(decrement)) +@register_filter('compare_netmask') +def compare_netmask(netmask1, netmask2): + """ + Compare two IP netmask if they have the exact same size. + + compare_netmask('10.0.0.0/8', '20.0.0.0/8') -> True + compare_netmask('10.0.0.0/8', '20.0.0.0/16') -> False + """ + from ipaddress import ip_network + try: + return ip_network(netmask1).netmask == ip_network(netmask2).netmask + except: + return False + @register_filter('isc_static_route') def isc_static_route(subnet, router): # https://ercpe.de/blog/pushing-static-routes-with-isc-dhcp-server @@ -275,3 +322,22 @@ def is_file(filename): if os.path.exists(filename): return os.path.isfile(filename) return False + +@register_filter('get_dhcp_router') +def get_dhcp_router(interface): + """ Static routes can point to a router received by a DHCP reply. This + helper is used to get the current default router from the DHCP reply. + + Returns False of no router is found, returns the IP address as string if + a router is found. + """ + interface = interface.replace('.', '_') + lease_file = f'/var/lib/dhcp/dhclient_{interface}.leases' + if not os.path.exists(lease_file): + return None + + from vyos.util import read_file + for line in read_file(lease_file).splitlines(): + if 'option routers' in line: + (_, _, address) = line.split() + return address.rstrip(';') diff --git a/python/vyos/util.py b/python/vyos/util.py index 494c8155e..e2f4b8fc4 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -311,7 +311,7 @@ def chmod_755(path): def makedir(path, user=None, group=None): if os.path.exists(path): return - os.mkdir(path) + os.makedirs(path, mode=0o755) chown(path, user, group) @@ -554,16 +554,19 @@ def ask_yes_no(question, default=False) -> bool: from sys import stdout default_msg = "[Y/n]" if default else "[y/N]" while True: - stdout.write("%s %s " % (question, default_msg)) - c = input().lower() - if c == '': - return default - elif c in ("y", "ye", "yes"): - return True - elif c in ("n", "no"): - return False - else: - stdout.write("Please respond with yes/y or no/n\n") + try: + stdout.write("%s %s " % (question, default_msg)) + c = input().lower() + if c == '': + return default + elif c in ("y", "ye", "yes"): + return True + elif c in ("n", "no"): + return False + else: + stdout.write("Please respond with yes/y or no/n\n") + except EOFError: + stdout.write("\nPlease respond with yes/y or no/n\n") def is_admin() -> bool: @@ -627,18 +630,44 @@ def find_device_file(device): return None -def dict_search(path, dict): - """ Traverse Python dictionary (dict) delimited by dot (.). +def dict_search(path, my_dict): + """ Traverse Python dictionary (my_dict) delimited by dot (.). Return value of key if found, None otherwise. - This is faster implementation then jmespath.search('foo.bar', dict)""" + This is faster implementation then jmespath.search('foo.bar', my_dict)""" + if not isinstance(my_dict, dict) or not path: + return None + parts = path.split('.') inside = parts[:-1] if not inside: - if path not in dict: + if path not in my_dict: return None - return dict[path] - c = dict + return my_dict[path] + c = my_dict for p in parts[:-1]: c = c.get(p, {}) return c.get(parts[-1], None) + +def get_interface_config(interface): + """ Returns the used encapsulation protocol for given interface. + If interface does not exist, None is returned. + """ + if not os.path.exists(f'/sys/class/net/{interface}'): + return None + from json import loads + tmp = loads(cmd(f'ip -d -j link show {interface}'))[0] + return tmp + +def get_all_vrfs(): + """ Return a dictionary of all system wide known VRF instances """ + from json import loads + tmp = loads(cmd('ip -j vrf list')) + # Result is of type [{"name":"red","table":1000},{"name":"blue","table":2000}] + # so we will re-arrange it to a more nicer representation: + # {'red': {'table': 1000}, 'blue': {'table': 2000}} + data = {} + for entry in tmp: + name = entry.pop('name') + data[name] = entry + return data |