From 7f9ce3017ff4bc99c66e4d5ddfd6a9904ca8542c Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 25 Mar 2020 19:32:34 +0100 Subject: ipv6: T1831: migrate forwarding and dup-addr-detect-transmits nodes ... to new XML and Python based frontend/backend. --- python/vyos/configdict.py | 10 ++++++++++ python/vyos/ifconfig/interface.py | 42 +++++++++++++++++++++++++++++++++++++++ python/vyos/ifconfig_vlan.py | 4 ++++ 3 files changed, 56 insertions(+) (limited to 'python') diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py index a1499479a..705fecd9b 100644 --- a/python/vyos/configdict.py +++ b/python/vyos/configdict.py @@ -123,6 +123,8 @@ def vlan_to_dict(conf): 'ip_enable_arp_accept': 0, 'ip_enable_arp_announce': 0, 'ip_enable_arp_ignore': 0, + 'ipv6_forwarding': True, + 'ipv6_dup_addr_detect': '1', 'ingress_qos': '', 'ingress_qos_changed': False, 'mac': '', @@ -187,6 +189,14 @@ def vlan_to_dict(conf): if conf.exists('ip enable-arp-ignore'): vlan['ip_enable_arp_ignore'] = 1 + # Disable IPv6 forwarding on this interface + if conf.exists('ipv6 disable-forwarding'): + vlan['ipv6_forwarding'] = False + + # IPv6 Duplicate Address Detection (DAD) tries + if conf.exists('ipv6 dup-addr-detect-transmits'): + vlan['ipv6_dup_addr_detect'] = conf.return_value('dup-addr-detect-transmits') + # Media Access Control (MAC) address if conf.exists('mac'): vlan['mac'] = conf.return_value('mac') diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 0fddc67f3..ae0b652b0 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -115,6 +115,14 @@ class Interface(DHCP): 'validate': assert_boolean, 'location': '/proc/sys/net/ipv4/conf/{ifname}/arp_ignore', }, + 'ipv6_forwarding': { + 'validate': assert_boolean, + 'location': '/proc/sys/net/ipv6/conf/{ifname}/forwarding', + }, + 'ipv6_dad_transmits': { + 'validate': assert_boolean, + 'location': '/proc/sys/net/ipv6/conf/{ifname}/dad_transmits', + }, 'proxy_arp': { 'validate': assert_boolean, 'location': '/proc/sys/net/ipv4/conf/{ifname}/proxy_arp', @@ -374,6 +382,40 @@ class Interface(DHCP): """ return self.set_interface('arp_ignore', arp_ignore) + def set_ipv6_forwarding(self, forwarding): + """ + Configure IPv6 interface-specific Host/Router behaviour. + + False: + + By default, Host behaviour is assumed. This means: + + 1. IsRouter flag is not set in Neighbour Advertisements. + 2. If accept_ra is TRUE (default), transmit Router + Solicitations. + 3. If accept_ra is TRUE (default), accept Router + Advertisements (and do autoconfiguration). + 4. If accept_redirects is TRUE (default), accept Redirects. + + True: + + If local forwarding is enabled, Router behaviour is assumed. + This means exactly the reverse from the above: + + 1. IsRouter flag is set in Neighbour Advertisements. + 2. Router Solicitations are not sent unless accept_ra is 2. + 3. Router Advertisements are ignored unless accept_ra is 2. + 4. Redirects are ignored. + """ + return self.set_interface('ipv6_forwarding', forwarding) + + def set_dad_messages(self, dad): + """ + The amount of Duplicate Address Detection probes to send. + Default: 1 + """ + return self.set_interface('ipv6_dad_transmits', dad) + def set_link_detect(self, link_filter): """ Configure kernel response in packets received on interfaces that are 'down' diff --git a/python/vyos/ifconfig_vlan.py b/python/vyos/ifconfig_vlan.py index 015f4d4af..11143f0bf 100644 --- a/python/vyos/ifconfig_vlan.py +++ b/python/vyos/ifconfig_vlan.py @@ -64,6 +64,10 @@ def apply_vlan_config(vlan, config): vlan.set_arp_announce(config['ip_enable_arp_announce']) # configure ARP ignore vlan.set_arp_ignore(config['ip_enable_arp_ignore']) + # Disable IPv6 forwarding on this interface + vlan.ipv6_forwarding(bond['ipv6_forwarding']) + # IPv6 Duplicate Address Detection (DAD) tries + vlan.ipv6_dad_messages(bond['ipv6_dup_addr_detect']) # Maximum Transmission Unit (MTU) vlan.set_mtu(config['mtu']) -- cgit v1.2.3