3 files changed, 32 insertions, 30 deletions

diff --git a/src/conf_mode/service_upnp.py b/src/conf_mode/service_upnp.py
index 638296f45..d21b31990 100755
--- a/src/conf_mode/service_upnp.py
+++ b/src/conf_mode/service_upnp.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2022 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -24,7 +24,6 @@ from ipaddress import IPv6Network
 
 from vyos.config import Config
 from vyos.configdict import dict_merge
-from vyos.configdict import dict_search
 from vyos.configdict import get_interface_dict
 from vyos.configverify import verify_vrf
 from vyos.util import call
@@ -43,17 +42,18 @@ def get_config(config=None):
         conf = config
     else:
         conf = Config()
+
     base = ['service', 'upnp']
     upnpd = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
-    
+
     if not upnpd:
         return None
-    
-    if dict_search('rule', upnpd):
+
+    if 'rule' in upnpd:
         default_member_values = defaults(base + ['rule'])
         for rule,rule_config in upnpd['rule'].items():
             upnpd['rule'][rule] = dict_merge(default_member_values, upnpd['rule'][rule])
-    
+
     uuidgen = uuid.uuid1()
     upnpd.update({'uuid': uuidgen})
 
@@ -62,7 +62,7 @@ def get_config(config=None):
 def get_all_interface_addr(prefix, filter_dev, filter_family):
     list_addr = []
     interfaces = netifaces.interfaces()
-    
+
     for interface in interfaces:
         if filter_dev and interface in filter_dev:
             continue
@@ -87,27 +87,28 @@ def get_all_interface_addr(prefix, filter_dev, filter_family):
                         list_addr.append(addr['addr'] + prefix)
                     else:
                         list_addr.append(addr['addr'])
-    
+
     return list_addr
 
 def verify(upnpd):
     if not upnpd:
         return None
-    
+
     if 'wan_interface' not in upnpd:
         raise ConfigError('To enable UPNP, you must have the "wan-interface" option!')
-    
-    if dict_search('rules', upnpd):
-        for rule,rule_config in upnpd['rule'].items():
+
+    if 'rule' in upnpd:
+        for rule, rule_config in upnpd['rule'].items():
             for option in ['external_port_range', 'internal_port_range', 'ip', 'action']:
                 if option not in rule_config:
-                    raise ConfigError(f'A UPNP rule must have an "{option}" option!')
-    
-    if dict_search('stun', upnpd):
+                    tmp = option.replace('_', '-')
+                    raise ConfigError(f'Every UPNP rule requires "{tmp}" to be set!')
+
+    if 'stun' in upnpd:
         for option in ['host', 'port']:
             if option not in upnpd['stun']:
                 raise ConfigError(f'A UPNP stun support must have an "{option}" option!')
-    
+
     # Check the validity of the IP address
     listen_dev = []
     system_addrs_cidr = get_all_interface_addr(True, [], [netifaces.AF_INET, netifaces.AF_INET6])
@@ -120,7 +121,7 @@ def verify(upnpd):
                 raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed to listen on. It is not an interface address nor a multicast address!')
             if is_ipv6(listen_if_or_addr) and IPv6Network(listen_if_or_addr).is_multicast:
                 raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed to listen on. It is not an interface address nor a multicast address!')
-    
+
     system_listening_dev_addrs_cidr = get_all_interface_addr(True, listen_dev, [netifaces.AF_INET6])
     system_listening_dev_addrs = get_all_interface_addr(False, listen_dev, [netifaces.AF_INET6])
     for listen_if_or_addr in upnpd['listen']:
@@ -130,19 +131,20 @@ def verify(upnpd):
 def generate(upnpd):
     if not upnpd:
         return None
-    
+
     if os.path.isfile(config_file):
         os.unlink(config_file)
-    
+
     render(config_file, 'firewall/upnpd.conf.tmpl', upnpd)
 
 def apply(upnpd):
+    systemd_service_name = 'miniupnpd.service'
     if not upnpd:
         # Stop the UPNP service
-        call('systemctl stop miniupnpd.service')
+        call(f'systemctl stop {systemd_service_name}')
     else:
         # Start the UPNP service
-        call('systemctl restart miniupnpd.service')
+        call(f'systemctl restart {systemd_service_name}')
 
 if __name__ == '__main__':
     try:
diff --git a/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper b/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper
index 9d5505758..74a7e83bf 100644
--- a/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper
+++ b/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper
@@ -4,7 +4,7 @@
 IF_METRIC=${IF_METRIC:-210}
 
 # Check if interface is inside a VRF
-VRF_OPTION=$(ip -j -d link show ${interface} | awk '{if(match($0, /.*"master":"(\w+)".*"info_slave_kind":"vrf"/, IFACE_DETAILS)) printf("vrf %s", IFACE_DETAILS[1])}')
+VRF_OPTION=$(/usr/sbin/ip -j -d link show ${interface} | awk '{if(match($0, /.*"master":"(\w+)".*"info_slave_kind":"vrf"/, IFACE_DETAILS)) printf("vrf %s", IFACE_DETAILS[1])}')
 
 # get status of FRR
 function frr_alive () {
@@ -66,9 +66,9 @@ function iptovtysh () {
 # delete the same route from kernel before adding new one
 function delroute () {
     logmsg info "Checking if the route presented in kernel: $@ $VRF_OPTION"
-    if ip route show $@ $VRF_OPTION | grep -qx "$1 " ; then
-        logmsg info "Deleting IP route: \"ip route del $@ $VRF_OPTION\""
-        ip route del $@ $VRF_OPTION
+    if /usr/sbin/ip route show $@ $VRF_OPTION | grep -qx "$1 " ; then
+        logmsg info "Deleting IP route: \"/usr/sbin/ip route del $@ $VRF_OPTION\""
+        /usr/sbin/ip route del $@ $VRF_OPTION
     fi
 }
 
@@ -76,8 +76,8 @@ function delroute () {
 function ip () {
     # pass comand to system `ip` if this is not related to routes change
     if [ "$2" != "route" ] ; then
-        logmsg info "Passing command to iproute2: \"$@\""
-        ip $@
+        logmsg info "Passing command to /usr/sbin/ip: \"$@\""
+        /usr/sbin/ip $@
     else
         # if we want to work with routes, try to use FRR first
         if frr_alive ; then
@@ -87,8 +87,8 @@ function ip () {
             vtysh -c "conf t" -c "$VTYSH_CMD"
         else
             # add ip route to kernel
-            logmsg info "Modifying routes in kernel: \"ip $@\""
-            ip $@ $VRF_OPTION
+            logmsg info "Modifying routes in kernel: \"/usr/sbin/ip $@\""
+            /usr/sbin/ip $@ $VRF_OPTION
         fi
     fi
 }
diff --git a/src/etc/dhcp/dhclient-exit-hooks.d/01-vyos-cleanup b/src/etc/dhcp/dhclient-exit-hooks.d/01-vyos-cleanup
index a6989441b..ad6a1d5eb 100644
--- a/src/etc/dhcp/dhclient-exit-hooks.d/01-vyos-cleanup
+++ b/src/etc/dhcp/dhclient-exit-hooks.d/01-vyos-cleanup
@@ -1,7 +1,7 @@
 ##
 ## VyOS cleanup
 ##
-# NOTE: here we use 'ip' wrapper, therefore a route will be actually deleted via ip or vtysh, according to the system state
+# NOTE: here we use 'ip' wrapper, therefore a route will be actually deleted via /usr/sbin/ip or vtysh, according to the system state
 hostsd_client="/usr/bin/vyos-hostsd-client"
 hostsd_changes=
 # check vyos-hostsd status