From 900e75e387939a1d1d4d5b0b79809b8bb2305b91 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Sun, 3 May 2020 13:46:47 +0200 Subject: validate: T2241: rewrite is_bridge_member to generic is_member - rewrite the function to support both bridge and bonding interface types, if the type is passed it searches only that type, otherwise it searches both - move is_member check out of the deleted condition - move is_member check to intf_from_dict for interfaces that use it --- src/conf_mode/interfaces-wireless.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/conf_mode/interfaces-wireless.py') diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 148a7f6e0..04125ff31 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -29,7 +29,7 @@ from vyos.ifconfig import WiFiIf, Section from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.template import render from vyos.util import chown, call -from vyos.validate import is_bridge_member +from vyos.validate import is_member from vyos import ConfigError default_config_data = { @@ -134,12 +134,13 @@ def get_config(): wifi['intf'] = os.environ['VYOS_TAGNODE_VALUE'] + # check if interface is member if a bridge + wifi['is_bridge_member'] = is_member(conf, wifi['intf'], 'bridge') + # check if wireless interface has been removed cfg_base = 'interfaces wireless ' + wifi['intf'] if not conf.exists(cfg_base): wifi['deleted'] = True - # check if interface is member if a bridge - wifi['is_bridge_member'] = is_bridge_member(conf, wifi['intf']) # we can not bail out early as wireless interface can not be removed # Kernel will complain with: RTNETLINK answers: Operation not supported. # Thus we need to remove individual settings -- cgit v1.2.3 From 366a53072f40f9ffbf05800787dc7faef5e489e2 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Fri, 1 May 2020 20:01:54 +0200 Subject: wireless: T2241: make VRF and bridge membership mutually exclusive --- src/conf_mode/interfaces-wireless.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'src/conf_mode/interfaces-wireless.py') diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 04125ff31..319685fbd 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -599,9 +599,15 @@ def verify(wifi): if not radius['key']: raise ConfigError('Misssing RADIUS shared secret key for server: {}'.format(radius['server'])) - vrf_name = wifi['vrf'] - if vrf_name and vrf_name not in interfaces(): - raise ConfigError(f'VRF "{vrf_name}" does not exist') + if wifi['vrf']: + if wifi['vrf'] not in interfaces(): + raise ConfigError(f'VRF "{wifi["vrf"]}" does not exist') + + if wifi['is_bridge_member']: + raise ConfigError(( + f'Interface "{wifi["intf"]}" cannot be member of VRF ' + f'"{wifi["vrf"]}" and bridge {wifi["is_bridge_member"]} ' + f'at the same time!')) # use common function to verify VLAN configuration verify_vlan_config(wifi) -- cgit v1.2.3 From 91762a9c10d3cc047c5a0938fe9827688fcdd5c0 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Fri, 1 May 2020 20:02:34 +0200 Subject: wireless: T2241: make address and bridge membership mutually exclusive Bridge members should not have any addresses assigned. --- src/conf_mode/interfaces-wireless.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'src/conf_mode/interfaces-wireless.py') diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 319685fbd..99f5323d6 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -379,8 +379,8 @@ def get_config(): eff_addr = conf.return_effective_values('ipv6 address eui64') wifi['ipv6_eui64_prefix_remove'] = list_diff(eff_addr, wifi['ipv6_eui64_prefix']) - # Remove the default link-local address if set. - if conf.exists('ipv6 address no-default-link-local'): + # Remove the default link-local address if set or if member of a bridge + if conf.exists('ipv6 address no-default-link-local') or wifi['is_bridge_member']: wifi['ipv6_eui64_prefix_remove'].append('fe80::/64') else: # add the link-local by default to make IPv6 work @@ -599,6 +599,14 @@ def verify(wifi): if not radius['key']: raise ConfigError('Misssing RADIUS shared secret key for server: {}'.format(radius['server'])) + if ( wifi['is_bridge_member'] + and ( wifi['address'] + or wifi['ipv6_eui64_prefix'] + or wifi['ipv6_autoconf'] ) ): + raise ConfigError(( + f'Cannot assign address to interface "{wifi["intf"]}" ' + f'as it is a member of bridge "{wifi["is_bridge_member"]}"!')) + if wifi['vrf']: if wifi['vrf'] not in interfaces(): raise ConfigError(f'VRF "{wifi["vrf"]}" does not exist') -- cgit v1.2.3 From 0e369db49f7b51c175a458dbc32215fbed4ad5a0 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Fri, 1 May 2020 20:03:02 +0200 Subject: wireless: T2241: fix falling out of bridge when changing settings Previously, set_vrf was always called, which uses the same master and nomaster commands as bridge, so it removed the interface from the bridge. - add checks to make VRF and bridge membership mutually exclusive --- src/conf_mode/interfaces-wireless.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src/conf_mode/interfaces-wireless.py') diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 99f5323d6..962238273 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -706,8 +706,10 @@ def apply(wifi): # Finally create the new interface w = WiFiIf(interface, **conf) - # assign/remove VRF - w.set_vrf(wifi['vrf']) + # assign/remove VRF (ONLY when not a member of a bridge, + # otherwise 'nomaster' removes it from it) + if not wifi['is_bridge_member']: + w.set_vrf(wifi['vrf']) # update interface description used e.g. within SNMP w.set_alias(wifi['description']) -- cgit v1.2.3 From ab478417b027ca650563552c11af97742930a451 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Fri, 1 May 2020 20:04:28 +0200 Subject: wireless: T2241: cleanup verify section - make error output more user friendly - replace .format with f-strings - split into lines less than ~80 characters long --- src/conf_mode/interfaces-wireless.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/conf_mode/interfaces-wireless.py') diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 962238273..4d61dc303 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -552,9 +552,9 @@ def get_config(): def verify(wifi): if wifi['deleted']: if wifi['is_bridge_member']: - interface = wifi['intf'] - bridge = wifi['is_bridge_member'] - raise ConfigError(f'Interface "{interface}" can not be deleted as it belongs to bridge "{bridge}"!') + raise ConfigError(( + f'Cannot delete interface "{wifi["intf"]}" as it is a ' + f'member of bridge "{wifi["is_bridge_member"]}"!')) return None -- cgit v1.2.3