Version 3.9.0

.gitignore

@@ -115,3 +115,5 @@ ifupdown2/ifdown
 ifupdown2/ifquery
 ifupdown2/ifreload
 ifupdown2/ifup
+
+tests/results

debian/changelog

@@ -1,3 +1,35 @@
+ifupdown2 (3.9.0) unstable; urgency=medium
+
+  * New: ifreload: new --diff cli argument: only reload delta between /e/n/i
+  * New: Support for Per-VLAN Rapid Spanning Tree attributes:
+    mstpctl-pvrst-mode (on/off): Enable/disable PVRST mode
+    mstpctl-vlan-priority (range 4096-32768)
+    mstpctl-vlan-hello (range 1-10)
+    mstpctl-vlan-fdelay (range 4-30)
+    mstpctl-vlan-maxage (range 6-40)
+    mstpctl-port-vlan-path-cost (range 1-200000000)
+    mstpctl-port-vlan-priority  (range 0-240)
+  * New: Get default mac address from policy file as 'address' iface_default
+  * New: Enable per vlan snooping when config mcqv4src
+  * New: Add vxlan hopping filter
+  * New: Add support for setting mac addresses via iface_defaults policy
+  * New: Reset mac address on switch port when 'hwaddress' is removed from eni
+  * New: Policy "dhclient_no_wait_on_reload": dhclient won't wait (default off)
+  * Fix: Bring DHCP config down if link-down yes is set
+  * Fix: Various code cleanups (SonarQube)
+  * Fix: Macvlan/VRR: set accept_dad=0 before link up
+  * Fix: Flush DHCP lease on boot up
+  * Fix: Disable persistent debug log for ifquery
+  * Fix:
+  * Fix: Vxlan clear last fdb entry when remoteip is removed from user config
+  * Fix: Vxlan reset local and group ip when removed from user config
+  * Fix: Re-applying link-speed to reset link-lanes to default when removed
+  * Fix: Missing json import in networkinterfaces.py and vxlan.py
+  * Fix: Nlmanager Invalid operation on null-like value range_flag
+  * Deprecated: remove bridge-hashel default value
+
+ -- Julien Fortin <[email protected]>  Wed, 04 Dec 2024 23:42:00 -0800
+
 ifupdown2 (3.3.0) unstable; urgency=medium
 
   * New: performance improvement: replace glob.glob with os.listdir

ifupdown2/__init__.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-__version__ = '3.0.0'
+__version__ = '3.9.0'
 
 # Copyright (C) 2014,2015,2016,2017,2018,2019,2020 Cumulus Networks, Inc. All rights reserved
 #

ifupdown2/__main__.py

@@ -26,10 +26,13 @@
 import os
 import sys
 
+sys.path.insert(0, "/root/ifupdown2/ifupdown2")
+#sys.path.append("/usr/share/ifupdown2/")
+
 try:
     from ifupdown2.lib.log import LogManager, root_logger
     from ifupdown2.lib.status import Status
-except Exception:
+except ModuleNotFoundError:
     from lib.log import LogManager, root_logger
     from lib.status import Status
 
@@ -47,7 +50,7 @@
 
     from ifupdown2.ifupdown.client import Client
     from ifupdown2.ifupdown.exceptions import ArgvParseHelp, ArgvParseError
-except Exception:
+except ModuleNotFoundError:
     import ifupdown.config as config
 
     config.__version__ = __import__("__init__").__version__

ifupdown2/addons/address.py

@@ -4,6 +4,7 @@
 # Author: Roopa Prabhu, [email protected]
 #
 
+import re
 import socket
 import json
 import time
@@ -12,7 +13,7 @@
 from setuptools.dist import strtobool
 
 try:
-    from ifupdown2.lib.addon import AddonWithIpBlackList
+    from ifupdown2.lib.addon import AddonWithIpBlackList, AddonException
     from ifupdown2.nlmanager.nlmanager import Link
 
     from ifupdown2.ifupdown.iface import ifaceType, ifaceLinkKind, ifaceLinkPrivFlags, ifaceStatus, iface
@@ -27,8 +28,8 @@
     import ifupdown2.ifupdown.policymanager as policymanager
     import ifupdown2.ifupdown.ifupdownflags as ifupdownflags
     import ifupdown2.ifupdown.ifupdownconfig as ifupdownconfig
-except (ImportError, ModuleNotFoundError):
-    from lib.addon import AddonWithIpBlackList
+except ImportError:
+    from lib.addon import AddonWithIpBlackList, AddonException
     from nlmanager.nlmanager import Link
 
     from ifupdown.iface import ifaceType, ifaceLinkKind, ifaceLinkPrivFlags, ifaceStatus, iface
@@ -269,6 +270,9 @@ def __init__(self, *args, **kargs):
         self.logger.debug(f"policy: default_loopback_scope set to {self.default_loopback_scope}")
         self.valid_scopes = self.get_mod_subattr("scope", "validvals")
 
+        self.mac_regex = re.compile(r"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$")
+
+
     def __policy_get_default_mtu(self):
         default_mtu = policymanager.policymanager_api.get_attr_default(
             module_name=self.__class__.__name__,
@@ -373,12 +377,12 @@ def syntax_check_enable_l3_iface_forwardings(self, ifaceobj, ifaceobj_getfunc, s
 
                 if vlan_addr and vlan_ipforward_off:
                     if syntax_check:
-                        raise Exception(
+                        raise AddonException(
                             'configuring ip-forward off and ip address(es) (%s) is not compatible'
                             % (', '.join(vlan_addr))
                         )
                     else:
-                        raise Exception(
+                        raise AddonException(
                             '%s: configuring ip-forward off and ip address(es) (%s) is not compatible'
                             % (ifname, ', '.join(vlan_addr))
                         )
@@ -419,7 +423,7 @@ def syntax_check_addr_allowed_on(self, ifaceobj, syntax_check=False):
     def _syntax_check_multiple_gateway(self, family, found, addr, version):
         if ipnetwork.IPNetwork(addr).version == version:
             if found:
-                raise Exception('%s: multiple gateways for %s family'
+                raise AddonException('%s: multiple gateways for %s family'
                                 % (addr, family))
             return True
         return False
@@ -457,11 +461,10 @@ def _process_bridge(self, ifaceobj, up, hwaddress, old_mac_addr=None):
         arp_accept = utils.boolean_support_binary(arp_accept)
         is_vlan_dev_on_vlan_aware_bridge = False
         is_bridge = self.cache.get_link_kind(ifaceobj.name) == 'bridge'
-        if not is_bridge:
-            if ifaceobj.link_kind & ifaceLinkKind.VLAN:
-                bridgename = ifaceobj.lowerifaces[0]
-                vlan = self._get_vlan_id(ifaceobj)
-                is_vlan_dev_on_vlan_aware_bridge = self.cache.bridge_is_vlan_aware(bridgename)
+        if not is_bridge and ifaceobj.link_kind & ifaceLinkKind.VLAN:
+            bridgename = ifaceobj.lowerifaces[0]
+            vlan = self._get_vlan_id(ifaceobj)
+            is_vlan_dev_on_vlan_aware_bridge = self.cache.bridge_is_vlan_aware(bridgename)
         if ((is_bridge and not self.cache.bridge_is_vlan_aware(ifaceobj.name))
                         or is_vlan_dev_on_vlan_aware_bridge):
             if self._address_valid(addrs):
@@ -499,6 +502,33 @@ def _process_bridge(self, ifaceobj, up, hwaddress, old_mac_addr=None):
             else:
                 self.iproute2.bridge_fdb_del(bridgename, hwaddress, vlan)
 
+        if is_bridge:
+            # Get the link hwaddress of bridge if we cannot find it in defaults
+            if not hwaddress:
+                hwaddress = self.cache.get_link_address(ifaceobj.name)
+
+            # we need to do an fdb check during bridge processing and purge stale macs
+            fdbs = self._get_bridge_fdbs(ifaceobj.name)
+
+            # Save the permanent MACs for comparison too, as this can be used to preserve
+            # perm entries for VRR interfaces.
+            valid_macs = set([utils.mac_str_to_int(i) for i in fdbs.get('permanent', [])])
+            # Add the actual bridge MAC to this set too.
+            valid_macs.add(utils.mac_str_to_int(hwaddress))
+
+            # Now iterate and purge if it's not a valid mac.
+            for vlan, macs in fdbs.items():
+                for mac in macs:
+                    if utils.mac_str_to_int(mac) not in valid_macs:
+                        self.logger.info(f"{ifaceobj.name}: stale fdb entry ({mac}) detected on vlan {vlan}")
+                        try:
+                            if vlan == 'permanent':
+                                self.iproute2.bridge_fdb_del(ifaceobj.name, mac)
+                            else:
+                                self.iproute2.bridge_fdb_del(ifaceobj.name, mac, vlan)
+                        except Exception as e:
+                            self.logger.debug(f"{ifaceobj.name}: bridge_fdb_del failed: {str(e)}")
+
     def __get_ip_addr_with_attributes(self, ifaceobj_list, ifname):
         user_config_ip_addrs_list = []
 
@@ -809,6 +839,16 @@ def _check_mtu_config(self, ifaceobj, mtu_str, mtu_int, ifaceobj_getfunc, syntax
         return retval
 
     def _propagate_mtu_to_upper_devs(self, ifaceobj, mtu_str, mtu_int, ifaceobj_getfunc):
+        if not (
+                (not ifupdownflags.flags.ALL or ifupdownconfig.diff_mode) and
+                not ifaceobj.link_kind and
+                ifupdownconfig.config.get('adjust_logical_dev_mtu', '1') != '0'
+        ):
+            # This is additional cost to us, so do it only when
+            # ifupdown2 is called on a particular interface and
+            # it is a physical interface (or diff mode)
+            return
+
         if (not ifaceobj.upperifaces or
             (ifaceobj.link_privflags & ifaceLinkPrivFlags.BOND_SLAVE) or
             (ifaceobj.link_privflags & ifaceLinkPrivFlags.VRF_SLAVE) or
@@ -832,18 +872,9 @@ def _process_mtu_config_mtu_valid(self, ifaceobj, ifaceobj_getfunc, mtu_str, mtu
 
         if mtu_int != self.cache.get_link_mtu(ifaceobj.name):
             self.sysfs.link_set_mtu(ifaceobj.name, mtu_str=mtu_str, mtu_int=mtu_int)
+            self._propagate_mtu_to_upper_devs(ifaceobj, mtu_str, mtu_int, ifaceobj_getfunc)
 
-            if (not ifupdownflags.flags.ALL and
-                    not ifaceobj.link_kind and
-                    ifupdownconfig.config.get('adjust_logical_dev_mtu', '1') != '0'):
-                # This is additional cost to us, so do it only when
-                # ifupdown2 is called on a particular interface and
-                # it is a physical interface
-                self._propagate_mtu_to_upper_devs(ifaceobj, mtu_str, mtu_int, ifaceobj_getfunc)
-        return
-
-    def _process_mtu_config_mtu_none(self, ifaceobj):
-
+    def _process_mtu_config_mtu_none(self, ifaceobj, ifaceobj_getfunc):
         if (ifaceobj.link_privflags & ifaceLinkPrivFlags.MGMT_INTF):
             return
 
@@ -888,6 +919,8 @@ def _process_mtu_config_mtu_none(self, ifaceobj):
             # on which devices we want to reset mtu to default.
             # essentially only physical interfaces which are not bond slaves
             self.sysfs.link_set_mtu(ifaceobj.name, mtu_str=self.default_mtu, mtu_int=self.default_mtu_int)
+            if ifupdownconfig.diff_mode:
+                self._propagate_mtu_to_upper_devs(ifaceobj, self.default_mtu, self.default_mtu_int, ifaceobj_getfunc)
 
     def _set_bridge_forwarding(self, ifaceobj):
         """ set ip forwarding to 0 if bridge interface does not have a
@@ -1032,7 +1065,7 @@ def process_mtu(self, ifaceobj, ifaceobj_getfunc):
 
             self._process_mtu_config_mtu_valid(ifaceobj, ifaceobj_getfunc, mtu_str, mtu_int)
         else:
-            self._process_mtu_config_mtu_none(ifaceobj)
+            self._process_mtu_config_mtu_none(ifaceobj, ifaceobj_getfunc)
 
     def up_ipv6_addrgen(self, ifaceobj):
         user_configured_ipv6_addrgen = ifaceobj.get_attr_value_first('ipv6-addrgen')
@@ -1216,6 +1249,28 @@ def _up(self, ifaceobj, ifaceobj_getfunc=None):
             return
         self._settle_dad(ifaceobj, [ip for ip, _ in user_addrs_list if ip.version == 6])
 
+    def validate_mac(self, mac):
+        if not mac:
+            return False
+        if not bool(self.mac_regex.match(mac)):
+            raise Exception("Invalid MAC address from policy: %s" % mac)
+        return True
+
+    def process_hwaddress_reset_to_default(self, ifaceobj):
+        if not ifaceobj.link_kind and ifaceobj.link_privflags & ifaceLinkPrivFlags.BOND_SLAVE:
+            # if the switch port is part of a bond we shouldn't revert the mac address
+            return None
+
+        iface_defaults = policymanager.policymanager_api.get_iface_defaults("address")
+
+        if iface_defaults:
+            interface_mac_default = iface_defaults.get(ifaceobj.name, {}).get("hwaddress")
+
+            if self.validate_mac(interface_mac_default):
+                return interface_mac_default
+
+        return None
+
     def process_hwaddress(self, ifaceobj):
         hwaddress = self._get_hwaddress(ifaceobj)
 
@@ -1230,7 +1285,9 @@ def process_hwaddress(self, ifaceobj):
                 if not hwaddress:
                     return None, None
             else:
-                return None, None
+                hwaddress = self.process_hwaddress_reset_to_default(ifaceobj)
+                if not hwaddress:
+                    return None, None
 
         if not ifupdownflags.flags.PERFMODE:  # system is clean
             running_hwaddress = self.cache.get_link_address(ifaceobj.name)
@@ -1249,6 +1306,11 @@ def process_hwaddress(self, ifaceobj):
                     self.netlink.link_down(l)
                 slave_down = True
             try:
+                if ifaceobj.link_privflags & ifaceLinkPrivFlags.BOND_SLAVE and ifaceobj.get_attr_value("hwaddress"):
+                    master_ifname = self.cache.get_master(ifaceobj.name)
+                    if master_ifname:
+                        self.log_error("%s: setting hwaddress is not permitted on an existing bond slave" % ifaceobj.name, ifaceobj=ifaceobj)
+
                 self.netlink.link_set_address(
                     ifaceobj.name,
                     hwaddress,
@@ -1306,26 +1368,33 @@ def _down(self, ifaceobj, ifaceobj_getfunc=None):
                 if alias:
                     self.sysfs.link_set_alias(ifaceobj.name, None)  # None to reset alias.
 
-            # XXX hwaddress reset cannot happen because we dont know last
-            # address.
+            hwaddress = self.process_hwaddress_reset_to_default(ifaceobj)
+            if hwaddress != None and not ifaceobj.link_kind:
+                hwaddress_int = utils.mac_str_to_int(hwaddress)
+                self.netlink.link_set_address(
+                    ifaceobj.name,
+                    hwaddress,
+                    hwaddress_int,
+                    keep_link_down=ifaceobj.link_privflags & ifaceLinkPrivFlags.KEEP_LINK_DOWN
+                )
+            else:
+              # Handle special things on a bridge
+              hwaddress = self._get_hwaddress(ifaceobj)
+              if not hwaddress:
+                  hwaddress = self.cache.get_link_address(ifaceobj.name)
 
-            # Handle special things on a bridge
-            hwaddress = self._get_hwaddress(ifaceobj)
-            if not hwaddress:
-                hwaddress = self.cache.get_link_address(ifaceobj.name)
             self._process_bridge(ifaceobj, False, hwaddress, None)
         except Exception as e:
             self.logger.debug('%s : %s' %(ifaceobj.name, str(e)))
-            pass
 
-    def _get_bridge_fdbs(self, bridgename, vlan):
+    def _get_bridge_fdbs(self, bridgename, vlan=None):
         fdbs = self._bridge_fdb_query_cache.get(bridgename)
         if not fdbs:
            fdbs = self.iproute2.bridge_fdb_show_dev(bridgename)
            if not fdbs:
-              return
+              return {}
            self._bridge_fdb_query_cache[bridgename] = fdbs
-        return fdbs.get(vlan)
+        return fdbs.get(vlan) if vlan else fdbs
 
     def _check_addresses_in_bridge(self, ifaceobj, hwaddress):
         """ If the device is a bridge, make sure the addresses
@@ -1381,7 +1450,6 @@ def _query_sysctl(self, ifaceobj, ifaceobjcurr):
             ifaceobjcurr.update_config_with_status('mpls-enable',
                                                    running_mpls_enable,
                                             mpls_enable != running_mpls_enable)
-        return
 
     def query_check_ipv6_addrgen(self, ifaceobj, ifaceobjcurr):
         ipv6_addrgen = ifaceobj.get_attr_value_first('ipv6-addrgen')
@@ -1417,15 +1485,13 @@ def _query_check(self, ifaceobj, ifaceobjcurr, ifaceobj_getfunc=None):
         """
         TODO: Check broadcast address, scope, etc
         """
-        runningaddrsdict = None
         if not self.cache.link_exists(ifaceobj.name):
             self.logger.debug('iface %s not found' %ifaceobj.name)
             return
 
         self.query_check_disable_ipv6(ifaceobj, ifaceobjcurr)
         self.query_check_ipv6_addrgen(ifaceobj, ifaceobjcurr)
 
-        addr_method = ifaceobj.addr_method
         self.query_n_update_ifaceobjcurr_attr(ifaceobj, ifaceobjcurr,
                 'mtu', self.cache.get_link_mtu_str)
         hwaddress = self._get_hwaddress(ifaceobj)