mirror/CumulusNetworks-ifupdown2
1
0
Fork 0
mirror of https://github.com/CumulusNetworks/ifupdown2.git synced 2024-05-06 15:54:50 +00:00
Code Activity

bridge: vlan-aware: add new boolean policy "vlan_aware_bridge_address_support"

Browse Source 
closes #58

In linux its possible to assign a vlan-aware bridge an ip address
For some use cases is it useful to restrict users from configuring
ips on bridges VA. This patch will let admins and distributions
decide if it is necessary to warn the user in such case.

The patch introduces a new 'address' policy:

 vlan_aware_bridge_address_support: yes|no|on|off|0|1 (default to yes)

[16:46:09] root:~ # cat /var/lib/ifupdown2/policy.d/address.json
{
    "address": {
	"module_globals": {
	    "enable_l3_iface_forwarding_checks": "yes"
	},
	"defaults": {
	    "mtu": "1500",
	    "ip-forward": "on",
	    "ip6-forward": "on"
	}
    }
}
[16:46:16] root:~ # ifquery -a
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto bridge
iface bridge
	bridge-ports swp1
	bridge-vlan-aware yes
	address 10.10.10.10/32

[16:46:20] root:~ # ifup -a --syntax-check
[16:46:22] root:~ # echo $?
0
[16:46:33] root:~ # nano /var/lib/ifupdown2/policy.d/address.json
[16:46:47] root:~ # cat /var/lib/ifupdown2/policy.d/address.json
{
    "address": {
	"module_globals": {
	    "enable_l3_iface_forwarding_checks": "yes",
	    "vlan_aware_bridge_address_support": "no"
	},
	"defaults": {
	    "mtu": "1500",
	    "ip-forward": "on",
	    "ip6-forward": "on"
	}
    }
}
[16:46:48] root:~ # ifup -a --syntax-check
warning: bridge: ignoring ip address. Assigning an IP address is not allowed on bridge vlan aware interfaces
[16:46:51] root:~ # echo $?
1
[16:46:52] root:~ #

Reviewed-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
This commit is contained in:
Julien Fortin
2018-06-18 18:44:32 +02:00
parent 9bbb13def2
commit 70a6640ce1
2 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
debian/changelog vendored
View File

@@ -5,7 +5,7 @@ ifupdown2 (1.2.0) UNRELEASED; urgency=medium
* VRF slaves: add support for link-down yes * VRF slaves: add support for link-down yes
* addressvirtual: macvlan: add default metric to ip4 and ip6 * addressvirtual: macvlan: add default metric to ip4 and ip6
* Closes #48: Run up/down on "manual" interfaces, but ignore any errors. * Closes #48: Run up/down on "manual" interfaces, but ignore any errors.
* Closes #58: ifupdown2.conf: vlan_aware_bridge_address_support on/off * Closes #58: address addon "vlan_aware_bridge_address_support" policy
* Traditional bridge support for mstpctl attr: (portautoedge, portrestrrole) * Traditional bridge support for mstpctl attr: (portautoedge, portrestrrole)
* Configuration for IPv6 link-local auto-generate mode, new attributes: * Configuration for IPv6 link-local auto-generate mode, new attributes:
ipv6-addrgen (address addon) ipv6-addrgen (address addon)

21
ifupdown2/ifupdown/utils.py
View File

@@ -21,10 +21,12 @@ from ipaddr import IPNetwork, IPAddress
try: try:
from ifupdown2.ifupdown.iface import * from ifupdown2.ifupdown.iface import *
import ifupdown2.ifupdown.policymanager as policymanager
import ifupdown2.ifupdown.ifupdownflags as ifupdownflags import ifupdown2.ifupdown.ifupdownflags as ifupdownflags
except ImportError: except ImportError:
from ifupdown.iface import * from ifupdown.iface import *
import ifupdown.policymanager as policymanager
import ifupdown.ifupdownflags as ifupdownflags import ifupdown.ifupdownflags as ifupdownflags
@@ -37,6 +39,7 @@ def signal_handler_f(ps, sig, frame):
class utils(): class utils():
logger = logging.getLogger('ifupdown') logger = logging.getLogger('ifupdown')
DEVNULL = open(os.devnull, 'w') DEVNULL = open(os.devnull, 'w')
vlan_aware_bridge_address_support = None
_string_values = { _string_values = {
"on": True, "on": True,
@@ -146,8 +149,8 @@ class utils():
return value return value
@staticmethod @staticmethod
def get_boolean_from_string(value): def get_boolean_from_string(value, default=False):
return utils._string_values.get(value, False) return utils._string_values.get(value, default)
@staticmethod @staticmethod
def get_yesno_boolean(bool): def get_yesno_boolean(bool):
@@ -331,6 +334,14 @@ class utils():
@classmethod @classmethod
def is_addr_ip_allowed_on(cls, ifaceobj, syntax_check=False): def is_addr_ip_allowed_on(cls, ifaceobj, syntax_check=False):
if cls.vlan_aware_bridge_address_support is None:
cls.vlan_aware_bridge_address_support = utils.get_boolean_from_string(
policymanager.policymanager_api.get_module_globals(
module_name='address',
attr='vlan_aware_bridge_address_support'
),
True
)
msg = ('%s: ignoring ip address. Assigning an IP ' msg = ('%s: ignoring ip address. Assigning an IP '
'address is not allowed on' % ifaceobj.name) 'address is not allowed on' % ifaceobj.name)
if (ifaceobj.role & ifaceRole.SLAVE if (ifaceobj.role & ifaceRole.SLAVE
@@ -347,8 +358,10 @@ class utils():
cls.logger.info(msg) cls.logger.info(msg)
return False return False
elif (ifaceobj.link_kind & ifaceLinkKind.BRIDGE elif (ifaceobj.link_kind & ifaceLinkKind.BRIDGE
and ifaceobj.link_privflags & ifaceLinkPrivFlags.BRIDGE_VLAN_AWARE): and ifaceobj.link_privflags & ifaceLinkPrivFlags.BRIDGE_VLAN_AWARE
msg = '%s bridge vlan aware interfaces' and not cls.vlan_aware_bridge_address_support
):
msg = '%s bridge vlan aware interfaces' % msg
if syntax_check: if syntax_check:
cls.logger.warning(msg) cls.logger.warning(msg)
else: else: