X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=ifupdown2%2Faddons%2Faddress.py;h=f576dc02dc081b44fdbea6a64e105785fa161baa;hb=d1477c4b9fe5461c8b6ce0251e8336d1a93c32ba;hp=a69f29454e267640f45031d195f2f41d000fdf36;hpb=7b444c7cf44b8a21a309ceb24779b9ce6a60ede7;p=mirror_ifupdown2.git diff --git a/ifupdown2/addons/address.py b/ifupdown2/addons/address.py index a69f294..f576dc0 100644 --- a/ifupdown2/addons/address.py +++ b/ifupdown2/addons/address.py @@ -148,6 +148,22 @@ class address(moduleBase): self.lower_iface_mtu_checked_list = list() + self.l3_intf_arp_accept = utils.get_boolean_from_string( + policymanager.policymanager_api.get_module_globals( + module_name=self.__class__.__name__, + attr='l3_intf_arp_accept' + ), + default=False + ) + + self.l3_intf_default_gateway_set_onlink = utils.get_boolean_from_string( + policymanager.policymanager_api.get_module_globals( + module_name=self.__class__.__name__, + attr='l3_intf_default_gateway_set_onlink' + ), + default=True + ) + def syntax_check(self, ifaceobj, ifaceobj_getfunc=None): return (self.syntax_check_multiple_gateway(ifaceobj) and self.syntax_check_addr_allowed_on(ifaceobj, True) @@ -265,13 +281,16 @@ class address(moduleBase): is_vlan_dev_on_vlan_aware_bridge = self.ipcmd.bridge_is_vlan_aware(bridgename) if ((is_bridge and not self.ipcmd.bridge_is_vlan_aware(ifaceobj.name)) or is_vlan_dev_on_vlan_aware_bridge): - if self._address_valid(addrs): - if up: - self.write_file('/proc/sys/net/ipv4/conf/%s' %ifaceobj.name + - '/arp_accept', '1') - else: - self.write_file('/proc/sys/net/ipv4/conf/%s' %ifaceobj.name + - '/arp_accept', '0') + if self._address_valid(addrs): + if self.l3_intf_arp_accept: + if up: + self.write_file('/proc/sys/net/ipv4/conf/%s' % ifaceobj.name + + '/arp_accept', '1') + else: + self.write_file('/proc/sys/net/ipv4/conf/%s' % ifaceobj.name + + '/arp_accept', '0') + else: + self.write_file('/proc/sys/net/ipv4/conf/%s/arp_accept' % ifaceobj.name, '0') if hwaddress and is_vlan_dev_on_vlan_aware_bridge: if up: self.ipcmd.bridge_fdb_add(bridgename, hwaddress, vlan) @@ -487,7 +506,7 @@ class address(moduleBase): vrf, metric) for add_gw in gateways: try: - self.ipcmd.route_add_gateway(ifaceobj.name, add_gw, vrf, metric) + self.ipcmd.route_add_gateway(ifaceobj.name, add_gw, vrf, metric, onlink=self.l3_intf_default_gateway_set_onlink) except Exception as e: self.log_error('%s: %s' % (ifaceobj.name, str(e))) @@ -584,10 +603,12 @@ class address(moduleBase): return if ifaceobj.link_kind: - # bonds and vxlan devices need an explicit set of mtu. + # bonds, vxlan and custom devices (like dummy) need an explicit set of mtu. # bridges don't need mtu set if (ifaceobj.link_kind & ifaceLinkKind.BOND or - ifaceobj.link_kind & ifaceLinkKind.VXLAN): + ifaceobj.link_kind & ifaceLinkKind.VXLAN or + ifaceobj.link_kind & ifaceLinkKind.OTHER + ): running_mtu = self.ipcmd.link_get_mtu(ifaceobj.name) if (self.default_mtu and running_mtu != self.default_mtu): self.ipcmd.link_set(ifaceobj.name, 'mtu', self.default_mtu) @@ -625,17 +646,23 @@ class address(moduleBase): def _set_bridge_forwarding(self, ifaceobj): """ set ip forwarding to 0 if bridge interface does not have a ip nor svi """ + ifname = ifaceobj.name if not ifaceobj.upperifaces and not ifaceobj.get_attr_value('address'): - # set forwarding = 0 - if self.sysctl_get('net.ipv4.conf.%s.forwarding' %ifaceobj.name) == '1': - self.sysctl_set('net.ipv4.conf.%s.forwarding' %ifaceobj.name, 0) - if self.sysctl_get('net.ipv6.conf.%s.forwarding' %ifaceobj.name) == '1': - self.sysctl_set('net.ipv6.conf.%s.forwarding' %ifaceobj.name, 0) + if self.sysctl_get_forwarding_value_from_proc(ifname, "ipv4") == '1': + self.sysctl_write_forwarding_value_to_proc(ifname, "ipv4", 0) + if self.sysctl_get_forwarding_value_from_proc(ifname, "ipv6") == '1': + self.sysctl_write_forwarding_value_to_proc(ifname, "ipv6", 0) else: - if self.sysctl_get('net.ipv4.conf.%s.forwarding' %ifaceobj.name) == '0': - self.sysctl_set('net.ipv4.conf.%s.forwarding' %ifaceobj.name, 1) - if self.sysctl_get('net.ipv6.conf.%s.forwarding' %ifaceobj.name) == '0': - self.sysctl_set('net.ipv6.conf.%s.forwarding' %ifaceobj.name, 1) + if self.sysctl_get_forwarding_value_from_proc(ifname, "ipv4") == '0': + self.sysctl_write_forwarding_value_to_proc(ifname, "ipv4", 1) + if self.sysctl_get_forwarding_value_from_proc(ifname, "ipv6") == '0': + self.sysctl_write_forwarding_value_to_proc(ifname, "ipv6", 1) + + def sysctl_get_forwarding_value_from_proc(self, ifname, family): + return self.read_file_oneline("/proc/sys/net/%s/conf/%s/forwarding" % (family, ifname)) + + def sysctl_write_forwarding_value_to_proc(self, ifname, family, value): + self.write_file("/proc/sys/net/%s/conf/%s/forwarding" % (family, ifname), "%s\n" % value) def _sysctl_config(self, ifaceobj): setting_default_value = False @@ -690,51 +717,57 @@ class address(moduleBase): self.log_error('%s: \'ip6-forward\' is not supported for ' 'bridge port' %ifaceobj.name) return + setting_default_value = False if not ipforward: setting_default_value = True - ipforward = (self.ipforward or - self.get_mod_subattr('ip-forward', 'default')) - ipforward = utils.boolean_support_binary(ipforward) - # File read has been used for better performance - # instead of using sysctl command - running_ipforward = self.read_file_oneline( - '/proc/sys/net/ipv4/conf/%s/forwarding' - %ifaceobj.name) - if ipforward != running_ipforward: - try: - self.sysctl_set('net.ipv4.conf.%s.forwarding' - %('/'.join(ifaceobj.name.split("."))), - ipforward) - except Exception as e: - if not setting_default_value: - ifaceobj.status = ifaceStatus.ERROR - self.logger.error('%s: %s' %(ifaceobj.name, str(e))) + ipforward = self.ipforward + + if ipforward: + ipforward = utils.boolean_support_binary(ipforward) + # File read has been used for better performance + # instead of using sysctl command + running_ipforward = self.read_file_oneline( + '/proc/sys/net/ipv4/conf/%s/forwarding' + %ifaceobj.name) + + if ipforward != running_ipforward: + try: + + self.sysctl_set('net.ipv4.conf.%s.forwarding' + %('/'.join(ifaceobj.name.split("."))), + ipforward) + except Exception as e: + if not setting_default_value: + ifaceobj.status = ifaceStatus.ERROR + self.logger.error('%s: %s' %(ifaceobj.name, str(e))) + setting_default_value = False if not ip6forward: setting_default_value = True - ip6forward = (self.ip6forward or - self.get_mod_subattr('ip6-forward', 'default')) - ip6forward = utils.boolean_support_binary(ip6forward) - # File read has been used for better performance - # instead of using sysctl command - running_ip6forward = self.read_file_oneline( - '/proc/sys/net/ipv6/conf/%s/forwarding' - %ifaceobj.name) - if ip6forward != running_ip6forward: - try: - self.sysctl_set('net.ipv6.conf.%s.forwarding' - %('/'.join(ifaceobj.name.split("."))), - ip6forward) - except Exception as e: - # There is chance of ipv6 being removed because of, - # for example, setting mtu < 1280 - # In such cases, log error only if user has configured - # ip6-forward - if not setting_default_value: - ifaceobj.status = ifaceStatus.ERROR - self.logger.error('%s: %s' %(ifaceobj.name, str(e))) + ip6forward = self.ip6forward + + if ip6forward: + ip6forward = utils.boolean_support_binary(ip6forward) + # File read has been used for better performance + # instead of using sysctl command + running_ip6forward = self.read_file_oneline( + '/proc/sys/net/ipv6/conf/%s/forwarding' + %ifaceobj.name) + if ip6forward != running_ip6forward: + try: + self.sysctl_set('net.ipv6.conf.%s.forwarding' + %('/'.join(ifaceobj.name.split("."))), + ip6forward) + except Exception as e: + # There is chance of ipv6 being removed because of, + # for example, setting mtu < 1280 + # In such cases, log error only if user has configured + # ip6-forward + if not setting_default_value: + ifaceobj.status = ifaceStatus.ERROR + self.logger.error('%s: %s' %(ifaceobj.name, str(e))) def process_mtu(self, ifaceobj, ifaceobj_getfunc): mtu = ifaceobj.get_attr_value_first('mtu') @@ -755,17 +788,16 @@ class address(moduleBase): def up_ipv6_addrgen(self, ifaceobj): user_configured_ipv6_addrgen = ifaceobj.get_attr_value_first('ipv6-addrgen') - if not user_configured_ipv6_addrgen: - for old_ifaceobj in statemanager.statemanager_api.get_ifaceobjs(ifaceobj.name) or []: - old_config_ipv6_addrgen = old_ifaceobj.get_attr_value_first('ipv6-addrgen') + if not user_configured_ipv6_addrgen and ifupdownflags.flags.PERFMODE: + # no need to go further during perfmode (boot) + return - if old_config_ipv6_addrgen: - user_configured_ipv6_addrgen = self.get_attr_default_value('ipv6-addrgen') - break + if not user_configured_ipv6_addrgen and ifaceobj.addr_method == 'dhcp': + return - if not user_configured_ipv6_addrgen: - # no previous config detected we dont have to configure ipv6-addrgen - return + if not user_configured_ipv6_addrgen: + # if user didn't configure ipv6-addrgen, should we reset to default? + user_configured_ipv6_addrgen = self.get_attr_default_value('ipv6-addrgen') ipv6_addrgen_nl = { 'on': 0, @@ -832,13 +864,25 @@ class address(moduleBase): except Exception as e: self.log_error('%s: %s' % (ifaceobj.name, str(e)), ifaceobj, raise_error=False) + self.up_hwaddress(ifaceobj) + + gateways = ifaceobj.get_attr_value('gateway') + if not gateways: + gateways = [] + prev_gw = self._get_prev_gateway(ifaceobj, gateways) + self._add_delete_gateway(ifaceobj, gateways, prev_gw) + + def up_hwaddress(self, ifaceobj): try: hwaddress = self._get_hwaddress(ifaceobj) + if hwaddress: - running_hwaddress = None - if not ifupdownflags.flags.PERFMODE: # system is clean + if not ifupdownflags.flags.PERFMODE: # system is clean running_hwaddress = self.ipcmd.link_get_hwaddress(ifaceobj.name) - if hwaddress != running_hwaddress: + else: + running_hwaddress = None + + if self.ipcmd.mac_str_to_int(running_hwaddress) != self.ipcmd.mac_str_to_int(hwaddress): slave_down = False netlink.link_set_updown(ifaceobj.name, "down") if ifaceobj.link_kind & ifaceLinkKind.BOND: @@ -848,7 +892,7 @@ class address(moduleBase): netlink.link_set_updown(l, "down") slave_down = True try: - self.ipcmd.link_set(ifaceobj.name, 'address', hwaddress) + self.ipcmd.link_set_hwaddress(ifaceobj.name, hwaddress, force=True) finally: netlink.link_set_updown(ifaceobj.name, "up") if slave_down: @@ -858,13 +902,7 @@ class address(moduleBase): # Handle special things on a bridge self._process_bridge(ifaceobj, True) except Exception, e: - self.log_error('%s: %s' %(ifaceobj.name, str(e)), ifaceobj) - - gateways = ifaceobj.get_attr_value('gateway') - if not gateways: - gateways = [] - prev_gw = self._get_prev_gateway(ifaceobj, gateways) - self._add_delete_gateway(ifaceobj, gateways, prev_gw) + self.log_error('%s: %s' % (ifaceobj.name, str(e)), ifaceobj) def _down(self, ifaceobj, ifaceobj_getfunc=None): try: @@ -933,9 +971,12 @@ class address(moduleBase): bridgename = ifaceobj.lowerifaces[0] vlan = self._get_vlan_id(ifaceobj) if self.ipcmd.bridge_is_vlan_aware(bridgename): - fdb_addrs = self._get_bridge_fdbs(bridgename, str(vlan)) - if not fdb_addrs or hwaddress not in fdb_addrs: - return False + fdb_addrs = [self.ipcmd.mac_str_to_int(fdb_addr) for fdb_addr in self._get_bridge_fdbs(bridgename, str(vlan))] + if not fdb_addrs: + return False + hwaddress_int = self.ipcmd.mac_str_to_int(hwaddress) + if hwaddress_int not in fdb_addrs: + return False return True def _query_sysctl(self, ifaceobj, ifaceobjcurr): @@ -1018,7 +1059,7 @@ class address(moduleBase): hwaddress = self._get_hwaddress(ifaceobj) if hwaddress: rhwaddress = self.ipcmd.link_get_hwaddress(ifaceobj.name) - if not rhwaddress or rhwaddress != hwaddress: + if not rhwaddress or self.ipcmd.mac_str_to_int(rhwaddress) != self.ipcmd.mac_str_to_int(hwaddress): ifaceobjcurr.update_config_with_status('hwaddress', rhwaddress, 1) elif not self._check_addresses_in_bridge(ifaceobj, hwaddress):