From 2b8af944d60de2fca8370a108e422ccc6b3d006d Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 12 Nov 2018 20:36:23 +0100 Subject: T987: Unclutter PPTP/IPSec RADIUS configuration nodes In other words, remove top level tag nodes from radius-server and introduce a regular "radius" node, thus we can add additional features, too. A migration script is provided in vyos-1x which takes care of this config migration. Change VyOS CLI from: vyos@vyos# show vpn pptp remote-access { authentication { mode radius radius-server 172.16.100.10 { key barbarbar } radius-server 172.16.100.20 { key foofoofoo } } To: vyos@vyos# show vpn l2tp remote-access { authentication { mode radius radius { server 172.16.100.10 { key barbarbar } server 172.16.100.20 { key foofoofoo } } } --- src/migration-scripts/pptp/0-to-1 | 59 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100755 src/migration-scripts/pptp/0-to-1 diff --git a/src/migration-scripts/pptp/0-to-1 b/src/migration-scripts/pptp/0-to-1 new file mode 100755 index 000000000..d0c7a83b5 --- /dev/null +++ b/src/migration-scripts/pptp/0-to-1 @@ -0,0 +1,59 @@ +#!/usr/bin/env python3 + +# Unclutter PPTP VPN configuiration - move radius-server top level tag +# nodes to a regular node which now also configures the radius source address +# used when querying a radius server + +import sys + +from vyos.configtree import ConfigTree + +if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) + +cfg_base = ['vpn', 'pptp', 'remote-access', 'authentication'] +if not config.exists(cfg_base): + # Nothing to do + sys.exit(0) +else: + # Migrate "vpn pptp authentication radius-source-address" to new + # "vpn pptp authentication radius source-address" + if config.exists(cfg_base + ['radius-source-address']): + address = config.return_value(cfg_base + ['radius-source-address']) + # delete old configuration node + config.delete(cfg_base + ['radius-source-address']) + # write new configuration node + config.set(cfg_base + ['radius', 'source-address'], value=address) + + # Migrate "vpn pptp authentication radius-server" tag node to new + # "vpn pptp authentication radius server" tag node + for server in config.list_nodes(cfg_base + ['radius-server']): + base_server = cfg_base + ['radius-server', server] + key = config.return_value(base_server + ['key']) + + # delete old configuration node + config.delete(base_server) + # write new configuration node + config.set(cfg_base + ['radius', 'server', server, 'key'], value=key) + + # format as tag node + config.set_tag(cfg_base + ['radius', 'server']) + + # delete top level tag node + if config.exists(cfg_base + ['radius-server']): + config.delete(cfg_base + ['radius-server']) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + sys.exit(1) -- cgit v1.2.3 From 2375e0876abeff26ba875419b62f974d0ff6122a Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 12 Nov 2018 20:37:08 +0100 Subject: migration/l2tp: fix file comment --- src/migration-scripts/l2tp/0-to-1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/migration-scripts/l2tp/0-to-1 b/src/migration-scripts/l2tp/0-to-1 index 65adbbe77..f6c716df1 100755 --- a/src/migration-scripts/l2tp/0-to-1 +++ b/src/migration-scripts/l2tp/0-to-1 @@ -1,7 +1,8 @@ #!/usr/bin/env python3 -# Delete "set service dhcp-relay relay-options port" option -# Delete "set service dhcpv6-relay listen-port" option +# Unclutter L2TP VPN configuiration - move radius-server top level tag +# nodes to a regular node which now also configures the radius source address +# used when querying a radius server import sys -- cgit v1.2.3 From 93c9199589cca87321f1f0577d16099dbe78842b Mon Sep 17 00:00:00 2001 From: hagbard Date: Wed, 14 Nov 2018 10:47:36 -0800 Subject: T835: accel-ppp pppoe implemetaion - ipv6 DNS, ippv6pool, ipv6 PD, ipv6 inf IDs - snmp subagent and master mode - connlimits configurable - more ppp options configurable (mppe, lcp-echo intervals, mtu, mru etc.) - radius extended options (for HA etc.) --- interface-definitions/pppoe-server.xml | 347 ++++++++++++++++++++++++++++++++- src/conf_mode/accel_pppoe.py | 252 ++++++++++++++++++++---- 2 files changed, 561 insertions(+), 38 deletions(-) diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml index 543ff1663..510bfeb3b 100644 --- a/interface-definitions/pppoe-server.xml +++ b/interface-definitions/pppoe-server.xml @@ -8,6 +8,19 @@ 900 + + + Enable SNMP + + + + + enable SNMP master agent mode + + + + + Access concentrator name @@ -76,13 +89,77 @@ - + Key for accessing the specified server + + + maximum number of simultaneous requests to server (default: unlimited) + + + + + if server doesn't responds mark it as unavailable for this amount of time in seconds + + + + + radius settings + + + + + timeout to wait response from server (sec) + + + + + timeout to wait reply for Interim-Update packets. (default 3 sec) + + + + + maximum number of tries to send Access-Request/Accounting-Request queries + + + + + value to send to RADIUS server in NAS-Identifier attribute and to be matched in DM/CoA requests. + + + + + value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address. + + + + + IPv4 address and port to bind Dynamic Authorization Extension server (DM/CoA) + + + + + IP address for Dynamic Authorization Extension server (DM/CoA) + + + + + port for Dynamic Authorization Extension server (DM/CoA) + + + + + secret for Dynamic Authorization Extension server (DM/CoA) + + + + + + @@ -108,14 +185,38 @@ + + + + pool of client IP space + + + + + format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients) + + + + + + format: ipv6prefix/mask,prefix_len (delegate to clients through DHCPv6 prefix delegation - rfc3633) + + + + + - Domain Name Service (DNS) server + IPv4 Domain Name Service (DNS) server Primary DNS server + + ipv4 + IPv4 address + @@ -124,6 +225,10 @@ Secondary DNS server + + ipv4 + IPv4 address + @@ -131,6 +236,49 @@ + + + IPv6 Domain Name Service (DNS) server + + + + + + ipv6 + IPv6 address + + Primary DNS server + + + + + + + + + ipv6 + IPv6 address + + Secondary DNS server + + + + + + + + + ipv6 + IPv6 address + + Tertiary DNS server + + + + + + + interface(s) to listen on @@ -150,12 +298,38 @@ - Maximum Transmission Unit (MTU) - default 1440 + Maximum Transmission Unit (MTU) - default 1492 + + + limits the connection rate from a single source + + + + + acceptable rate of connections (e.g. 1/min, 60/sec) + + ^[0-9]+\/(min|sec)$ + + illegal value + + + + + burst count + + + + + timeout in seconds + + + + RADIUS settings @@ -207,6 +381,173 @@ + + + + + minimum acceptable MTU (68-65535) + + + + + + + + preferred MRU (68-65535) + + + + + + + + ccp negotiation (default disabled) + + + + + + specifies mppe negotiation preference. (default prefer mppe) + + + + + ask client for mppe, if it rejects drop connection + + + + + + ask client for mppe, if it rejects don't fail + + + + + + deny mppe + + + + + + + + lcp echo-requests/sec + + + + + + + + maximum number of Echo-Requests may be sent without valid reply + + + + + + + + timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and "lcp-echo-failure" is not used. + + + + + + + + specify IPv4 (IPCP) negotiation algorithm + + ^(deny|allow|prefer|require) + + invalid value + + deny + don't negotiate IPv4 + + + allow + negotiate IPv4 only if client requests + + + prefer + ask client for IPv4 negotiation, don't fail if he rejects + + + require + require IPv4 negotiation + + + + + + specify IPv6 (IPCP6) negotiation algorithm + + ^(deny|allow|prefer|require) + + invalid value + + deny + don't negotiate IPv6 + + + allow + negotiate IPv6 only if client requests + + + prefer + ask client for IPv6 negotiation, don't fail if he rejects + + + require + require IPv6 negotiation + + + + + + Specify fixed or random interface identifier for IPv6 + + random + specify random interface identifier for IPv6 + + + x:x:x:x + specify interface identifier for IPv6 + + + + + + specify peer interface identifier for IPv6 + + x:x:x:x + specify interface identifier for IPv6 + + + random + specify a random interface identifier for IPv6 + + + ipv4 + calculate interface identifier from IPv4 address, for example 192:168:0:1 + + + calling-sid + calculate interface identifier from calling-station-Id + + + + + + accept peer's interface identifier + + + + + + + diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py index 4aea84c44..e2f0658a1 100755 --- a/src/conf_mode/accel_pppoe.py +++ b/src/conf_mode/accel_pppoe.py @@ -45,15 +45,22 @@ pppoe_config = ''' log_syslog pppoe ippool +{% if client_ipv6_pool %} +ipv6pool +{% endif %} chap-secrets auth_pap auth_chap_md5 auth_mschap_v1 auth_mschap_v2 -pppd_compat -shaper +#pppd_compat +#shaper +{% if snmp == 'enable' or snmp == 'enable-ma' %} net-snmp +{% endif %} +{% if limits %} connlimit +{% endif %} {% if authentication['mode'] == 'radius' %} radius {% endif %} @@ -66,8 +73,10 @@ syslog=accel-pppoe,daemon copy=1 level=5 +{% if snmp == 'enable-ma' %} [snmp] master=1 +{% endif %} [client-ip-range] disable @@ -78,6 +87,16 @@ disable {% endif %} gw-ip-address={{ppp_gw}} +{% if client_ipv6_pool %} +[ipv6-pool] +{% for prfx in client_ipv6_pool['prefix']: %} +{{prfx}} +{% endfor %} +{% for prfx in client_ipv6_pool['delegate-prefix']: %} +delegate={{prfx}} +{% endfor %} +{% endif %} + {% if dns %} [dns] {% if dns[0] %} @@ -88,6 +107,13 @@ dns2={{dns[1]}} {% endif %} {% endif %} +{% if dnsv6 %} +[dnsv6] +{% for srv in dnsv6: %} +dns={{srv}} +{% endfor %} +{% endif %} + {% if wins %} [wins] {% if wins[0] %} @@ -106,27 +132,83 @@ chap-secrets=/etc/accel-ppp/pppoe/chap-secrets {% if authentication['mode'] == 'radius' %} [radius] {% for rsrv in authentication['radiussrv']: %} -server={{rsrv}},{{authentication['radiussrv'][rsrv]}} +server={{rsrv}},{{authentication['radiussrv'][rsrv]['secret']}},\ +req-limit={{authentication['radiussrv'][rsrv]['req-limit']}},\ +fail-time={{authentication['radiussrv'][rsrv]['fail-time']}} {% endfor %} -timeout=10 -acct-timeout=3 +{% if authentication['radiusopt']['timeout'] %} +timeout={{authentication['radiusopt']['timeout']}} +{% endif %} +{% if authentication['radiusopt']['acct-timeout'] %} +acct-timeout={{authentication['radiusopt']['acct-timeout']}} +{% endif %} +{% if authentication['radiusopt']['max-try'] %} +max-try={{authentication['radiusopt']['max-try']}} +{% endif %} +{% if authentication['radiusopt']['nas-id'] %} +nas-identifier={{authentication['radiusopt']['nas-id']}} +{% endif %} +{% if authentication['radiusopt']['nas-ip'] %} +nas-ip-address={{authentication['radiusopt']['nas-ip']}} +{% endif %} +{% if authentication['radiusopt']['dae-srv'] %} +dae-server={{authentication['radiusopt']['dae-srv']['ip-addr']}}:\ +{{authentication['radiusopt']['dae-srv']['port']}},\ +{{authentication['radiusopt']['dae-srv']['secret']}} +{% endif %} gw-ip-address={{ppp_gw}} verbose=1 {% endif %} [ppp] verbose=1 -min-mtu={{mtu}} -mtu={{mtu}} -mru=1400 -check-ip=1 -mppe=prefer -ipv4=require check-ip=1 single-session=replace +{% if ppp_options['ccp'] %} +ccp=1 +{% endif %} +{% if ppp_options['min-mtu'] %} +min-mtu={{ppp_options['min-mtu']}} +{% else %} +min-mtu={{mtu}} +{% endif %} +{% if ppp_options['mru'] %} +mru={{ppp_options['mru']}} +{% endif %} +{% if ppp_options['mppe'] %} +mppe={{ppp_options['mppe']}} +{% else %} mppe=prefer +{% endif %} +{% if ppp_options['lcp-echo-interval'] %} +lcp-echo-interval={{ppp_options['lcp-echo-interval']}} +{% else %} lcp-echo-interval=30 +{% endif %} +{% if ppp_options['lcp-echo-timeout'] %} +lcp-echo-timeout={{ppp_options['lcp-echo-timeout']}} +{% endif %} +{% if ppp_options['lcp-echo-failure'] %} +lcp-echo-failure={{ppp_options['lcp-echo-failure']}} +{% else %} lcp-echo-failure=3 +{% endif %} +{% if ppp_options['ipv4'] %} +ipv4={{ppp_options['ipv4']}} +{% endif %} +{% if ppp_options['ipv6'] %} +ipv6={{ppp_options['ipv6']}} +{% if ppp_options['ipv6-intf-id'] %} +ipv6-intf-id={{ppp_options['ipv6-intf-id']}} +{% endif %} +{% if ppp_options['ipv6-peer-intf-id'] %} +ipv6-peer-intf-id={{ppp_options['ipv6-peer-intf-id']}} +{% endif %} +{% if ppp_options['ipv6-accept-peer-intf-id'] %} +ipv6-accept-peer-intf-id={{ppp_options['ipv6-accept-peer-intf-id']}} +{% endif %} +{% endif %} +mtu={{mtu}} [pppoe] verbose=1 @@ -141,12 +223,14 @@ interface={{int}} {% if svc_name %} service-name={{svc_name}} {% endif %} +# maybe: called-sid, tr101, padi-limit etc. - +{% if limits %} [connlimit] -limit=10/min -burst=3 -timeout=60 +limit={{limits['conn-limit']}} +burst={{limits['burst']}} +timeout={{limits['timeout']}} +{% endif %} [cli] tcp=127.0.0.1:2001 @@ -210,24 +294,30 @@ def get_config(): return None config_data = { - 'concentrator' : 'vyos-ac', - 'authentication' : { - 'local-users' : { + 'concentrator' : 'vyos-ac', + 'authentication' : { + 'local-users' : { }, - 'mode' : 'local', - 'radiussrv' : {} + 'mode' : 'local', + 'radiussrv' : {}, + 'radiusopt' : {} }, - 'client_ip_pool' : '', - 'interface' : [], - 'ppp_gw' : '', - 'svc_name' : '', - 'dns' : [], - 'wins' : [], - 'mtu' : '1492' + 'client_ip_pool' : '', + 'client_ipv6_pool' : {}, + 'interface' : [], + 'ppp_gw' : '', + 'svc_name' : '', + 'dns' : [], + 'dnsv6' : [], + 'wins' : [], + 'mtu' : '1492', + 'ppp_options' : {}, + 'limits' : {}, + 'snmp' : 'disable' } c.set_level('service pppoe-server') - + ### general options if c.exists('access-concentrator'): config_data['concentrator'] = c.return_value('access-concentrator') if c.exists('service-name'): @@ -241,6 +331,13 @@ def get_config(): config_data['dns'].append(c.return_value('dns-servers server-1')) if c.return_value('dns-servers server-2'): config_data['dns'].append(c.return_value('dns-servers server-2')) + if c.exists('dnsv6-servers'): + if c.return_value('dnsv6-servers server-1'): + config_data['dnsv6'].append(c.return_value('dnsv6-servers server-1')) + if c.return_value('dnsv6-servers server-2'): + config_data['dnsv6'].append(c.return_value('dnsv6-servers server-2')) + if c.return_value('dnsv6-servers server-3'): + config_data['dnsv6'].append(c.return_value('dnsv6-servers server-3')) if c.exists('wins-servers'): if c.return_value('wins-servers server-1'): config_data['wins'].append(c.return_value('wins-servers server-1')) @@ -253,6 +350,21 @@ def get_config(): config_data['client_ip_pool'] += '-' + re.search('[0-9]+$', c.return_value('client-ip-pool stop')).group(0) else: raise ConfigError('client ip pool stop required') + if c.exists('client-ipv6-pool prefix'): + config_data['client_ipv6_pool']['prefix'] = c.return_values('client-ipv6-pool prefix') + if c.exists('client-ipv6-pool delegate-prefix'): + config_data['client_ipv6_pool']['delegate-prefix'] = c.return_values('client-ipv6-pool delegate-prefix') + if c.exists('limits'): + if c.exists('limits burst'): + config_data['limits']['burst'] = str(c.return_value('limits burst')) + if c.exists('limits timeout'): + config_data['limits']['timeout'] = str(c.return_value('limits timeout')) + if c.exists('limits connection-limit'): + config_data['limits']['conn-limit'] = str(c.return_value('limits connection-limit')) + if c.exists('snmp'): + config_data['snmp'] = 'enable' + if c.exists('snmp master-agent'): + config_data['snmp'] = 'enable-ma' #### authentication mode local if c.exists('authentication'): @@ -275,20 +387,92 @@ def get_config(): if c.exists('authentication local-users username ' + usr + ' static-ip'): config_data['authentication']['local-users'][usr]['ip'] = c.return_value('authentication local-users username ' + usr + ' static-ip') - ### authentication mode radius + ### authentication mode radius servers and settings if c.return_value('authentication mode') == 'radius': config_data['authentication']['mode'] = 'radius' rsrvs = c.list_nodes('authentication radius-server') for rsrv in rsrvs: + if c.return_value('authentication radius-server ' + rsrv + ' fail-time') == None: + ftime = '0' + else: + ftime = str(c.return_value('authentication radius-server ' + rsrv + ' fail-time')) + if c.return_value('authentication radius-server ' + rsrv + ' req-limit') == None: + reql = '0' + else: + reql = str(c.return_value('authentication radius-server ' + rsrv + ' req-limit')) + config_data['authentication']['radiussrv'].update( { - rsrv : str(c.return_value('authentication radius-server ' + rsrv + ' key')) + rsrv : { + 'secret' : c.return_value('authentication radius-server ' + rsrv + ' secret'), + 'fail-time' : ftime, + 'req-limit' : reql + } + } ) + #### advanced radius-setting + if c.exists('authentication radius-settings'): + if c.exists('authentication radius-settings acct-timeout'): + config_data['authentication']['radiusopt']['acct-timeout'] = c.return_value('authentication radius-settings acct-timeout') + if c.exists('authentication radius-settings max-try'): + config_data['authentication']['radiusopt']['max-try'] = c.return_value('authentication radius-settings max-try') + if c.exists('authentication radius-settings timeout'): + config_data['authentication']['radiusopt']['timeout'] = c.return_value('authentication radius-settings timeout') + if c.exists('authentication radius-settings nas-identifier'): + config_data['authentication']['radiusopt']['nas-id'] = c.return_value('authentication radius-settings nas-identifier') + if c.exists('authentication radius-settings nas-ip-address'): + config_data['authentication']['radiusopt']['nas-ip'] = c.return_value('authentication radius-settings nas-ip-address') + if c.exists('authentication radius-settings dae-server'): + config_data['authentication']['radiusopt'].update( + { + 'dae-srv' : { + 'ip-addr' : c.return_value('authentication radius-settings dae-server ip-address'), + 'port' : c.return_value('authentication radius-settings dae-server port'), + 'secret' : str(c.return_value('authentication radius-settings dae-server secret')) + } + } + ) + if c.exists('mtu'): config_data['mtu'] = c.return_value('mtu') + ### ppp_options + ppp_options = {} + if c.exists('ppp-options'): + if c.exists('ppp-options ccp'): + ppp_options['ccp'] = c.return_value('ppp-options ccp') + if c.exists('ppp-options min-mtu'): + ppp_options['min-mtu'] = c.return_value('ppp-options min-mtu') + if c.exists('ppp-options mru'): + ppp_options['mru'] = c.return_value('ppp-options mru') + if c.exists('ppp-options mppe deny'): + ppp_options['mppe'] = 'deny' + if c.exists('ppp-options mppe require'): + ppp_options['mppe'] = 'requre' + if c.exists('ppp-options mppe prefer'): + ppp_options['mppe'] = 'prefer' + if c.exists('ppp-options lcp-echo-failure'): + ppp_options['lcp-echo-failure'] = c.return_value('ppp-options lcp-echo-failure') + if c.exists('ppp-options lcp-echo-interval'): + ppp_options['lcp-echo-interval'] = c.return_value('ppp-options lcp-echo-interval') + if c.exists('ppp-options ipv4'): + ppp_options['ipv4'] = c.return_value('ppp-options ipv4') + if c.exists('ppp-options ipv6'): + ppp_options['ipv6'] = c.return_value('ppp-options ipv6') + if c.exists('ppp-options ipv6-accept-peer-intf-id'): + ppp_options['ipv6-accept-peer-intf-id']= 1 + if c.exists('ppp-options ipv6-intf-id'): + ppp_options['ipv6-intf-id'] = c.return_value('ppp-options ipv6-intf-id') + if c.exists('ppp-options ipv6-peer-intf-id'): + ppp_options['ipv6-peer-intf-id'] = c.return_value('ppp-options ipv6-peer-intf-id') + if c.exists('ppp-options lcp-echo-timeout'): + ppp_options['lcp-echo-timeout'] = c.return_value('ppp-options lcp-echo-timeout') + + if len(ppp_options) !=0: + config_data['ppp_options'] = ppp_options + return config_data def verify(c): @@ -305,6 +489,9 @@ def verify(c): if c['authentication']['mode'] == 'radius': if len(c['authentication']['radiussrv']) == 0: raise ConfigError('radius server required') + for rsrv in c['authentication']['radiussrv']: + if c['authentication']['radiussrv'][rsrv]['secret'] == None: + raise ConfigError('radius server ' + rsrv + ' needs a secret configured') def generate(c): if c == None: @@ -347,11 +534,6 @@ def apply(c): accel_cmd('restart') sl.syslog(sl.LOG_NOTICE, "reloading config via daemon restart") - #if c['state'] == 'update': - # accel_cmd('restart') - # sl.syslog(sl.LOG_NOTICE, "reloading config via daemon restart") - # ## check that config reload actually works - if __name__ == '__main__': try: c = get_config() -- cgit v1.2.3 From 439d86aa55c7eed9619391ecec04bc1fbd5f9323 Mon Sep 17 00:00:00 2001 From: hagbard Date: Wed, 14 Nov 2018 16:24:27 -0800 Subject: Fixes: T940 adding immark to syslog options --- interface-definitions/syslog.xml | 15 +++++++++++++++ src/conf_mode/syslog.py | 20 ++++++++++++++------ 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/interface-definitions/syslog.xml b/interface-definitions/syslog.xml index aafa91b55..a1479128c 100644 --- a/interface-definitions/syslog.xml +++ b/interface-definitions/syslog.xml @@ -520,6 +520,21 @@ + + + mark messages sent to syslog + + + + + time interval how often a mark message is being sent in seconds (default: 1200) + + + + + + + diff --git a/src/conf_mode/syslog.py b/src/conf_mode/syslog.py index f652cf3d0..f8f8d9457 100755 --- a/src/conf_mode/syslog.py +++ b/src/conf_mode/syslog.py @@ -30,6 +30,12 @@ from vyos import ConfigError configs = ''' ## generated by syslog.py ## ## file based logging +{% if files['global']['marker'] %} +$ModLoad immark +{% if files['global']['marker-interval'] %} +$MarkMessagePeriod {{files['global']['marker-interval']}} +{% endif %} +{% endif %} {% for file in files %} $outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} {{files[file]['selectors']}} :omfile:${{file}} @@ -80,10 +86,10 @@ def get_config(): c.set_level('system syslog') config_data = { - 'files' : {}, + 'files' : {}, 'console' : {}, - 'hosts' : {}, - 'user' : {} + 'hosts' : {}, + 'user' : {} } ##### @@ -102,13 +108,16 @@ def get_config(): } ) + if c.exists('global marker'): + config_data['files']['global']['marker'] = True + if c.exists('global marker interval'): + config_data['files']['global']['marker-interval'] = c.return_value('global marker interval') if c.exists('global facility'): config_data['files']['global']['selectors'] = generate_selectors(c, 'global facility') if c.exists('global archive size'): config_data['files']['global']['max-size'] = int(c.return_value('global archive size'))* 1024 if c.exists('global archive files'): config_data['files']['global']['max-files'] = c.return_value('global archive files') - ### # set system syslog file ### @@ -217,14 +226,12 @@ def generate_selectors(c, config_node): def generate(c): tmpl = jinja2.Template(configs, trim_blocks=True) config_text = tmpl.render(c) - #print (config_text) with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: f.write(config_text) ## eventually write for each file its own logrotate file, since size is defined it shouldn't matter tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) config_text = tmpl.render(c) - #print (config_text) with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: f.write(config_text) @@ -247,6 +254,7 @@ def verify(c): fac = ['*','auth','authpriv','cron','daemon','kern','lpr','mail','mark','news','protocols','security',\ 'syslog','user','uucp','local0','local1','local2','local3','local4','local5','local6','local7'] lvl = ['emerg','alert','crit','err','warning','notice','info','debug','*'] + for conf in c: if c[conf]: for item in c[conf]: -- cgit v1.2.3 From da81f51fc1fcfccaf46338ca7c4163a72227183c Mon Sep 17 00:00:00 2001 From: hagbard Date: Wed, 14 Nov 2018 16:39:36 -0800 Subject: Bugfix: T835 - verify radius server settings --- src/conf_mode/accel_pppoe.py | 81 ++++++++++++++++++++++---------------------- 1 file changed, 40 insertions(+), 41 deletions(-) diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py index e2f0658a1..51a121eaf 100755 --- a/src/conf_mode/accel_pppoe.py +++ b/src/conf_mode/accel_pppoe.py @@ -367,50 +367,49 @@ def get_config(): config_data['snmp'] = 'enable-ma' #### authentication mode local - if c.exists('authentication'): - if c.return_value('authentication mode') == 'local': - if c.exists('authentication local-users username'): - for usr in c.list_nodes('authentication local-users username'): - config_data['authentication']['local-users'].update( - { - usr : { - 'passwd' : '', - 'state' : 'enabled', - 'ip' : '*' - } - } - ) - if c.exists('authentication local-users username ' + usr + ' password'): - config_data['authentication']['local-users'][usr]['passwd'] = c.return_value('authentication local-users username ' + usr + ' password') - if c.exists('authentication local-users username ' + usr + ' disable'): - config_data['authentication']['local-users'][usr]['state'] = 'disable' - if c.exists('authentication local-users username ' + usr + ' static-ip'): - config_data['authentication']['local-users'][usr]['ip'] = c.return_value('authentication local-users username ' + usr + ' static-ip') - - ### authentication mode radius servers and settings - if c.return_value('authentication mode') == 'radius': - config_data['authentication']['mode'] = 'radius' - rsrvs = c.list_nodes('authentication radius-server') - for rsrv in rsrvs: - if c.return_value('authentication radius-server ' + rsrv + ' fail-time') == None: - ftime = '0' - else: - ftime = str(c.return_value('authentication radius-server ' + rsrv + ' fail-time')) - if c.return_value('authentication radius-server ' + rsrv + ' req-limit') == None: - reql = '0' - else: - reql = str(c.return_value('authentication radius-server ' + rsrv + ' req-limit')) - - config_data['authentication']['radiussrv'].update( + + if c.exists('authentication mode local'): + if c.exists('authentication local-users username'): + for usr in c.list_nodes('authentication local-users username'): + config_data['authentication']['local-users'].update( { - rsrv : { - 'secret' : c.return_value('authentication radius-server ' + rsrv + ' secret'), - 'fail-time' : ftime, - 'req-limit' : reql - } - + usr : { + 'passwd' : '', + 'state' : 'enabled', + 'ip' : '*' + } } ) + if c.exists('authentication local-users username ' + usr + ' password'): + config_data['authentication']['local-users'][usr]['passwd'] = c.return_value('authentication local-users username ' + usr + ' password') + if c.exists('authentication local-users username ' + usr + ' disable'): + config_data['authentication']['local-users'][usr]['state'] = 'disable' + if c.exists('authentication local-users username ' + usr + ' static-ip'): + config_data['authentication']['local-users'][usr]['ip'] = c.return_value('authentication local-users username ' + usr + ' static-ip') + + ### authentication mode radius servers and settings + + if c.exists('authentication mode radius'): + config_data['authentication']['mode'] = 'radius' + rsrvs = c.list_nodes('authentication radius-server') + for rsrv in rsrvs: + if c.return_value('authentication radius-server ' + rsrv + ' fail-time') == None: + ftime = '0' + else: + ftime = str(c.return_value('authentication radius-server ' + rsrv + ' fail-time')) + if c.return_value('authentication radius-server ' + rsrv + ' req-limit') == None: + reql = '0' + else: + reql = str(c.return_value('authentication radius-server ' + rsrv + ' req-limit')) + config_data['authentication']['radiussrv'].update( + { + rsrv : { + 'secret' : c.return_value('authentication radius-server ' + rsrv + ' secret'), + 'fail-time' : ftime, + 'req-limit' : reql + } + } + ) #### advanced radius-setting if c.exists('authentication radius-settings'): -- cgit v1.2.3 From fe639cd05002b16a82b74262966598bab976e67f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 17 Nov 2018 10:44:48 +0100 Subject: Lint fixup of opmode XML indention --- op-mode-definitions/dns-forwarding.xml | 3 +- op-mode-definitions/dynamic-dns.xml | 1 - op-mode-definitions/poweroff.xml | 64 ++++++++++++++---------------- op-mode-definitions/pppoe-server.xml | 2 +- op-mode-definitions/reboot.xml | 64 ++++++++++++++---------------- op-mode-definitions/show-arp.xml | 35 ++++++++-------- op-mode-definitions/show-bridge.xml | 3 +- op-mode-definitions/show-configuration.xml | 62 ++++++++++++++--------------- op-mode-definitions/show-disk.xml | 33 ++++++++------- op-mode-definitions/show-hardware.xml | 7 ---- op-mode-definitions/show-host.xml | 55 ++++++++++++------------- op-mode-definitions/show-ntp.xml | 2 +- 12 files changed, 150 insertions(+), 181 deletions(-) diff --git a/op-mode-definitions/dns-forwarding.xml b/op-mode-definitions/dns-forwarding.xml index be71302cd..ac141174f 100644 --- a/op-mode-definitions/dns-forwarding.xml +++ b/op-mode-definitions/dns-forwarding.xml @@ -1,5 +1,4 @@ - @@ -38,7 +37,7 @@ sudo ${vyos_op_scripts_dir}/dns_forwarding_restart.sh - + diff --git a/op-mode-definitions/dynamic-dns.xml b/op-mode-definitions/dynamic-dns.xml index 76c473fd7..6ea6482e1 100644 --- a/op-mode-definitions/dynamic-dns.xml +++ b/op-mode-definitions/dynamic-dns.xml @@ -1,5 +1,4 @@ - diff --git a/op-mode-definitions/poweroff.xml b/op-mode-definitions/poweroff.xml index e2483fefc..b4163bcb9 100644 --- a/op-mode-definitions/poweroff.xml +++ b/op-mode-definitions/poweroff.xml @@ -5,7 +5,6 @@ Poweroff the system sudo ${vyos_op_scripts_dir}/powerctrl.py --poweroff - @@ -13,46 +12,41 @@ sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff - Cancel a pending poweroff sudo ${vyos_op_scripts_dir}/powerctrl.py --cancel - - - - Poweroff in X minutes - - <Minutes> - - - sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3 $4 - - - - - - Poweroff at a specific time - - <HH:MM> - - - sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3 - - - - Poweroff at a specific date - - <DDMMYYYY> <DD/MM/YYYY> <DD.MM.YYYY> <DD:MM:YYYY> - - - sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3 $5 - - - - + + + Poweroff in X minutes + + <Minutes> + + + sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3 $4 + + + + Poweroff at a specific time + + <HH:MM> + + + sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3 + + + + Poweroff at a specific date + + <DDMMYYYY> <DD/MM/YYYY> <DD.MM.YYYY> <DD:MM:YYYY> + + + sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --poweroff $3 $5 + + + diff --git a/op-mode-definitions/pppoe-server.xml b/op-mode-definitions/pppoe-server.xml index 7595d6ecf..7c0b05484 100644 --- a/op-mode-definitions/pppoe-server.xml +++ b/op-mode-definitions/pppoe-server.xml @@ -26,7 +26,7 @@ /usr/bin/accel-cmd 'pppoe interface show' - + diff --git a/op-mode-definitions/reboot.xml b/op-mode-definitions/reboot.xml index affdffd98..2c8daec5d 100644 --- a/op-mode-definitions/reboot.xml +++ b/op-mode-definitions/reboot.xml @@ -5,7 +5,6 @@ Reboot the system sudo ${vyos_op_scripts_dir}/powerctrl.py --reboot - @@ -13,46 +12,41 @@ sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot - Cancel a pending reboot sudo ${vyos_op_scripts_dir}/powerctrl.py --cancel - - - - Reboot in X minutes - - <Minutes> - - - sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3 $4 - - - - - - Reboot at a specific time - - <HH:MM> - - - sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3 - - - - Reboot at a specific date - - <DDMMYYYY> <DD/MM/YYYY> <DD.MM.YYYY> <DD:MM:YYYY> - - - sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3 $5 - - - - + + + Reboot in X minutes + + <Minutes> + + + sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3 $4 + + + + Reboot at a specific time + + <HH:MM> + + + sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3 + + + + Reboot at a specific date + + <DDMMYYYY> <DD/MM/YYYY> <DD.MM.YYYY> <DD:MM:YYYY> + + + sudo ${vyos_op_scripts_dir}/powerctrl.py --yes --reboot $3 $5 + + + diff --git a/op-mode-definitions/show-arp.xml b/op-mode-definitions/show-arp.xml index 92c231c6f..ef3e399f8 100644 --- a/op-mode-definitions/show-arp.xml +++ b/op-mode-definitions/show-arp.xml @@ -2,24 +2,23 @@ - - - Show Address Resolution Protocol (ARP) information - - /usr/sbin/arp -e -n - - - - Show Address Resolution Protocol (ARP) cache for specified interface - - - - - /usr/sbin/arp -e -n -i '$4' - - - - + + + Show Address Resolution Protocol (ARP) information + + /usr/sbin/arp -e -n + + + + Show Address Resolution Protocol (ARP) cache for specified interface + + + + + /usr/sbin/arp -e -n -i '$4' + + + diff --git a/op-mode-definitions/show-bridge.xml b/op-mode-definitions/show-bridge.xml index b285e2288..8c1f7c398 100644 --- a/op-mode-definitions/show-bridge.xml +++ b/op-mode-definitions/show-bridge.xml @@ -30,8 +30,7 @@ /sbin/brctl showstp $3 - - + diff --git a/op-mode-definitions/show-configuration.xml b/op-mode-definitions/show-configuration.xml index 90c1533fb..318942ab0 100644 --- a/op-mode-definitions/show-configuration.xml +++ b/op-mode-definitions/show-configuration.xml @@ -2,38 +2,36 @@ - - - Show available saved configurations - - - cli-shell-api showCfg --show-active-only --show-hide-secrets - - - - - Show running configuration (including default values) - - - cli-shell-api showCfg --show-show-defaults --show-active-only --show-hide-secrets - - - - Show running configuration as set commands - - - cli-shell-api showCfg --show-active-only | vyos-config-to-commands - - - - Show available saved configurations - - - ${vyos_op_scripts_dir}/show_configuration_files.sh - - - - + + + Show available saved configurations + + + cli-shell-api showCfg --show-active-only --show-hide-secrets + + + + Show running configuration (including default values) + + + cli-shell-api showCfg --show-show-defaults --show-active-only --show-hide-secrets + + + + Show running configuration as set commands + + + cli-shell-api showCfg --show-active-only | vyos-config-to-commands + + + + Show available saved configurations + + + ${vyos_op_scripts_dir}/show_configuration_files.sh + + + diff --git a/op-mode-definitions/show-disk.xml b/op-mode-definitions/show-disk.xml index 8a8e35515..37da07fbe 100644 --- a/op-mode-definitions/show-disk.xml +++ b/op-mode-definitions/show-disk.xml @@ -2,23 +2,22 @@ - - - Show status of disk device - - - - - - - - Show disk drive formatting - - ${vyos_op_scripts_dir}/show_disk_format.sh $3 - - - - + + + Show status of disk device + + + + + + + + Show disk drive formatting + + ${vyos_op_scripts_dir}/show_disk_format.sh $3 + + + diff --git a/op-mode-definitions/show-hardware.xml b/op-mode-definitions/show-hardware.xml index 6cd912aea..a49036397 100644 --- a/op-mode-definitions/show-hardware.xml +++ b/op-mode-definitions/show-hardware.xml @@ -27,21 +27,18 @@ - Show system DMI details ${vyatta_bindir}/vyatta-show-dmi - Show system RAM details cat /proc/meminfo - Show system PCI bus details @@ -56,8 +53,6 @@ - - Show SCSI device information @@ -72,7 +67,6 @@ - Show peripherals connected to the USB bus @@ -87,7 +81,6 @@ - diff --git a/op-mode-definitions/show-host.xml b/op-mode-definitions/show-host.xml index b3ea129a2..d7f8104aa 100644 --- a/op-mode-definitions/show-host.xml +++ b/op-mode-definitions/show-host.xml @@ -2,36 +2,31 @@ - - - Show host information - - - - - Show domain name - - /bin/domainname -d - - - - - Show host name - - /bin/hostname - - - - - Lookup host information for hostname|IPv4 address - - /usr/bin/host $4 - - - - - - + + + Show host information + + + + + Show domain name + + /bin/domainname -d + + + + Show host name + + /bin/hostname + + + + Lookup host information for hostname|IPv4 address + + /usr/bin/host $4 + + + diff --git a/op-mode-definitions/show-ntp.xml b/op-mode-definitions/show-ntp.xml index 4f2f2192b..4db43b449 100644 --- a/op-mode-definitions/show-ntp.xml +++ b/op-mode-definitions/show-ntp.xml @@ -6,7 +6,7 @@ Show peer status of NTP daemon - if ps -C ntpd &>/dev/null; then ntpdc -n -c peers; else echo NTP daemon disabled; fi + if ps -C ntpd &>/dev/null; then ntpdc -n -c peers; else echo NTP daemon disabled; fi -- cgit v1.2.3 From f9007c5f5e6e7957ab1c955c10b3842dca7b253d Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 17 Nov 2018 11:03:08 +0100 Subject: T1016: fix IPv4/IPv6 dhcp relay restart command Current implementation referred to a no longer existing Perl script to restart the IPv4 and IPv6 instance of dhcrelay. > restart dhcp relay-agent > restart dhcpv6 relay-agent --- op-mode-definitions/dhcp.xml | 4 +-- src/op_mode/restart_dhcp_relay.py | 53 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 2 deletions(-) create mode 100755 src/op_mode/restart_dhcp_relay.py diff --git a/op-mode-definitions/dhcp.xml b/op-mode-definitions/dhcp.xml index eb57f8f1f..a7d09304e 100644 --- a/op-mode-definitions/dhcp.xml +++ b/op-mode-definitions/dhcp.xml @@ -83,7 +83,7 @@ Restart the DHCP server process - sudo /opt/vyatta/sbin/dhcrelay-starter.pl --op-mode --init='/opt/vyatta/sbin/dhcrelay.init' + sudo ${vyos_op_scripts_dir}/restart_dhcp_relay.py --ipv4 @@ -102,7 +102,7 @@ Restart the DHCP server process - sudo /opt/vyatta/sbin/dhcv6relay-starter.pl --op_mode --config_action ACTIVE + sudo ${vyos_op_scripts_dir}/restart_dhcp_relay.py --ipv6 diff --git a/src/op_mode/restart_dhcp_relay.py b/src/op_mode/restart_dhcp_relay.py new file mode 100755 index 000000000..ab02d1eb3 --- /dev/null +++ b/src/op_mode/restart_dhcp_relay.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# File: restart_dhcp_relay.py +# Purpose: +# Restart IPv4 and IPv6 DHCP relay instances of dhcrelay service + +import sys +import argparse +import os + +import vyos.config + +parser = argparse.ArgumentParser() +parser.add_argument("--ipv4", action="store_true", help="Restart IPv4 DHCP relay") +parser.add_argument("--ipv6", action="store_true", help="Restart IPv6 DHCP relay") + +if __name__ == '__main__': + args = parser.parse_args() + c = vyos.config.Config() + + if args.ipv4: + # Do nothing if service is not configured + if not c.exists_effective('service dhcp-relay'): + print("DHCP relay service not configured") + else: + os.system('sudo systemctl restart isc-dhcp-relay.service') + + sys.exit(0) + elif args.ipv6: + # Do nothing if service is not configured + if not c.exists_effective('service dhcpv6-relay'): + print("DHCPv6 relay service not configured") + else: + os.system('sudo systemctl restart isc-dhcpv6-relay.service') + + sys.exit(0) + else: + parser.print_help() + sys.exit(1) -- cgit v1.2.3 From 604600bf40873a7d64329d88dafd90196ed10745 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 17 Nov 2018 11:06:24 +0100 Subject: Rename show-igmpproxy.py -> show_igmpproxy.py --- op-mode-definitions/show-ip-multicast.xml | 4 +- src/op_mode/show-igmpproxy.py | 241 ------------------------------ src/op_mode/show_igmpproxy.py | 241 ++++++++++++++++++++++++++++++ 3 files changed, 243 insertions(+), 243 deletions(-) delete mode 100755 src/op_mode/show-igmpproxy.py create mode 100755 src/op_mode/show_igmpproxy.py diff --git a/op-mode-definitions/show-ip-multicast.xml b/op-mode-definitions/show-ip-multicast.xml index 07102bfa6..6ffe40436 100644 --- a/op-mode-definitions/show-ip-multicast.xml +++ b/op-mode-definitions/show-ip-multicast.xml @@ -13,13 +13,13 @@ Show multicast interfaces - if ps -C igmpproxy &>/dev/null; then ${vyos_op_scripts_dir}/show-igmpproxy.py --interface; else echo IGMP proxy not configured; fi + if ps -C igmpproxy &>/dev/null; then ${vyos_op_scripts_dir}/show_igmpproxy.py --interface; else echo IGMP proxy not configured; fi Show multicast fowarding cache - if ps -C igmpproxy &>/dev/null; then ${vyos_op_scripts_dir}/show-igmpproxy.py --mfc; else echo IGMP proxy not configured; fi + if ps -C igmpproxy &>/dev/null; then ${vyos_op_scripts_dir}/show_igmpproxy.py --mfc; else echo IGMP proxy not configured; fi diff --git a/src/op_mode/show-igmpproxy.py b/src/op_mode/show-igmpproxy.py deleted file mode 100755 index a021fcdde..000000000 --- a/src/op_mode/show-igmpproxy.py +++ /dev/null @@ -1,241 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# File: show-igmpproxy -# Purpose: -# Display istatistics from IPv4 IGMP proxy. -# Used by the "run show ip multicast" command tree. - -import sys -import jinja2 -import argparse -import ipaddress -import socket - -import vyos.config - -# Output Template for "show ip multicast interface" command -# -# Example: -# Interface BytesIn PktsIn BytesOut PktsOut Local -# eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65 -# eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201 -# eth0.3 0.0b 0 0.0b 0 xxx.xxx.x.7 -# tun1 0.0b 0 0.0b 0 xxx.xxx.xxx.2 -vif_out_tmpl = """ -{%- for r in data %} -{{ "%-10s"|format(r.interface) }} {{ "%-12s"|format(r.bytes_in) }} {{ "%-12s"|format(r.pkts_in) }} {{ "%-12s"|format(r.bytes_out) }} {{ "%-12s"|format(r.pkts_out) }} {{ "%-15s"|format(r.loc) }} -{%- endfor %} -""" - -# Output Template for "show ip multicast mfc" command -# -# Example: -# Group Origin In Out Pkts Bytes Wrong -# xxx.xxx.xxx.250 xxx.xx.xxx.75 -- -# xxx.xxx.xx.124 xx.xxx.xxx.26 -- -mfc_out_tmpl = """ -{%- for r in data %} -{{ "%-15s"|format(r.group) }} {{ "%-15s"|format(r.origin) }} {{ "%-12s"|format(r.pkts) }} {{ "%-12s"|format(r.bytes) }} {{ "%-12s"|format(r.wrong) }} {{ "%-10s"|format(r.iif) }} {{ "%-20s"|format(r.oifs|join(', ')) }} -{%- endfor %} -""" - -parser = argparse.ArgumentParser() -parser.add_argument("--interface", action="store_true", help="Interface Statistics") -parser.add_argument("--mfc", action="store_true", help="Multicast Forwarding Cache") - -def byte_string(size): - # convert size to integer - size = int(size) - - # One Terrabyte - s_TB = 1024 * 1024 * 1024 * 1024 - # One Gigabyte - s_GB = 1024 * 1024 * 1024 - # One Megabyte - s_MB = 1024 * 1024 - # One Kilobyte - s_KB = 1024 - # One Byte - s_B = 1 - - if size > s_TB: - return str(round((size/s_TB), 2)) + 'TB' - elif size > s_GB: - return str(round((size/s_GB), 2)) + 'GB' - elif size > s_MB: - return str(round((size/s_MB), 2)) + 'MB' - elif size > s_KB: - return str(round((size/s_KB), 2)) + 'KB' - else: - return str(round((size/s_B), 2)) + 'b' - - return None - -def kernel2ip(addr): - """ - Convert any given addr from Linux Kernel to a proper, IPv4 address - using the correct host byte order. - """ - - # Convert from hex 'FE000A0A' to decimal '4261415434' - addr = int(addr, 16) - # Kernel ABI _always_ uses network byteorder - addr = socket.ntohl(addr) - - return ipaddress.IPv4Address( addr ) - -def do_mr_vif(): - """ - Read contents of file /proc/net/ip_mr_vif and print a more human - friendly version to the command line. IPv4 addresses present as - 32bit integers in hex format are converted to IPv4 notation, too. - """ - - with open('/proc/net/ip_mr_vif', 'r') as f: - lines = len(f.readlines()) - if lines < 2: - return None - - result = { - 'data': [] - } - - # Build up table format string - table_format = { - 'interface': 'Interface', - 'pkts_in' : 'PktsIn', - 'pkts_out' : 'PktsOut', - 'bytes_in' : 'BytesIn', - 'bytes_out': 'BytesOut', - 'loc' : 'Local' - } - result['data'].append(table_format) - - # read and parse information from /proc filesystema - with open('/proc/net/ip_mr_vif', 'r') as f: - header_line = next(f) - for line in f: - data = { - 'interface': line.split()[1], - 'pkts_in' : line.split()[3], - 'pkts_out' : line.split()[5], - - # convert raw byte number to something more human readable - # Note: could be replaced by Python3 hurry.filesize module - 'bytes_in' : byte_string( line.split()[2] ), - 'bytes_out': byte_string( line.split()[4] ), - - # convert IP address from hex 'FE000A0A' to decimal '4261415434' - 'loc' : kernel2ip( line.split()[7] ), - } - result['data'].append(data) - - return result - -def do_mr_mfc(): - """ - Read contents of file /proc/net/ip_mr_cache and print a more human - friendly version to the command line. IPv4 addresses present as - 32bit integers in hex format are converted to IPv4 notation, too. - """ - - with open('/proc/net/ip_mr_cache', 'r') as f: - lines = len(f.readlines()) - if lines < 2: - return None - - # We need this to convert from interface index to a real interface name - # Thus we also skip the format identifier on list index 0 - vif = do_mr_vif()['data'][1:] - - result = { - 'data': [] - } - - # Build up table format string - table_format = { - 'group' : 'Group', - 'origin': 'Origin', - 'iif' : 'In', - 'oifs' : ['Out'], - 'pkts' : 'Pkts', - 'bytes' : 'Bytes', - 'wrong' : 'Wrong' - } - result['data'].append(table_format) - - # read and parse information from /proc filesystem - with open('/proc/net/ip_mr_cache', 'r') as f: - header_line = next(f) - for line in f: - data = { - # convert IP address from hex 'FE000A0A' to decimal '4261415434' - 'group' : kernel2ip( line.split()[0] ), - 'origin': kernel2ip( line.split()[1] ), - - 'iif' : '--', - 'pkts' : '', - 'bytes' : '', - 'wrong' : '', - 'oifs' : [] - } - - iif = int( line.split()[2] ) - if not ((iif == -1) or (iif == 65535)): - data['pkts'] = line.split()[3] - data['bytes'] = byte_string( line.split()[4] ) - data['wrong'] = line.split()[5] - - # convert index to real interface name - data['iif'] = vif[iif]['interface'] - - # convert each output interface index to a real interface name - for oif in line.split()[6:]: - idx = int( oif.split(':')[0] ) - data['oifs'].append( vif[idx]['interface'] ) - - result['data'].append(data) - - return result - -if __name__ == '__main__': - args = parser.parse_args() - - # Do nothing if service is not configured - c = vyos.config.Config() - if not c.exists_effective('protocols igmp-proxy'): - print("IGMP proxy is not configured") - sys.exit(0) - - if args.interface: - data = do_mr_vif() - if data: - tmpl = jinja2.Template(vif_out_tmpl) - print(tmpl.render(data)) - - sys.exit(0) - elif args.mfc: - data = do_mr_mfc() - if data: - tmpl = jinja2.Template(mfc_out_tmpl) - print(tmpl.render(data)) - - sys.exit(0) - else: - parser.print_help() - sys.exit(1) - diff --git a/src/op_mode/show_igmpproxy.py b/src/op_mode/show_igmpproxy.py new file mode 100755 index 000000000..5ccc16287 --- /dev/null +++ b/src/op_mode/show_igmpproxy.py @@ -0,0 +1,241 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# File: show_igmpproxy.py +# Purpose: +# Display istatistics from IPv4 IGMP proxy. +# Used by the "run show ip multicast" command tree. + +import sys +import jinja2 +import argparse +import ipaddress +import socket + +import vyos.config + +# Output Template for "show ip multicast interface" command +# +# Example: +# Interface BytesIn PktsIn BytesOut PktsOut Local +# eth0 0.0b 0 0.0b 0 xxx.xxx.xxx.65 +# eth1 0.0b 0 0.0b 0 xxx.xxx.xx.201 +# eth0.3 0.0b 0 0.0b 0 xxx.xxx.x.7 +# tun1 0.0b 0 0.0b 0 xxx.xxx.xxx.2 +vif_out_tmpl = """ +{%- for r in data %} +{{ "%-10s"|format(r.interface) }} {{ "%-12s"|format(r.bytes_in) }} {{ "%-12s"|format(r.pkts_in) }} {{ "%-12s"|format(r.bytes_out) }} {{ "%-12s"|format(r.pkts_out) }} {{ "%-15s"|format(r.loc) }} +{%- endfor %} +""" + +# Output Template for "show ip multicast mfc" command +# +# Example: +# Group Origin In Out Pkts Bytes Wrong +# xxx.xxx.xxx.250 xxx.xx.xxx.75 -- +# xxx.xxx.xx.124 xx.xxx.xxx.26 -- +mfc_out_tmpl = """ +{%- for r in data %} +{{ "%-15s"|format(r.group) }} {{ "%-15s"|format(r.origin) }} {{ "%-12s"|format(r.pkts) }} {{ "%-12s"|format(r.bytes) }} {{ "%-12s"|format(r.wrong) }} {{ "%-10s"|format(r.iif) }} {{ "%-20s"|format(r.oifs|join(', ')) }} +{%- endfor %} +""" + +parser = argparse.ArgumentParser() +parser.add_argument("--interface", action="store_true", help="Interface Statistics") +parser.add_argument("--mfc", action="store_true", help="Multicast Forwarding Cache") + +def byte_string(size): + # convert size to integer + size = int(size) + + # One Terrabyte + s_TB = 1024 * 1024 * 1024 * 1024 + # One Gigabyte + s_GB = 1024 * 1024 * 1024 + # One Megabyte + s_MB = 1024 * 1024 + # One Kilobyte + s_KB = 1024 + # One Byte + s_B = 1 + + if size > s_TB: + return str(round((size/s_TB), 2)) + 'TB' + elif size > s_GB: + return str(round((size/s_GB), 2)) + 'GB' + elif size > s_MB: + return str(round((size/s_MB), 2)) + 'MB' + elif size > s_KB: + return str(round((size/s_KB), 2)) + 'KB' + else: + return str(round((size/s_B), 2)) + 'b' + + return None + +def kernel2ip(addr): + """ + Convert any given addr from Linux Kernel to a proper, IPv4 address + using the correct host byte order. + """ + + # Convert from hex 'FE000A0A' to decimal '4261415434' + addr = int(addr, 16) + # Kernel ABI _always_ uses network byteorder + addr = socket.ntohl(addr) + + return ipaddress.IPv4Address( addr ) + +def do_mr_vif(): + """ + Read contents of file /proc/net/ip_mr_vif and print a more human + friendly version to the command line. IPv4 addresses present as + 32bit integers in hex format are converted to IPv4 notation, too. + """ + + with open('/proc/net/ip_mr_vif', 'r') as f: + lines = len(f.readlines()) + if lines < 2: + return None + + result = { + 'data': [] + } + + # Build up table format string + table_format = { + 'interface': 'Interface', + 'pkts_in' : 'PktsIn', + 'pkts_out' : 'PktsOut', + 'bytes_in' : 'BytesIn', + 'bytes_out': 'BytesOut', + 'loc' : 'Local' + } + result['data'].append(table_format) + + # read and parse information from /proc filesystema + with open('/proc/net/ip_mr_vif', 'r') as f: + header_line = next(f) + for line in f: + data = { + 'interface': line.split()[1], + 'pkts_in' : line.split()[3], + 'pkts_out' : line.split()[5], + + # convert raw byte number to something more human readable + # Note: could be replaced by Python3 hurry.filesize module + 'bytes_in' : byte_string( line.split()[2] ), + 'bytes_out': byte_string( line.split()[4] ), + + # convert IP address from hex 'FE000A0A' to decimal '4261415434' + 'loc' : kernel2ip( line.split()[7] ), + } + result['data'].append(data) + + return result + +def do_mr_mfc(): + """ + Read contents of file /proc/net/ip_mr_cache and print a more human + friendly version to the command line. IPv4 addresses present as + 32bit integers in hex format are converted to IPv4 notation, too. + """ + + with open('/proc/net/ip_mr_cache', 'r') as f: + lines = len(f.readlines()) + if lines < 2: + return None + + # We need this to convert from interface index to a real interface name + # Thus we also skip the format identifier on list index 0 + vif = do_mr_vif()['data'][1:] + + result = { + 'data': [] + } + + # Build up table format string + table_format = { + 'group' : 'Group', + 'origin': 'Origin', + 'iif' : 'In', + 'oifs' : ['Out'], + 'pkts' : 'Pkts', + 'bytes' : 'Bytes', + 'wrong' : 'Wrong' + } + result['data'].append(table_format) + + # read and parse information from /proc filesystem + with open('/proc/net/ip_mr_cache', 'r') as f: + header_line = next(f) + for line in f: + data = { + # convert IP address from hex 'FE000A0A' to decimal '4261415434' + 'group' : kernel2ip( line.split()[0] ), + 'origin': kernel2ip( line.split()[1] ), + + 'iif' : '--', + 'pkts' : '', + 'bytes' : '', + 'wrong' : '', + 'oifs' : [] + } + + iif = int( line.split()[2] ) + if not ((iif == -1) or (iif == 65535)): + data['pkts'] = line.split()[3] + data['bytes'] = byte_string( line.split()[4] ) + data['wrong'] = line.split()[5] + + # convert index to real interface name + data['iif'] = vif[iif]['interface'] + + # convert each output interface index to a real interface name + for oif in line.split()[6:]: + idx = int( oif.split(':')[0] ) + data['oifs'].append( vif[idx]['interface'] ) + + result['data'].append(data) + + return result + +if __name__ == '__main__': + args = parser.parse_args() + + # Do nothing if service is not configured + c = vyos.config.Config() + if not c.exists_effective('protocols igmp-proxy'): + print("IGMP proxy is not configured") + sys.exit(0) + + if args.interface: + data = do_mr_vif() + if data: + tmpl = jinja2.Template(vif_out_tmpl) + print(tmpl.render(data)) + + sys.exit(0) + elif args.mfc: + data = do_mr_mfc() + if data: + tmpl = jinja2.Template(mfc_out_tmpl) + print(tmpl.render(data)) + + sys.exit(0) + else: + parser.print_help() + sys.exit(1) + -- cgit v1.2.3 From 7a615ab169a7f6141fd9b6e84ac1ea415216d9bb Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 17 Nov 2018 13:16:04 +0100 Subject: T1018: remove obsoleted 'dynamic' option from NTP Increase NTP config version from 0 to 1. For more information see [1]. ntpd: Warning: the "dynamic" keyword has been obsoleted and will be removed in the next release [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553976 --- interface-definitions/ntp.xml | 6 ------ src/conf_mode/ntp.py | 2 -- src/migration-scripts/ntp/0-to-1 | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+), 8 deletions(-) create mode 100755 src/migration-scripts/ntp/0-to-1 diff --git a/interface-definitions/ntp.xml b/interface-definitions/ntp.xml index d324404da..945345898 100644 --- a/interface-definitions/ntp.xml +++ b/interface-definitions/ntp.xml @@ -14,12 +14,6 @@ Network Time Protocol (NTP) server - - - Allow server to be configured even if not reachable - - - Marks the server as unused diff --git a/src/conf_mode/ntp.py b/src/conf_mode/ntp.py index 0abb2746a..68a046939 100755 --- a/src/conf_mode/ntp.py +++ b/src/conf_mode/ntp.py @@ -108,8 +108,6 @@ def get_config(): "name": node, "options": [] } - if conf.exists('server {0} dynamic'.format(node)): - options.append('dynamic') if conf.exists('server {0} noselect'.format(node)): options.append('noselect') if conf.exists('server {0} preempt'.format(node)): diff --git a/src/migration-scripts/ntp/0-to-1 b/src/migration-scripts/ntp/0-to-1 new file mode 100755 index 000000000..9c66f3109 --- /dev/null +++ b/src/migration-scripts/ntp/0-to-1 @@ -0,0 +1,36 @@ +#!/usr/bin/env python3 + +# Delete "set system ntp server dynamic" option + +import sys + +from vyos.configtree import ConfigTree + +if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) + +if not config.exists(['system', 'ntp']): + # Nothing to do + sys.exit(0) +else: + # Delete abandoned leaf node if found inside tag node for + # "set system ntp server dynamic" + base = ['system', 'ntp', 'server'] + for server in config.list_nodes(base): + if config.exists(base + [server, 'dynamic']): + config.delete(base + [server, 'dynamic']) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + sys.exit(1) -- cgit v1.2.3 From 7115030c32f8545e8a2e3f21723952110690d32f Mon Sep 17 00:00:00 2001 From: hagbard Date: Sun, 18 Nov 2018 10:51:03 -0800 Subject: T835: adding default pado delay and mode autocomplete --- interface-definitions/pppoe-server.xml | 29 ++++++++++++++++------------- src/conf_mode/accel_pppoe.py | 1 + 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/interface-definitions/pppoe-server.xml b/interface-definitions/pppoe-server.xml index 510bfeb3b..2fac4ec5a 100644 --- a/interface-definitions/pppoe-server.xml +++ b/interface-definitions/pppoe-server.xml @@ -64,22 +64,25 @@ - + Authentication mode for PPPoE Server - - local - Use local username/password configuration - - - radius - Use Radius server to autenticate users - - - ^(local|radius) - - + + + + Use local username/password configuration + + + + + + Use Radius server to autenticate users + + + + + IP address of radius server diff --git a/src/conf_mode/accel_pppoe.py b/src/conf_mode/accel_pppoe.py index 51a121eaf..0ef22110f 100755 --- a/src/conf_mode/accel_pppoe.py +++ b/src/conf_mode/accel_pppoe.py @@ -223,6 +223,7 @@ interface={{int}} {% if svc_name %} service-name={{svc_name}} {% endif %} +pado-delay=0 # maybe: called-sid, tr101, padi-limit etc. {% if limits %} -- cgit v1.2.3