6 files changed, 228 insertions, 2 deletions
diff --git a/src/migration-scripts/dns-dynamic/2-to-3 b/src/migration-scripts/dns-dynamic/2-to-3
new file mode 100755
index 000000000..187c2a895
--- /dev/null
+++ b/src/migration-scripts/dns-dynamic/2-to-3
@@ -0,0 +1,88 @@
+#!/usr/bin/env python3
+
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# T5791:
+# - migrate "service dns dynamic address web web-options ..."
+#        to "service dns dynamic name <service> address web ..." (per service)
+# - migrate "service dns dynamic address <address> rfc2136 <service> ..."
+#        to "service dns dynamic name <service> address <interface> protocol 'nsupdate'"
+# - migrate "service dns dynamic address <interface> service <service> ..."
+#        to "service dns dynamic name <service> address <interface> ..."
+
+import sys
+from vyos.configtree import ConfigTree
+
+if len(sys.argv) < 2:
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+
+base_path = ['service', 'dns', 'dynamic']
+address_path = base_path + ['address']
+name_path = base_path + ['name']
+
+if not config.exists(address_path):
+    # Nothing to do
+    sys.exit(0)
+
+# config.copy does not recursively create a path, so initialize the name path as tagged node
+if not config.exists(name_path):
+    config.set(name_path)
+    config.set_tag(name_path)
+
+for address in config.list_nodes(address_path):
+
+    address_path_tag = address_path + [address]
+
+    # Move web-option as a configuration in each service instead of top level web-option
+    if config.exists(address_path_tag + ['web-options']) and address == 'web':
+        for svc_type in ['service', 'rfc2136']:
+            if config.exists(address_path_tag + [svc_type]):
+                for svc_cfg in config.list_nodes(address_path_tag + [svc_type]):
+                    config.copy(address_path_tag + ['web-options'],
+                                address_path_tag + [svc_type, svc_cfg, 'web-options'])
+        config.delete(address_path_tag + ['web-options'])
+
+    for svc_type in ['service', 'rfc2136']:
+        if config.exists(address_path_tag + [svc_type]):
+            # Move RFC2136 as service configuration, rename to avoid name conflict and set protocol to 'nsupdate'
+            if svc_type == 'rfc2136':
+                for rfc_cfg_old in config.list_nodes(address_path_tag + ['rfc2136']):
+                    rfc_cfg_new = f'{rfc_cfg_old}-rfc2136'
+                    config.rename(address_path_tag + ['rfc2136', rfc_cfg_old], rfc_cfg_new)
+                    config.set(address_path_tag + ['rfc2136', rfc_cfg_new, 'protocol'], 'nsupdate')
+
+            # Add address as config value in each service before moving the service path
+            # And then copy the services from 'address <interface> service <service>' to 'name <service>'
+            for svc_cfg in config.list_nodes(address_path_tag + [svc_type]):
+                config.set(address_path_tag + [svc_type, svc_cfg, 'address'], address)
+                config.copy(address_path_tag + [svc_type, svc_cfg], name_path + [svc_cfg])
+
+# Finally cleanup the old address path
+config.delete(address_path)
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    sys.exit(1)
diff --git a/src/migration-scripts/firewall/12-to-13 b/src/migration-scripts/firewall/12-to-13
index c2b34b2d8..4eaae779b 100755
--- a/src/migration-scripts/firewall/12-to-13
+++ b/src/migration-scripts/firewall/12-to-13
@@ -70,7 +70,7 @@ for family in ['ipv4', 'ipv6', 'bridge']:
                                         state_value = config.return_value(base + [family, hook, priority, 'rule', rule, 'state', state])
                                         config.delete(base + [family, hook, priority, 'rule', rule, 'state', state])
                                         if state_value == 'enable':
-                                            config.set(base + [family, hook, priority, 'rule', rule, 'state', state])
+                                            config.set(base + [family, hook, priority, 'rule', rule, 'state'], value=state, replace=False)
                                             flag_enable = 'True'
                                 if flag_enable == 'False':
                                     config.delete(base + [family, hook, priority, 'rule', rule, 'state'])
diff --git a/src/migration-scripts/https/4-to-5 b/src/migration-scripts/https/4-to-5
new file mode 100755
index 000000000..0dfb6ac19
--- /dev/null
+++ b/src/migration-scripts/https/4-to-5
@@ -0,0 +1,62 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# T5762: http: api: smoketests fail as they can not establish IPv6 connection
+#        to uvicorn backend server, always make the UNIX domain socket the
+#        default way of communication
+
+import sys
+
+from vyos.configtree import ConfigTree
+
+if len(sys.argv) < 2:
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+
+base = ['service', 'https']
+if not config.exists(base):
+    # Nothing to do
+    sys.exit(0)
+
+# Delete "socket" CLI option - we always use UNIX domain sockets for
+# NGINX <-> API server communication
+if config.exists(base + ['api', 'socket']):
+    config.delete(base + ['api', 'socket'])
+
+# There is no need for an API service port, as UNIX domain sockets
+# are used
+if config.exists(base + ['api', 'port']):
+    config.delete(base + ['api', 'port'])
+
+# rename listen-port -> port ver virtual-host
+if config.exists(base + ['virtual-host']):
+    for vhost in config.list_nodes(base + ['virtual-host']):
+        if config.exists(base + ['virtual-host', vhost, 'listen-port']):
+            config.rename(base + ['virtual-host', vhost, 'listen-port'], 'port')
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    sys.exit(1)
diff --git a/src/migration-scripts/interfaces/31-to-32 b/src/migration-scripts/interfaces/31-to-32
index ca3d19320..0fc27b70a 100755
--- a/src/migration-scripts/interfaces/31-to-32
+++ b/src/migration-scripts/interfaces/31-to-32
@@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 # T5671: change port to IANA assigned default port
+# T5759: change default MTU 1450 -> 1500
 
 from sys import argv
 from sys import exit
@@ -43,6 +44,9 @@ for vxlan in config.list_nodes(base):
     if not config.exists(base + [vxlan, 'port']):
         config.set(base + [vxlan, 'port'], value='8472')
 
+    if not config.exists(base + [vxlan, 'mtu']):
+        config.set(base + [vxlan, 'mtu'], value='1450')
+
 try:
     with open(file_name, 'w') as f:
         f.write(config.to_string())
diff --git a/src/migration-scripts/pim/0-to-1 b/src/migration-scripts/pim/0-to-1
new file mode 100755
index 000000000..bf8af733c
--- /dev/null
+++ b/src/migration-scripts/pim/0-to-1
@@ -0,0 +1,72 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# T5736: igmp: migrate "protocols igmp" to "protocols pim"
+
+import sys
+from vyos.configtree import ConfigTree
+
+if len(sys.argv) < 2:
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+config = ConfigTree(config_file)
+
+base = ['protocols', 'igmp']
+pim_base = ['protocols', 'pim']
+if not config.exists(base):
+    # Nothing to do
+    sys.exit(0)
+
+for interface in config.list_nodes(base + ['interface']):
+    base_igmp_iface = base + ['interface', interface]
+    pim_base_iface = pim_base + ['interface', interface]
+
+    # Create IGMP note under PIM interface
+    if not config.exists(pim_base_iface + ['igmp']):
+        config.set(pim_base_iface + ['igmp'])
+
+    if config.exists(base_igmp_iface + ['join']):
+        config.copy(base_igmp_iface + ['join'], pim_base_iface + ['igmp', 'join'])
+        config.set_tag(pim_base_iface + ['igmp', 'join'])
+
+        new_join_base = pim_base_iface + ['igmp', 'join']
+        for address in config.list_nodes(new_join_base):
+            if config.exists(new_join_base + [address, 'source']):
+                config.rename(new_join_base + [address, 'source'], 'source-address')
+
+    if config.exists(base_igmp_iface + ['query-interval']):
+        config.copy(base_igmp_iface + ['query-interval'], pim_base_iface + ['igmp', 'query-interval'])
+
+    if config.exists(base_igmp_iface + ['query-max-response-time']):
+        config.copy(base_igmp_iface + ['query-max-response-time'], pim_base_iface + ['igmp', 'query-max-response-time'])
+
+    if config.exists(base_igmp_iface + ['version']):
+        config.copy(base_igmp_iface + ['version'], pim_base_iface + ['igmp', 'version'])
+
+config.delete(base)
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    sys.exit(1)
diff --git a/src/migration-scripts/policy/6-to-7 b/src/migration-scripts/policy/6-to-7
index 1f955aa02..727b8487a 100755
--- a/src/migration-scripts/policy/6-to-7
+++ b/src/migration-scripts/policy/6-to-7
@@ -66,7 +66,7 @@ for family in ['route', 'route6']:
                                 state_value = config.return_value(base + [family, policy_name, 'rule', rule, 'state', state])
                                 config.delete(base + [family, policy_name, 'rule', rule, 'state', state])
                                 if state_value == 'enable':
-                                    config.set(base + [family, policy_name, 'rule', rule, 'state', state])
+                                    config.set(base + [family, policy_name, 'rule', rule, 'state'], value=state, replace=False)
                                     flag_enable = 'True'
                         if flag_enable == 'False':
                             config.delete(base + [family, policy_name, 'rule', rule, 'state'])