bridge: vlan-aware: add new boolean policy "vlan_aware_bridge_address_support"

closes #58 In linux its possible to assign a vlan-aware bridge an ip address For some use cases is it useful to restrict users from configuring ips on bridges VA. This patch will let admins and distributions decide if it is necessary to warn the user in such case. The patch introduces a new 'address' policy: vlan_aware_bridge_address_support: yes|no|on|off|0|1 (default to yes) [16:46:09] root:~ # cat /var/lib/ifupdown2/policy.d/address.json { "address": { "module_globals": { "enable_l3_iface_forwarding_checks": "yes" }, "defaults": { "mtu": "1500", "ip-forward": "on", "ip6-forward": "on" } } } [16:46:16] root:~ # ifquery -a auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp auto bridge iface bridge bridge-ports swp1 bridge-vlan-aware yes address 10.10.10.10/32 [16:46:20] root:~ # ifup -a --syntax-check [16:46:22] root:~ # echo $? 0 [16:46:33] root:~ # nano /var/lib/ifupdown2/policy.d/address.json [16:46:47] root:~ # cat /var/lib/ifupdown2/policy.d/address.json { "address": { "module_globals": { "enable_l3_iface_forwarding_checks": "yes", "vlan_aware_bridge_address_support": "no" }, "defaults": { "mtu": "1500", "ip-forward": "on", "ip6-forward": "on" } } } [16:46:48] root:~ # ifup -a --syntax-check warning: bridge: ignoring ip address. Assigning an IP address is not allowed on bridge vlan aware interfaces [16:46:51] root:~ # echo $? 1 [16:46:52] root:~ # Reviewed-by: Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
2024-05-06 15:54:50 +00:00 · 2018-06-18 18:44:32 +02:00
parent 9bbb13def2
commit 70a6640ce1
2 changed files with 18 additions and 5 deletions
--- a/ifupdown2/ifupdown/utils.py
+++ b/ifupdown2/ifupdown/utils.py
@@ -21,10 +21,12 @@ from ipaddr import IPNetwork, IPAddress
 try:
    from ifupdown2.ifupdown.iface import *

+    import ifupdown2.ifupdown.policymanager as policymanager
    import ifupdown2.ifupdown.ifupdownflags as ifupdownflags
 except ImportError:
    from ifupdown.iface import *

+    import ifupdown.policymanager as policymanager
    import ifupdown.ifupdownflags as ifupdownflags


@@ -37,6 +39,7 @@ def signal_handler_f(ps, sig, frame):
 class utils():
    logger = logging.getLogger('ifupdown')
    DEVNULL = open(os.devnull, 'w')
+    vlan_aware_bridge_address_support = None

    _string_values = {
        "on": True,
@@ -146,8 +149,8 @@ class utils():
        return value

    @staticmethod
-    def get_boolean_from_string(value):
-        return utils._string_values.get(value, False)
+    def get_boolean_from_string(value, default=False):
+        return utils._string_values.get(value, default)

    @staticmethod
    def get_yesno_boolean(bool):
@@ -331,6 +334,14 @@ class utils():

    @classmethod
    def is_addr_ip_allowed_on(cls, ifaceobj, syntax_check=False):
+        if cls.vlan_aware_bridge_address_support is None:
+            cls.vlan_aware_bridge_address_support = utils.get_boolean_from_string(
+                policymanager.policymanager_api.get_module_globals(
+                    module_name='address',
+                    attr='vlan_aware_bridge_address_support'
+                ),
+                True
+            )
        msg = ('%s: ignoring ip address. Assigning an IP '
               'address is not allowed on' % ifaceobj.name)
        if (ifaceobj.role & ifaceRole.SLAVE
@@ -347,8 +358,10 @@ class utils():
                cls.logger.info(msg)
            return False
        elif (ifaceobj.link_kind & ifaceLinkKind.BRIDGE
-                and ifaceobj.link_privflags & ifaceLinkPrivFlags.BRIDGE_VLAN_AWARE):
-            msg = '%s bridge vlan aware interfaces'
+              and ifaceobj.link_privflags & ifaceLinkPrivFlags.BRIDGE_VLAN_AWARE
+              and not cls.vlan_aware_bridge_address_support
+        ):
+            msg = '%s bridge vlan aware interfaces' % msg
            if syntax_check:
                cls.logger.warning(msg)
            else: