summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/dns_dynamic.py6
-rwxr-xr-xsrc/conf_mode/firewall.py2
-rw-r--r--src/etc/dhcp/dhclient-enter-hooks.d/99-run-user-hooks2
-rwxr-xr-xsrc/etc/dhcp/dhclient-exit-hooks.d/98-run-user-hooks2
-rwxr-xr-xsrc/migration-scripts/firewall/11-to-121
-rwxr-xr-xsrc/migration-scripts/firewall/12-to-1383
-rwxr-xr-xsrc/migration-scripts/policy/6-to-779
7 files changed, 168 insertions, 7 deletions
diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/dns_dynamic.py
index d6ef620fe..2bccaee0f 100755
--- a/src/conf_mode/dns_dynamic.py
+++ b/src/conf_mode/dns_dynamic.py
@@ -93,7 +93,7 @@ def verify(dyndns):
# Dynamic DNS service provider - configuration validation
if 'service' in dyndns['address'][address]:
for service, config in dyndns['address'][address]['service'].items():
- error_msg_req = f'is required for Dynamic DNS service "{service}" on "{address}" with protocol "{config["protocol"]}"'
+ error_msg_req = f'is required for Dynamic DNS service "{service}" on "{address}"'
error_msg_uns = f'is not supported for Dynamic DNS service "{service}" on "{address}" with protocol "{config["protocol"]}"'
for field in ['host_name', 'password', 'protocol']:
@@ -101,13 +101,13 @@ def verify(dyndns):
raise ConfigError(f'"{field.replace("_", "-")}" {error_msg_req}')
if config['protocol'] in zone_necessary and 'zone' not in config:
- raise ConfigError(f'"zone" {error_msg_req}')
+ raise ConfigError(f'"zone" {error_msg_req} with protocol "{config["protocol"]}"')
if config['protocol'] not in zone_supported and 'zone' in config:
raise ConfigError(f'"zone" {error_msg_uns}')
if config['protocol'] not in username_unnecessary and 'username' not in config:
- raise ConfigError(f'"username" {error_msg_req}')
+ raise ConfigError(f'"username" {error_msg_req} with protocol "{config["protocol"]}"')
if config['protocol'] not in ttl_supported and 'ttl' in config:
raise ConfigError(f'"ttl" {error_msg_uns}')
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 8028492a7..ceed0cf31 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -272,7 +272,7 @@ def verify_rule(firewall, rule_conf, ipv6):
raise ConfigError(f'{side} port-group and port cannot both be defined')
if 'log_options' in rule_conf:
- if 'log' not in rule_conf or 'enable' not in rule_conf['log']:
+ if 'log' not in rule_conf:
raise ConfigError('log-options defined, but log is not enable')
if 'snapshot_length' in rule_conf['log_options'] and 'group' not in rule_conf['log_options']:
diff --git a/src/etc/dhcp/dhclient-enter-hooks.d/99-run-user-hooks b/src/etc/dhcp/dhclient-enter-hooks.d/99-run-user-hooks
index b4b4d516d..570758be6 100644
--- a/src/etc/dhcp/dhclient-enter-hooks.d/99-run-user-hooks
+++ b/src/etc/dhcp/dhclient-enter-hooks.d/99-run-user-hooks
@@ -1,5 +1,5 @@
#!/bin/bash
DHCP_PRE_HOOKS="/config/scripts/dhcp-client/pre-hooks.d/"
if [ -d "${DHCP_PRE_HOOKS}" ] ; then
- run-parts "${DHCP_PRE_HOOKS}"
+ run_hookdir "${DHCP_PRE_HOOKS}"
fi
diff --git a/src/etc/dhcp/dhclient-exit-hooks.d/98-run-user-hooks b/src/etc/dhcp/dhclient-exit-hooks.d/98-run-user-hooks
index 442419d79..910b586f0 100755
--- a/src/etc/dhcp/dhclient-exit-hooks.d/98-run-user-hooks
+++ b/src/etc/dhcp/dhclient-exit-hooks.d/98-run-user-hooks
@@ -1,5 +1,5 @@
#!/bin/bash
DHCP_POST_HOOKS="/config/scripts/dhcp-client/post-hooks.d/"
if [ -d "${DHCP_POST_HOOKS}" ] ; then
- run-parts "${DHCP_POST_HOOKS}"
+ run_hookdir "${DHCP_POST_HOOKS}"
fi
diff --git a/src/migration-scripts/firewall/11-to-12 b/src/migration-scripts/firewall/11-to-12
index 51b2fa860..ba8374d66 100755
--- a/src/migration-scripts/firewall/11-to-12
+++ b/src/migration-scripts/firewall/11-to-12
@@ -46,7 +46,6 @@ if not config.exists(base):
# Nothing to do
exit(0)
-## FORT
## Migration from base chains
#if config.exists(base + ['interface', iface, direction]):
for family in ['ipv4', 'ipv6']:
diff --git a/src/migration-scripts/firewall/12-to-13 b/src/migration-scripts/firewall/12-to-13
new file mode 100755
index 000000000..c2b34b2d8
--- /dev/null
+++ b/src/migration-scripts/firewall/12-to-13
@@ -0,0 +1,83 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# T5729: Switch to valueless whenever is possible.
+# From
+ # set firewall ... rule <rule> log enable
+ # set firewall ... rule <rule> state <state> enable
+ # set firewall ... rule <rule> log disable
+ # set firewall ... rule <rule> state <state> disable
+# To
+ # set firewall ... rule <rule> log
+ # set firewall ... rule <rule> state <state>
+ # Remove command if log=disable or <state>=disable
+
+import re
+
+from sys import argv
+from sys import exit
+
+from vyos.configtree import ConfigTree
+from vyos.ifconfig import Section
+
+if len(argv) < 2:
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+base = ['firewall']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+ # Nothing to do
+ exit(0)
+
+for family in ['ipv4', 'ipv6', 'bridge']:
+ if config.exists(base + [family]):
+ for hook in ['forward', 'input', 'output', 'name']:
+ if config.exists(base + [family, hook]):
+ for priority in config.list_nodes(base + [family, hook]):
+ if config.exists(base + [family, hook, priority, 'rule']):
+ for rule in config.list_nodes(base + [family, hook, priority, 'rule']):
+ # Log
+ if config.exists(base + [family, hook, priority, 'rule', rule, 'log']):
+ log_value = config.return_value(base + [family, hook, priority, 'rule', rule, 'log'])
+ config.delete(base + [family, hook, priority, 'rule', rule, 'log'])
+ if log_value == 'enable':
+ config.set(base + [family, hook, priority, 'rule', rule, 'log'])
+ # State
+ if config.exists(base + [family, hook, priority, 'rule', rule, 'state']):
+ flag_enable = 'False'
+ for state in ['established', 'invalid', 'new', 'related']:
+ if config.exists(base + [family, hook, priority, 'rule', rule, 'state', state]):
+ state_value = config.return_value(base + [family, hook, priority, 'rule', rule, 'state', state])
+ config.delete(base + [family, hook, priority, 'rule', rule, 'state', state])
+ if state_value == 'enable':
+ config.set(base + [family, hook, priority, 'rule', rule, 'state', state])
+ flag_enable = 'True'
+ if flag_enable == 'False':
+ config.delete(base + [family, hook, priority, 'rule', rule, 'state'])
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1) \ No newline at end of file
diff --git a/src/migration-scripts/policy/6-to-7 b/src/migration-scripts/policy/6-to-7
new file mode 100755
index 000000000..1f955aa02
--- /dev/null
+++ b/src/migration-scripts/policy/6-to-7
@@ -0,0 +1,79 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# T5729: Switch to valueless whenever is possible.
+# From
+ # set policy [route | route6] ... rule <rule> log enable
+ # set policy [route | route6] ... rule <rule> log disable
+# To
+ # set policy [route | route6] ... rule <rule> log
+ # Remove command if log=disable
+
+import re
+
+from sys import argv
+from sys import exit
+
+from vyos.configtree import ConfigTree
+from vyos.ifconfig import Section
+
+if len(argv) < 2:
+ print("Must specify file name!")
+ exit(1)
+
+file_name = argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+base = ['policy']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+ # Nothing to do
+ exit(0)
+
+for family in ['route', 'route6']:
+ if config.exists(base + [family]):
+
+ for policy_name in config.list_nodes(base + [family]):
+ if config.exists(base + [family, policy_name, 'rule']):
+ for rule in config.list_nodes(base + [family, policy_name, 'rule']):
+ # Log
+ if config.exists(base + [family, policy_name, 'rule', rule, 'log']):
+ log_value = config.return_value(base + [family, policy_name, 'rule', rule, 'log'])
+ config.delete(base + [family, policy_name, 'rule', rule, 'log'])
+ if log_value == 'enable':
+ config.set(base + [family, policy_name, 'rule', rule, 'log'])
+ # State
+ if config.exists(base + [family, policy_name, 'rule', rule, 'state']):
+ flag_enable = 'False'
+ for state in ['established', 'invalid', 'new', 'related']:
+ if config.exists(base + [family, policy_name, 'rule', rule, 'state', state]):
+ state_value = config.return_value(base + [family, policy_name, 'rule', rule, 'state', state])
+ config.delete(base + [family, policy_name, 'rule', rule, 'state', state])
+ if state_value == 'enable':
+ config.set(base + [family, policy_name, 'rule', rule, 'state', state])
+ flag_enable = 'True'
+ if flag_enable == 'False':
+ config.delete(base + [family, policy_name, 'rule', rule, 'state'])
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ exit(1) \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 21:35:13 +0000