From d59354e52a8a7fbdd6bb0a020f50600d64c799a9 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 29 Dec 2020 11:34:40 +0100 Subject: ethernet: T1466: add EAPoL support --- src/conf_mode/interfaces-ethernet.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py index b358e9725..d8b637dd7 100755 --- a/src/conf_mode/interfaces-ethernet.py +++ b/src/conf_mode/interfaces-ethernet.py @@ -28,12 +28,18 @@ from vyos.configverify import verify_mtu from vyos.configverify import verify_mtu_ipv6 from vyos.configverify import verify_vlan_config from vyos.configverify import verify_vrf +from vyos.configverify import verify_eapol from vyos.ifconfig import EthernetIf +from vyos.template import render +from vyos.util import call from vyos.util import dict_search from vyos import ConfigError from vyos import airbag airbag.enable() +# XXX: wpa_supplicant works on the source interface +wpa_suppl_conf = '/run/wpa_supplicant/{ifname}.conf' + def get_config(config=None): """ Retrive CLI config as dictionary. Dictionary can never be empty, as at least the @@ -67,6 +73,7 @@ def verify(ethernet): verify_dhcpv6(ethernet) verify_address(ethernet) verify_vrf(ethernet) + verify_eapol(ethernet) # XDP requires multiple TX queues if 'xdp' in ethernet: @@ -83,16 +90,31 @@ def verify(ethernet): return None def generate(ethernet): + if 'eapol' in ethernet: + render(wpa_suppl_conf.format(**ethernet), + 'ethernet/wpa_supplicant.conf.tmpl', ethernet) + else: + # delete configuration on interface removal + if os.path.isfile(wpa_suppl_conf.format(**ethernet)): + os.unlink(wpa_suppl_conf.format(**ethernet)) + return None def apply(ethernet): - e = EthernetIf(ethernet['ifname']) + ifname = ethernet['ifname'] + # take care about EAPoL supplicant daemon + eapol_action='stop' + + e = EthernetIf(ifname) if 'deleted' in ethernet: # delete interface e.remove() else: e.update(ethernet) + if 'eapol' in ethernet: + eapol_action='restart' + call(f'systemctl {eapol_action} wpa_supplicant-macsec@{ifname}') if __name__ == '__main__': try: -- cgit v1.2.3