From 9744b8e10fcc58a0266e4e0e02dd593c71406b5f Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Fri, 27 Mar 2020 22:02:18 +0000 Subject: ifconfig: T2057: option forcing The code was trying to not perform change when not necessary however it prevent zero value to be set --- python/vyos/ifconfig/control.py | 6 ------ python/vyos/ifconfig/interface.py | 1 - 2 files changed, 7 deletions(-) (limited to 'python') diff --git a/python/vyos/ifconfig/control.py b/python/vyos/ifconfig/control.py index 28adc80d1..4c614c94f 100644 --- a/python/vyos/ifconfig/control.py +++ b/python/vyos/ifconfig/control.py @@ -50,9 +50,6 @@ class Control(Register): """ Using the defined names, set data write to sysfs. """ - if not value and not self._command_set[name].get('force', False): - return None - # the code can pass int as int value = str(value) @@ -110,9 +107,6 @@ class Control(Register): """ Using the defined names, set data write to sysfs. """ - if not value and not self._sysfs_set[name].get('force', False): - return None - # the code can pass int as int value = str(value) diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index f2b43fd35..8e37d6abd 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -59,7 +59,6 @@ class Interface(DHCP): 'shellcmd': 'ip link set dev {ifname} address {value}', }, 'vrf': { - 'force': True, 'convert': lambda v: f'master {v}' if v else 'nomaster', 'shellcmd': 'ip link set dev {ifname} {value}', }, -- cgit v1.2.3 From 186ea12fecb93d7c8c1eb787e3ae405a9627ec4e Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Fri, 27 Mar 2020 20:04:43 +0000 Subject: ifconfig: T2057: add get_alias function --- python/vyos/ifconfig/interface.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'python') diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index f2b43fd35..6c14c3db6 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -66,6 +66,9 @@ class Interface(DHCP): } _sysfs_get = { + 'alias': { + 'location': '/sys/class/net/{ifname}/ifalias', + }, 'mac': { 'location': '/sys/class/net/{ifname}/address', }, @@ -384,6 +387,16 @@ class Interface(DHCP): """ return self.set_interface('link_detect', link_filter) + def get_alias(self): + """ + Get interface alias name used by e.g. SNMP + + Example: + >>> Interface('eth0').get_alias() + 'interface description as set by user' + """ + return self.get_interface('alias') + def set_alias(self, ifalias=''): """ Set interface alias name used by e.g. SNMP -- cgit v1.2.3 From 9f8ac6d0e1616b9effec2d949f4f192a461af20d Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Sat, 28 Mar 2020 10:03:48 +0000 Subject: ifconfig: T2167: get_mac was not returning --- python/vyos/ifconfig/interface.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'python') diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index f2b43fd35..4170b79c8 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -249,7 +249,7 @@ class Interface(DHCP): >>> Interface('eth0').get_mac() '00:50:ab:cd:ef:00' """ - self.get_interface('mac') + return self.get_interface('mac') def set_mac(self, mac): """ -- cgit v1.2.3 From 627d1c704c83efe973b16db61005aacb1a96aead Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Fri, 27 Mar 2020 18:10:49 +0000 Subject: ifconfig: T2057: explicity name state functions The Interface get_state/set_state were not clear about if they edited the admin or operational state. functions are now using admin_state and oper_state for clarity. --- python/vyos/ifconfig/bond.py | 6 ++-- python/vyos/ifconfig/control.py | 4 +-- python/vyos/ifconfig/geneve.py | 2 +- python/vyos/ifconfig/interface.py | 51 +++++++++++++++++++---------- python/vyos/ifconfig/l2tpv3.py | 4 +-- python/vyos/ifconfig/tunnel.py | 4 +-- python/vyos/ifconfig_vlan.py | 4 +-- src/conf_mode/interfaces-bonding.py | 6 ++-- src/conf_mode/interfaces-bridge.py | 4 +-- src/conf_mode/interfaces-dummy.py | 4 +-- src/conf_mode/interfaces-ethernet.py | 4 +-- src/conf_mode/interfaces-geneve.py | 2 +- src/conf_mode/interfaces-l2tpv3.py | 2 +- src/conf_mode/interfaces-openvpn.py | 2 +- src/conf_mode/interfaces-pseudo-ethernet.py | 4 +-- src/conf_mode/interfaces-tunnel.py | 2 +- src/conf_mode/interfaces-vxlan.py | 2 +- src/conf_mode/interfaces-wireguard.py | 2 +- src/conf_mode/interfaces-wireless.py | 2 +- 19 files changed, 63 insertions(+), 48 deletions(-) (limited to 'python') diff --git a/python/vyos/ifconfig/bond.py b/python/vyos/ifconfig/bond.py index 3c26b9b95..e2ff71490 100644 --- a/python/vyos/ifconfig/bond.py +++ b/python/vyos/ifconfig/bond.py @@ -101,7 +101,7 @@ class BondIf(Interface): for s in self.get_slaves(): slave = { 'ifname': s, - 'state': Interface(s).get_state() + 'state': Interface(s).get_admin_state() } slave_list.append(slave) @@ -112,7 +112,7 @@ class BondIf(Interface): # physical interface for slave in slave_list: i = Interface(slave['ifname']) - i.set_state(slave['state']) + i.set_admin_state(slave['state']) def set_hash_policy(self, mode): """ @@ -211,7 +211,7 @@ class BondIf(Interface): # An interface can only be added to a bond if it is in 'down' state. If # interface is in 'up' state, the following Kernel error will be thrown: # bond0: eth1 is up - this may be due to an out of date ifenslave. - Interface(interface).set_state('down') + Interface(interface).set_admin_state('down') return self.set_interface('bond_add_port', f'+{interface}') def del_port(self, interface): diff --git a/python/vyos/ifconfig/control.py b/python/vyos/ifconfig/control.py index 28adc80d1..e8f25c014 100644 --- a/python/vyos/ifconfig/control.py +++ b/python/vyos/ifconfig/control.py @@ -44,7 +44,7 @@ class Control(Register): Using the defined names, set data write to sysfs. """ cmd = self._command_get[name]['shellcmd'].format(**config) - return self._cmd(cmd) + return self._command_get[name].get('format', lambda _: _)(self._cmd(cmd)) def _set_command(self, config, name, value): """ @@ -70,7 +70,7 @@ class Control(Register): config = {**config, **{'value': value}} cmd = self._command_set[name]['shellcmd'].format(**config) - return self._cmd(cmd) + return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd)) _sysfs_get = {} _sysfs_set = {} diff --git a/python/vyos/ifconfig/geneve.py b/python/vyos/ifconfig/geneve.py index f27786417..0c1cdade9 100644 --- a/python/vyos/ifconfig/geneve.py +++ b/python/vyos/ifconfig/geneve.py @@ -49,7 +49,7 @@ class GeneveIf(Interface): self._cmd(cmd) # interface is always A/D down. It needs to be enabled explicitly - self.set_state('down') + self.set_admin_state('down') @classmethod def get_config(cls): diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index f2b43fd35..9fd0dcca5 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -49,8 +49,15 @@ class Interface(DHCP): 'bridgeable': False, } + _command_get = { + 'admin_state': { + 'shellcmd': 'ip -json link show dev {ifname}', + 'format': lambda j: 'up' if 'UP' in json.loads(j)[0]['flags'] else 'down', + } + } + _command_set = { - 'state': { + 'admin_state': { 'validate': lambda v: assert_list(v, ['up', 'down']), 'shellcmd': 'ip link set dev {ifname} {value}', }, @@ -72,6 +79,9 @@ class Interface(DHCP): 'mtu': { 'location': '/sys/class/net/{ifname}/mtu', }, + 'oper_state':{ + 'location': '/sys/class/net/{ifname}/operstate', + }, } _sysfs_set = { @@ -265,9 +275,9 @@ class Interface(DHCP): return None # MAC address can only be changed if interface is in 'down' state - prev_state = self.get_state() + prev_state = self.get_admin_state() if prev_state == 'up': - self.set_state('down') + self.set_admin_state('down') self.set_interface('mac', mac) @@ -398,36 +408,41 @@ class Interface(DHCP): """ self.set_interface('alias', ifalias) - def get_state(self): + def get_admin_state(self): """ Get interface administrative state. Function will return 'up' or 'down' Example: >>> from vyos.ifconfig import Interface - >>> Interface('eth0').get_state() + >>> Interface('eth0').get_admin_state() 'up' """ - cmd = 'ip -json link show dev {}'.format(self.config['ifname']) - tmp = self._cmd(cmd) - out = json.loads(tmp) + return self.get_interface('admin_state') - state = 'down' - if 'UP' in out[0]['flags']: - state = 'up' - - return state - - def set_state(self, state): + def set_admin_state(self, state): """ Set interface administrative state to be 'up' or 'down' Example: >>> from vyos.ifconfig import Interface - >>> Interface('eth0').set_state('down') - >>> Interface('eth0').get_state() + >>> Interface('eth0').set_admin_state('down') + >>> Interface('eth0').get_admin_state() 'down' """ - return self.set_interface('state', state) + return self.set_interface('admin_state', state) + + def get_oper_state(self): + """ + Get interface operational state + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').get_oper_sate() + 'up' + """ + # https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-net + # "unknown", "notpresent", "down", "lowerlayerdown", "testing", "dormant", "up" + return self.get_interface('oper_state') def set_proxy_arp(self, enable): """ diff --git a/python/vyos/ifconfig/l2tpv3.py b/python/vyos/ifconfig/l2tpv3.py index fbfab4c6e..07f1cf8a3 100644 --- a/python/vyos/ifconfig/l2tpv3.py +++ b/python/vyos/ifconfig/l2tpv3.py @@ -62,7 +62,7 @@ class L2TPv3If(Interface): self._cmd(cmd) # interface is always A/D down. It needs to be enabled explicitly - self.set_state('down') + self.set_admin_state('down') def remove(self): """ @@ -76,7 +76,7 @@ class L2TPv3If(Interface): if os.path.exists('/sys/class/net/{}'.format(self.config['ifname'])): # interface is always A/D down. It needs to be enabled explicitly - self.set_state('down') + self.set_admin_state('down') if self._config['tunnel_id'] and self._config['session_id']: cmd = 'ip l2tp del session tunnel_id {} '.format( diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py index a49bdd51c..1bbb9eb6a 100644 --- a/python/vyos/ifconfig/tunnel.py +++ b/python/vyos/ifconfig/tunnel.py @@ -98,10 +98,10 @@ class _Tunnel(Interface): options = " ".join(["{} {}".format(k, self.config[k]) for k in self.options if k in self.config and self.config[k]]) self._cmd('{} {}'.format(self.create.format(**self.config), options)) - self.set_interface('state', 'down') + self.set_admin_state('down') def _delete(self): - self.set_interface('state', 'down') + self.set_admin_state('down') cmd = self.delete.format(**self.config) return self._cmd(cmd) diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py index 2b934cdfc..015f4d4af 100644 --- a/python/vyos/ifconfig_vlan.py +++ b/python/vyos/ifconfig_vlan.py @@ -76,9 +76,9 @@ def apply_vlan_config(vlan, config): # enable/disable VLAN interface if config['disable']: - vlan.set_state('down') + vlan.set_admin_state('down') else: - vlan.set_state('up') + vlan.set_admin_state('up') # Configure interface address(es) # - not longer required addresses get removed first diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 03df6e16a..9b6401ab6 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -431,7 +431,7 @@ def apply(bond): # Some parameters can not be changed when the bond is up. if bond['shutdown_required']: # Disable bond prior changing of certain properties - b.set_state('down') + b.set_admin_state('down') # The bonding mode can not be changed when there are interfaces enslaved # to this bond, thus we will free all interfaces from the bond first! @@ -449,9 +449,9 @@ def apply(bond): # parameters we will only re-enable the interface if it is not # administratively disabled if not bond['disable']: - b.set_state('up') + b.set_admin_state('up') else: - b.set_state('down') + b.set_admin_state('down') # Configure interface address(es) # - not longer required addresses get removed first diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index c45ab13a8..f53175452 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -243,7 +243,7 @@ def apply(bridge): br.remove() else: # enable interface - br.set_state('up') + br.set_admin_state('up') # set ageing time br.set_ageing_time(bridge['aging']) # set bridge forward delay @@ -313,7 +313,7 @@ def apply(bridge): # up/down interface if bridge['disable']: - br.set_state('down') + br.set_admin_state('down') # Configure interface address(es) # - not longer required addresses get removed first diff --git a/src/conf_mode/interfaces-dummy.py b/src/conf_mode/interfaces-dummy.py index bf55b13ec..b7b75517d 100755 --- a/src/conf_mode/interfaces-dummy.py +++ b/src/conf_mode/interfaces-dummy.py @@ -110,9 +110,9 @@ def apply(dummy): # disable interface on demand if dummy['disable']: - d.set_state('down') + d.set_admin_state('down') else: - d.set_state('up') + d.set_admin_state('up') return None diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index 2f5d796b4..f7d1093e2 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -357,9 +357,9 @@ def apply(eth): # Enable/Disable interface if eth['disable']: - e.set_state('down') + e.set_admin_state('down') else: - e.set_state('up') + e.set_admin_state('up') # Configure interface address(es) # - not longer required addresses get removed first diff --git a/src/conf_mode/interfaces-geneve.py b/src/conf_mode/interfaces-geneve.py index 8278b54b0..eaa678d3e 100755 --- a/src/conf_mode/interfaces-geneve.py +++ b/src/conf_mode/interfaces-geneve.py @@ -148,7 +148,7 @@ def apply(geneve): # parameters we will only re-enable the interface if it is not # administratively disabled if not geneve['disable']: - g.set_state('up') + g.set_admin_state('up') return None diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 3bc3faca8..468a893c5 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -204,7 +204,7 @@ def apply(l2tpv3): # we will only re-enable the interface if it is not administratively # disabled if not l2tpv3['disable']: - l.set_state('up') + l.set_admin_state('up') return None diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 155101f1d..d5121ab75 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -1043,7 +1043,7 @@ def apply(openvpn): # TAP interface needs to be brought up explicitly if openvpn['type'] == 'tap': if not openvpn['disable']: - VTunIf(openvpn['intf']).set_state('up') + VTunIf(openvpn['intf']).set_admin_state('up') return None diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 0afae8388..55b80b959 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -309,9 +309,9 @@ def apply(peth): # Enable/Disable interface if peth['disable']: - p.set_state('down') + p.set_admin_state('down') else: - p.set_state('up') + p.set_admin_state('up') # Configure interface address(es) # - not longer required addresses get removed first diff --git a/src/conf_mode/interfaces-tunnel.py b/src/conf_mode/interfaces-tunnel.py index 90c1f8f71..4cbb51f4a 100755 --- a/src/conf_mode/interfaces-tunnel.py +++ b/src/conf_mode/interfaces-tunnel.py @@ -478,7 +478,7 @@ def apply(conf): tunnel.add_addr(addr) # now bring it up (or not) - tunnel.set_state(options['state']) + tunnel.set_admin_state(options['state']) if __name__ == '__main__': diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index c9ef0fe9c..f45493587 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -212,7 +212,7 @@ def apply(vxlan): # parameters we will only re-enable the interface if it is not # administratively disabled if not vxlan['disable']: - v.set_state('up') + v.set_admin_state('up') return None diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 0d6373d89..d8c327e19 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -269,7 +269,7 @@ def apply(c): intfc.update() # interface state - intfc.set_state(c['state']) + intfc.set_admin_state(c['state']) return None diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 43455196c..3afd65a76 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -1518,7 +1518,7 @@ def apply(wifi): # Enable/Disable interface - interface is always placed in # administrative down state in WiFiIf class if not wifi['disable']: - w.set_state('up') + w.set_admin_state('up') # Physical interface is now configured. Proceed by starting hostapd or -- cgit v1.2.3 From 7f9ce3017ff4bc99c66e4d5ddfd6a9904ca8542c Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 25 Mar 2020 19:32:34 +0100 Subject: ipv6: T1831: migrate forwarding and dup-addr-detect-transmits nodes ... to new XML and Python based frontend/backend. --- .../include/ipv6-disable-forwarding.xml.i | 6 ++++ .../include/ipv6-dup-addr-detect-transmits.xml.i | 16 +++++++++ interface-definitions/include/vif.xml.i | 6 ++++ interface-definitions/interfaces-bonding.xml.in | 6 ++++ interface-definitions/interfaces-bridge.xml.in | 6 ++++ interface-definitions/interfaces-ethernet.xml.in | 6 ++++ interface-definitions/interfaces-l2tpv3.xml.in | 6 ++++ interface-definitions/interfaces-openvpn.xml.in | 6 ++++ .../interfaces-pseudo-ethernet.xml.in | 6 ++++ interface-definitions/interfaces-tunnel.xml.in | 23 ++++-------- interface-definitions/interfaces-vxlan.xml.in | 6 ++++ interface-definitions/interfaces-wireless.xml.in | 6 ++++ python/vyos/configdict.py | 10 ++++++ python/vyos/ifconfig/interface.py | 42 ++++++++++++++++++++++ python/vyos/ifconfig_vlan.py | 4 +++ src/conf_mode/interfaces-bonding.py | 14 ++++++++ src/conf_mode/interfaces-bridge.py | 14 ++++++++ src/conf_mode/interfaces-ethernet.py | 14 ++++++++ src/conf_mode/interfaces-l2tpv3.py | 14 ++++++++ src/conf_mode/interfaces-openvpn.py | 19 +++++++++- src/conf_mode/interfaces-pseudo-ethernet.py | 14 ++++++++ src/conf_mode/interfaces-vxlan.py | 14 ++++++++ src/conf_mode/interfaces-wireless.py | 14 ++++++++ 23 files changed, 254 insertions(+), 18 deletions(-) create mode 100644 interface-definitions/include/ipv6-disable-forwarding.xml.i create mode 100644 interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i (limited to 'python') diff --git a/interface-definitions/include/ipv6-disable-forwarding.xml.i b/interface-definitions/include/ipv6-disable-forwarding.xml.i new file mode 100644 index 000000000..3f90c7e34 --- /dev/null +++ b/interface-definitions/include/ipv6-disable-forwarding.xml.i @@ -0,0 +1,6 @@ + + + Disable IPv6 forwarding on this interface + + + diff --git a/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i b/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i new file mode 100644 index 000000000..728187560 --- /dev/null +++ b/interface-definitions/include/ipv6-dup-addr-detect-transmits.xml.i @@ -0,0 +1,16 @@ + + + Number of NS messages to send while performing DAD (default: 1) + + 1-n + Number of NS messages to send while performing DAD + + + 0 + Disable Duplicate Address Dectection (DAD) + + + + + + diff --git a/interface-definitions/include/vif.xml.i b/interface-definitions/include/vif.xml.i index 88693e0d3..3316dd784 100644 --- a/interface-definitions/include/vif.xml.i +++ b/interface-definitions/include/vif.xml.i @@ -51,6 +51,12 @@ #include + + + #include + #include + + #include #include diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in index 80943a1fd..641125d25 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces-bonding.xml.in @@ -89,6 +89,12 @@ #include + + + #include + #include + + #include diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in index d36a1abbc..52ba0436f 100644 --- a/interface-definitions/interfaces-bridge.xml.in +++ b/interface-definitions/interfaces-bridge.xml.in @@ -86,6 +86,12 @@ #include + + + #include + #include + + #include diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in index 5728d2f37..2f649b006 100644 --- a/interface-definitions/interfaces-ethernet.xml.in +++ b/interface-definitions/interfaces-ethernet.xml.in @@ -79,6 +79,12 @@ #include + + + #include + #include + + #include #include diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in index a408e58c1..92ea946e8 100644 --- a/interface-definitions/interfaces-l2tpv3.xml.in +++ b/interface-definitions/interfaces-l2tpv3.xml.in @@ -51,6 +51,12 @@ Encapsulation must be UDP or IP + + + #include + #include + + Local IP address for L2TPv3 tunnel diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index cac0ee417..a500c629c 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -162,6 +162,12 @@ + + + #include + #include + + Hashing Algorithm diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in index e6e8fd20c..53ff9f036 100644 --- a/interface-definitions/interfaces-pseudo-ethernet.xml.in +++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in @@ -33,6 +33,12 @@ #include + + + #include + #include + + Lower link device diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in index c66628ec8..fc6528193 100644 --- a/interface-definitions/interfaces-tunnel.xml.in +++ b/interface-definitions/interfaces-tunnel.xml.in @@ -15,7 +15,6 @@ Tunnel interface name - #include #include @@ -23,7 +22,12 @@ #include #include #include - + + + #include + #include + + Local IP address for this tunnel @@ -44,7 +48,6 @@ - Remote IP address for this tunnel @@ -62,7 +65,6 @@ - 6rd network prefix @@ -75,7 +77,6 @@ - 6rd relay prefix @@ -88,7 +89,6 @@ - dhcp interface @@ -104,7 +104,6 @@ - Ignore link state changes @@ -141,7 +140,6 @@ Must be one of 'gre' 'gre-bridge' 'ipip' 'sit' 'ipip6' 'ip6ip6' 'ip6gre' - Multicast operation over tunnel @@ -162,12 +160,10 @@ Must be 'disable' or 'enable' - Tunnel parameters - @@ -187,7 +183,6 @@ TTL must be between 0 and 255 - Type of Service (TOS) @@ -201,7 +196,6 @@ TOS must be between 0 and 99 - Tunnel key @@ -217,12 +211,10 @@ - IPv6 specific tunnel parameters - @@ -237,7 +229,6 @@ key must be between 0-255 - Flowlabel @@ -251,7 +242,6 @@ Must be 'inherit' or a number - Hoplimit @@ -265,7 +255,6 @@ hoplimit must be between 0-255 - Traffic class (Tclass) diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in index 16cb2c169..a69c0feed 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -45,6 +45,12 @@ #include + + + #include + #include + + Underlay device of VXLAN interface diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index 8632bb881..08259b31a 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -469,6 +469,12 @@ #include + + + #include + #include + + Media Access Control (MAC) address diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index a1499479a..705fecd9b 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -123,6 +123,8 @@ def vlan_to_dict(conf): 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, + 'ipv6_forwarding': True, + 'ipv6_dup_addr_detect': '1', 'ingress_qos': '', 'ingress_qos_changed': False, 'mac': '', @@ -187,6 +189,14 @@ def vlan_to_dict(conf): if conf.exists('ip enable-arp-ignore'): vlan['ip_enable_arp_ignore'] = 1 + # Disable IPv6 forwarding on this interface + if conf.exists('ipv6 disable-forwarding'): + vlan['ipv6_forwarding'] = False + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + vlan['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + # Media Access Control (MAC) address if conf.exists('mac'): vlan['mac'] = conf.return_value('mac') diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 0fddc67f3..ae0b652b0 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -115,6 +115,14 @@ class Interface(DHCP): 'validate': assert_boolean, 'location': '/proc/sys/net/ipv4/conf/{ifname}/arp_ignore', }, + 'ipv6_forwarding': { + 'validate': assert_boolean, + 'location': '/proc/sys/net/ipv6/conf/{ifname}/forwarding', + }, + 'ipv6_dad_transmits': { + 'validate': assert_boolean, + 'location': '/proc/sys/net/ipv6/conf/{ifname}/dad_transmits', + }, 'proxy_arp': { 'validate': assert_boolean, 'location': '/proc/sys/net/ipv4/conf/{ifname}/proxy_arp', @@ -374,6 +382,40 @@ class Interface(DHCP): """ return self.set_interface('arp_ignore', arp_ignore) + def set_ipv6_forwarding(self, forwarding): + """ + Configure IPv6 interface-specific Host/Router behaviour. + + False: + + By default, Host behaviour is assumed. This means: + + 1. IsRouter flag is not set in Neighbour Advertisements. + 2. If accept_ra is TRUE (default), transmit Router + Solicitations. + 3. If accept_ra is TRUE (default), accept Router + Advertisements (and do autoconfiguration). + 4. If accept_redirects is TRUE (default), accept Redirects. + + True: + + If local forwarding is enabled, Router behaviour is assumed. + This means exactly the reverse from the above: + + 1. IsRouter flag is set in Neighbour Advertisements. + 2. Router Solicitations are not sent unless accept_ra is 2. + 3. Router Advertisements are ignored unless accept_ra is 2. + 4. Redirects are ignored. + """ + return self.set_interface('ipv6_forwarding', forwarding) + + def set_dad_messages(self, dad): + """ + The amount of Duplicate Address Detection probes to send. + Default: 1 + """ + return self.set_interface('ipv6_dad_transmits', dad) + def set_link_detect(self, link_filter): """ Configure kernel response in packets received on interfaces that are 'down' diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py index 015f4d4af..11143f0bf 100644 --- a/python/vyos/ifconfig_vlan.py +++ b/python/vyos/ifconfig_vlan.py @@ -64,6 +64,10 @@ def apply_vlan_config(vlan, config): vlan.set_arp_announce(config['ip_enable_arp_announce']) # configure ARP ignore vlan.set_arp_ignore(config['ip_enable_arp_ignore']) + # Disable IPv6 forwarding on this interface + vlan.ipv6_forwarding(bond['ipv6_forwarding']) + # IPv6 Duplicate Address Detection (DAD) tries + vlan.ipv6_dad_messages(bond['ipv6_dup_addr_detect']) # Maximum Transmission Unit (MTU) vlan.set_mtu(config['mtu']) diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 9b6401ab6..9349241bd 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -48,6 +48,8 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, + 'ipv6_forwarding': True, + 'ipv6_dup_addr_detect': '1', 'intf': '', 'mac': '', 'mode': '802.3ad', @@ -189,6 +191,14 @@ def get_config(): if conf.exists('ip proxy-arp-pvlan'): bond['ip_proxy_arp_pvlan'] = 1 + # Disable IPv6 forwarding on this interface + if conf.exists('ipv6 disable-forwarding'): + bond['ipv6_forwarding'] = False + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + bond['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + # Media Access Control (MAC) address if conf.exists('mac'): bond['mac'] = conf.return_value('mac') @@ -416,6 +426,10 @@ def apply(bond): b.set_proxy_arp(bond['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface b.set_proxy_arp_pvlan(bond['ip_proxy_arp_pvlan']) + # Disable IPv6 forwarding on this interface + b.set_ipv6_forwarding(bond['ipv6_forwarding']) + # IPv6 Duplicate Address Detection (DAD) tries + b.set_ipv6_dad_messages(bond['ipv6_dup_addr_detect']) # Change interface MAC address if bond['mac']: diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index f53175452..79b5e85e7 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -46,6 +46,8 @@ default_config_data = { 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, + 'ipv6_forwarding': True, + 'ipv6_dup_addr_detect': '1', 'igmp_querier': 0, 'intf': '', 'mac' : '', @@ -152,6 +154,14 @@ def get_config(): if conf.exists('ip enable-arp-ignore'): bridge['ip_enable_arp_ignore'] = 1 + # Disable IPv6 forwarding on this interface + if conf.exists('ipv6 disable-forwarding'): + bridge['ipv6_forwarding'] = False + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + bridge['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + # Media Access Control (MAC) address if conf.exists('mac'): bridge['mac'] = conf.return_value('mac') @@ -258,6 +268,10 @@ def apply(bridge): br.set_arp_announce(bridge['ip_enable_arp_announce']) # configure ARP ignore br.set_arp_ignore(bridge['ip_enable_arp_ignore']) + # Disable IPv6 forwarding on this interface + br.set_ipv6_forwarding(bridge['ipv6_forwarding']) + # IPv6 Duplicate Address Detection (DAD) tries + br.set_ipv6_dad_messages(bridge['ipv6_dup_addr_detect']) # set max message age br.set_max_age(bridge['max_age']) # set bridge priority diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index f7d1093e2..84e7d1c44 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -48,6 +48,8 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, + 'ipv6_forwarding': True, + 'ipv6_dup_addr_detect': '1', 'intf': '', 'mac': '', 'mtu': 1500, @@ -167,6 +169,14 @@ def get_config(): if conf.exists('ip proxy-arp-pvlan'): eth['ip_proxy_arp_pvlan'] = 1 + # Disable IPv6 forwarding on this interface + if conf.exists('ipv6 disable-forwarding'): + eth['ipv6_forwarding'] = False + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + eth['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + # Media Access Control (MAC) address if conf.exists('mac'): eth['mac'] = conf.return_value('mac') @@ -326,6 +336,10 @@ def apply(eth): e.set_proxy_arp(eth['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface e.set_proxy_arp_pvlan(eth['ip_proxy_arp_pvlan']) + # Disable IPv6 forwarding on this interface + e.set_ipv6_forwarding(eth['ipv6_forwarding']) + # IPv6 Duplicate Address Detection (DAD) tries + e.set_ipv6_dad_messages(eth['ipv6_dup_addr_detect']) # Change interface MAC address - re-set to real hardware address (hw-id) # if custom mac is removed diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 468a893c5..5334472d3 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -33,6 +33,8 @@ default_config_data = { 'local_address': '', 'local_port': 5000, 'intf': '', + 'ipv6_forwarding': True, + 'ipv6_dup_addr_detect': '1', 'mtu': 1488, 'peer_session_id': '', 'peer_tunnel_id': '', @@ -101,6 +103,14 @@ def get_config(): if conf.exists('local-ip'): l2tpv3['local_address'] = conf.return_value('local-ip') + # Disable IPv6 forwarding on this interface + if conf.exists('ipv6 disable-forwarding'): + l2tpv3['ipv6_forwarding'] = False + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + l2tpv3['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + # Maximum Transmission Unit (MTU) if conf.exists('mtu'): l2tpv3['mtu'] = int(conf.return_value('mtu')) @@ -193,6 +203,10 @@ def apply(l2tpv3): l.set_alias(l2tpv3['description']) # Maximum Transfer Unit (MTU) l.set_mtu(l2tpv3['mtu']) + # Disable IPv6 forwarding on this interface + l.set_ipv6_forwarding(l2tpv3['ipv6_forwarding']) + # IPv6 Duplicate Address Detection (DAD) tries + l.set_ipv6_dad_messages(l2tpv3['ipv6_dup_addr_detect']) # Configure interface address(es) - no need to implicitly delete the # old addresses as they have already been removed by deleting the diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index d5121ab75..84de67e46 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -294,6 +294,8 @@ default_config_data = { 'encryption': '', 'hash': '', 'intf': '', + 'ipv6_forwarding': True, + 'ipv6_dup_addr_detect': '1', 'ping_restart': '60', 'ping_interval': '10', 'local_address': '', @@ -490,6 +492,14 @@ def get_config(): if conf.exists('local-port'): openvpn['local_port'] = conf.return_value('local-port') + # Disable IPv6 forwarding on this interface + if conf.exists('ipv6 disable-forwarding'): + openvpn['ipv6_forwarding'] = False + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + openvpn['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + # OpenVPN operation mode if conf.exists('mode'): mode = conf.return_value('mode') @@ -1036,7 +1046,14 @@ def apply(openvpn): try: # we need to catch the exception if the interface is not up due to # reason stated above - VTunIf(openvpn['intf']).set_alias(openvpn['description']) + o = VTunIf(openvpn['intf']) + # update interface description used e.g. within SNMP + o.set_alias(openvpn['description']) + # Disable IPv6 forwarding on this interface + o.set_ipv6_forwarding(openvpn['ipv6_forwarding']) + # IPv6 Duplicate Address Detection (DAD) tries + o.set_ipv6_dad_messages(openvpn['ipv6_dup_addr_detect']) + except: pass diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 55b80b959..19c8bbedc 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -45,6 +45,8 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, + 'ipv6_forwarding': True, + 'ipv6_dup_addr_detect': '1', 'intf': '', 'link': '', 'link_changed': False, @@ -145,6 +147,14 @@ def get_config(): if conf.exists(['ip', 'proxy-arp-pvlan']): peth['ip_proxy_arp_pvlan'] = 1 + # Disable IPv6 forwarding on this interface + if conf.exists('ipv6 disable-forwarding'): + peth['ipv6_forwarding'] = False + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + peth['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + # Lower link device if conf.exists(['link']): peth['link'] = conf.return_value(['link']) @@ -296,6 +306,10 @@ def apply(peth): p.set_proxy_arp(peth['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface p.set_proxy_arp_pvlan(peth['ip_proxy_arp_pvlan']) + # Disable IPv6 forwarding on this interface + p.set_ipv6_forwarding(peth['ipv6_forwarding']) + # IPv6 Duplicate Address Detection (DAD) tries + p.set_ipv6_dad_messages(peth['ipv6_dup_addr_detect']) # assign/remove VRF p.set_vrf(peth['vrf']) diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index f45493587..48271ff65 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -37,6 +37,8 @@ default_config_data = { 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, + 'ipv6_forwarding': True, + 'ipv6_dup_addr_detect': '1', 'link': '', 'mtu': 1450, 'remote': '', @@ -103,6 +105,14 @@ def get_config(): if conf.exists('ip enable-proxy-arp'): vxlan['ip_proxy_arp'] = 1 + # Disable IPv6 forwarding on this interface + if conf.exists('ipv6 disable-forwarding'): + vxlan['ipv6_forwarding'] = False + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + vxlan['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + # VXLAN underlay interface if conf.exists('link'): vxlan['link'] = conf.return_value('link') @@ -201,6 +211,10 @@ def apply(vxlan): v.set_arp_ignore(vxlan['ip_enable_arp_ignore']) # Enable proxy-arp on this interface v.set_proxy_arp(vxlan['ip_proxy_arp']) + # Disable IPv6 forwarding on this interface + v.set_ipv6_forwarding(vxlan['ipv6_forwarding']) + # IPv6 Duplicate Address Detection (DAD) tries + v.set_ipv6_dad_messages(vxlan['ipv6_dup_addr_detect']) # Configure interface address(es) - no need to implicitly delete the # old addresses as they have already been removed by deleting the diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 1e99ae12a..29257141d 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -827,6 +827,8 @@ default_config_data = { 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, + 'ipv6_forwarding': True, + 'ipv6_dup_addr_detect': '1', 'mac' : '', 'max_stations' : '', 'mgmt_frame_protection' : 'disabled', @@ -1140,6 +1142,14 @@ def get_config(): if conf.exists('ip enable-arp-ignore'): wifi['ip_enable_arp_ignore'] = 1 + # Disable IPv6 forwarding on this interface + if conf.exists('ipv6 disable-forwarding'): + wifi['ipv6_forwarding'] = False + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + wifi['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + # Wireless physical device if conf.exists('physical-device'): wifi['phy'] = conf.return_value('physical-device') @@ -1487,6 +1497,10 @@ def apply(wifi): w.set_arp_announce(wifi['ip_enable_arp_announce']) # configure ARP ignore w.set_arp_ignore(wifi['ip_enable_arp_ignore']) + # Disable IPv6 forwarding on this interface + w.set_ipv6_forwarding(bond['ipv6_forwarding']) + # IPv6 Duplicate Address Detection (DAD) tries + w.set_ipv6_dad_messages(bond['ipv6_dup_addr_detect']) # Configure interface address(es) # - not longer required addresses get removed first -- cgit v1.2.3 From adc09e4ecaf91bc93b3994eac4f2f2ac2786a1c7 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 25 Mar 2020 19:41:54 +0100 Subject: ipv6: T1831: use integers over bool in interface configuration --- Makefile | 3 +++ python/vyos/configdict.py | 8 ++++---- python/vyos/ifconfig/interface.py | 6 +++--- python/vyos/ifconfig_vlan.py | 4 ++-- src/conf_mode/interfaces-bonding.py | 8 ++++---- src/conf_mode/interfaces-bridge.py | 8 ++++---- src/conf_mode/interfaces-ethernet.py | 8 ++++---- src/conf_mode/interfaces-l2tpv3.py | 8 ++++---- src/conf_mode/interfaces-openvpn.py | 8 ++++---- src/conf_mode/interfaces-pseudo-ethernet.py | 8 ++++---- src/conf_mode/interfaces-vxlan.py | 8 ++++---- src/conf_mode/interfaces-wireless.py | 12 ++++++------ 12 files changed, 46 insertions(+), 43 deletions(-) (limited to 'python') diff --git a/Makefile b/Makefile index 8c4362a18..71c28f220 100644 --- a/Makefile +++ b/Makefile @@ -51,6 +51,8 @@ interface_definitions: $(BUILD_DIR) $(obj) rm -f $(TMPL_DIR)/interfaces/ethernet/node.tag/vif-s/node.tag/ipv6/node.def rm -f $(TMPL_DIR)/interfaces/ethernet/node.tag/vif-s/node.tag/vif-c/node.tag/ip/node.def rm -f $(TMPL_DIR)/interfaces/ethernet/node.tag/vif-s/node.tag/vif-c/node.tag/ipv6/node.def + rm -f $(TMPL_DIR)/interfaces/l2tpv3/node.tag/ipv6/node.def + rm -f $(TMPL_DIR)/interfaces/openvpn/node.tag/ipv6/node.def rm -f $(TMPL_DIR)/interfaces/pppoe/node.tag/ip/node.def rm -f $(TMPL_DIR)/interfaces/pppoe/node.tag/ipv6/node.def rm -f $(TMPL_DIR)/interfaces/pseudo-ethernet/node.tag/ip/node.def @@ -61,6 +63,7 @@ interface_definitions: $(BUILD_DIR) $(obj) rm -f $(TMPL_DIR)/interfaces/pseudo-ethernet/node.tag/vif-s/node.tag/ipv6/node.def rm -f $(TMPL_DIR)/interfaces/pseudo-ethernet/node.tag/vif-s/node.tag/vif-c/node.tag/ip/node.def rm -f $(TMPL_DIR)/interfaces/pseudo-ethernet/node.tag/vif-s/node.tag/vif-c/node.tag/ipv6/node.def + rm -f $(TMPL_DIR)/interfaces/tunnel/node.tag/ipv6/node.def rm -f $(TMPL_DIR)/interfaces/vxlan/node.tag/ip/node.def rm -f $(TMPL_DIR)/interfaces/vxlan/node.tag/ipv6/node.def rm -f $(TMPL_DIR)/interfaces/wireless/node.tag/ip/node.def diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index 705fecd9b..b0214ded4 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -123,8 +123,8 @@ def vlan_to_dict(conf): 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, - 'ipv6_forwarding': True, - 'ipv6_dup_addr_detect': '1', + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, 'ingress_qos': '', 'ingress_qos_changed': False, 'mac': '', @@ -191,11 +191,11 @@ def vlan_to_dict(conf): # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): - vlan['ipv6_forwarding'] = False + vlan['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): - vlan['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + vlan['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) # Media Access Control (MAC) address if conf.exists('mac'): diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index ae0b652b0..da6b54e69 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -116,11 +116,11 @@ class Interface(DHCP): 'location': '/proc/sys/net/ipv4/conf/{ifname}/arp_ignore', }, 'ipv6_forwarding': { - 'validate': assert_boolean, + 'validate': lambda fwd: assert_range(fwd,0,2), 'location': '/proc/sys/net/ipv6/conf/{ifname}/forwarding', }, 'ipv6_dad_transmits': { - 'validate': assert_boolean, + 'validate': assert_positive, 'location': '/proc/sys/net/ipv6/conf/{ifname}/dad_transmits', }, 'proxy_arp': { @@ -409,7 +409,7 @@ class Interface(DHCP): """ return self.set_interface('ipv6_forwarding', forwarding) - def set_dad_messages(self, dad): + def set_ipv6_dad_messages(self, dad): """ The amount of Duplicate Address Detection probes to send. Default: 1 diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py index 11143f0bf..b3c5f3b76 100644 --- a/python/vyos/ifconfig_vlan.py +++ b/python/vyos/ifconfig_vlan.py @@ -65,9 +65,9 @@ def apply_vlan_config(vlan, config): # configure ARP ignore vlan.set_arp_ignore(config['ip_enable_arp_ignore']) # Disable IPv6 forwarding on this interface - vlan.ipv6_forwarding(bond['ipv6_forwarding']) + vlan.set_ipv6_forwarding(config['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries - vlan.ipv6_dad_messages(bond['ipv6_dup_addr_detect']) + vlan.set_ipv6_dad_messages(config['ipv6_dup_addr_detect']) # Maximum Transmission Unit (MTU) vlan.set_mtu(config['mtu']) diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index 9349241bd..a570371ab 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -48,8 +48,8 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, - 'ipv6_forwarding': True, - 'ipv6_dup_addr_detect': '1', + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, 'intf': '', 'mac': '', 'mode': '802.3ad', @@ -193,11 +193,11 @@ def get_config(): # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): - bond['ipv6_forwarding'] = False + bond['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): - bond['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + bond['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) # Media Access Control (MAC) address if conf.exists('mac'): diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index 79b5e85e7..af669bc0e 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -46,8 +46,8 @@ default_config_data = { 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, - 'ipv6_forwarding': True, - 'ipv6_dup_addr_detect': '1', + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, 'igmp_querier': 0, 'intf': '', 'mac' : '', @@ -156,11 +156,11 @@ def get_config(): # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): - bridge['ipv6_forwarding'] = False + bridge['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): - bridge['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + bridge['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) # Media Access Control (MAC) address if conf.exists('mac'): diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index 84e7d1c44..e2017173a 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -48,8 +48,8 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, - 'ipv6_forwarding': True, - 'ipv6_dup_addr_detect': '1', + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, 'intf': '', 'mac': '', 'mtu': 1500, @@ -171,11 +171,11 @@ def get_config(): # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): - eth['ipv6_forwarding'] = False + eth['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): - eth['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + eth['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) # Media Access Control (MAC) address if conf.exists('mac'): diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 5334472d3..d0c610625 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -33,8 +33,8 @@ default_config_data = { 'local_address': '', 'local_port': 5000, 'intf': '', - 'ipv6_forwarding': True, - 'ipv6_dup_addr_detect': '1', + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, 'mtu': 1488, 'peer_session_id': '', 'peer_tunnel_id': '', @@ -105,11 +105,11 @@ def get_config(): # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): - l2tpv3['ipv6_forwarding'] = False + l2tpv3['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): - l2tpv3['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + l2tpv3['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) # Maximum Transmission Unit (MTU) if conf.exists('mtu'): diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 84de67e46..143bf9ae9 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -294,8 +294,8 @@ default_config_data = { 'encryption': '', 'hash': '', 'intf': '', - 'ipv6_forwarding': True, - 'ipv6_dup_addr_detect': '1', + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, 'ping_restart': '60', 'ping_interval': '10', 'local_address': '', @@ -494,11 +494,11 @@ def get_config(): # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): - openvpn['ipv6_forwarding'] = False + openvpn['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): - openvpn['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + openvpn['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) # OpenVPN operation mode if conf.exists('mode'): diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 19c8bbedc..14b868b0a 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -45,8 +45,8 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, - 'ipv6_forwarding': True, - 'ipv6_dup_addr_detect': '1', + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, 'intf': '', 'link': '', 'link_changed': False, @@ -149,11 +149,11 @@ def get_config(): # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): - peth['ipv6_forwarding'] = False + peth['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): - peth['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + peth['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) # Lower link device if conf.exists(['link']): diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 48271ff65..e1d31369e 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -37,8 +37,8 @@ default_config_data = { 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, - 'ipv6_forwarding': True, - 'ipv6_dup_addr_detect': '1', + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, 'link': '', 'mtu': 1450, 'remote': '', @@ -107,11 +107,11 @@ def get_config(): # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): - vxlan['ipv6_forwarding'] = False + vxlan['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): - vxlan['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + vxlan['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) # VXLAN underlay interface if conf.exists('link'): diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 29257141d..2d0b2ade7 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -827,8 +827,8 @@ default_config_data = { 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, - 'ipv6_forwarding': True, - 'ipv6_dup_addr_detect': '1', + 'ipv6_forwarding': 1, + 'ipv6_dup_addr_detect': 1, 'mac' : '', 'max_stations' : '', 'mgmt_frame_protection' : 'disabled', @@ -1144,11 +1144,11 @@ def get_config(): # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): - wifi['ipv6_forwarding'] = False + wifi['ipv6_forwarding'] = 0 # IPv6 Duplicate Address Detection (DAD) tries if conf.exists('ipv6 dup-addr-detect-transmits'): - wifi['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + wifi['ipv6_dup_addr_detect'] = int(conf.return_value('ipv6 dup-addr-detect-transmits')) # Wireless physical device if conf.exists('physical-device'): @@ -1498,9 +1498,9 @@ def apply(wifi): # configure ARP ignore w.set_arp_ignore(wifi['ip_enable_arp_ignore']) # Disable IPv6 forwarding on this interface - w.set_ipv6_forwarding(bond['ipv6_forwarding']) + w.set_ipv6_forwarding(wifi['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries - w.set_ipv6_dad_messages(bond['ipv6_dup_addr_detect']) + w.set_ipv6_dad_messages(wifi['ipv6_dup_addr_detect']) # Configure interface address(es) # - not longer required addresses get removed first -- cgit v1.2.3 From 09a0cecf02972fa9019fcfd900c50b27797f40e2 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 27 Mar 2020 17:03:24 +0100 Subject: ipv6: T1831: migrate autoconf node Autoconfigure addresses using Prefix Information in Router Advertisements. --- interface-definitions/include/ipv6-address.xml.i | 10 ++++++++++ interface-definitions/include/vif.xml.i | 1 + interface-definitions/interfaces-bonding.xml.in | 1 + interface-definitions/interfaces-bridge.xml.in | 1 + interface-definitions/interfaces-ethernet.xml.in | 1 + interface-definitions/interfaces-l2tpv3.xml.in | 1 + interface-definitions/interfaces-openvpn.xml.in | 1 + interface-definitions/interfaces-pseudo-ethernet.xml.in | 1 + interface-definitions/interfaces-tunnel.xml.in | 1 + interface-definitions/interfaces-vxlan.xml.in | 1 + interface-definitions/interfaces-wireless.xml.in | 1 + python/vyos/configdict.py | 5 +++++ python/vyos/ifconfig/interface.py | 11 +++++++++++ python/vyos/ifconfig_vlan.py | 4 +++- src/conf_mode/interfaces-bonding.py | 9 ++++++++- src/conf_mode/interfaces-bridge.py | 9 ++++++++- src/conf_mode/interfaces-ethernet.py | 8 ++++++++ src/conf_mode/interfaces-l2tpv3.py | 9 ++++++++- src/conf_mode/interfaces-openvpn.py | 9 ++++++++- src/conf_mode/interfaces-pseudo-ethernet.py | 9 ++++++++- src/conf_mode/interfaces-vxlan.py | 9 ++++++++- src/conf_mode/interfaces-wireless.py | 9 ++++++++- 22 files changed, 103 insertions(+), 8 deletions(-) create mode 100644 interface-definitions/include/ipv6-address.xml.i (limited to 'python') diff --git a/interface-definitions/include/ipv6-address.xml.i b/interface-definitions/include/ipv6-address.xml.i new file mode 100644 index 000000000..31629830e --- /dev/null +++ b/interface-definitions/include/ipv6-address.xml.i @@ -0,0 +1,10 @@ + + + + + Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + + + + + diff --git a/interface-definitions/include/vif.xml.i b/interface-definitions/include/vif.xml.i index 3316dd784..819534dc1 100644 --- a/interface-definitions/include/vif.xml.i +++ b/interface-definitions/include/vif.xml.i @@ -53,6 +53,7 @@ + #include #include #include diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in index 641125d25..166f23285 100644 --- a/interface-definitions/interfaces-bonding.xml.in +++ b/interface-definitions/interfaces-bonding.xml.in @@ -91,6 +91,7 @@ + #include #include #include diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in index 52ba0436f..f41110a3f 100644 --- a/interface-definitions/interfaces-bridge.xml.in +++ b/interface-definitions/interfaces-bridge.xml.in @@ -88,6 +88,7 @@ + #include #include #include diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in index 2f649b006..2b461cfaa 100644 --- a/interface-definitions/interfaces-ethernet.xml.in +++ b/interface-definitions/interfaces-ethernet.xml.in @@ -81,6 +81,7 @@ + #include #include #include diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in index 92ea946e8..161a37df8 100644 --- a/interface-definitions/interfaces-l2tpv3.xml.in +++ b/interface-definitions/interfaces-l2tpv3.xml.in @@ -53,6 +53,7 @@ + #include #include #include diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in index a500c629c..cd5b5f29e 100644 --- a/interface-definitions/interfaces-openvpn.xml.in +++ b/interface-definitions/interfaces-openvpn.xml.in @@ -164,6 +164,7 @@ + #include #include #include diff --git a/interface-definitions/interfaces-pseudo-ethernet.xml.in b/interface-definitions/interfaces-pseudo-ethernet.xml.in index 53ff9f036..772056bd2 100644 --- a/interface-definitions/interfaces-pseudo-ethernet.xml.in +++ b/interface-definitions/interfaces-pseudo-ethernet.xml.in @@ -35,6 +35,7 @@ + #include #include #include diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in index fc6528193..fe4a81f92 100644 --- a/interface-definitions/interfaces-tunnel.xml.in +++ b/interface-definitions/interfaces-tunnel.xml.in @@ -24,6 +24,7 @@ #include + #include #include #include diff --git a/interface-definitions/interfaces-vxlan.xml.in b/interface-definitions/interfaces-vxlan.xml.in index a69c0feed..70c45d1fd 100644 --- a/interface-definitions/interfaces-vxlan.xml.in +++ b/interface-definitions/interfaces-vxlan.xml.in @@ -47,6 +47,7 @@ + #include #include #include diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index 08259b31a..2c224987e 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -471,6 +471,7 @@ + #include #include #include diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index b0214ded4..66da52ff3 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -123,6 +123,7 @@ def vlan_to_dict(conf): 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, + 'ipv6_autoconf': 0, 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'ingress_qos': '', @@ -189,6 +190,10 @@ def vlan_to_dict(conf): if conf.exists('ip enable-arp-ignore'): vlan['ip_enable_arp_ignore'] = 1 + # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + if conf.exists('ipv6 address autoconf'): + vlan['ipv6_autoconf'] = 1 + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): vlan['ipv6_forwarding'] = 0 diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index da6b54e69..a2d202466 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -115,6 +115,10 @@ class Interface(DHCP): 'validate': assert_boolean, 'location': '/proc/sys/net/ipv4/conf/{ifname}/arp_ignore', }, + 'ipv6_autoconf': { + 'validate': lambda fwd: assert_range(fwd,0,2), + 'location': '/proc/sys/net/ipv6/conf/{ifname}/autoconf', + }, 'ipv6_forwarding': { 'validate': lambda fwd: assert_range(fwd,0,2), 'location': '/proc/sys/net/ipv6/conf/{ifname}/forwarding', @@ -382,6 +386,13 @@ class Interface(DHCP): """ return self.set_interface('arp_ignore', arp_ignore) + def set_ipv6_autoconf(self, autoconf): + """ + Autoconfigure addresses using Prefix Information in Router + Advertisements. + """ + return self.set_interface('ipv6_autoconf', autoconf) + def set_ipv6_forwarding(self, forwarding): """ Configure IPv6 interface-specific Host/Router behaviour. diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py index b3c5f3b76..00270cf58 100644 --- a/python/vyos/ifconfig_vlan.py +++ b/python/vyos/ifconfig_vlan.py @@ -64,7 +64,9 @@ def apply_vlan_config(vlan, config): vlan.set_arp_announce(config['ip_enable_arp_announce']) # configure ARP ignore vlan.set_arp_ignore(config['ip_enable_arp_ignore']) - # Disable IPv6 forwarding on this interface + # IPv6 address autoconfiguration + vlan.set_ipv6_autoconf(config['ipv6_autoconf']) + # IPv6 forwarding vlan.set_ipv6_forwarding(config['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries vlan.set_ipv6_dad_messages(config['ipv6_dup_addr_detect']) diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index a570371ab..ab58b9159 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -48,6 +48,7 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, + 'ipv6_autoconf': 0, 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'intf': '', @@ -191,6 +192,10 @@ def get_config(): if conf.exists('ip proxy-arp-pvlan'): bond['ip_proxy_arp_pvlan'] = 1 + # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + if conf.exists('ipv6 address autoconf'): + bond['ipv6_autoconf'] = 1 + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): bond['ipv6_forwarding'] = 0 @@ -426,7 +431,9 @@ def apply(bond): b.set_proxy_arp(bond['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface b.set_proxy_arp_pvlan(bond['ip_proxy_arp_pvlan']) - # Disable IPv6 forwarding on this interface + # IPv6 address autoconfiguration + b.set_ipv6_autoconf(bond['ipv6_autoconf']) + # IPv6 forwarding b.set_ipv6_forwarding(bond['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries b.set_ipv6_dad_messages(bond['ipv6_dup_addr_detect']) diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index af669bc0e..1e143e30c 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -46,6 +46,7 @@ default_config_data = { 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, + 'ipv6_autoconf': 0, 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'igmp_querier': 0, @@ -154,6 +155,10 @@ def get_config(): if conf.exists('ip enable-arp-ignore'): bridge['ip_enable_arp_ignore'] = 1 + # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + if conf.exists('ipv6 address autoconf'): + bridge['ipv6_autoconf'] = 1 + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): bridge['ipv6_forwarding'] = 0 @@ -268,7 +273,9 @@ def apply(bridge): br.set_arp_announce(bridge['ip_enable_arp_announce']) # configure ARP ignore br.set_arp_ignore(bridge['ip_enable_arp_ignore']) - # Disable IPv6 forwarding on this interface + # IPv6 address autoconfiguration + br.set_ipv6_autoconf(bridge['ipv6_autoconf']) + # IPv6 forwarding br.set_ipv6_forwarding(bridge['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries br.set_ipv6_dad_messages(bridge['ipv6_dup_addr_detect']) diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index e2017173a..c7fabce60 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -48,6 +48,7 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, + 'ipv6_autoconf': 0, 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'intf': '', @@ -169,6 +170,10 @@ def get_config(): if conf.exists('ip proxy-arp-pvlan'): eth['ip_proxy_arp_pvlan'] = 1 + # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + if conf.exists('ipv6 address autoconf'): + eth['ipv6_autoconf'] = 1 + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): eth['ipv6_forwarding'] = 0 @@ -337,6 +342,9 @@ def apply(eth): # Enable private VLAN proxy ARP on this interface e.set_proxy_arp_pvlan(eth['ip_proxy_arp_pvlan']) # Disable IPv6 forwarding on this interface + # IPv6 address autoconfiguration + e.set_ipv6_autoconf(eth['ipv6_autoconf']) + # IPv6 forwarding e.set_ipv6_forwarding(eth['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries e.set_ipv6_dad_messages(eth['ipv6_dup_addr_detect']) diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index d0c610625..18ae1f4d8 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -33,6 +33,7 @@ default_config_data = { 'local_address': '', 'local_port': 5000, 'intf': '', + 'ipv6_autoconf': 0, 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'mtu': 1488, @@ -103,6 +104,10 @@ def get_config(): if conf.exists('local-ip'): l2tpv3['local_address'] = conf.return_value('local-ip') + # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + if conf.exists('ipv6 address autoconf'): + l2tpv3['ipv6_autoconf'] = 1 + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): l2tpv3['ipv6_forwarding'] = 0 @@ -203,7 +208,9 @@ def apply(l2tpv3): l.set_alias(l2tpv3['description']) # Maximum Transfer Unit (MTU) l.set_mtu(l2tpv3['mtu']) - # Disable IPv6 forwarding on this interface + # IPv6 address autoconfiguration + l.set_ipv6_autoconf(l2tpv3['ipv6_autoconf']) + # IPv6 forwarding l.set_ipv6_forwarding(l2tpv3['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries l.set_ipv6_dad_messages(l2tpv3['ipv6_dup_addr_detect']) diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index 143bf9ae9..a91cc2d73 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -294,6 +294,7 @@ default_config_data = { 'encryption': '', 'hash': '', 'intf': '', + 'ipv6_autoconf': 0, 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'ping_restart': '60', @@ -492,6 +493,10 @@ def get_config(): if conf.exists('local-port'): openvpn['local_port'] = conf.return_value('local-port') + # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + if conf.exists('ipv6 address autoconf'): + openvpn['ipv6_autoconf'] = 1 + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): openvpn['ipv6_forwarding'] = 0 @@ -1049,7 +1054,9 @@ def apply(openvpn): o = VTunIf(openvpn['intf']) # update interface description used e.g. within SNMP o.set_alias(openvpn['description']) - # Disable IPv6 forwarding on this interface + # IPv6 address autoconfiguration + o.set_ipv6_autoconf(openvpn['ipv6_autoconf']) + # IPv6 forwarding o.set_ipv6_forwarding(openvpn['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries o.set_ipv6_dad_messages(openvpn['ipv6_dup_addr_detect']) diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 14b868b0a..4b1abc553 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -45,6 +45,7 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, + 'ipv6_autoconf': 0, 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'intf': '', @@ -147,6 +148,10 @@ def get_config(): if conf.exists(['ip', 'proxy-arp-pvlan']): peth['ip_proxy_arp_pvlan'] = 1 + # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + if conf.exists('ipv6 address autoconf'): + peth['ipv6_autoconf'] = 1 + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): peth['ipv6_forwarding'] = 0 @@ -306,7 +311,9 @@ def apply(peth): p.set_proxy_arp(peth['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface p.set_proxy_arp_pvlan(peth['ip_proxy_arp_pvlan']) - # Disable IPv6 forwarding on this interface + # IPv6 address autoconfiguration + p.set_ipv6_autoconf(peth['ipv6_autoconf']) + # IPv6 forwarding p.set_ipv6_forwarding(peth['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries p.set_ipv6_dad_messages(peth['ipv6_dup_addr_detect']) diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index e1d31369e..294864bc1 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -37,6 +37,7 @@ default_config_data = { 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, + 'ipv6_autoconf': 0, 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'link': '', @@ -105,6 +106,10 @@ def get_config(): if conf.exists('ip enable-proxy-arp'): vxlan['ip_proxy_arp'] = 1 + # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + if conf.exists('ipv6 address autoconf'): + vxlan['ipv6_autoconf'] = 1 + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): vxlan['ipv6_forwarding'] = 0 @@ -211,7 +216,9 @@ def apply(vxlan): v.set_arp_ignore(vxlan['ip_enable_arp_ignore']) # Enable proxy-arp on this interface v.set_proxy_arp(vxlan['ip_proxy_arp']) - # Disable IPv6 forwarding on this interface + # IPv6 address autoconfiguration + v.set_ipv6_autoconf(vxlan['ipv6_autoconf']) + # IPv6 forwarding v.set_ipv6_forwarding(vxlan['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries v.set_ipv6_dad_messages(vxlan['ipv6_dup_addr_detect']) diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 2d0b2ade7..d368cfa5d 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -827,6 +827,7 @@ default_config_data = { 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, + 'ipv6_autoconf': 0, 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'mac' : '', @@ -1138,6 +1139,10 @@ def get_config(): if conf.exists('ip enable-arp-announce'): wifi['ip_enable_arp_announce'] = 1 + # Enable acquisition of IPv6 address using stateless autoconfig (SLAAC) + if conf.exists('ipv6 address autoconf'): + wifi['ipv6_autoconf'] = 1 + # ARP enable ignore if conf.exists('ip enable-arp-ignore'): wifi['ip_enable_arp_ignore'] = 1 @@ -1497,7 +1502,9 @@ def apply(wifi): w.set_arp_announce(wifi['ip_enable_arp_announce']) # configure ARP ignore w.set_arp_ignore(wifi['ip_enable_arp_ignore']) - # Disable IPv6 forwarding on this interface + # IPv6 address autoconfiguration + w.set_ipv6_autoconf(wifi['ipv6_autoconf']) + # IPv6 forwarding w.set_ipv6_forwarding(wifi['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries w.set_ipv6_dad_messages(wifi['ipv6_dup_addr_detect']) -- cgit v1.2.3 From 0d1c8e4021b8da5c15883b860bd27d4e374bd045 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 27 Mar 2020 18:09:53 +0100 Subject: vyos.util: import cleanup Instead of including all functions/classes from a file, only include the ones we really need. --- python/vyos/util.py | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) (limited to 'python') diff --git a/python/vyos/util.py b/python/vyos/util.py index 67a602f7a..e8727c192 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -15,16 +15,16 @@ import os import re -import getpass -import grp -import time -import subprocess import sys - import psutil import vyos.defaults +from getpass import getuser +from grp import getgrnam +from time import sleep +from subprocess import check_output +from ipaddress import ip_network def read_file(path): """ Read a file to string """ @@ -32,6 +32,7 @@ def read_file(path): data = f.read().strip() return data + def colon_separated_to_dict(data_string, uniquekeys=False): """ Converts a string containing newline-separated entries of colon-separated key-value pairs into a dict. @@ -80,12 +81,14 @@ def colon_separated_to_dict(data_string, uniquekeys=False): return data + def process_running(pid_file): """ Checks if a process with PID in pid_file is running """ with open(pid_file, 'r') as f: pid = f.read().strip() return psutil.pid_exists(int(pid)) + def seconds_to_human(s, separator=""): """ Converts number of seconds passed to a human-readable interval such as 1w4d18h35m59s @@ -125,10 +128,12 @@ def seconds_to_human(s, separator=""): return result + def get_cfg_group_id(): - group_data = grp.getgrnam(vyos.defaults.cfg_group) + group_data = getgrnam(vyos.defaults.cfg_group) return group_data.gr_gid + def file_is_persistent(path): if not re.match(r'^(/config|/opt/vyatta/etc/config)', os.path.dirname(path)): warning = "Warning: file {0} is outside the /config directory\n".format(path) @@ -137,6 +142,7 @@ def file_is_persistent(path): else: return (True, None) + def commit_in_progress(): """ Not to be used in normal op mode scripts! """ @@ -154,7 +160,7 @@ def commit_in_progress(): # Since this will be used in scripts that modify the config outside of the CLI # framework, those knowingly have root permissions. # For everything else, we add a safeguard. - id = subprocess.check_output(['/usr/bin/id', '-u']).decode().strip() + id = check_output(['/usr/bin/id', '-u']).decode().strip() if id != '0': raise OSError("This functions needs root permissions to return correct results") @@ -171,12 +177,14 @@ def commit_in_progress(): # Default case return False + def wait_for_commit_lock(): """ Not to be used in normal op mode scripts! """ # Very synchronous approach to multiprocessing while commit_in_progress(): - time.sleep(1) + sleep(1) + def ask_yes_no(question, default=False) -> bool: """Ask a yes/no question via input() and return their answer.""" @@ -196,6 +204,6 @@ def ask_yes_no(question, default=False) -> bool: def is_admin() -> bool: """Look if current user is in sudo group""" - current_user = getpass.getuser() - (_, _, _, admin_group_members) = grp.getgrnam('sudo') + current_user = getuser() + (_, _, _, admin_group_members) = getgrnam('sudo') return current_user in admin_group_members -- cgit v1.2.3 From 822e171a0023c3f8f335cda08bcbf70b2d6d4070 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 28 Mar 2020 11:28:05 +0100 Subject: ipv6: T1831: migrate eui64 addressing to XML and python --- interface-definitions/include/ipv6-address.xml.i | 12 ++++++++ python/vyos/ifconfig/interface.py | 38 ++++++++++++++++++++++-- python/vyos/util.py | 22 ++++++++++++++ src/conf_mode/interfaces-bonding.py | 7 +++++ src/conf_mode/interfaces-bridge.py | 7 +++++ src/conf_mode/interfaces-ethernet.py | 8 ++++- src/conf_mode/interfaces-l2tpv3.py | 7 +++++ src/conf_mode/interfaces-openvpn.py | 7 +++++ src/conf_mode/interfaces-pseudo-ethernet.py | 7 +++++ src/conf_mode/interfaces-vxlan.py | 7 +++++ src/conf_mode/interfaces-wireless.py | 7 +++++ 11 files changed, 126 insertions(+), 3 deletions(-) (limited to 'python') diff --git a/interface-definitions/include/ipv6-address.xml.i b/interface-definitions/include/ipv6-address.xml.i index 31629830e..507d5dcc1 100644 --- a/interface-definitions/include/ipv6-address.xml.i +++ b/interface-definitions/include/ipv6-address.xml.i @@ -6,5 +6,17 @@ + + + ssign IPv6 address using EUI-64 based on MAC address + + ipv6net + IPv6 address and prefix length + + + + + + diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index a2d202466..8b41d6158 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -21,10 +21,10 @@ import time from copy import deepcopy from vyos.validate import * # should not * include -from vyos.config import Config # not used anymore +from vyos.util import mac2eui64 from vyos import ConfigError -from ipaddress import IPv4Network, IPv6Address +from ipaddress import IPv4Network, IPv6Address, IPv6Network from netifaces import ifaddresses, AF_INET, AF_INET6 from time import sleep from os.path import isfile @@ -393,6 +393,40 @@ class Interface(DHCP): """ return self.set_interface('ipv6_autoconf', autoconf) + def set_ipv6_eui64_address(self, prefix): + """ + Extended Unique Identifier (EUI), as per RFC2373, allows a host to + assign iteslf a unique IPv6 address based on a given IPv6 prefix. + + If prefix is passed address is assigned, if prefix is '' address is + removed from interface. + """ + # if prefix is an empty string convert it to None so mac2eui64 works + # as expected + if not prefix: + prefix = None + + eui64 = mac2eui64(self.get_mac(), prefix) + + if not prefix: + # if prefix is empty - thus removed - we need to walk through all + # interface IPv6 addresses and find the one with the calculated + # EUI-64 identifier. The address is then removed + for addr in self.get_addr(): + addr_wo_prefix = addr.split('/')[0] + if is_ipv6(addr_wo_prefix): + if eui64 in IPv6Address(addr_wo_prefix).exploded: + self.del_addr(addr) + + return None + + # calculate and add EUI-64 IPv6 address + if IPv6Network(prefix): + # we also need to take the subnet length into account + prefix = prefix.split('/')[1] + eui64 = f'{eui64}/{prefix}' + self.add_addr(eui64 ) + def set_ipv6_forwarding(self, forwarding): """ Configure IPv6 interface-specific Host/Router behaviour. diff --git a/python/vyos/util.py b/python/vyos/util.py index e8727c192..635b11ee5 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -207,3 +207,25 @@ def is_admin() -> bool: current_user = getuser() (_, _, _, admin_group_members) = getgrnam('sudo') return current_user in admin_group_members + + +def mac2eui64(mac, prefix=None): + ''' + Convert a MAC address to a EUI64 address or, with prefix provided, a full + IPv6 address. + Thankfully copied from https://gist.github.com/wido/f5e32576bb57b5cc6f934e177a37a0d3 + ''' + # http://tools.ietf.org/html/rfc4291#section-2.5.1 + eui64 = re.sub(r'[.:-]', '', mac).lower() + eui64 = eui64[0:6] + 'fffe' + eui64[6:] + eui64 = hex(int(eui64[0:2], 16) ^ 2)[2:].zfill(2) + eui64[2:] + + if prefix is None: + return ':'.join(re.findall(r'.{4}', eui64)) + else: + try: + net = ip_network(prefix, strict=False) + euil = int('0x{0}'.format(eui64), 16) + return str(net[euil]) + except: # pylint: disable=bare-except + return diff --git a/src/conf_mode/interfaces-bonding.py b/src/conf_mode/interfaces-bonding.py index ab58b9159..cc119b91a 100755 --- a/src/conf_mode/interfaces-bonding.py +++ b/src/conf_mode/interfaces-bonding.py @@ -49,6 +49,7 @@ default_config_data = { 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'intf': '', @@ -196,6 +197,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): bond['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + bond['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): bond['ipv6_forwarding'] = 0 @@ -433,6 +438,8 @@ def apply(bond): b.set_proxy_arp_pvlan(bond['ip_proxy_arp_pvlan']) # IPv6 address autoconfiguration b.set_ipv6_autoconf(bond['ipv6_autoconf']) + # IPv6 EUI-based address + b.set_ipv6_eui64_address(bond['ipv6_eui64_prefix']) # IPv6 forwarding b.set_ipv6_forwarding(bond['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-bridge.py b/src/conf_mode/interfaces-bridge.py index 1e143e30c..28e5957e4 100755 --- a/src/conf_mode/interfaces-bridge.py +++ b/src/conf_mode/interfaces-bridge.py @@ -47,6 +47,7 @@ default_config_data = { 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'igmp_querier': 0, @@ -159,6 +160,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): bridge['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + bridge['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): bridge['ipv6_forwarding'] = 0 @@ -275,6 +280,8 @@ def apply(bridge): br.set_arp_ignore(bridge['ip_enable_arp_ignore']) # IPv6 address autoconfiguration br.set_ipv6_autoconf(bridge['ipv6_autoconf']) + # IPv6 EUI-based address + br.set_ipv6_eui64_address(bridge['ipv6_eui64_prefix']) # IPv6 forwarding br.set_ipv6_forwarding(bridge['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index c7fabce60..286cab88e 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -49,6 +49,7 @@ default_config_data = { 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'intf': '', @@ -174,6 +175,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): eth['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + eth['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): eth['ipv6_forwarding'] = 0 @@ -341,9 +346,10 @@ def apply(eth): e.set_proxy_arp(eth['ip_proxy_arp']) # Enable private VLAN proxy ARP on this interface e.set_proxy_arp_pvlan(eth['ip_proxy_arp_pvlan']) - # Disable IPv6 forwarding on this interface # IPv6 address autoconfiguration e.set_ipv6_autoconf(eth['ipv6_autoconf']) + # IPv6 EUI-based address + e.set_ipv6_eui64_address(eth['ipv6_eui64_prefix']) # IPv6 forwarding e.set_ipv6_forwarding(eth['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-l2tpv3.py b/src/conf_mode/interfaces-l2tpv3.py index 18ae1f4d8..af1d3f482 100755 --- a/src/conf_mode/interfaces-l2tpv3.py +++ b/src/conf_mode/interfaces-l2tpv3.py @@ -34,6 +34,7 @@ default_config_data = { 'local_port': 5000, 'intf': '', 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'mtu': 1488, @@ -108,6 +109,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): l2tpv3['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + l2tpv3['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): l2tpv3['ipv6_forwarding'] = 0 @@ -210,6 +215,8 @@ def apply(l2tpv3): l.set_mtu(l2tpv3['mtu']) # IPv6 address autoconfiguration l.set_ipv6_autoconf(l2tpv3['ipv6_autoconf']) + # IPv6 EUI-based address + l.set_ipv6_eui64_address(l2tpv3['ipv6_eui64_prefix']) # IPv6 forwarding l.set_ipv6_forwarding(l2tpv3['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index a91cc2d73..17aa4697f 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -295,6 +295,7 @@ default_config_data = { 'hash': '', 'intf': '', 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'ping_restart': '60', @@ -497,6 +498,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): openvpn['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + openvpn['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): openvpn['ipv6_forwarding'] = 0 @@ -1056,6 +1061,8 @@ def apply(openvpn): o.set_alias(openvpn['description']) # IPv6 address autoconfiguration o.set_ipv6_autoconf(openvpn['ipv6_autoconf']) + # IPv6 EUI-based address + o.set_ipv6_eui64_address(openvpn['ipv6_eui64_prefix']) # IPv6 forwarding o.set_ipv6_forwarding(openvpn['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-pseudo-ethernet.py b/src/conf_mode/interfaces-pseudo-ethernet.py index 4b1abc553..56d4fdfc3 100755 --- a/src/conf_mode/interfaces-pseudo-ethernet.py +++ b/src/conf_mode/interfaces-pseudo-ethernet.py @@ -46,6 +46,7 @@ default_config_data = { 'ip_proxy_arp': 0, 'ip_proxy_arp_pvlan': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'intf': '', @@ -152,6 +153,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): peth['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + peth['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): peth['ipv6_forwarding'] = 0 @@ -313,6 +318,8 @@ def apply(peth): p.set_proxy_arp_pvlan(peth['ip_proxy_arp_pvlan']) # IPv6 address autoconfiguration p.set_ipv6_autoconf(peth['ipv6_autoconf']) + # IPv6 EUI-based address + p.set_ipv6_eui64_address(peth['ipv6_eui64_prefix']) # IPv6 forwarding p.set_ipv6_forwarding(peth['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-vxlan.py b/src/conf_mode/interfaces-vxlan.py index 294864bc1..3d2638c6f 100755 --- a/src/conf_mode/interfaces-vxlan.py +++ b/src/conf_mode/interfaces-vxlan.py @@ -38,6 +38,7 @@ default_config_data = { 'ip_enable_arp_ignore': 0, 'ip_proxy_arp': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'link': '', @@ -110,6 +111,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): vxlan['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + vxlan['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # Disable IPv6 forwarding on this interface if conf.exists('ipv6 disable-forwarding'): vxlan['ipv6_forwarding'] = 0 @@ -218,6 +223,8 @@ def apply(vxlan): v.set_proxy_arp(vxlan['ip_proxy_arp']) # IPv6 address autoconfiguration v.set_ipv6_autoconf(vxlan['ipv6_autoconf']) + # IPv6 EUI-based address + v.set_ipv6_eui64_address(vxlan['ipv6_eui64_prefix']) # IPv6 forwarding v.set_ipv6_forwarding(vxlan['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index d368cfa5d..2c67c39ae 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -828,6 +828,7 @@ default_config_data = { 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, 'ipv6_autoconf': 0, + 'ipv6_eui64_prefix': '', 'ipv6_forwarding': 1, 'ipv6_dup_addr_detect': 1, 'mac' : '', @@ -1143,6 +1144,10 @@ def get_config(): if conf.exists('ipv6 address autoconf'): wifi['ipv6_autoconf'] = 1 + # Get prefix for IPv6 addressing based on MAC address (EUI-64) + if conf.exists('ipv6 address eui64'): + wifi['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64') + # ARP enable ignore if conf.exists('ip enable-arp-ignore'): wifi['ip_enable_arp_ignore'] = 1 @@ -1504,6 +1509,8 @@ def apply(wifi): w.set_arp_ignore(wifi['ip_enable_arp_ignore']) # IPv6 address autoconfiguration w.set_ipv6_autoconf(wifi['ipv6_autoconf']) + # IPv6 EUI-based address + w.set_ipv6_eui64_address(wifi['ipv6_eui64_prefix']) # IPv6 forwarding w.set_ipv6_forwarding(wifi['ipv6_forwarding']) # IPv6 Duplicate Address Detection (DAD) tries -- cgit v1.2.3