def get_config():
loopback = deepcopy(default_config_data)
conf = Config()
# determine tagNode instance
if 'VYOS_TAGNODE_VALUE' not in os.environ:
raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
loopback['intf'] = os.environ['VYOS_TAGNODE_VALUE']
# Check if interface has been removed
if not conf.exists('interfaces loopback ' + loopback['intf']):
loopback['deleted'] = True
# set new configuration level
conf.set_level('interfaces loopback ' + loopback['intf'])
# retrieve configured interface addresses
if conf.exists('address'):
loopback['address'] = conf.return_values('address')
# retrieve interface description
if conf.exists('description'):
loopback['description'] = conf.return_value('description')
# Determine interface addresses (currently effective) - to determine which
# address is no longer valid and needs to be removed from the interface
eff_addr = conf.return_effective_values('address')
act_addr = conf.return_values('address')
loopback['address_remove'] = list_diff(eff_addr, act_addr)
return loopback
def get_config():
salt = deepcopy(default_config_data)
conf = Config()
base = ['service', 'salt-minion']
if not conf.exists(base):
return None
else:
conf.set_level(base)
if conf.exists(['hash']):
salt['hash'] = conf.return_value(['hash'])
if conf.exists(['master']):
salt['master'] = conf.return_values(['master'])
if conf.exists(['id']):
salt['salt_id'] = conf.return_value(['id'])
if conf.exists(['user']):
salt['user'] = conf.return_value(['user'])
if conf.exists(['interval']):
salt['interval'] = conf.return_value(['interval'])
if conf.exists(['master-key']):
salt['master_key'] = conf.return_value(['master-key'])
salt['verify_master_pubkey_sign'] = 'true'
return salt
def get_config():
conf = Config()
conf.set_level("service broadcast-relay id")
relay_id = conf.list_nodes("")
relays = []
for id in relay_id:
interface_list = []
address = conf.return_value("{0} address".format(id))
description = conf.return_value("{0} description".format(id))
port = conf.return_value("{0} port".format(id))
# split the interface name listing and form a list
if conf.exists("{0} interface".format(id)):
intfs_names = conf.return_values("{0} interface".format(id))
intfs_names = intfs_names.replace("'", "")
intfs_names = intfs_names.split()
for name in intfs_names:
interface_list.append(name)
relay = {
"id": id,
"address": address,
"description": description,
"interfaces": interface_list,
"port": port
}
relays.append(relay)
return relays
def get_config():
relay = default_config_data
conf = Config()
if not conf.exists(['service', 'dhcp-relay']):
return None
else:
conf.set_level(['service', 'dhcp-relay'])
# Network interfaces to listen on
if conf.exists(['interface']):
relay['interface'] = conf.return_values(['interface'])
# Servers equal to the address of the DHCP server(s)
if conf.exists(['server']):
relay['server'] = conf.return_values(['server'])
conf.set_level(['service', 'dhcp-relay', 'relay-options'])
if conf.exists(['hop-count']):
count = '-c ' + conf.return_value(['hop-count'])
relay['options'].append(count)
# Specify the maximum packet size to send to a DHCPv4/BOOTP server.
# This might be done to allow sufficient space for addition of relay agent
# options while still fitting into the Ethernet MTU size.
#
# Available in DHCPv4 mode only:
if conf.exists(['max-size']):
size = '-A ' + conf.return_value(['max-size'])
relay['options'].append(size)
# Control the handling of incoming DHCPv4 packets which already contain
# relay agent options. If such a packet does not have giaddr set in its
# header, the DHCP standard requires that the packet be discarded. However,
# if giaddr is set, the relay agent may handle the situation in four ways:
# It may append its own set of relay options to the packet, leaving the
# supplied option field intact; it may replace the existing agent option
# field; it may forward the packet unchanged; or, it may discard it.
#
# Available in DHCPv4 mode only:
if conf.exists(['relay-agents-packets']):
pkt = '-a -m ' + conf.return_value(['relay-agents-packets'])
relay['options'].append(pkt)
return relay
def get_config():
dummy = deepcopy(default_config_data)
conf = Config()
# determine tagNode instance
if 'VYOS_TAGNODE_VALUE' not in os.environ:
raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
dummy['intf'] = os.environ['VYOS_TAGNODE_VALUE']
# check if we are a member of any bridge
dummy['is_bridge_member'] = is_member(conf, dummy['intf'], 'bridge')
# Check if interface has been removed
if not conf.exists('interfaces dummy ' + dummy['intf']):
dummy['deleted'] = True
return dummy
# set new configuration level
conf.set_level('interfaces dummy ' + dummy['intf'])
# retrieve configured interface addresses
if conf.exists('address'):
dummy['address'] = conf.return_values('address')
# retrieve interface description
if conf.exists('description'):
dummy['description'] = conf.return_value('description')
# Disable this interface
if conf.exists('disable'):
dummy['disable'] = True
# Determine interface addresses (currently effective) - to determine which
# address is no longer valid and needs to be removed from the interface
eff_addr = conf.return_effective_values('address')
act_addr = conf.return_values('address')
dummy['address_remove'] = list_diff(eff_addr, act_addr)
# retrieve VRF instance
if conf.exists('vrf'):
dummy['vrf'] = conf.return_value('vrf')
return dummy
def get_config():
config = Config()
data = {"install_routes": "yes"}
if config.exists("vpn ipsec options disable-route-autoinstall"):
data["install_routes"] = "no"
if config.exists("vpn ipsec ipsec-interfaces interface"):
data["ipsec_interfaces"] = config.return_values("vpn ipsec ipsec-interfaces interface")
# Init config variables
data["delim_ipsec_l2tp_begin"] = delim_ipsec_l2tp_begin
data["delim_ipsec_l2tp_end"] = delim_ipsec_l2tp_end
data["ipsec_ra_conn_file"] = ipsec_ra_conn_file
data["ra_conn_name"] = ra_conn_name
# Get l2tp ipsec settings
data["ipsec_l2tp"] = False
conf_ipsec_command = "vpn l2tp remote-access ipsec-settings " #last space is useful
if config.exists(conf_ipsec_command):
data["ipsec_l2tp"] = True
# Authentication params
if config.exists(conf_ipsec_command + "authentication mode"):
data["ipsec_l2tp_auth_mode"] = config.return_value(conf_ipsec_command + "authentication mode")
if config.exists(conf_ipsec_command + "authentication pre-shared-secret"):
data["ipsec_l2tp_secret"] = config.return_value(conf_ipsec_command + "authentication pre-shared-secret")
# mode x509
if config.exists(conf_ipsec_command + "authentication x509 ca-cert-file"):
data["ipsec_l2tp_x509_ca_cert_file"] = config.return_value(conf_ipsec_command + "authentication x509 ca-cert-file")
if config.exists(conf_ipsec_command + "authentication x509 crl-file"):
data["ipsec_l2tp_x509_crl_file"] = config.return_value(conf_ipsec_command + "authentication x509 crl-file")
if config.exists(conf_ipsec_command + "authentication x509 server-cert-file"):
data["ipsec_l2tp_x509_server_cert_file"] = config.return_value(conf_ipsec_command + "authentication x509 server-cert-file")
data["server_cert_file_copied"] = server_cert_path+"/"+re.search('\w+(?:\.\w+)*$', config.return_value(conf_ipsec_command + "authentication x509 server-cert-file")).group(0)
if config.exists(conf_ipsec_command + "authentication x509 server-key-file"):
data["ipsec_l2tp_x509_server_key_file"] = config.return_value(conf_ipsec_command + "authentication x509 server-key-file")
data["server_key_file_copied"] = server_key_path+"/"+re.search('\w+(?:\.\w+)*$', config.return_value(conf_ipsec_command + "authentication x509 server-key-file")).group(0)
if config.exists(conf_ipsec_command + "authentication x509 server-key-password"):
data["ipsec_l2tp_x509_server_key_password"] = config.return_value(conf_ipsec_command + "authentication x509 server-key-password")
# Common l2tp ipsec params
if config.exists(conf_ipsec_command + "ike-lifetime"):
data["ipsec_l2tp_ike_lifetime"] = config.return_value(conf_ipsec_command + "ike-lifetime")
else:
data["ipsec_l2tp_ike_lifetime"] = "3600"
if config.exists(conf_ipsec_command + "lifetime"):
data["ipsec_l2tp_lifetime"] = config.return_value(conf_ipsec_command + "lifetime")
else:
data["ipsec_l2tp_lifetime"] = "3600"
if config.exists("vpn l2tp remote-access outside-address"):
data['outside_addr'] = config.return_value('vpn l2tp remote-access outside-address')
return data
def get_config():
igmp_proxy = deepcopy(default_config_data)
conf = Config()
base = ['protocols', 'igmp-proxy']
if not conf.exists(base):
return None
else:
conf.set_level(base)
# Network interfaces to listen on
if conf.exists(['disable']):
igmp_proxy['disable'] = True
# Option to disable "quickleave"
if conf.exists(['disable-quickleave']):
igmp_proxy['disable_quickleave'] = True
for intf in conf.list_nodes(['interface']):
conf.set_level(base + ['interface', intf])
interface = {
'name': intf,
'alt_subnet': [],
'role': 'downstream',
'threshold': '1',
'whitelist': []
}
if conf.exists(['alt-subnet']):
interface['alt_subnet'] = conf.return_values(['alt-subnet'])
if conf.exists(['role']):
interface['role'] = conf.return_value(['role'])
if conf.exists(['threshold']):
interface['threshold'] = conf.return_value(['threshold'])
if conf.exists(['whitelist']):
interface['whitelist'] = conf.return_values(['whitelist'])
# Append interface configuration to global configuration list
igmp_proxy['interfaces'].append(interface)
return igmp_proxy
def get_config():
conf = Config()
igmp_conf = {'igmp_conf': False, 'old_ifaces': {}, 'ifaces': {}}
if not (conf.exists('protocols igmp')
or conf.exists_effective('protocols igmp')):
return None
if conf.exists('protocols igmp'):
igmp_conf['igmp_conf'] = True
conf.set_level('protocols igmp')
# # Get interfaces
for iface in conf.list_effective_nodes('interface'):
igmp_conf['old_ifaces'].update({
iface: {
'version':
conf.return_effective_value(
'interface {0} version'.format(iface)),
'query_interval':
conf.return_effective_value(
'interface {0} query-interval'.format(iface)),
'query_max_resp_time':
conf.return_effective_value(
'interface {0} query-max-response-time'.format(iface)),
'gr_join': {}
}
})
for gr_join in conf.list_effective_nodes(
'interface {0} join'.format(iface)):
igmp_conf['old_ifaces'][iface]['gr_join'][
gr_join] = conf.return_effective_values(
'interface {0} join {1} source'.format(iface, gr_join))
for iface in conf.list_nodes('interface'):
igmp_conf['ifaces'].update({
iface: {
'version':
conf.return_value('interface {0} version'.format(iface)),
'query_interval':
conf.return_value(
'interface {0} query-interval'.format(iface)),
'query_max_resp_time':
conf.return_value(
'interface {0} query-max-response-time'.format(iface)),
'gr_join': {}
}
})
for gr_join in conf.list_nodes('interface {0} join'.format(iface)):
igmp_conf['ifaces'][iface]['gr_join'][
gr_join] = conf.return_values(
'interface {0} join {1} source'.format(iface, gr_join))
return igmp_conf
def get_config():
ntp = deepcopy(default_config_data)
conf = Config()
if not conf.exists('system ntp'):
return None
else:
conf.set_level('system ntp')
if conf.exists('allow-clients address'):
networks = conf.return_values('allow-clients address')
for n in networks:
addr = ip_network(n)
net = {
"network" : n,
"address" : addr.network_address,
"netmask" : addr.netmask
}
ntp['allowed_networks'].append(net)
if conf.exists('listen-address'):
ntp['listen_address'] = conf.return_values('listen-address')
if conf.exists('server'):
for node in conf.list_nodes('server'):
options = []
server = {
"name": node,
"options": []
}
if conf.exists('server {0} noselect'.format(node)):
options.append('noselect')
if conf.exists('server {0} preempt'.format(node)):
options.append('preempt')
if conf.exists('server {0} prefer'.format(node)):
options.append('prefer')
server['options'] = options
ntp['servers'].append(server)
return ntp
def get_config():
geneve = deepcopy(default_config_data)
conf = Config()
# determine tagNode instance
if 'VYOS_TAGNODE_VALUE' not in os.environ:
raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
geneve['intf'] = os.environ['VYOS_TAGNODE_VALUE']
# Check if interface has been removed
if not conf.exists('interfaces geneve ' + geneve['intf']):
geneve['deleted'] = True
return geneve
# set new configuration level
conf.set_level('interfaces geneve ' + geneve['intf'])
# retrieve configured interface addresses
if conf.exists('address'):
geneve['address'] = conf.return_values('address')
# retrieve interface description
if conf.exists('description'):
geneve['description'] = conf.return_value('description')
# Disable this interface
if conf.exists('disable'):
geneve['disable'] = True
# ARP cache entry timeout in seconds
if conf.exists('ip arp-cache-timeout'):
geneve['ip_arp_cache_tmo'] = int(
conf.return_value('ip arp-cache-timeout'))
# Enable proxy-arp on this interface
if conf.exists('ip enable-proxy-arp'):
geneve['ip_proxy_arp'] = 1
# Maximum Transmission Unit (MTU)
if conf.exists('mtu'):
geneve['mtu'] = int(conf.return_value('mtu'))
# Remote address of GENEVE tunnel
if conf.exists('remote'):
geneve['remote'] = conf.return_value('remote')
# Virtual Network Identifier
if conf.exists('vni'):
geneve['vni'] = conf.return_value('vni')
return geneve
def get_config():
relay = deepcopy(default_config_data)
conf = Config()
base = ['service', 'broadcast-relay']
if not conf.exists(base):
return None
else:
conf.set_level(base)
# Service can be disabled by user
if conf.exists('disable'):
relay['disabled'] = True
return relay
# Parse configuration of each individual instance
if conf.exists('id'):
for id in conf.list_nodes('id'):
conf.set_level(base + ['id', id])
config = {
'id': id,
'disabled': False,
'address': '',
'description': '',
'interfaces': [],
'port': ''
}
# Check if individual broadcast relay service is disabled
if conf.exists(['disable']):
config['disabled'] = True
# Source IP of forwarded packets, if empty original senders address is used
if conf.exists(['address']):
config['address'] = conf.return_value(['address'])
# A description for each individual broadcast relay service
if conf.exists(['description']):
config['description'] = conf.return_value(['description'])
# UDP port to listen on for broadcast frames
if conf.exists(['port']):
config['port'] = conf.return_value(['port'])
# Network interfaces to listen on for broadcast frames to be relayed
if conf.exists(['interface']):
config['interfaces'] = conf.return_values(['interface'])
relay['instances'].append(config)
return relay
def get_config():
conf = Config()
hosts = copy.deepcopy(default_config_data)
if conf.exists("system host-name"):
hosts['hostname'] = conf.return_value("system host-name")
# This may happen if the config is not loaded yet,
# e.g. if run by cloud-init
if not hosts['hostname']:
hosts['hostname'] = default_config_data['hostname']
if conf.exists("system domain-name"):
hosts['domain_name'] = conf.return_value("system domain-name")
hosts['domain_search'].append(hosts['domain_name'])
for search in conf.return_values("system domain-search domain"):
hosts['domain_search'].append(search)
if conf.exists("system name-server"):
hosts['nameserver'] = conf.return_values("system name-server")
if conf.exists("system disable-dhcp-nameservers"):
hosts['no_dhcp_ns'] = True
# system static-host-mapping
hosts['static_host_mapping'] = []
if conf.exists('system static-host-mapping host-name'):
for hn in conf.list_nodes('system static-host-mapping host-name'):
mapping = {}
mapping['host'] = hn
mapping['address'] = conf.return_value(
'system static-host-mapping host-name {0} inet'.format(hn))
mapping['aliases'] = conf.return_values(
'system static-host-mapping host-name {0} alias'.format(hn))
hosts['static_host_mapping'].append(mapping)
return hosts
def get_config():
interface_list = []
conf = Config()
conf.set_level('service mdns repeater')
if not conf.exists(''):
return interface_list
if conf.exists('interface'):
intfs_names = []
intfs_names = conf.return_values('interface')
for name in intfs_names:
interface_list.append(name)
return interface_list
def get_config():
conf = Config()
if not conf.exists('service https certificates certbot'):
return None
else:
conf.set_level('service https certificates certbot')
cert = {}
if conf.exists('domain-name'):
cert['domains'] = conf.return_values('domain-name')
if conf.exists('email'):
cert['email'] = conf.return_value('email')
return cert
def verify(bridge):
if bridge['dhcpv6_prm_only'] and bridge['dhcpv6_temporary']:
raise ConfigError(
'DHCPv6 temporary and parameters-only options are mutually exclusive!'
)
vrf_name = bridge['vrf']
if vrf_name and vrf_name not in interfaces():
raise ConfigError(f'VRF "{vrf_name}" does not exist')
conf = Config()
for br in conf.list_nodes('interfaces bridge'):
# it makes no sense to verify ourself in this case
if br == bridge['intf']:
continue
for intf in bridge['member']:
tmp = conf.list_nodes(
'interfaces bridge {} member interface'.format(br))
if intf['name'] in tmp:
raise ConfigError(
'Interface "{}" belongs to bridge "{}" and can not be enslaved.'
.format(intf['name'], bridge['intf']))
# the interface must exist prior adding it to a bridge
for intf in bridge['member']:
if intf['name'] not in interfaces():
raise ConfigError(
'Can not add non existing interface "{}" to bridge "{}"'.
format(intf['name'], bridge['intf']))
if intf['name'] == 'lo':
raise ConfigError(
'Loopback interface "lo" can not be added to a bridge')
# bridge members are not allowed to be bond members, too
for intf in bridge['member']:
for bond in conf.list_nodes('interfaces bonding'):
if conf.exists('interfaces bonding ' + bond + ' member interface'):
if intf['name'] in conf.return_values('interfaces bonding ' +
bond +
' member interface'):
raise ConfigError(
'Interface {} belongs to bond {}, can not add it to {}'
.format(intf['name'], bond, bridge['intf']))
return None
def get_config():
mdns = deepcopy(default_config_data)
conf = Config()
base = ['service', 'mdns', 'repeater']
if not conf.exists(base):
return None
else:
conf.set_level(base)
# Service can be disabled by user
if conf.exists(['disable']):
mdns['disabled'] = True
return mdns
# Interface to repeat mDNS advertisements
if conf.exists(['interface']):
mdns['interfaces'] = conf.return_values(['interface'])
return mdns
def verify(eth):
if eth['deleted']:
return None
if eth['intf'] not in interfaces():
raise ConfigError(f"Interface ethernet {eth['intf']} does not exist")
if eth['speed'] == 'auto':
if eth['duplex'] != 'auto':
raise ConfigError(
'If speed is hardcoded, duplex must be hardcoded, too')
if eth['duplex'] == 'auto':
if eth['speed'] != 'auto':
raise ConfigError(
'If duplex is hardcoded, speed must be hardcoded, too')
if eth['dhcpv6_prm_only'] and eth['dhcpv6_temporary']:
raise ConfigError(
'DHCPv6 temporary and parameters-only options are mutually exclusive!'
)
vrf_name = eth['vrf']
if vrf_name and vrf_name not in interfaces():
raise ConfigError(f'VRF "{vrf_name}" does not exist')
conf = Config()
# some options can not be changed when interface is enslaved to a bond
for bond in conf.list_nodes('interfaces bonding'):
if conf.exists('interfaces bonding ' + bond + ' member interface'):
bond_member = conf.return_values('interfaces bonding ' + bond +
' member interface')
if eth['intf'] in bond_member:
if eth['address']:
raise ConfigError(
f"Can not assign address to interface {eth['intf']} which is a member of {bond}"
)
# use common function to verify VLAN configuration
verify_vlan_config(eth)
return None
def get_config():
tftpd = deepcopy(default_config_data)
conf = Config()
base = ['service', 'tftp-server']
if not conf.exists(base):
return None
else:
conf.set_level(base)
if conf.exists(['directory']):
tftpd['directory'] = conf.return_value(['directory'])
if conf.exists(['allow-upload']):
tftpd['allow_upload'] = True
if conf.exists(['port']):
tftpd['port'] = conf.return_value(['port'])
if conf.exists(['listen-address']):
tftpd['listen'] = conf.return_values(['listen-address'])
return tftpd
def get_config():
relay = deepcopy(default_config_data)
conf = Config()
if not conf.exists('service dhcpv6-relay'):
return None
else:
conf.set_level('service dhcpv6-relay')
# Network interfaces/address to listen on for DHCPv6 query(s)
if conf.exists('listen-interface'):
interfaces = conf.list_nodes('listen-interface')
for intf in interfaces:
if conf.exists('listen-interface {0} address'.format(intf)):
addr = conf.return_value(
'listen-interface {0} address'.format(intf))
listen = addr + '%' + intf
relay['listen_addr'].append(listen)
# Upstream interface/address for remote DHCPv6 server
if conf.exists('upstream-interface'):
interfaces = conf.list_nodes('upstream-interface')
for intf in interfaces:
addresses = conf.return_values(
'upstream-interface {0} address'.format(intf))
for addr in addresses:
server = addr + '%' + intf
relay['upstream_addr'].append(server)
# Maximum hop count. When forwarding packets, dhcrelay discards packets
# which have reached a hop count of COUNT. Default is 10. Maximum is 255.
if conf.exists('max-hop-count'):
count = '-c ' + conf.return_value('max-hop-count')
relay['options'].append(count)
if conf.exists('use-interface-id-option'):
relay['options'].append('-I')
return relay
def get_config():
salt = default_config_data
conf = Config()
if not conf.exists('service salt-minion'):
return None
else:
conf.set_level('service salt-minion')
if conf.exists('hash_type'):
salt['hash_type'] = conf.return_value('hash_type')
if conf.exists('log_file'):
salt['log_file'] = conf.return_value('log_file')
if conf.exists('log_level'):
salt['log_level'] = conf.return_value('log_level')
if conf.exists('master'):
master = conf.return_values('master')
salt['master'] = master
if conf.exists('ID'):
salt['salt_id'] = conf.return_value('ID')
if conf.exists('user'):
salt['user'] = conf.return_value('user')
if conf.exists('mine_interval'):
salt['mine_interval'] = conf.return_value('mine_interval')
salt['master-key'] = None
if conf.exists('master-key'):
salt['master-key'] = conf.return_value('master-key')
salt['verify_master_pubkey_sign'] = 'true'
return salt
def get_config():
vc = Config()
vc.set_level('')
# Convert the VyOS config to an abstract internal representation
flow_config = {
'flow-accounting-configured':
vc.exists('system flow-accounting'),
'buffer-size':
vc.return_value('system flow-accounting buffer-size'),
'disable-imt':
_node_exists('system flow-accounting disable-imt'),
'syslog-facility':
vc.return_value('system flow-accounting syslog-facility'),
'interfaces':
None,
'sflow': {
'configured':
vc.exists('system flow-accounting sflow'),
'agent-address':
vc.return_value('system flow-accounting sflow agent-address'),
'sampling-rate':
vc.return_value('system flow-accounting sflow sampling-rate'),
'servers':
None
},
'netflow': {
'configured':
vc.exists('system flow-accounting netflow'),
'engine-id':
vc.return_value('system flow-accounting netflow engine-id'),
'max-flows':
vc.return_value('system flow-accounting netflow max-flows'),
'sampling-rate':
vc.return_value('system flow-accounting netflow sampling-rate'),
'source-ip':
vc.return_value('system flow-accounting netflow source-ip'),
'version':
vc.return_value('system flow-accounting netflow version'),
'timeout': {
'expint':
vc.return_value(
'system flow-accounting netflow timeout expiry-interval'),
'general':
vc.return_value(
'system flow-accounting netflow timeout flow-generic'),
'icmp':
vc.return_value('system flow-accounting netflow timeout icmp'),
'maxlife':
vc.return_value(
'system flow-accounting netflow timeout max-active-life'),
'tcp.fin':
vc.return_value(
'system flow-accounting netflow timeout tcp-fin'),
'tcp':
vc.return_value(
'system flow-accounting netflow timeout tcp-generic'),
'tcp.rst':
vc.return_value(
'system flow-accounting netflow timeout tcp-rst'),
'udp':
vc.return_value('system flow-accounting netflow timeout udp')
},
'servers':
None
}
}
# get interfaces list
if vc.exists('system flow-accounting interface'):
flow_config['interfaces'] = vc.return_values(
'system flow-accounting interface')
# get sFlow collectors list
if vc.exists('system flow-accounting sflow server'):
flow_config['sflow']['servers'] = []
sflow_collectors = vc.list_nodes('system flow-accounting sflow server')
for collector in sflow_collectors:
port = default_sflow_server_port
if vc.return_value(
"system flow-accounting sflow server {} port".format(
collector)):
port = vc.return_value(
"system flow-accounting sflow server {} port".format(
collector))
flow_config['sflow']['servers'].append({
'address': collector,
'port': port
})
# get NetFlow collectors list
if vc.exists('system flow-accounting netflow server'):
flow_config['netflow']['servers'] = []
netflow_collectors = vc.list_nodes(
'system flow-accounting netflow server')
for collector in netflow_collectors:
port = default_netflow_server_port
if vc.return_value(
"system flow-accounting netflow server {} port".format(
collector)):
port = vc.return_value(
"system flow-accounting netflow server {} port".format(
collector))
flow_config['netflow']['servers'].append({
'address': collector,
'port': port
})
# get sflow agent-id
if flow_config['sflow']['agent-address'] == None or flow_config['sflow'][
'agent-address'] == 'auto':
flow_config['sflow']['agent-address'] = _sflow_default_agentip(vc)
# get NetFlow version
if not flow_config['netflow']['version']:
flow_config['netflow']['version'] = default_netflow_version
# convert NetFlow engine-id format, if this is necessary
if flow_config['netflow']['engine-id'] and flow_config['netflow'][
'version'] == '5':
regex_filter = re.compile('^\d+$')
if regex_filter.search(flow_config['netflow']['engine-id']):
flow_config['netflow']['engine-id'] = "{}:0".format(
flow_config['netflow']['engine-id'])
# return dict with flow-accounting configuration
return flow_config
def get_config():
conf = Config()
pim_conf = {
'pim_conf': False,
'old_pim': {
'ifaces': {},
'rp': {}
},
'pim': {
'ifaces': {},
'rp': {}
}
}
if not (conf.exists('protocols pim')
or conf.exists_effective('protocols pim')):
return None
if conf.exists('protocols pim'):
pim_conf['pim_conf'] = True
conf.set_level('protocols pim')
# Get interfaces
for iface in conf.list_effective_nodes('interface'):
pim_conf['old_pim']['ifaces'].update({
iface: {
'hello':
conf.return_effective_value(
'interface {0} hello'.format(iface)),
'dr_prio':
conf.return_effective_value(
'interface {0} dr-priority'.format(iface))
}
})
for iface in conf.list_nodes('interface'):
pim_conf['pim']['ifaces'].update({
iface: {
'hello':
conf.return_value('interface {0} hello'.format(iface)),
'dr_prio':
conf.return_value('interface {0} dr-priority'.format(iface)),
}
})
conf.set_level('protocols pim rp')
# Get RPs addresses
for rp_addr in conf.list_effective_nodes('address'):
pim_conf['old_pim']['rp'][rp_addr] = conf.return_effective_values(
'address {0} group'.format(rp_addr))
for rp_addr in conf.list_nodes('address'):
pim_conf['pim']['rp'][rp_addr] = conf.return_values(
'address {0} group'.format(rp_addr))
# Get RP keep-alive-timer
if conf.exists_effective('rp keep-alive-timer'):
pim_conf['old_pim']['rp_keep_alive'] = conf.return_effective_value(
'rp keep-alive-timer')
if conf.exists('rp keep-alive-timer'):
pim_conf['pim']['rp_keep_alive'] = conf.return_value(
'rp keep-alive-timer')
return pim_conf
def get_config():
server_block_list = []
conf = Config()
if not conf.exists('service https'):
return None
else:
conf.set_level('service https')
if not conf.exists('virtual-host'):
server_block_list.append(default_server_block)
else:
for vhost in conf.list_nodes('virtual-host'):
server_block = deepcopy(default_server_block)
server_block['id'] = vhost
if conf.exists(f'virtual-host {vhost} listen-address'):
addr = conf.return_value(
f'virtual-host {vhost} listen-address')
server_block['address'] = addr
if conf.exists(f'virtual-host {vhost} listen-port'):
port = conf.return_value(f'virtual-host {vhost} listen-port')
server_block['port'] = port
if conf.exists(f'virtual-host {vhost} server-name'):
names = conf.return_values(f'virtual-host {vhost} server-name')
server_block['name'] = names[:]
server_block_list.append(server_block)
vyos_cert_data = {}
if conf.exists('certificates system-generated-certificate'):
vyos_cert_data = vyos.defaults.vyos_cert_data
if vyos_cert_data:
for block in server_block_list:
block['vyos_cert'] = vyos_cert_data
certbot = False
certbot_domains = []
if conf.exists('certificates certbot domain-name'):
certbot_domains = conf.return_values(
'certificates certbot domain-name')
if certbot_domains:
certbot = True
for domain in certbot_domains:
sub_list = vyos.certbot_util.choose_server_block(
server_block_list, domain)
if sub_list:
for sb in sub_list:
sb['certbot'] = True
# certbot organizes certificates by first domain
sb['certbot_dir'] = certbot_domains[0]
api_somewhere = False
api_data = {}
if conf.exists('api'):
api_somewhere = True
api_data = vyos.defaults.api_data
if conf.exists('api port'):
port = conf.return_value('api port')
api_data['port'] = port
if conf.exists('api-restrict virtual-host'):
vhosts = conf.return_values('api-restrict virtual-host')
api_data['vhost'] = vhosts[:]
if api_data:
# we do not want to include 'vhost' key as part of
# vyos.defaults.api_data, so check for key existence
vhost_list = api_data.get('vhost')
if vhost_list is None:
for block in server_block_list:
block['api'] = api_data
else:
for block in server_block_list:
if block['id'] in vhost_list:
block['api'] = api_data
https = {
'server_block_list': server_block_list,
'api_somewhere': api_somewhere,
'certbot': certbot
}
return https
def get_config():
dyndns = deepcopy(default_config_data)
conf = Config()
base_level = ['service', 'dns', 'dynamic']
if not conf.exists(base_level):
dyndns['deleted'] = True
return dyndns
for interface in conf.list_nodes(base_level + ['interface']):
node = {
'interface': interface,
'rfc2136': [],
'service': [],
'web_skip': '',
'web_url': ''
}
# set config level to e.g. "service dns dynamic interface eth0"
conf.set_level(base_level + ['interface', interface])
# Handle RFC2136 - Dynamic Updates in the Domain Name System
for rfc2136 in conf.list_nodes(['rfc2136']):
rfc = {
'name': rfc2136,
'keyfile': '',
'record': [],
'server': '',
'ttl': '600',
'zone': ''
}
# set config level
conf.set_level(base_level + ['interface', interface, 'rfc2136', rfc2136])
if conf.exists(['key']):
rfc['keyfile'] = conf.return_value(['key'])
if conf.exists(['record']):
rfc['record'] = conf.return_values(['record'])
if conf.exists(['server']):
rfc['server'] = conf.return_value(['server'])
if conf.exists(['ttl']):
rfc['ttl'] = conf.return_value(['ttl'])
if conf.exists(['zone']):
rfc['zone'] = conf.return_value(['zone'])
node['rfc2136'].append(rfc)
# set config level to e.g. "service dns dynamic interface eth0"
conf.set_level(base_level + ['interface', interface])
# Handle DynDNS service providers
for service in conf.list_nodes(['service']):
srv = {
'provider': service,
'host': [],
'login': '',
'password': '',
'protocol': '',
'server': '',
'custom' : False,
'zone' : ''
}
# set config level
conf.set_level(base_level + ['interface', interface, 'service', service])
# preload protocol from default service mapping
if service in default_service_protocol.keys():
srv['protocol'] = default_service_protocol[service]
else:
srv['custom'] = True
if conf.exists(['login']):
srv['login'] = conf.return_value(['login'])
if conf.exists(['host-name']):
srv['host'] = conf.return_values(['host-name'])
if conf.exists(['protocol']):
srv['protocol'] = conf.return_value(['protocol'])
if conf.exists(['password']):
srv['password'] = conf.return_value(['password'])
if conf.exists(['server']):
srv['server'] = conf.return_value(['server'])
if conf.exists(['zone']):
srv['zone'] = conf.return_value(['zone'])
elif srv['provider'] == 'cloudflare':
# default populate zone entry with bar.tld if
# host-name is foo.bar.tld
srv['zone'] = srv['host'][0].split('.',1)[1]
node['service'].append(srv)
# Set config back to appropriate level for these options
conf.set_level(base_level + ['interface', interface])
# Additional settings in CLI
if conf.exists(['use-web', 'skip']):
node['web_skip'] = conf.return_value(['use-web', 'skip'])
if conf.exists(['use-web', 'url']):
node['web_url'] = conf.return_value(['use-web', 'url'])
# set config level back to top level
conf.set_level(base_level)
dyndns['interfaces'].append(node)
return dyndns
def get_config():
vxlan = deepcopy(default_config_data)
conf = Config()
# determine tagNode instance
if 'VYOS_TAGNODE_VALUE' not in os.environ:
raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
vxlan['intf'] = os.environ['VYOS_TAGNODE_VALUE']
# check if interface is member if a bridge
vxlan['is_bridge_member'] = is_member(conf, vxlan['intf'], 'bridge')
# Check if interface has been removed
if not conf.exists('interfaces vxlan ' + vxlan['intf']):
vxlan['deleted'] = True
return vxlan
# set new configuration level
conf.set_level('interfaces vxlan ' + vxlan['intf'])
# retrieve configured interface addresses
if conf.exists('address'):
vxlan['address'] = conf.return_values('address')
# retrieve interface description
if conf.exists('description'):
vxlan['description'] = conf.return_value('description')
# Disable this interface
if conf.exists('disable'):
vxlan['disable'] = True
# VXLAN multicast grou
if conf.exists('group'):
vxlan['group'] = conf.return_value('group')
# ARP cache entry timeout in seconds
if conf.exists('ip arp-cache-timeout'):
vxlan['ip_arp_cache_tmo'] = int(
conf.return_value('ip arp-cache-timeout'))
# ARP filter configuration
if conf.exists('ip disable-arp-filter'):
vxlan['ip_disable_arp_filter'] = 0
# ARP enable accept
if conf.exists('ip enable-arp-accept'):
vxlan['ip_enable_arp_accept'] = 1
# ARP enable announce
if conf.exists('ip enable-arp-announce'):
vxlan['ip_enable_arp_announce'] = 1
# ARP enable ignore
if conf.exists('ip enable-arp-ignore'):
vxlan['ip_enable_arp_ignore'] = 1
# Enable proxy-arp on this interface
if conf.exists('ip enable-proxy-arp'):
vxlan['ip_proxy_arp'] = 1
# Enable acquisition of IPv6 address using stateless autoconfig (SLAAC)
if conf.exists('ipv6 address autoconf'):
vxlan['ipv6_autoconf'] = 1
# Get prefixes for IPv6 addressing based on MAC address (EUI-64)
if conf.exists('ipv6 address eui64'):
vxlan['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64')
# Remove the default link-local address if set.
if not (conf.exists('ipv6 address no-default-link-local')
or vxlan['is_bridge_member']):
# add the link-local by default to make IPv6 work
vxlan['ipv6_eui64_prefix'].append('fe80::/64')
# Disable IPv6 forwarding on this interface
if conf.exists('ipv6 disable-forwarding'):
vxlan['ipv6_forwarding'] = 0
# IPv6 Duplicate Address Detection (DAD) tries
if conf.exists('ipv6 dup-addr-detect-transmits'):
vxlan['ipv6_dup_addr_detect'] = int(
conf.return_value('ipv6 dup-addr-detect-transmits'))
# to make IPv6 SLAAC and DHCPv6 work with forwarding=1,
# accept_ra must be 2
if vxlan['ipv6_autoconf'] or 'dhcpv6' in vxlan['address']:
vxlan['ipv6_accept_ra'] = 2
# VXLAN source address
if conf.exists('source-address'):
vxlan['source_address'] = conf.return_value('source-address')
# VXLAN underlay interface
if conf.exists('source-interface'):
vxlan['source_interface'] = conf.return_value('source-interface')
# Maximum Transmission Unit (MTU)
if conf.exists('mtu'):
vxlan['mtu'] = int(conf.return_value('mtu'))
# Remote address of VXLAN tunnel
if conf.exists('remote'):
vxlan['remote'] = conf.return_value('remote')
# Remote port of VXLAN tunnel
if conf.exists('port'):
vxlan['remote_port'] = int(conf.return_value('port'))
# Virtual Network Identifier
if conf.exists('vni'):
vxlan['vni'] = conf.return_value('vni')
return vxlan
def get_config():
sstp = deepcopy(default_config_data)
base_path = ['vpn', 'sstp']
conf = Config()
if not conf.exists(base_path):
return None
conf.set_level(base_path)
cpu = os.cpu_count()
if cpu > 1:
sstp['thread_cnt'] = int(cpu/2)
if conf.exists(['authentication', 'mode']):
sstp['auth_mode'] = conf.return_value(['authentication', 'mode'])
#
# local auth
if conf.exists(['authentication', 'local-users']):
for username in conf.list_nodes(['authentication', 'local-users', 'username']):
user = {
'name' : username,
'password' : '',
'state' : 'enabled',
'ip' : '*',
'upload' : None,
'download' : None
}
conf.set_level(base_path + ['authentication', 'local-users', 'username', username])
if conf.exists(['password']):
user['password'] = conf.return_value(['password'])
if conf.exists(['disable']):
user['state'] = 'disable'
if conf.exists(['static-ip']):
user['ip'] = conf.return_value(['static-ip'])
if conf.exists(['rate-limit', 'download']):
user['download'] = conf.return_value(['rate-limit', 'download'])
if conf.exists(['rate-limit', 'upload']):
user['upload'] = conf.return_value(['rate-limit', 'upload'])
sstp['local_users'].append(user)
#
# RADIUS auth and settings
conf.set_level(base_path + ['authentication', 'radius'])
if conf.exists(['server']):
for server in conf.list_nodes(['server']):
radius = {
'server' : server,
'key' : '',
'fail_time' : 0,
'port' : '1812'
}
conf.set_level(base_path + ['authentication', 'radius', 'server', server])
if conf.exists(['fail-time']):
radius['fail-time'] = conf.return_value(['fail-time'])
if conf.exists(['port']):
radius['port'] = conf.return_value(['port'])
if conf.exists(['key']):
radius['key'] = conf.return_value(['key'])
if not conf.exists(['disable']):
sstp['radius_server'].append(radius)
#
# advanced radius-setting
conf.set_level(base_path + ['authentication', 'radius'])
if conf.exists(['acct-timeout']):
sstp['radius_acct_tmo'] = conf.return_value(['acct-timeout'])
if conf.exists(['max-try']):
sstp['radius_max_try'] = conf.return_value(['max-try'])
if conf.exists(['timeout']):
sstp['radius_timeout'] = conf.return_value(['timeout'])
if conf.exists(['nas-identifier']):
sstp['radius_nas_id'] = conf.return_value(['nas-identifier'])
if conf.exists(['nas-ip-address']):
sstp['radius_nas_ip'] = conf.return_value(['nas-ip-address'])
if conf.exists(['source-address']):
sstp['radius_source_address'] = conf.return_value(['source-address'])
# Dynamic Authorization Extensions (DOA)/Change Of Authentication (COA)
if conf.exists(['dynamic-author']):
dae = {
'port' : '',
'server' : '',
'key' : ''
}
if conf.exists(['dynamic-author', 'server']):
dae['server'] = conf.return_value(['dynamic-author', 'server'])
if conf.exists(['dynamic-author', 'port']):
dae['port'] = conf.return_value(['dynamic-author', 'port'])
if conf.exists(['dynamic-author', 'key']):
dae['key'] = conf.return_value(['dynamic-author', 'key'])
sstp['radius_dynamic_author'] = dae
if conf.exists(['rate-limit', 'enable']):
sstp['radius_shaper_attr'] = 'Filter-Id'
c_attr = ['rate-limit', 'enable', 'attribute']
if conf.exists(c_attr):
sstp['radius_shaper_attr'] = conf.return_value(c_attr)
c_vendor = ['rate-limit', 'enable', 'vendor']
if conf.exists(c_vendor):
sstp['radius_shaper_vendor'] = conf.return_value(c_vendor)
#
# authentication protocols
conf.set_level(base_path + ['authentication'])
if conf.exists(['protocols']):
auth_mods = {
'pap': 'auth_pap',
'chap': 'auth_chap_md5',
'mschap': 'auth_mschap_v1',
'mschap-v2': 'auth_mschap_v2'
}
for proto in conf.return_values(['protocols']):
sstp['auth_proto'].append(auth_mods[proto])
#
# read in SSL certs
conf.set_level(base_path + ['ssl'])
if conf.exists(['ca-cert-file']):
sstp['ssl_ca'] = conf.return_value(['ca-cert-file'])
if conf.exists(['cert-file']):
sstp['ssl_cert'] = conf.return_value(['cert-file'])
if conf.exists(['key-file']):
sstp['ssl_key'] = conf.return_value(['key-file'])
#
# read in client ip pool settings
conf.set_level(base_path + ['network-settings', 'client-ip-settings'])
if conf.exists(['subnet']):
sstp['client_ip_pool'] = conf.return_values(['subnet'])
if conf.exists(['gateway-address']):
sstp['client_gateway'] = conf.return_value(['gateway-address'])
#
# read in network settings
conf.set_level(base_path + ['network-settings'])
if conf.exists(['name-server']):
sstp['dnsv4'] = conf.return_values(['name-server'])
if conf.exists(['mtu']):
sstp['mtu'] = conf.return_value(['mtu'])
#
# read in PPP stuff
conf.set_level(base_path + ['ppp-settings'])
if conf.exists('mppe'):
sstp['ppp_mppe'] = conf.return_value(['ppp-settings', 'mppe'])
if conf.exists(['lcp-echo-failure']):
sstp['ppp_echo_failure'] = conf.return_value(['lcp-echo-failure'])
if conf.exists(['lcp-echo-interval']):
sstp['ppp_echo_interval'] = conf.return_value(['lcp-echo-interval'])
if conf.exists(['lcp-echo-timeout']):
sstp['ppp_echo_timeout'] = conf.return_value(['lcp-echo-timeout'])
return sstp
def get_config():
l2tpv3 = deepcopy(default_config_data)
conf = Config()
# determine tagNode instance
if 'VYOS_TAGNODE_VALUE' not in os.environ:
raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
l2tpv3['intf'] = os.environ['VYOS_TAGNODE_VALUE']
# check if interface is member of a bridge
l2tpv3['is_bridge_member'] = is_member(conf, l2tpv3['intf'], 'bridge')
# Check if interface has been removed
if not conf.exists('interfaces l2tpv3 ' + l2tpv3['intf']):
l2tpv3['deleted'] = True
interface = l2tpv3['intf']
# to delete the l2tpv3 interface we need the current tunnel_id and session_id
if conf.exists_effective(f'interfaces l2tpv3 {interface} tunnel-id'):
l2tpv3['tunnel_id'] = conf.return_effective_value(
f'interfaces l2tpv3 {interface} tunnel-id')
if conf.exists_effective(f'interfaces l2tpv3 {interface} session-id'):
l2tpv3['session_id'] = conf.return_effective_value(
f'interfaces l2tpv3 {interface} session-id')
return l2tpv3
# set new configuration level
conf.set_level('interfaces l2tpv3 ' + l2tpv3['intf'])
# retrieve configured interface addresses
if conf.exists('address'):
l2tpv3['address'] = conf.return_values('address')
# retrieve interface description
if conf.exists('description'):
l2tpv3['description'] = conf.return_value('description')
# get tunnel destination port
if conf.exists('destination-port'):
l2tpv3['remote_port'] = int(conf.return_value('destination-port'))
# Disable this interface
if conf.exists('disable'):
l2tpv3['disable'] = True
# get tunnel encapsulation type
if conf.exists('encapsulation'):
l2tpv3['encapsulation'] = conf.return_value('encapsulation')
# get tunnel local ip address
if conf.exists('local-ip'):
l2tpv3['local_address'] = conf.return_value('local-ip')
# Enable acquisition of IPv6 address using stateless autoconfig (SLAAC)
if conf.exists('ipv6 address autoconf'):
l2tpv3['ipv6_autoconf'] = 1
# Get prefixes for IPv6 addressing based on MAC address (EUI-64)
if conf.exists('ipv6 address eui64'):
l2tpv3['ipv6_eui64_prefix'] = conf.return_values('ipv6 address eui64')
# Remove the default link-local address if set.
if not (conf.exists('ipv6 address no-default-link-local')
or l2tpv3['is_bridge_member']):
# add the link-local by default to make IPv6 work
l2tpv3['ipv6_eui64_prefix'].append('fe80::/64')
# Disable IPv6 forwarding on this interface
if conf.exists('ipv6 disable-forwarding'):
l2tpv3['ipv6_forwarding'] = 0
# IPv6 Duplicate Address Detection (DAD) tries
if conf.exists('ipv6 dup-addr-detect-transmits'):
l2tpv3['ipv6_dup_addr_detect'] = int(
conf.return_value('ipv6 dup-addr-detect-transmits'))
# to make IPv6 SLAAC and DHCPv6 work with forwarding=1,
# accept_ra must be 2
if l2tpv3['ipv6_autoconf'] or 'dhcpv6' in l2tpv3['address']:
l2tpv3['ipv6_accept_ra'] = 2
# Maximum Transmission Unit (MTU)
if conf.exists('mtu'):
l2tpv3['mtu'] = int(conf.return_value('mtu'))
# Remote session id
if conf.exists('peer-session-id'):
l2tpv3['peer_session_id'] = conf.return_value('peer-session-id')
# Remote tunnel id
if conf.exists('peer-tunnel-id'):
l2tpv3['peer_tunnel_id'] = conf.return_value('peer-tunnel-id')
# Remote address of L2TPv3 tunnel
if conf.exists('remote-ip'):
l2tpv3['remote_address'] = conf.return_value('remote-ip')
# Local session id
if conf.exists('session-id'):
l2tpv3['session_id'] = conf.return_value('session-id')
# get local tunnel port
if conf.exists('source-port'):
l2tpv3['local_port'] = conf.return_value('source-port')
# get local tunnel id
if conf.exists('tunnel-id'):
l2tpv3['tunnel_id'] = conf.return_value('tunnel-id')
return l2tpv3
def get_config():
dhcpv6 = deepcopy(default_config_data)
conf = Config()
if not conf.exists('service dhcpv6-server'):
return None
else:
conf.set_level('service dhcpv6-server')
# Check for global disable of DHCPv6 service
if conf.exists('disable'):
dhcpv6['disabled'] = True
return dhcpv6
# Preference of this DHCPv6 server compared with others
if conf.exists('preference'):
dhcpv6['preference'] = conf.return_value('preference')
# check for multiple, shared networks served with DHCPv6 addresses
if conf.exists('shared-network-name'):
for network in conf.list_nodes('shared-network-name'):
conf.set_level(
'service dhcpv6-server shared-network-name {0}'.format(
network))
config = {'name': network, 'disabled': False, 'subnet': []}
# If disabled, the shared-network configuration becomes inactive
if conf.exists('disable'):
config['disabled'] = True
# check for multiple subnet configurations in a shared network
if conf.exists('subnet'):
for net in conf.list_nodes('subnet'):
conf.set_level(
'service dhcpv6-server shared-network-name {0} subnet {1}'
.format(network, net))
subnet = {
'network': net,
'range6_prefix': [],
'range6': [],
'default_router': '',
'dns_server': [],
'domain_name': '',
'domain_search': [],
'lease_def': '',
'lease_min': '',
'lease_max': '',
'nis_domain': '',
'nis_server': [],
'nisp_domain': '',
'nisp_server': [],
'sip_address': [],
'sip_hostname': [],
'sntp_server': [],
'static_mapping': []
}
# For any subnet on which addresses will be assigned dynamically, there must be at
# least one address range statement. The range statement gives the lowest and highest
# IP addresses in a range. All IP addresses in the range should be in the subnet in
# which the range statement is declared.
if conf.exists('address-range prefix'):
for prefix in conf.list_nodes('address-range prefix'):
range = {'prefix': prefix, 'temporary': False}
# Address range will be used for temporary addresses
if conf.exists(
'address-range prefix {0} temporary'.
format(range['prefix'])):
range['temporary'] = True
# Append to subnet temporary range6 list
subnet['range6_prefix'].append(range)
if conf.exists('address-range start'):
for range in conf.list_nodes('address-range start'):
range = {
'start':
range,
'stop':
conf.return_value(
'address-range start {0} stop'.format(
range))
}
# Append to subnet range6 list
subnet['range6'].append(range)
# The domain-search option specifies a 'search list' of Domain Names to be used
# by the client to locate not-fully-qualified domain names.
if conf.exists('domain-search'):
for domain in conf.return_values('domain-search'):
subnet['domain_search'].append('"' + domain + '"')
# IPv6 address valid lifetime
# (at the end the address is no longer usable by the client)
# (set to 30 days, the usual IPv6 default)
if conf.exists('lease-time default'):
subnet['lease_def'] = conf.return_value(
'lease-time default')
# Time should be the maximum length in seconds that will be assigned to a lease.
# The only exception to this is that Dynamic BOOTP lease lengths, which are not
# specified by the client, are not limited by this maximum.
if conf.exists('lease-time maximum'):
subnet['lease_max'] = conf.return_value(
'lease-time maximum')
# Time should be the minimum length in seconds that will be assigned to a lease
if conf.exists('lease-time minimum'):
subnet['lease_min'] = conf.return_value(
'lease-time minimum')
# Specifies a list of Domain Name System name servers available to the client.
# Servers should be listed in order of preference.
if conf.exists('name-server'):
subnet['dns_server'] = conf.return_values(
'name-server')
# Ancient NIS (Network Information Service) domain name
if conf.exists('nis-domain'):
subnet['nis_domain'] = conf.return_value('nis-domain')
# Ancient NIS (Network Information Service) servers
if conf.exists('nis-server'):
subnet['nis_server'] = conf.return_values('nis-server')
# Ancient NIS+ (Network Information Service) domain name
if conf.exists('nisplus-domain'):
subnet['nisp_domain'] = conf.return_value(
'nisplus-domain')
# Ancient NIS+ (Network Information Service) servers
if conf.exists('nisplus-server'):
subnet['nisp_server'] = conf.return_values(
'nisplus-server')
# Prefix Delegation (RFC 3633)
if conf.exists('prefix-delegation'):
print(
'TODO: This option is actually not implemented right now!'
)
# Local SIP server that is to be used for all outbound SIP requests - IPv6 address
if conf.exists('sip-server-address'):
subnet['sip_address'] = conf.return_values(
'sip-server-address')
# Local SIP server that is to be used for all outbound SIP requests - hostname
if conf.exists('sip-server-name'):
for hostname in conf.return_values('sip-server-name'):
subnet['sip_hostname'].append('"' + hostname + '"')
# List of local SNTP servers available for the client to synchronize their clocks
if conf.exists('sntp-server'):
subnet['sntp_server'] = conf.return_values(
'sntp-server')
#
# Static DHCP v6 leases
#
if conf.exists('static-mapping'):
for mapping in conf.list_nodes('static-mapping'):
conf.set_level(
'service dhcpv6-server shared-network-name {0} subnet {1} static-mapping {2}'
.format(network, net, mapping))
mapping = {
'name': mapping,
'disabled': False,
'ipv6_address': '',
'client_identifier': '',
}
# This static lease is disabled
if conf.exists('disable'):
mapping['disabled'] = True
# IPv6 address used for this DHCP client
if conf.exists('ipv6-address'):
mapping['ipv6_address'] = conf.return_value(
'ipv6-address')
# This option specifies the client’s DUID identifier. DUIDs are similar but different from DHCPv4 client identifiers
if conf.exists('identifier'):
mapping[
'client_identifier'] = conf.return_value(
'identifier')
# append static mapping configuration tu subnet list
subnet['static_mapping'].append(mapping)
# append subnet configuration to shared network subnet list
config['subnet'].append(subnet)
# append shared network configuration to config dictionary
dhcpv6['shared_network'].append(config)
return dhcpv6
def get_config():
l2tpv3 = deepcopy(default_config_data)
conf = Config()
# determine tagNode instance
if 'VYOS_TAGNODE_VALUE' not in os.environ:
raise ConfigError('Interface (VYOS_TAGNODE_VALUE) not specified')
l2tpv3['intf'] = os.environ['VYOS_TAGNODE_VALUE']
# Check if interface has been removed
if not conf.exists('interfaces l2tpv3 ' + l2tpv3['intf']):
l2tpv3['deleted'] = True
# to delete the l2tpv3 interface we need to current
# tunnel_id and session_id
if conf.exists_effective('interfaces l2tpv3 {} tunnel-id'.format(
l2tpv3['intf'])):
l2tpv3['tunnel_id'] = conf.return_effective_value(
'interfaces l2tpv3 {} tunnel-id'.format(l2tpv3['intf']))
if conf.exists_effective('interfaces l2tpv3 {} session-id'.format(
l2tpv3['intf'])):
l2tpv3['session_id'] = conf.return_effective_value(
'interfaces l2tpv3 {} session-id'.format(l2tpv3['intf']))
return l2tpv3
# set new configuration level
conf.set_level('interfaces l2tpv3 ' + l2tpv3['intf'])
# retrieve configured interface addresses
if conf.exists('address'):
l2tpv3['address'] = conf.return_values('address')
# retrieve interface description
if conf.exists('description'):
l2tpv3['description'] = conf.return_value('description')
# get tunnel destination port
if conf.exists('destination-port'):
l2tpv3['remote_port'] = int(conf.return_value('destination-port'))
# Disable this interface
if conf.exists('disable'):
l2tpv3['disable'] = True
# get tunnel encapsulation type
if conf.exists('encapsulation'):
l2tpv3['encapsulation'] = conf.return_value('encapsulation')
# get tunnel local ip address
if conf.exists('local-ip'):
l2tpv3['local_address'] = conf.return_value('local-ip')
# Enable acquisition of IPv6 address using stateless autoconfig (SLAAC)
if conf.exists('ipv6 address autoconf'):
l2tpv3['ipv6_autoconf'] = 1
# Get prefix for IPv6 addressing based on MAC address (EUI-64)
if conf.exists('ipv6 address eui64'):
l2tpv3['ipv6_eui64_prefix'] = conf.return_value('ipv6 address eui64')
# Disable IPv6 forwarding on this interface
if conf.exists('ipv6 disable-forwarding'):
l2tpv3['ipv6_forwarding'] = 0
# IPv6 Duplicate Address Detection (DAD) tries
if conf.exists('ipv6 dup-addr-detect-transmits'):
l2tpv3['ipv6_dup_addr_detect'] = int(
conf.return_value('ipv6 dup-addr-detect-transmits'))
# Maximum Transmission Unit (MTU)
if conf.exists('mtu'):
l2tpv3['mtu'] = int(conf.return_value('mtu'))
# Remote session id
if conf.exists('peer-session-id'):
l2tpv3['peer_session_id'] = conf.return_value('peer-session-id')
# Remote tunnel id
if conf.exists('peer-tunnel-id'):
l2tpv3['peer_tunnel_id'] = conf.return_value('peer-tunnel-id')
# Remote address of L2TPv3 tunnel
if conf.exists('remote-ip'):
l2tpv3['remote_address'] = conf.return_value('remote-ip')
# Local session id
if conf.exists('session-id'):
l2tpv3['session_id'] = conf.return_value('session-id')
# get local tunnel port
if conf.exists('source-port'):
l2tpv3['local_port'] = conf.return_value('source-port')
# get local tunnel id
if conf.exists('tunnel-id'):
l2tpv3['tunnel_id'] = conf.return_value('tunnel-id')
return l2tpv3
def get_config(arguments):
dns = deepcopy(default_config_data)
conf = Config()
base = ['service', 'dns', 'forwarding']
if arguments.dhclient:
conf.exists = conf.exists_effective
conf.return_value = conf.return_effective_value
conf.return_values = conf.return_effective_values
if not conf.exists(base):
return None
conf.set_level(base)
if conf.exists(['allow-from']):
dns['allow_from'] = conf.return_values(['allow-from'])
if conf.exists(['cache-size']):
cache_size = conf.return_value(['cache-size'])
dns['cache_size'] = cache_size
if conf.exists('negative-ttl'):
negative_ttl = conf.return_value(['negative-ttl'])
dns['negative_ttl'] = negative_ttl
if conf.exists(['domain']):
for node in conf.list_nodes(['domain']):
servers = conf.return_values(['domain', node, 'server'])
domain = {"name": node, "servers": bracketize_ipv6_addrs(servers)}
dns['domains'].append(domain)
if conf.exists(['ignore-hosts-file']):
dns['export_hosts_file'] = "no"
if conf.exists(['name-server']):
name_servers = conf.return_values(['name-server'])
dns['name_servers'] = dns['name_servers'] + name_servers
if conf.exists(['system']):
conf.set_level(['system'])
system_name_servers = []
system_name_servers = conf.return_values(['name-server'])
if not system_name_servers:
print(
"DNS forwarding warning: No name-servers set under 'system name-server'\n"
)
else:
dns['name_servers'] = dns['name_servers'] + system_name_servers
conf.set_level(base)
dns['name_servers'] = bracketize_ipv6_addrs(dns['name_servers'])
if conf.exists(['listen-address']):
dns['listen_on'] = conf.return_values(['listen-address'])
if conf.exists(['dnssec']):
dns['dnssec'] = conf.return_value(['dnssec'])
# Add name servers received from DHCP
if conf.exists(['dhcp']):
interfaces = []
interfaces = conf.return_values(['dhcp'])
hc = hostsd_client()
for interface in interfaces:
dhcp_resolvers = hc.get_name_servers(f'dhcp-{interface}')
dhcpv6_resolvers = hc.get_name_servers(f'dhcpv6-{interface}')
if dhcp_resolvers:
dns['name_servers'] = dns['name_servers'] + dhcp_resolvers
if dhcpv6_resolvers:
dns['name_servers'] = dns['name_servers'] + dhcpv6_resolvers
return dns
