From 9a9f6e346beb209c819d859e2c7081f145060ac1 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Tue, 14 Mar 2023 14:59:58 +0000 Subject: T5050: Firewall: Add log options --- .../include/firewall/common-rule.xml.i | 2 +- .../include/firewall/rule-log-options.xml.i | 89 ++++++++++++++++++++++ 2 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 interface-definitions/include/firewall/rule-log-options.xml.i (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/firewall/common-rule.xml.i b/interface-definitions/include/firewall/common-rule.xml.i index 3fe3ca872..7417a3c58 100644 --- a/interface-definitions/include/firewall/common-rule.xml.i +++ b/interface-definitions/include/firewall/common-rule.xml.i @@ -119,7 +119,7 @@ -#include +#include Connection status diff --git a/interface-definitions/include/firewall/rule-log-options.xml.i b/interface-definitions/include/firewall/rule-log-options.xml.i new file mode 100644 index 000000000..e8b0cdec3 --- /dev/null +++ b/interface-definitions/include/firewall/rule-log-options.xml.i @@ -0,0 +1,89 @@ + + + + Log options + + + + + Set log group + + u32:0-65535 + Log group to send messages to + + + + + + + + + Length of packet payload to include in netlink message + + u32:0-9000 + Length of packet payload to include in netlink message + + + + + + + + + Number of packets to queue inside the kernel before sending them to userspace + + u32:0-65535 + Number of packets to queue inside the kernel before sending them to userspace + + + + + + + + + Set log-level + + emerg alert crit err warn notice info debug + + + emerg + Emerg log level + + + alert + Alert log level + + + crit + Critical log level + + + err + Error log level + + + warn + Warning log level + + + notice + Notice log level + + + info + Info log level + + + debug + Debug log level + + + (emerg|alert|crit|err|warn|notice|info|debug) + + level must be alert, crit, debug, emerg, err, info, notice or warn + + + + + \ No newline at end of file -- cgit v1.2.3 From 7cb95a6bc9801abcc70f8d4cfbcc79718148de1c Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Tue, 21 Mar 2023 14:47:48 +0000 Subject: T5099: IPoE-server add option next-pool for named ip pools In cases with multiple named IP pools, it is required the option 'next' to be sure that if IP addresses ended in one pool, then they would begin to be allocated from the next named pool. For accel-ppp it requires specific order as pool must be defined before we can use it with the 'next-option' set service ipoe-server client-ip-pool name first-pool subnet '192.0.2.0/25' set service ipoe-server client-ip-pool name first-pool next-pool 'second-pool' set service ipoe-server client-ip-pool name second-pool subnet '203.0.113.0/25' [ip-pool] 203.0.113.0/25,name=second-pool 192.0.2.0/25,name=first-pool,next=second-pool --- data/templates/accel-ppp/ipoe.config.j2 | 27 ++++-- .../include/accel-ppp/client-ip-pool-name.xml.i | 12 +++ smoketest/scripts/cli/test_service_ipoe-server.py | 93 +++++++++++++++++++++ src/conf_mode/service_ipoe-server.py | 97 ++++++++++++++++++++++ 4 files changed, 222 insertions(+), 7 deletions(-) (limited to 'interface-definitions/include') diff --git a/data/templates/accel-ppp/ipoe.config.j2 b/data/templates/accel-ppp/ipoe.config.j2 index ac83c3dbd..add3dc7e4 100644 --- a/data/templates/accel-ppp/ipoe.config.j2 +++ b/data/templates/accel-ppp/ipoe.config.j2 @@ -49,22 +49,35 @@ username=ifname password=csid {% endif %} {% if client_ip_pool.name is vyos_defined %} -{% for pool, pool_options in client_ip_pool.name.items() %} -{% if pool_options.subnet is vyos_defined and pool_options.gateway_address is vyos_defined %} +{% if first_named_pool is vyos_defined %} +ip-pool={{ first_named_pool }} +{% else %} +{% for pool, pool_options in client_ip_pool.name.items() %} +{% if pool_options.subnet is vyos_defined %} ip-pool={{ pool }} +{% endif %} +{% endfor %} +{% endif %} +{% for pool, pool_options in client_ip_pool.name.items() %} +{% if pool_options.gateway_address is vyos_defined %} gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }} {% endif %} {% endfor %} {% endif %} proxy-arp=1 -{% if client_ip_pool.name is vyos_defined %} +{% if ordered_named_pools is vyos_defined %} [ip-pool] -{% for pool, pool_options in client_ip_pool.name.items() %} -{% if pool_options.subnet is vyos_defined and pool_options.gateway_address is vyos_defined %} -{{ pool_options.subnet }},name={{ pool }} +{% for p in ordered_named_pools %} +{% for pool, pool_options in p.items() %} +{% set next_named_pool = ',next=' ~ pool_options.next_pool if pool_options.next_pool is vyos_defined else '' %} +{{ pool_options.subnet }},name={{ pool }}{{ next_named_pool }} +{% endfor %} +{% endfor %} +{% for p in ordered_named_pools %} +{% for pool, pool_options in p.items() %} gw-ip-address={{ pool_options.gateway_address }}/{{ pool_options.subnet.split('/')[1] }} -{% endif %} +{% endfor %} {% endfor %} {% endif %} diff --git a/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i b/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i index 654b6727e..b442a15b9 100644 --- a/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i +++ b/interface-definitions/include/accel-ppp/client-ip-pool-name.xml.i @@ -13,6 +13,18 @@ #include #include + + + Next pool name + + txt + Name of IP pool + + + [-_a-zA-Z0-9.]+ + + + diff --git a/smoketest/scripts/cli/test_service_ipoe-server.py b/smoketest/scripts/cli/test_service_ipoe-server.py index bdab35834..8a141b8f0 100755 --- a/smoketest/scripts/cli/test_service_ipoe-server.py +++ b/smoketest/scripts/cli/test_service_ipoe-server.py @@ -26,6 +26,13 @@ from configparser import ConfigParser ac_name = 'ACN' interface = 'eth0' + +def getConfig(string, end='cli'): + command = f'cat /run/accel-pppd/ipoe.conf | sed -n "/^{string}/,/^{end}/p"' + out = cmd(command) + return out + + class TestServiceIPoEServer(BasicAccelPPPTest.TestCase): @classmethod def setUpClass(cls): @@ -86,6 +93,92 @@ class TestServiceIPoEServer(BasicAccelPPPTest.TestCase): tmp = re.findall(regex, tmp) self.assertTrue(tmp) + def test_accel_named_pool(self): + first_pool = 'VyOS-pool1' + first_subnet = '192.0.2.0/25' + first_gateway = '192.0.2.1' + second_pool = 'Vyos-pool2' + second_subnet = '203.0.113.0/25' + second_gateway = '203.0.113.1' + + self.set(['authentication', 'mode', 'noauth']) + self.set(['client-ip-pool', 'name', first_pool, 'gateway-address', first_gateway]) + self.set(['client-ip-pool', 'name', first_pool, 'subnet', first_subnet]) + self.set(['client-ip-pool', 'name', second_pool, 'gateway-address', second_gateway]) + self.set(['client-ip-pool', 'name', second_pool, 'subnet', second_subnet]) + self.set(['interface', interface]) + + # commit changes + self.cli_commit() + + + # Validate configuration values + conf = ConfigParser(allow_no_value=True, delimiters='=', strict=False) + conf.read(self._config_file) + + self.assertTrue(conf['ipoe']['interface'], f'{interface},shared=1,mode=L2,ifcfg=1,start=dhcpv4,ipv6=1') + self.assertTrue(conf['ipoe']['noauth'], '1') + self.assertTrue(conf['ipoe']['ip-pool'], first_pool) + self.assertTrue(conf['ipoe']['ip-pool'], second_pool) + self.assertTrue(conf['ipoe']['gw-ip-address'], f'{first_gateway}/25') + self.assertTrue(conf['ipoe']['gw-ip-address'], f'{second_gateway}/25') + + config = getConfig('[ip-pool]') + pool_config = f'''{second_subnet},name={second_pool} +{first_subnet},name={first_pool} +gw-ip-address={second_gateway}/25 +gw-ip-address={first_gateway}/25''' + self.assertIn(pool_config, config) + + + def test_accel_next_pool(self): + first_pool = 'VyOS-pool1' + first_subnet = '192.0.2.0/25' + first_gateway = '192.0.2.1' + second_pool = 'Vyos-pool2' + second_subnet = '203.0.113.0/25' + second_gateway = '203.0.113.1' + third_pool = 'Vyos-pool3' + third_subnet = '198.51.100.0/24' + third_gateway = '198.51.100.1' + + self.set(['authentication', 'mode', 'noauth']) + self.set(['client-ip-pool', 'name', first_pool, 'gateway-address', first_gateway]) + self.set(['client-ip-pool', 'name', first_pool, 'subnet', first_subnet]) + self.set(['client-ip-pool', 'name', first_pool, 'next-pool', second_pool]) + self.set(['client-ip-pool', 'name', second_pool, 'gateway-address', second_gateway]) + self.set(['client-ip-pool', 'name', second_pool, 'subnet', second_subnet]) + self.set(['client-ip-pool', 'name', second_pool, 'next-pool', third_pool]) + self.set(['client-ip-pool', 'name', third_pool, 'gateway-address', third_gateway]) + self.set(['client-ip-pool', 'name', third_pool, 'subnet', third_subnet]) + self.set(['interface', interface]) + + # commit changes + self.cli_commit() + + + # Validate configuration values + conf = ConfigParser(allow_no_value=True, delimiters='=', strict=False) + conf.read(self._config_file) + + self.assertTrue(conf['ipoe']['interface'], f'{interface},shared=1,mode=L2,ifcfg=1,start=dhcpv4,ipv6=1') + self.assertTrue(conf['ipoe']['noauth'], '1') + self.assertTrue(conf['ipoe']['ip-pool'], first_pool) + self.assertTrue(conf['ipoe']['gw-ip-address'], f'{first_gateway}/25') + self.assertTrue(conf['ipoe']['gw-ip-address'], f'{second_gateway}/25') + self.assertTrue(conf['ipoe']['gw-ip-address'], f'{third_gateway}/24') + + config = getConfig('[ip-pool]') + # T5099 required specific order + pool_config = f'''{third_subnet},name={third_pool} +{second_subnet},name={second_pool},next={third_pool} +{first_subnet},name={first_pool},next={second_pool} +gw-ip-address={third_gateway}/24 +gw-ip-address={second_gateway}/25 +gw-ip-address={first_gateway}/25''' + self.assertIn(pool_config, config) + + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/service_ipoe-server.py b/src/conf_mode/service_ipoe-server.py index 4fabe170f..95c72df47 100755 --- a/src/conf_mode/service_ipoe-server.py +++ b/src/conf_mode/service_ipoe-server.py @@ -15,6 +15,7 @@ # along with this program. If not, see . import os +import jmespath from sys import exit @@ -29,9 +30,92 @@ from vyos import ConfigError from vyos import airbag airbag.enable() + ipoe_conf = '/run/accel-pppd/ipoe.conf' ipoe_chap_secrets = '/run/accel-pppd/ipoe.chap-secrets' + +def get_pools_in_order(data: dict) -> list: + """Return a list of dictionaries representing pool data in the order + in which they should be allocated. Pool must be defined before we can + use it with 'next-pool' option. + + Args: + data: A dictionary of pool data, where the keys are pool names and the + values are dictionaries containing the 'subnet' key and the optional + 'next_pool' key. + + Returns: + list: A list of dictionaries + + Raises: + ValueError: If a 'next_pool' key references a pool name that + has not been defined. + ValueError: If a circular reference is found in the 'next_pool' keys. + + Example: + config_data = { + ... 'first-pool': { + ... 'next_pool': 'second-pool', + ... 'subnet': '192.0.2.0/25' + ... }, + ... 'second-pool': { + ... 'next_pool': 'third-pool', + ... 'subnet': '203.0.113.0/25' + ... }, + ... 'third-pool': { + ... 'subnet': '198.51.100.0/24' + ... }, + ... 'foo': { + ... 'subnet': '100.64.0.0/24', + ... 'next_pool': 'second-pool' + ... } + ... } + + % get_pools_in_order(config_data) + [{'third-pool': {'subnet': '198.51.100.0/24'}}, + {'second-pool': {'next_pool': 'third-pool', 'subnet': '203.0.113.0/25'}}, + {'first-pool': {'next_pool': 'second-pool', 'subnet': '192.0.2.0/25'}}, + {'foo': {'next_pool': 'second-pool', 'subnet': '100.64.0.0/24'}}] + """ + pools = [] + unresolved_pools = {} + + for pool, pool_config in data.items(): + if 'next_pool' not in pool_config: + pools.insert(0, {pool: pool_config}) + else: + unresolved_pools[pool] = pool_config + + while unresolved_pools: + resolved_pools = [] + + for pool, pool_config in unresolved_pools.items(): + next_pool_name = pool_config['next_pool'] + + if any(p for p in pools if next_pool_name in p): + index = next( + (i for i, p in enumerate(pools) if next_pool_name in p), + None) + pools.insert(index + 1, {pool: pool_config}) + resolved_pools.append(pool) + elif next_pool_name in unresolved_pools: + # next pool not yet resolved + pass + else: + raise ValueError( + f"Pool '{next_pool_name}' not defined in configuration data" + ) + + if not resolved_pools: + raise ValueError("Circular reference in configuration data") + + for pool in resolved_pools: + unresolved_pools.pop(pool) + + return pools + + def get_config(config=None): if config: conf = config @@ -43,6 +127,19 @@ def get_config(config=None): # retrieve common dictionary keys ipoe = get_accel_dict(conf, base, ipoe_chap_secrets) + + if jmespath.search('client_ip_pool.name', ipoe): + dict_named_pools = jmespath.search('client_ip_pool.name', ipoe) + # Multiple named pools require ordered values T5099 + ipoe['ordered_named_pools'] = get_pools_in_order(dict_named_pools) + # T5099 'next-pool' option + if jmespath.search('client_ip_pool.name.*.next_pool', ipoe): + for pool, pool_config in ipoe['client_ip_pool']['name'].items(): + if 'next_pool' in pool_config: + ipoe['first_named_pool'] = pool + ipoe['first_named_pool_subnet'] = pool_config + break + return ipoe -- cgit v1.2.3 From 58b29610221a8f80bea1cfacbd2112f3690fe734 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Fri, 24 Mar 2023 08:47:28 +0100 Subject: xml: T5109: use common include file for alpha-numeric, hyphen and underscore regex --- interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i | 4 ++-- interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i | 4 ++-- interface-definitions/include/bgp/protocol-common-config.xml.i | 2 +- .../include/constraint/alpha-numeric-hyphen-underscore.xml.in | 3 +++ interface-definitions/policy.xml.in | 8 ++++---- interface-definitions/service-monitoring-telegraf.xml.in | 10 +++++----- 6 files changed, 17 insertions(+), 14 deletions(-) create mode 100644 interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.in (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i index 34b5ec7d7..ee902b0b6 100644 --- a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i +++ b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i @@ -15,7 +15,7 @@ Name of IPv4 prefix-list - [-_a-zA-Z0-9]+ + #include Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores @@ -31,7 +31,7 @@ Name of IPv4 prefix-list - [-_a-zA-Z0-9]+ + #include Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores diff --git a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i index 06c661a90..da966f193 100644 --- a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i +++ b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i @@ -15,7 +15,7 @@ Name of IPv6 prefix-list - [-_a-zA-Z0-9]+ + #include Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores @@ -31,7 +31,7 @@ Name of IPv6 prefix-list - [-_a-zA-Z0-9]+ + #include Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index 7a3617044..9435b45fd 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -1497,7 +1497,7 @@ Name of peer-group - [-_a-zA-Z0-9]+ + #include diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.in b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.in new file mode 100644 index 000000000..eb568d7d9 --- /dev/null +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.in @@ -0,0 +1,3 @@ + +[-_a-zA-Z0-9]+ + diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index b3745fda0..66608be6f 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -242,7 +242,7 @@ BGP extended community-list name - [-_a-zA-Z0-9]+ + #include Should be an alphanumeric name @@ -291,7 +291,7 @@ BGP large-community-list name - [-_a-zA-Z0-9]+ + #include Should be an alphanumeric name @@ -340,7 +340,7 @@ Name of IPv4 prefix-list - [-_a-zA-Z0-9]+ + #include Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores @@ -408,7 +408,7 @@ Name of IPv6 prefix-list - [-_a-zA-Z0-9]+ + #include Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service-monitoring-telegraf.xml.in index f50e5e334..5ba932400 100644 --- a/interface-definitions/service-monitoring-telegraf.xml.in +++ b/interface-definitions/service-monitoring-telegraf.xml.in @@ -74,7 +74,7 @@ Application client id - [-_a-zA-Z0-9]+ + #include Client-id is limited to alphanumerical characters and can contain hyphen and underscores @@ -83,7 +83,7 @@ Application client secret - [-_a-zA-Z0-9]+ + #include Client-secret is limited to alphanumerical characters and can contain hyphen and underscores @@ -92,7 +92,7 @@ Set tenant id - [-_a-zA-Z0-9]+ + #include Tenant-id is limited to alphanumerical characters and can contain hyphen and underscores @@ -107,7 +107,7 @@ Remote database name - [-_a-zA-Z0-9]+ + #include Database is limited to alphanumerical characters and can contain hyphen and underscores @@ -140,7 +140,7 @@ Table name - [-_a-zA-Z0-9]+ + #include Table is limited to alphanumerical characters and can contain hyphen and underscores -- cgit v1.2.3 From c6494f12f92746cc4603fceca6b1a22fed010b93 Mon Sep 17 00:00:00 2001 From: Indrajit Raychaudhuri Date: Sat, 25 Mar 2023 18:51:34 -0500 Subject: dns: T5113: Support custom port for name-server forwarders Support custom port for name-server forwarders that would allow using custom ports in name server forwarders to enable forwarding to alternative name servers (unbound, stubby, dnscrypt-proxy etc.) operating on non-default port. This would also allow using DNS Over TLS in PowerDNS Recursor 4.6 onwards (pdns doesn't support certificate check for validity yet) by enabling 'dot-to-port-853'. This is set by default if compiled in with DoT support. See: https://doc.powerdns.com/recursor/settings.html#dot-to-port-853 This also partially implements T921, T2195 (DoT without certificate check). Implementation details: - In 'dns/forwarding' configuration, 'name-server' now allows optional 'port' (defaults to 53). - Instead of modifying 'name-server-ipv4-ipv6.xml.i' to add optional 'port', a new file 'name-server-ipv4-ipv6-port.xml.i' has been used to avoid impacting other places where it is reused because not all of them honor ports (mostly VPN related). - The `host:port` entries to be used by PowerDNS recursor config are normalized eagerly at the point of loading VyOS `Config` instead of doing them lazily while rendering the Jinja2 template to keep the implementation less intrusive. The alternative would entail making quite a bit of change in how 'vyos-hostsd' processes 'static' 'name_servers' entries or persists their runtime states. --- interface-definitions/dns-forwarding.xml.in | 2 +- .../include/name-server-ipv4-ipv6-port.xml.i | 25 ++++++++++++++++++++++ src/conf_mode/dns_forwarding.py | 17 +++++++++++++-- 3 files changed, 41 insertions(+), 3 deletions(-) create mode 100644 interface-definitions/include/name-server-ipv4-ipv6-port.xml.i (limited to 'interface-definitions/include') diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index 371f198c6..b23eaa351 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -635,7 +635,7 @@ 1500 - #include + #include Local addresses from which to send DNS queries diff --git a/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i new file mode 100644 index 000000000..cf86e66a2 --- /dev/null +++ b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i @@ -0,0 +1,25 @@ + + + + Domain Name Servers (DNS) addresses + + ipv4 + Domain Name Server (DNS) IPv4 address + + + ipv6 + Domain Name Server (DNS) IPv6 address + + + + + + + + #include + + 53 + + + + diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py index d0d87d73e..4d6b85d92 100755 --- a/src/conf_mode/dns_forwarding.py +++ b/src/conf_mode/dns_forwarding.py @@ -24,7 +24,7 @@ from vyos.config import Config from vyos.configdict import dict_merge from vyos.hostsd_client import Client as hostsd_client from vyos.template import render -from vyos.template import is_ipv6 +from vyos.template import bracketize_ipv6 from vyos.util import call from vyos.util import chown from vyos.util import dict_search @@ -58,8 +58,16 @@ def get_config(config=None): default_values = defaults(base) # T2665 due to how defaults under tag nodes work, we must clear these out before we merge del default_values['authoritative_domain'] + del default_values['name_server'] dns = dict_merge(default_values, dns) + # T2665: we cleared default values for tag node 'name_server' above. + # We now need to add them back back in a granular way. + if 'name_server' in dns: + default_values = defaults(base + ['name-server']) + for server in dns['name_server']: + dns['name_server'][server] = dict_merge(default_values, dns['name_server'][server]) + # some additions to the default dictionary if 'system' in dns: base_nameservers = ['system', 'name-server'] @@ -329,7 +337,12 @@ def apply(dns): # sources hc.delete_name_servers([hostsd_tag]) if 'name_server' in dns: - hc.add_name_servers({hostsd_tag: dns['name_server']}) + # 'name_server' is a dict of the form + # {'192.0.2.1': {'port': 53}, '2001:db8::1': {'port': 853}, ...} + # canonicalize them as ['192.0.2.1:53', '[2001:db8::1]:853', ...] with IPv6 hosts bracketized + nslist = [(lambda h, p: f"{bracketize_ipv6(h)}:{p['port']}")(h, p) + for (h, p) in dns['name_server'].items()] + hc.add_name_servers({hostsd_tag: nslist}) # delete all nameserver tags hc.delete_name_server_tags_recursor(hc.get_name_server_tags_recursor()) -- cgit v1.2.3 From 35126e6b41b212aafb2784dee7577b0682bb3af5 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 27 Mar 2023 22:36:32 +0200 Subject: bgp: T5114: add peer-group "port" CLI command --- .../include/bgp/protocol-common-config.xml.i | 16 +++------------- interface-definitions/include/bgp/timers-holdtime.xml.i | 4 ++-- smoketest/scripts/cli/test_protocols_bgp.py | 9 ++++++--- 3 files changed, 11 insertions(+), 18 deletions(-) (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index 9435b45fd..aa9cd5850 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -1008,18 +1008,6 @@ #include #include #include - - - Neighbor BGP port - - u32:1-65535 - Neighbor BGP port number - - - - - - #include #include @@ -1061,6 +1049,7 @@ #include #include + #include @@ -1524,10 +1513,11 @@ #include #include #include - #include #include #include #include + #include + #include #include diff --git a/interface-definitions/include/bgp/timers-holdtime.xml.i b/interface-definitions/include/bgp/timers-holdtime.xml.i index 9e86ab13d..31e97f6b8 100644 --- a/interface-definitions/include/bgp/timers-holdtime.xml.i +++ b/interface-definitions/include/bgp/timers-holdtime.xml.i @@ -1,14 +1,14 @@ - BGP hold timer for this neighbor + Hold timer u32:1-65535 Hold timer in seconds 0 - Hold timer disabled + Disable hold timer diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py index 4047ea8f4..d024ea92a 100755 --- a/smoketest/scripts/cli/test_protocols_bgp.py +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -132,7 +132,8 @@ peer_group_config = { }, 'bar' : { 'remote_as' : '111', - 'graceful_rst_no' : '' + 'graceful_rst_no' : '', + 'port' : '667', }, 'foo-bar' : { 'advertise_map' : route_map_in, @@ -237,6 +238,8 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.assertIn(f' neighbor {peer} passive', frrconfig) if 'password' in peer_config: self.assertIn(f' neighbor {peer} password {peer_config["password"]}', frrconfig) + if 'port' in peer_config: + self.assertIn(f' neighbor {peer} port {peer_config["port"]}', frrconfig) if 'remote_as' in peer_config: self.assertIn(f' neighbor {peer} remote-as {peer_config["remote_as"]}', frrconfig) if 'solo' in peer_config: @@ -463,8 +466,6 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): for peer, peer_config in neighbor_config.items(): if 'adv_interv' in peer_config: self.assertIn(f' neighbor {peer} advertisement-interval {peer_config["adv_interv"]}', frrconfig) - if 'port' in peer_config: - self.assertIn(f' neighbor {peer} port {peer_config["port"]}', frrconfig) if 'cap_strict' in peer_config: self.assertIn(f' neighbor {peer} strict-capability-match', frrconfig) @@ -500,6 +501,8 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['peer-group', peer_group, 'passive']) if 'password' in config: self.cli_set(base_path + ['peer-group', peer_group, 'password', config["password"]]) + if 'port' in config: + self.cli_set(base_path + ['peer-group', peer_group, 'port', config["port"]]) if 'remote_as' in config: self.cli_set(base_path + ['peer-group', peer_group, 'remote-as', config["remote_as"]]) if 'shutdown' in config: -- cgit v1.2.3 From d9fa39a370c06d8add22a7018d14984e5ac14fc8 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 27 Mar 2023 22:43:26 +0200 Subject: bgp: T5114: add "neighbor path-attribute discard" --- data/templates/frr/bgpd.frr.j2 | 3 +++ .../include/bgp/neighbor-path-attribute.xml.i | 21 +++++++++++++++++++++ .../include/bgp/protocol-common-config.xml.i | 2 ++ smoketest/scripts/cli/test_protocols_bgp.py | 8 ++++++++ 4 files changed, 34 insertions(+) create mode 100644 interface-definitions/include/bgp/neighbor-path-attribute.xml.i (limited to 'interface-definitions/include') diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2 index 5170a12ba..346eb3996 100644 --- a/data/templates/frr/bgpd.frr.j2 +++ b/data/templates/frr/bgpd.frr.j2 @@ -74,6 +74,9 @@ {% if config.password is vyos_defined %} neighbor {{ neighbor }} password {{ config.password }} {% endif %} +{% if config.path_attribute.discard is vyos_defined %} + neighbor {{ neighbor }} path-attribute discard {{ config.path_attribute.discard }} +{% endif %} {% if config.port is vyos_defined %} neighbor {{ neighbor }} port {{ config.port }} {% endif %} diff --git a/interface-definitions/include/bgp/neighbor-path-attribute.xml.i b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i new file mode 100644 index 000000000..f4f2fcfa9 --- /dev/null +++ b/interface-definitions/include/bgp/neighbor-path-attribute.xml.i @@ -0,0 +1,21 @@ + + + + Manipulate path attributes from incoming UPDATE messages + + + + + Drop specified attributes from incoming UPDATE messages + + u32:1-255 + Attribute number + + + + + + + + + diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index aa9cd5850..2bf2fdfc3 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -1005,6 +1005,7 @@ #include #include #include + #include #include #include #include @@ -1511,6 +1512,7 @@ #include #include #include + #include #include #include #include diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py index d024ea92a..c366b4e89 100755 --- a/smoketest/scripts/cli/test_protocols_bgp.py +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -55,6 +55,7 @@ neighbor_config = { 'route_map_out' : route_map_out, 'no_send_comm_ext' : '', 'addpath_all' : '', + 'p_attr_discard' : '123', }, '192.0.2.2' : { 'bfd_profile' : bfd_profile, @@ -129,6 +130,7 @@ peer_group_config = { 'cap_over' : '', 'ttl_security' : '5', 'disable_conn_chk' : '', + 'p_attr_discard' : '250', }, 'bar' : { 'remote_as' : '111', @@ -264,6 +266,8 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.assertIn(f' no neighbor {peer} send-community extended', frrconfig) if 'addpath_all' in peer_config: self.assertIn(f' neighbor {peer} addpath-tx-all-paths', frrconfig) + if 'p_attr_discard' in peer_config: + self.assertIn(f' neighbor {peer} path-attribute discard {peer_config["p_attr_discard"]}', frrconfig) if 'addpath_per_as' in peer_config: self.assertIn(f' neighbor {peer} addpath-tx-bestpath-per-AS', frrconfig) if 'advertise_map' in peer_config: @@ -417,6 +421,8 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['neighbor', peer, 'ttl-security', 'hops', peer_config["ttl_security"]]) if 'update_src' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'update-source', peer_config["update_src"]]) + if 'p_attr_discard' in peer_config: + self.cli_set(base_path + ['neighbor', peer, 'path-attribute', 'discard', peer_config["p_attr_discard"]]) if 'route_map_in' in peer_config: self.cli_set(base_path + ['neighbor', peer, 'address-family', afi, 'route-map', 'import', peer_config["route_map_in"]]) if 'route_map_out' in peer_config: @@ -535,6 +541,8 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['peer-group', peer_group, 'graceful-restart', 'restart-helper']) if 'disable_conn_chk' in config: self.cli_set(base_path + ['peer-group', peer_group, 'disable-connected-check']) + if 'p_attr_discard' in config: + self.cli_set(base_path + ['peer-group', peer_group, 'path-attribute', 'discard', config["p_attr_discard"]]) # Conditional advertisement if 'advertise_map' in config: -- cgit v1.2.3 From b5d940d9f279a8391c8d8c56cc86f4855c9d38b5 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 27 Mar 2023 22:45:02 +0200 Subject: bgp: T5114: support configuring TCP keepalive messages --- data/templates/frr/bgpd.frr.j2 | 3 ++ .../include/bgp/protocol-common-config.xml.i | 43 ++++++++++++++++++++++ smoketest/scripts/cli/test_protocols_bgp.py | 7 ++++ src/conf_mode/protocols_bgp.py | 5 +++ 4 files changed, 58 insertions(+) (limited to 'interface-definitions/include') diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2 index 346eb3996..b749be93f 100644 --- a/data/templates/frr/bgpd.frr.j2 +++ b/data/templates/frr/bgpd.frr.j2 @@ -553,6 +553,9 @@ bgp route-reflector allow-outbound-policy {% if parameters.suppress_fib_pending is vyos_defined %} bgp suppress-fib-pending {% endif %} +{% if parameters.tcp_keepalive.idle is vyos_defined and parameters.tcp_keepalive.interval is vyos_defined and parameters.tcp_keepalive.probes is vyos_defined %} + bgp tcp-keepalive {{ parameters.tcp_keepalive.idle }} {{ parameters.tcp_keepalive.interval }} {{ parameters.tcp_keepalive.probes }} +{% endif %} {% if timers.keepalive is vyos_defined and timers.holdtime is vyos_defined %} timers bgp {{ timers.keepalive }} {{ timers.holdtime }} {% endif %} diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index 2bf2fdfc3..089c36ef3 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -1481,6 +1481,49 @@ #include + + + TCP keepalive parameters + + + + + TCP keepalive idle time + + u32:1-65535 + Idle time in seconds + + + + + + + + + TCP keepalive interval + + u32:1-65535 + Interval in seconds + + + + + + + + + TCP keepalive maximum probes + + u32:1-30 + Maximum probes + + + + + + + + diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py index c366b4e89..f6eede87a 100755 --- a/smoketest/scripts/cli/test_protocols_bgp.py +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -297,6 +297,9 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): max_path_v6ibgp = '16' cond_adv_timer = '30' min_hold_time = '2' + tcp_keepalive_idle = '66' + tcp_keepalive_interval = '77' + tcp_keepalive_probes = '22' self.cli_set(base_path + ['parameters', 'router-id', router_id]) self.cli_set(base_path + ['parameters', 'log-neighbor-changes']) @@ -327,6 +330,9 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['parameters', 'route-reflector-allow-outbound-policy']) self.cli_set(base_path + ['parameters', 'shutdown']) self.cli_set(base_path + ['parameters', 'suppress-fib-pending']) + self.cli_set(base_path + ['parameters', 'tcp-keepalive', 'idle', tcp_keepalive_idle]) + self.cli_set(base_path + ['parameters', 'tcp-keepalive', 'interval', tcp_keepalive_interval]) + self.cli_set(base_path + ['parameters', 'tcp-keepalive', 'probes', tcp_keepalive_probes]) # AFI maximum path support self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'maximum-paths', 'ebgp', max_path_v4]) @@ -356,6 +362,7 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.assertIn(f' bgp route-reflector allow-outbound-policy', frrconfig) self.assertIn(f' bgp shutdown', frrconfig) self.assertIn(f' bgp suppress-fib-pending', frrconfig) + self.assertIn(f' bgp tcp-keepalive {tcp_keepalive_idle} {tcp_keepalive_interval} {tcp_keepalive_probes}', frrconfig) self.assertNotIn(f'bgp ebgp-requires-policy', frrconfig) self.assertIn(f' no bgp suppress-duplicates', frrconfig) diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py index 4f05957fa..cf553f0e8 100755 --- a/src/conf_mode/protocols_bgp.py +++ b/src/conf_mode/protocols_bgp.py @@ -412,6 +412,11 @@ def verify(bgp): raise ConfigError('Missing mandatory configuration option for '\ f'global administrative distance {key}!') + # TCP keepalive requires all three parameters to be set + if dict_search('parameters.tcp_keepalive', bgp) != None: + if not {'idle', 'interval', 'probes'} <= set(bgp['parameters']['tcp_keepalive']): + raise ConfigError('TCP keepalive incomplete - idle, keepalive and probes must be set') + # Address Family specific validation if 'address_family' in bgp: for afi, afi_config in bgp['address_family'].items(): -- cgit v1.2.3 From 2bb5c5d0fd9ed07649b81a61e9c1a78a9f222405 Mon Sep 17 00:00:00 2001 From: Indrajit Raychaudhuri Date: Mon, 27 Mar 2023 03:56:13 -0500 Subject: dns: T5115: Support custom port for name servers for forwarding zones. This would allow using custom ports in name server operating on non- default port for forwarding zones. This is a follow-up to T5113 for sake of completeness and having consistent treatment of all name servers configured in PowerDNS recursor. Additionally, migrate `service dns forwarding domain example.com server` to `service dns forwarding domain foo3.com name-server` for consistency and reusability. --- .../dns-forwarding/recursor.forward-zones.conf.j2 | 3 +- interface-definitions/dns-forwarding.xml.in | 19 +-------- .../include/name-server-ipv4-ipv6-port.xml.i | 2 +- .../scripts/cli/test_service_dns_forwarding.py | 13 ++++-- src/conf_mode/dns_forwarding.py | 25 +++++++++-- src/migration-scripts/dns-forwarding/3-to-4 | 49 ++++++++++++++++++++++ src/services/vyos-hostsd | 2 +- 7 files changed, 83 insertions(+), 30 deletions(-) create mode 100755 src/migration-scripts/dns-forwarding/3-to-4 (limited to 'interface-definitions/include') diff --git a/data/templates/dns-forwarding/recursor.forward-zones.conf.j2 b/data/templates/dns-forwarding/recursor.forward-zones.conf.j2 index de3269e47..593a98c24 100644 --- a/data/templates/dns-forwarding/recursor.forward-zones.conf.j2 +++ b/data/templates/dns-forwarding/recursor.forward-zones.conf.j2 @@ -23,7 +23,6 @@ {% if forward_zones is vyos_defined %} # zones added via 'service dns forwarding domain' {% for zone, zonedata in forward_zones.items() %} -{{ "+" if zonedata.recursion_desired is vyos_defined }}{{ zone | replace('_', '-') }}={{ zonedata.server | join(', ') }} +{{ "+" if zonedata.recursion_desired is vyos_defined }}{{ zone | replace('_', '-') }}={{ zonedata.name_server | join(', ') }} {% endfor %} {% endif %} - diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index b23eaa351..14b38b24d 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -85,24 +85,7 @@ Domain to forward to a custom DNS server - - - Domain Name Server (DNS) to forward queries to - - ipv4 - Domain Name Server (DNS) IPv4 address - - - ipv6 - Domain Name Server (DNS) IPv6 address - - - - - - - - + #include Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC) diff --git a/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i index cf86e66a2..fb0a4f4ae 100644 --- a/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i +++ b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i @@ -1,7 +1,7 @@ - Domain Name Servers (DNS) addresses + Domain Name Servers (DNS) addresses to forward queries to ipv4 Domain Name Server (DNS) IPv4 address diff --git a/smoketest/scripts/cli/test_service_dns_forwarding.py b/smoketest/scripts/cli/test_service_dns_forwarding.py index 04dced292..88492e348 100755 --- a/smoketest/scripts/cli/test_service_dns_forwarding.py +++ b/smoketest/scripts/cli/test_service_dns_forwarding.py @@ -169,10 +169,13 @@ class TestServicePowerDNS(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['listen-address', address]) domains = ['vyos.io', 'vyos.net', 'vyos.com'] - nameservers = ['192.0.2.1', '192.0.2.2'] + nameservers = {'192.0.2.1': {}, '192.0.2.2': {'port': '53'}, '2001:db8::1': {'port': '853'}} for domain in domains: - for nameserver in nameservers: - self.cli_set(base_path + ['domain', domain, 'server', nameserver]) + for h,p in nameservers.items(): + if 'port' in p: + self.cli_set(base_path + ['domain', domain, 'name-server', h, 'port', p['port']]) + else: + self.cli_set(base_path + ['domain', domain, 'name-server', h]) # Test 'recursion-desired' flag for only one domain if domain == domains[0]: @@ -192,7 +195,9 @@ class TestServicePowerDNS(VyOSUnitTestSHIM.TestCase): if domain == domains[0]: key =f'\+{domain}' else: key =f'{domain}' tmp = get_config_value(key, file=FORWARD_FILE) - self.assertEqual(tmp, ', '.join(nameservers)) + canonical_entries = [(lambda h, p: f"{bracketize_ipv6(h)}:{p['port'] if 'port' in p else 53}")(h, p) + for (h, p) in nameservers.items()] + self.assertEqual(tmp, ', '.join(canonical_entries)) # Test 'negative trust anchor' flag for the second domain only if domain == domains[1]: diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py index 4d6b85d92..36c1098fe 100755 --- a/src/conf_mode/dns_forwarding.py +++ b/src/conf_mode/dns_forwarding.py @@ -59,6 +59,7 @@ def get_config(config=None): # T2665 due to how defaults under tag nodes work, we must clear these out before we merge del default_values['authoritative_domain'] del default_values['name_server'] + del default_values['domain']['name_server'] dns = dict_merge(default_values, dns) # T2665: we cleared default values for tag node 'name_server' above. @@ -68,6 +69,15 @@ def get_config(config=None): for server in dns['name_server']: dns['name_server'][server] = dict_merge(default_values, dns['name_server'][server]) + # T2665: we cleared default values for tag node 'domain' above. + # We now need to add them back back in a granular way. + if 'domain' in dns: + default_values = defaults(base + ['domain', 'name-server']) + for domain in dns['domain'].keys(): + for server in dns['domain'][domain]['name_server']: + dns['domain'][domain]['name_server'][server] = dict_merge( + default_values, dns['domain'][domain]['name_server'][server]) + # some additions to the default dictionary if 'system' in dns: base_nameservers = ['system', 'name-server'] @@ -271,7 +281,7 @@ def verify(dns): # as a domain will contains dot's which is out dictionary delimiter. if 'domain' in dns: for domain in dns['domain']: - if 'server' not in dns['domain'][domain]: + if 'name_server' not in dns['domain'][domain]: raise ConfigError(f'No server configured for domain {domain}!') if 'dns64_prefix' in dns: @@ -337,9 +347,9 @@ def apply(dns): # sources hc.delete_name_servers([hostsd_tag]) if 'name_server' in dns: - # 'name_server' is a dict of the form + # 'name_server' is of the form # {'192.0.2.1': {'port': 53}, '2001:db8::1': {'port': 853}, ...} - # canonicalize them as ['192.0.2.1:53', '[2001:db8::1]:853', ...] with IPv6 hosts bracketized + # canonicalize them as ['192.0.2.1:53', '[2001:db8::1]:853', ...] nslist = [(lambda h, p: f"{bracketize_ipv6(h)}:{p['port']}")(h, p) for (h, p) in dns['name_server'].items()] hc.add_name_servers({hostsd_tag: nslist}) @@ -371,7 +381,14 @@ def apply(dns): # the list and keys() are required as get returns a dict, not list hc.delete_forward_zones(list(hc.get_forward_zones().keys())) if 'domain' in dns: - hc.add_forward_zones(dns['domain']) + zones = dns['domain'] + for domain in zones.keys(): + # 'name_server' is of the form + # {'192.0.2.1': {'port': 53}, '2001:db8::1': {'port': 853}, ...} + # canonicalize them as ['192.0.2.1:53', '[2001:db8::1]:853', ...] + zones[domain]['name_server'] = [(lambda h, p: f"{bracketize_ipv6(h)}:{p['port']}")(h, p) + for (h, p) in zones[domain]['name_server'].items()] + hc.add_forward_zones(zones) # hostsd generates NTAs for the authoritative zones # the list and keys() are required as get returns a dict, not list diff --git a/src/migration-scripts/dns-forwarding/3-to-4 b/src/migration-scripts/dns-forwarding/3-to-4 new file mode 100755 index 000000000..55165c2c5 --- /dev/null +++ b/src/migration-scripts/dns-forwarding/3-to-4 @@ -0,0 +1,49 @@ +#!/usr/bin/env python3 + +# Copyright (C) 2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# T5115: migrate "service dns forwarding domain example.com server" to +# "service dns forwarding domain example.com name-server" + +import sys +from vyos.configtree import ConfigTree + +if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) + +base = ['service', 'dns', 'forwarding', 'domain'] +if not config.exists(base): + # Nothing to do + sys.exit(0) + +for domain in config.list_nodes(base): + if config.exists(base + [domain, 'server']): + config.copy(base + [domain, 'server'], base + [domain, 'name-server']) + config.delete(base + [domain, 'server']) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + sys.exit(1) diff --git a/src/services/vyos-hostsd b/src/services/vyos-hostsd index a380f2e66..894f9e24d 100755 --- a/src/services/vyos-hostsd +++ b/src/services/vyos-hostsd @@ -329,7 +329,7 @@ tag_regex_schema = op_type_schema.extend({ forward_zone_add_schema = op_type_schema.extend({ 'data': { str: { - 'server': [str], + 'name_server': [str], 'addnta': Any({}, None), 'recursion_desired': Any({}, None), } -- cgit v1.2.3 From b1d3193d2bb1ae8cd214a0dd6eabd1d732446407 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 29 Mar 2023 10:35:47 +0200 Subject: T5115: bump version dns-forwarding 3 -> 4 --- interface-definitions/include/version/dns-forwarding-version.xml.i | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/version/dns-forwarding-version.xml.i b/interface-definitions/include/version/dns-forwarding-version.xml.i index fe817940a..86121ae5a 100644 --- a/interface-definitions/include/version/dns-forwarding-version.xml.i +++ b/interface-definitions/include/version/dns-forwarding-version.xml.i @@ -1,3 +1,3 @@ - + -- cgit v1.2.3 From 599c5405e7ff5b76aa774b8cc97a82fbc053d46c Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Thu, 30 Mar 2023 12:55:30 +0000 Subject: T5128: Policy Route: allow wildcard on interface --- data/templates/firewall/nftables-policy.j2 | 2 +- .../constraint/interface-name-with-wildcard.xml.in | 4 ++++ .../include/generic-interface-multi-wildcard.xml.i | 19 +++++++++++++++++++ interface-definitions/policy-route.xml.in | 4 ++-- smoketest/scripts/cli/test_policy_route.py | 8 +++++--- 5 files changed, 31 insertions(+), 6 deletions(-) create mode 100644 interface-definitions/include/constraint/interface-name-with-wildcard.xml.in create mode 100644 interface-definitions/include/generic-interface-multi-wildcard.xml.i (limited to 'interface-definitions/include') diff --git a/data/templates/firewall/nftables-policy.j2 b/data/templates/firewall/nftables-policy.j2 index 6cb3b2f95..7a89d29e4 100644 --- a/data/templates/firewall/nftables-policy.j2 +++ b/data/templates/firewall/nftables-policy.j2 @@ -11,7 +11,7 @@ table ip vyos_mangle { type filter hook prerouting priority -150; policy accept; {% if route is vyos_defined %} {% for route_text, conf in route.items() if conf.interface is vyos_defined %} - iifname { {{ ",".join(conf.interface) }} } counter jump VYOS_PBR_{{ route_text }} + iifname { {{ conf.interface | join(",") }} } counter jump VYOS_PBR_{{ route_text }} {% endfor %} {% endif %} } diff --git a/interface-definitions/include/constraint/interface-name-with-wildcard.xml.in b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.in new file mode 100644 index 000000000..09867b380 --- /dev/null +++ b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.in @@ -0,0 +1,4 @@ + +(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|lo + + diff --git a/interface-definitions/include/generic-interface-multi-wildcard.xml.i b/interface-definitions/include/generic-interface-multi-wildcard.xml.i new file mode 100644 index 000000000..354841a85 --- /dev/null +++ b/interface-definitions/include/generic-interface-multi-wildcard.xml.i @@ -0,0 +1,19 @@ + + + + + Interface name to apply policy route configuration + + + + + txt + Interface name + + + #include + + + + + diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in index bbd6dbf56..d4ec75786 100644 --- a/interface-definitions/policy-route.xml.in +++ b/interface-definitions/policy-route.xml.in @@ -12,8 +12,8 @@ #include - #include #include + #include Policy rule number @@ -67,8 +67,8 @@ #include - #include #include + #include Policy rule number diff --git a/smoketest/scripts/cli/test_policy_route.py b/smoketest/scripts/cli/test_policy_route.py index 4be36b134..a3df6bf4d 100755 --- a/smoketest/scripts/cli/test_policy_route.py +++ b/smoketest/scripts/cli/test_policy_route.py @@ -26,6 +26,7 @@ conn_mark_set = '111' table_mark_offset = 0x7fffffff table_id = '101' interface = 'eth0' +interface_wc = 'ppp*' interface_ip = '172.16.10.1/24' class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): @@ -236,7 +237,8 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '5', 'set', 'table', table_id]) self.cli_set(['policy', 'route', 'smoketest', 'interface', interface]) - self.cli_set(['policy', 'route6', 'smoketest6', 'interface', interface]) + self.cli_set(['policy', 'route', 'smoketest', 'interface', interface_wc]) + self.cli_set(['policy', 'route6', 'smoketest6', 'interface', interface_wc]) self.cli_commit() @@ -244,7 +246,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): # IPv4 nftables_search = [ - [f'iifname "{interface}"', 'jump VYOS_PBR_smoketest'], + ['iifname { "' + interface + '", "' + interface_wc + '" }', 'jump VYOS_PBR_smoketest'], ['meta l4proto udp', 'drop'], ['tcp flags syn / syn,ack', 'meta mark set ' + mark_hex], ['ct state new', 'tcp dport 22', 'ip saddr 198.51.100.0/24', 'ip ttl > 2', 'meta mark set ' + mark_hex], @@ -256,7 +258,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): # IPv6 nftables6_search = [ - [f'iifname "{interface}"', 'jump VYOS_PBR6_smoketest'], + [f'iifname "{interface_wc}"', 'jump VYOS_PBR6_smoketest'], ['meta l4proto udp', 'drop'], ['tcp flags syn / syn,ack', 'meta mark set ' + mark_hex], ['ct state new', 'tcp dport 22', 'ip6 saddr 2001:db8::/64', 'ip6 hoplimit > 2', 'meta mark set ' + mark_hex], -- cgit v1.2.3 From 11b1d043310833447ddeea3b68fba2a1d1f5799d Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Wed, 29 Mar 2023 19:48:52 -0500 Subject: http-api: T5126: allow restricting client IP address --- data/templates/https/nginx.default.j2 | 6 +++++ interface-definitions/https.xml.in | 1 + interface-definitions/include/allow-client.xml.i | 33 ++++++++++++++++++++++++ src/conf_mode/https.py | 2 ++ 4 files changed, 42 insertions(+) create mode 100644 interface-definitions/include/allow-client.xml.i (limited to 'interface-definitions/include') diff --git a/data/templates/https/nginx.default.j2 b/data/templates/https/nginx.default.j2 index d42b3b389..b541ff309 100644 --- a/data/templates/https/nginx.default.j2 +++ b/data/templates/https/nginx.default.j2 @@ -49,6 +49,12 @@ server { proxy_buffering off; {% else %} return 503; +{% endif %} +{% if server.allow_client %} +{% for client in server.allow_client %} + allow {{ client }}; +{% endfor %} + deny all; {% endif %} } diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in index 6adb07598..cf30ab2be 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/https.xml.in @@ -60,6 +60,7 @@ + #include diff --git a/interface-definitions/include/allow-client.xml.i b/interface-definitions/include/allow-client.xml.i new file mode 100644 index 000000000..03a0b3ff8 --- /dev/null +++ b/interface-definitions/include/allow-client.xml.i @@ -0,0 +1,33 @@ + + + Restrict to allowed IP client addresses + + + + + Allowed IP client addresses + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + + + diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index ce5e63928..b0c38e8d3 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -159,6 +159,8 @@ def generate(https): server_block['port'] = data.get('listen-port', '443') name = data.get('server-name', ['_']) server_block['name'] = name + allow_client = data.get('allow-client', {}) + server_block['allow_client'] = allow_client.get('address', []) server_block_list.append(server_block) # get certificate data -- cgit v1.2.3 From 0993d9ed9fbbd2110a4911d10fc0b42c7ee8856e Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 1 Apr 2023 10:51:09 +0200 Subject: xml: allow-client: T5126: re-use new building block also for NTP service --- interface-definitions/include/allow-client.xml.i | 68 ++++++++++++------------ interface-definitions/ntp.xml.in | 34 +----------- 2 files changed, 36 insertions(+), 66 deletions(-) (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/allow-client.xml.i b/interface-definitions/include/allow-client.xml.i index 03a0b3ff8..1b06e2c17 100644 --- a/interface-definitions/include/allow-client.xml.i +++ b/interface-definitions/include/allow-client.xml.i @@ -1,33 +1,35 @@ - - - Restrict to allowed IP client addresses - - - - - Allowed IP client addresses - - ipv4 - IPv4 address - - - ipv6 - IPv6 address - - - ipv4net - IPv4 address and prefix length - - - ipv6net - IPv6 address and prefix length - - - - - - - - - - + + + + Restrict to allowed IP client addresses + + + + + Allowed IP client addresses + + ipv4 + IPv4 address + + + ipv6 + IPv6 address + + + ipv4net + IPv4 address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + + + + diff --git a/interface-definitions/ntp.xml.in b/interface-definitions/ntp.xml.in index 287401ed6..558204a06 100644 --- a/interface-definitions/ntp.xml.in +++ b/interface-definitions/ntp.xml.in @@ -57,39 +57,7 @@ - - - Specify NTP clients allowed to access the server - - - - - IP address - - ipv4 - Allowed IPv4 address - - - ipv4net - Allowed IPv4 prefix - - - ipv6 - Allowed IPv6 address - - - ipv6net - Allowed IPv6 prefix - - - - - - - - - - + #include #include #include #include -- cgit v1.2.3 From 0a49c0af4dbdcad9e494d4fba2212f156485fd7d Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 1 Apr 2023 10:51:57 +0200 Subject: xml: T5128: streamline help string for interface CLI node building blocks --- interface-definitions/include/generic-interface-broadcast.xml.i | 2 +- .../include/generic-interface-multi-broadcast.xml.i | 2 +- interface-definitions/include/generic-interface-multi-wildcard.xml.i | 5 ++--- 3 files changed, 4 insertions(+), 5 deletions(-) (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/generic-interface-broadcast.xml.i b/interface-definitions/include/generic-interface-broadcast.xml.i index 82bfc139b..ac21767d1 100644 --- a/interface-definitions/include/generic-interface-broadcast.xml.i +++ b/interface-definitions/include/generic-interface-broadcast.xml.i @@ -1,7 +1,7 @@ - Interface Name to use + Interface to use diff --git a/interface-definitions/include/generic-interface-multi-broadcast.xml.i b/interface-definitions/include/generic-interface-multi-broadcast.xml.i index 8160f816d..8b0c38761 100644 --- a/interface-definitions/include/generic-interface-multi-broadcast.xml.i +++ b/interface-definitions/include/generic-interface-multi-broadcast.xml.i @@ -1,7 +1,7 @@ - Interface Name to use + Interface to use diff --git a/interface-definitions/include/generic-interface-multi-wildcard.xml.i b/interface-definitions/include/generic-interface-multi-wildcard.xml.i index 354841a85..a93eddbbe 100644 --- a/interface-definitions/include/generic-interface-multi-wildcard.xml.i +++ b/interface-definitions/include/generic-interface-multi-wildcard.xml.i @@ -1,14 +1,13 @@ - - Interface name to apply policy route configuration + Interface to use txt - Interface name + Interface name, wildcard (*) supported #include -- cgit v1.2.3 From 2265bb4dc27965da3dce7e3f476366b7d1e911f3 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 1 Apr 2023 13:14:30 +0200 Subject: xml: include building block file name should end with .i and not .in --- interface-definitions/container.xml.in | 2 +- interface-definitions/dhcp-relay.xml.in | 4 ++-- interface-definitions/dns-domain-name.xml.in | 4 ++-- interface-definitions/firewall.xml.in | 2 +- interface-definitions/high-availability.xml.in | 2 +- interface-definitions/include/babel/interface.xml.i | 2 +- interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i | 4 ++-- interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i | 4 ++-- interface-definitions/include/bgp/neighbor-update-source.xml.i | 2 +- interface-definitions/include/bgp/protocol-common-config.xml.i | 4 ++-- .../include/constraint/alpha-numeric-hyphen-underscore.xml.i | 3 +++ .../include/constraint/alpha-numeric-hyphen-underscore.xml.in | 3 --- interface-definitions/include/constraint/host-name.xml.i | 3 +++ interface-definitions/include/constraint/host-name.xml.in | 3 --- .../include/constraint/interface-name-with-wildcard.xml.i | 4 ++++ .../include/constraint/interface-name-with-wildcard.xml.in | 4 ---- interface-definitions/include/constraint/interface-name.xml.i | 4 ++++ interface-definitions/include/constraint/interface-name.xml.in | 4 ---- interface-definitions/include/dhcp-interface-multi.xml.i | 2 +- interface-definitions/include/dhcp-interface.xml.i | 2 +- .../include/generic-interface-broadcast.xml.i | 2 +- .../include/generic-interface-multi-broadcast.xml.i | 2 +- .../include/generic-interface-multi-wildcard.xml.i | 2 +- interface-definitions/include/generic-interface-multi.xml.i | 2 +- interface-definitions/include/generic-interface.xml.i | 2 +- interface-definitions/include/interface/redirect.xml.i | 2 +- .../include/ospf/protocol-common-config.xml.i | 2 +- .../include/ospfv3/protocol-common-config.xml.i | 2 +- interface-definitions/include/rip/interface.xml.i | 2 +- interface-definitions/include/routing-passive-interface.xml.i | 2 +- interface-definitions/include/source-interface.xml.i | 2 +- .../include/static/static-route-interface.xml.i | 2 +- interface-definitions/include/static/static-route.xml.i | 2 +- interface-definitions/include/static/static-route6.xml.i | 2 +- interface-definitions/interfaces-bonding.xml.in | 4 ++-- interface-definitions/policy.xml.in | 8 ++++---- interface-definitions/protocols-babel.xml.in | 4 ++-- interface-definitions/protocols-rip.xml.in | 2 +- interface-definitions/protocols-ripng.xml.in | 2 +- interface-definitions/protocols-static-arp.xml.in | 2 +- interface-definitions/qos.xml.in | 2 +- interface-definitions/service-monitoring-telegraf.xml.in | 10 +++++----- interface-definitions/service-upnp.xml.in | 4 ++-- interface-definitions/system-config-mgmt.xml.in | 2 +- interface-definitions/system-sflow.xml.in | 2 +- 45 files changed, 66 insertions(+), 66 deletions(-) create mode 100644 interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i delete mode 100644 interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.in create mode 100644 interface-definitions/include/constraint/host-name.xml.i delete mode 100644 interface-definitions/include/constraint/host-name.xml.in create mode 100644 interface-definitions/include/constraint/interface-name-with-wildcard.xml.i delete mode 100644 interface-definitions/include/constraint/interface-name-with-wildcard.xml.in create mode 100644 interface-definitions/include/constraint/interface-name.xml.i delete mode 100644 interface-definitions/include/constraint/interface-name.xml.in (limited to 'interface-definitions/include') diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index 6947ed500..0849af656 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -117,7 +117,7 @@ Container host name - #include + #include Host-name must be alphanumeric and can contain hyphens diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/dhcp-relay.xml.in index 79ad2c01c..2a2597dd5 100644 --- a/interface-definitions/dhcp-relay.xml.in +++ b/interface-definitions/dhcp-relay.xml.in @@ -21,7 +21,7 @@ Interface name - #include + #include @@ -37,7 +37,7 @@ Interface name - #include + #include diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in index c0ac16a80..e93c49ebd 100644 --- a/interface-definitions/dns-domain-name.xml.in +++ b/interface-definitions/dns-domain-name.xml.in @@ -25,7 +25,7 @@ - #include + #include @@ -34,7 +34,7 @@ System host name (default: vyos) - #include + #include diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in index edbf1e03a..69901e5d3 100644 --- a/interface-definitions/firewall.xml.in +++ b/interface-definitions/firewall.xml.in @@ -350,7 +350,7 @@ - #include + #include diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in index 1fa051df9..ce6603796 100644 --- a/interface-definitions/high-availability.xml.in +++ b/interface-definitions/high-availability.xml.in @@ -220,7 +220,7 @@ Interface name - #include + #include diff --git a/interface-definitions/include/babel/interface.xml.i b/interface-definitions/include/babel/interface.xml.i index 586eca7a5..a122ef024 100644 --- a/interface-definitions/include/babel/interface.xml.i +++ b/interface-definitions/include/babel/interface.xml.i @@ -10,7 +10,7 @@ Interface name - #include + #include diff --git a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i index ee902b0b6..0f760daae 100644 --- a/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i +++ b/interface-definitions/include/bgp/afi-ipv4-prefix-list.xml.i @@ -15,7 +15,7 @@ Name of IPv4 prefix-list - #include + #include Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores @@ -31,7 +31,7 @@ Name of IPv4 prefix-list - #include + #include Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores diff --git a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i index da966f193..268d9cbc0 100644 --- a/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i +++ b/interface-definitions/include/bgp/afi-ipv6-prefix-list.xml.i @@ -15,7 +15,7 @@ Name of IPv6 prefix-list - #include + #include Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores @@ -31,7 +31,7 @@ Name of IPv6 prefix-list - #include + #include Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores diff --git a/interface-definitions/include/bgp/neighbor-update-source.xml.i b/interface-definitions/include/bgp/neighbor-update-source.xml.i index 0acec4126..c6aa776c2 100644 --- a/interface-definitions/include/bgp/neighbor-update-source.xml.i +++ b/interface-definitions/include/bgp/neighbor-update-source.xml.i @@ -22,7 +22,7 @@ - #include + #include diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i index 089c36ef3..a9122db57 100644 --- a/interface-definitions/include/bgp/protocol-common-config.xml.i +++ b/interface-definitions/include/bgp/protocol-common-config.xml.i @@ -942,7 +942,7 @@ - #include + #include @@ -1530,7 +1530,7 @@ Name of peer-group - #include + #include diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i new file mode 100644 index 000000000..eb568d7d9 --- /dev/null +++ b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.i @@ -0,0 +1,3 @@ + +[-_a-zA-Z0-9]+ + diff --git a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.in b/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.in deleted file mode 100644 index eb568d7d9..000000000 --- a/interface-definitions/include/constraint/alpha-numeric-hyphen-underscore.xml.in +++ /dev/null @@ -1,3 +0,0 @@ - -[-_a-zA-Z0-9]+ - diff --git a/interface-definitions/include/constraint/host-name.xml.i b/interface-definitions/include/constraint/host-name.xml.i new file mode 100644 index 000000000..202c200f4 --- /dev/null +++ b/interface-definitions/include/constraint/host-name.xml.i @@ -0,0 +1,3 @@ + +[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9] + diff --git a/interface-definitions/include/constraint/host-name.xml.in b/interface-definitions/include/constraint/host-name.xml.in deleted file mode 100644 index 202c200f4..000000000 --- a/interface-definitions/include/constraint/host-name.xml.in +++ /dev/null @@ -1,3 +0,0 @@ - -[A-Za-z0-9][-.A-Za-z0-9]*[A-Za-z0-9] - diff --git a/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i new file mode 100644 index 000000000..09867b380 --- /dev/null +++ b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.i @@ -0,0 +1,4 @@ + +(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|lo + + diff --git a/interface-definitions/include/constraint/interface-name-with-wildcard.xml.in b/interface-definitions/include/constraint/interface-name-with-wildcard.xml.in deleted file mode 100644 index 09867b380..000000000 --- a/interface-definitions/include/constraint/interface-name-with-wildcard.xml.in +++ /dev/null @@ -1,4 +0,0 @@ - -(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)([0-9]?)(\*?)(.+)?|lo - - diff --git a/interface-definitions/include/constraint/interface-name.xml.i b/interface-definitions/include/constraint/interface-name.xml.i new file mode 100644 index 000000000..e540e4418 --- /dev/null +++ b/interface-definitions/include/constraint/interface-name.xml.i @@ -0,0 +1,4 @@ + +(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo + + diff --git a/interface-definitions/include/constraint/interface-name.xml.in b/interface-definitions/include/constraint/interface-name.xml.in deleted file mode 100644 index e540e4418..000000000 --- a/interface-definitions/include/constraint/interface-name.xml.in +++ /dev/null @@ -1,4 +0,0 @@ - -(bond|br|dum|en|ersp|eth|gnv|ifb|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo - - diff --git a/interface-definitions/include/dhcp-interface-multi.xml.i b/interface-definitions/include/dhcp-interface-multi.xml.i index e10341037..0db11cf79 100644 --- a/interface-definitions/include/dhcp-interface-multi.xml.i +++ b/interface-definitions/include/dhcp-interface-multi.xml.i @@ -10,7 +10,7 @@ DHCP interface name - #include + #include diff --git a/interface-definitions/include/dhcp-interface.xml.i b/interface-definitions/include/dhcp-interface.xml.i index 24edbbd15..b5c94cb24 100644 --- a/interface-definitions/include/dhcp-interface.xml.i +++ b/interface-definitions/include/dhcp-interface.xml.i @@ -9,7 +9,7 @@ DHCP interface name - #include + #include diff --git a/interface-definitions/include/generic-interface-broadcast.xml.i b/interface-definitions/include/generic-interface-broadcast.xml.i index ac21767d1..e37e75012 100644 --- a/interface-definitions/include/generic-interface-broadcast.xml.i +++ b/interface-definitions/include/generic-interface-broadcast.xml.i @@ -10,7 +10,7 @@ Interface name - #include + #include diff --git a/interface-definitions/include/generic-interface-multi-broadcast.xml.i b/interface-definitions/include/generic-interface-multi-broadcast.xml.i index 8b0c38761..ed13cf2cf 100644 --- a/interface-definitions/include/generic-interface-multi-broadcast.xml.i +++ b/interface-definitions/include/generic-interface-multi-broadcast.xml.i @@ -10,7 +10,7 @@ Interface name - #include + #include diff --git a/interface-definitions/include/generic-interface-multi-wildcard.xml.i b/interface-definitions/include/generic-interface-multi-wildcard.xml.i index a93eddbbe..6c846a795 100644 --- a/interface-definitions/include/generic-interface-multi-wildcard.xml.i +++ b/interface-definitions/include/generic-interface-multi-wildcard.xml.i @@ -10,7 +10,7 @@ Interface name, wildcard (*) supported - #include + #include diff --git a/interface-definitions/include/generic-interface-multi.xml.i b/interface-definitions/include/generic-interface-multi.xml.i index 1b8dc102b..cfc77af3a 100644 --- a/interface-definitions/include/generic-interface-multi.xml.i +++ b/interface-definitions/include/generic-interface-multi.xml.i @@ -10,7 +10,7 @@ Interface name - #include + #include diff --git a/interface-definitions/include/generic-interface.xml.i b/interface-definitions/include/generic-interface.xml.i index 9417f9ef0..65f5bfbb8 100644 --- a/interface-definitions/include/generic-interface.xml.i +++ b/interface-definitions/include/generic-interface.xml.i @@ -10,7 +10,7 @@ Interface name - #include + #include diff --git a/interface-definitions/include/interface/redirect.xml.i b/interface-definitions/include/interface/redirect.xml.i index 0421f4074..9b41cd8ff 100644 --- a/interface-definitions/include/interface/redirect.xml.i +++ b/interface-definitions/include/interface/redirect.xml.i @@ -10,7 +10,7 @@ Destination interface name - #include + #include diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i index 25b54b181..f39b9c5e3 100644 --- a/interface-definitions/include/ospf/protocol-common-config.xml.i +++ b/interface-definitions/include/ospf/protocol-common-config.xml.i @@ -358,7 +358,7 @@ Interface name - #include + #include diff --git a/interface-definitions/include/ospfv3/protocol-common-config.xml.i b/interface-definitions/include/ospfv3/protocol-common-config.xml.i index 014bf9e49..1c33ca920 100644 --- a/interface-definitions/include/ospfv3/protocol-common-config.xml.i +++ b/interface-definitions/include/ospfv3/protocol-common-config.xml.i @@ -118,7 +118,7 @@ Interface used for routing information exchange - #include + #include diff --git a/interface-definitions/include/rip/interface.xml.i b/interface-definitions/include/rip/interface.xml.i index 0a89f4d92..8007f0208 100644 --- a/interface-definitions/include/rip/interface.xml.i +++ b/interface-definitions/include/rip/interface.xml.i @@ -10,7 +10,7 @@ Interface name - #include + #include diff --git a/interface-definitions/include/routing-passive-interface.xml.i b/interface-definitions/include/routing-passive-interface.xml.i index 715468e59..8fa0d0fe7 100644 --- a/interface-definitions/include/routing-passive-interface.xml.i +++ b/interface-definitions/include/routing-passive-interface.xml.i @@ -16,7 +16,7 @@ (default) - #include + #include diff --git a/interface-definitions/include/source-interface.xml.i b/interface-definitions/include/source-interface.xml.i index c25a6a6d0..40fdc6c5e 100644 --- a/interface-definitions/include/source-interface.xml.i +++ b/interface-definitions/include/source-interface.xml.i @@ -10,7 +10,7 @@ - #include + #include diff --git a/interface-definitions/include/static/static-route-interface.xml.i b/interface-definitions/include/static/static-route-interface.xml.i index db2f0baa6..cb5436847 100644 --- a/interface-definitions/include/static/static-route-interface.xml.i +++ b/interface-definitions/include/static/static-route-interface.xml.i @@ -10,7 +10,7 @@ Gateway interface name - #include + #include diff --git a/interface-definitions/include/static/static-route.xml.i b/interface-definitions/include/static/static-route.xml.i index 34e36f5a7..268cfa005 100644 --- a/interface-definitions/include/static/static-route.xml.i +++ b/interface-definitions/include/static/static-route.xml.i @@ -26,7 +26,7 @@ Gateway interface name - #include + #include diff --git a/interface-definitions/include/static/static-route6.xml.i b/interface-definitions/include/static/static-route6.xml.i index aac02062f..1f8d54108 100644 --- a/interface-definitions/include/static/static-route6.xml.i +++ b/interface-definitions/include/static/static-route6.xml.i @@ -25,7 +25,7 @@ Gateway interface name - #include + #include diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in index f5f1eb1b6..14b1036b4 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces-bonding.xml.in @@ -199,7 +199,7 @@ Interface name - #include + #include @@ -218,7 +218,7 @@ Interface name - #include + #include diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index 66608be6f..7d5fe79ef 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -242,7 +242,7 @@ BGP extended community-list name - #include + #include Should be an alphanumeric name @@ -291,7 +291,7 @@ BGP large-community-list name - #include + #include Should be an alphanumeric name @@ -340,7 +340,7 @@ Name of IPv4 prefix-list - #include + #include Name of prefix-list can only contain alpha-numeric letters, hyphen and underscores @@ -408,7 +408,7 @@ Name of IPv6 prefix-list - #include + #include Name of prefix-list6 can only contain alpha-numeric letters, hyphen and underscores diff --git a/interface-definitions/protocols-babel.xml.in b/interface-definitions/protocols-babel.xml.in index b3377aac1..49fffe230 100644 --- a/interface-definitions/protocols-babel.xml.in +++ b/interface-definitions/protocols-babel.xml.in @@ -206,7 +206,7 @@ - #include + #include @@ -234,7 +234,7 @@ - #include + #include diff --git a/interface-definitions/protocols-rip.xml.in b/interface-definitions/protocols-rip.xml.in index 68d2b64ca..0edd8f2ce 100644 --- a/interface-definitions/protocols-rip.xml.in +++ b/interface-definitions/protocols-rip.xml.in @@ -39,7 +39,7 @@ - #include + #include diff --git a/interface-definitions/protocols-ripng.xml.in b/interface-definitions/protocols-ripng.xml.in index be643896f..9d4d87422 100644 --- a/interface-definitions/protocols-ripng.xml.in +++ b/interface-definitions/protocols-ripng.xml.in @@ -40,7 +40,7 @@ - #include + #include diff --git a/interface-definitions/protocols-static-arp.xml.in b/interface-definitions/protocols-static-arp.xml.in index 63f450bd8..4b338df63 100644 --- a/interface-definitions/protocols-static-arp.xml.in +++ b/interface-definitions/protocols-static-arp.xml.in @@ -20,7 +20,7 @@ Interface name - #include + #include diff --git a/interface-definitions/qos.xml.in b/interface-definitions/qos.xml.in index 9b1430ea0..c7bd8606a 100644 --- a/interface-definitions/qos.xml.in +++ b/interface-definitions/qos.xml.in @@ -17,7 +17,7 @@ Interface name - #include + #include diff --git a/interface-definitions/service-monitoring-telegraf.xml.in b/interface-definitions/service-monitoring-telegraf.xml.in index 5ba932400..ae0bae900 100644 --- a/interface-definitions/service-monitoring-telegraf.xml.in +++ b/interface-definitions/service-monitoring-telegraf.xml.in @@ -74,7 +74,7 @@ Application client id - #include + #include Client-id is limited to alphanumerical characters and can contain hyphen and underscores @@ -83,7 +83,7 @@ Application client secret - #include + #include Client-secret is limited to alphanumerical characters and can contain hyphen and underscores @@ -92,7 +92,7 @@ Set tenant id - #include + #include Tenant-id is limited to alphanumerical characters and can contain hyphen and underscores @@ -107,7 +107,7 @@ Remote database name - #include + #include Database is limited to alphanumerical characters and can contain hyphen and underscores @@ -140,7 +140,7 @@ Table name - #include + #include Table is limited to alphanumerical characters and can contain hyphen and underscores diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service-upnp.xml.in index 9e222d29a..1b2e00d91 100644 --- a/interface-definitions/service-upnp.xml.in +++ b/interface-definitions/service-upnp.xml.in @@ -24,7 +24,7 @@ - #include + #include @@ -119,7 +119,7 @@ - #include + #include diff --git a/interface-definitions/system-config-mgmt.xml.in b/interface-definitions/system-config-mgmt.xml.in index 1f852d284..716332d2a 100644 --- a/interface-definitions/system-config-mgmt.xml.in +++ b/interface-definitions/system-config-mgmt.xml.in @@ -32,7 +32,7 @@ - #include + #include diff --git a/interface-definitions/system-sflow.xml.in b/interface-definitions/system-sflow.xml.in index 335181fe1..9c748c24a 100644 --- a/interface-definitions/system-sflow.xml.in +++ b/interface-definitions/system-sflow.xml.in @@ -42,7 +42,7 @@ Interface name - #include + #include -- cgit v1.2.3