diff --git a/python/vyos/util.py b/python/vyos/util.py
index d2e58bef2..cc7ce5b40 100644
--- a/python/vyos/util.py
+++ b/python/vyos/util.py
@@ -1,193 +1,202 @@
# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library. If not, see <http://www.gnu.org/licenses/>.
import os
import re
import grp
import sys
import time
import subprocess
import psutil
import vyos.defaults
def read_file(path):
""" Read a file to string """
with open(path, 'r') as f:
data = f.read().strip()
return data
def colon_separated_to_dict(data_string, uniquekeys=False):
""" Converts a string containing newline-separated entries
of colon-separated key-value pairs into a dict.
Such files are common in Linux /proc filesystem
Args:
data_string (str): data string
uniquekeys (bool): whether to insist that keys are unique or not
Returns: dict
Raises:
ValueError: if uniquekeys=True and the data string has
duplicate keys.
Note:
If uniquekeys=True, then dict entries are always strings,
otherwise they are always lists of strings.
"""
key_value_re = re.compile('([^:]+)\s*\:\s*(.*)')
data_raw = re.split('\n', data_string)
data = {}
for l in data_raw:
l = l.strip()
if l:
match = re.match(key_value_re, l)
if match:
key = match.groups()[0].strip()
value = match.groups()[1].strip()
if key in data.keys():
if uniquekeys:
raise ValueError("Data string has duplicate keys: {0}".format(key))
else:
data[key].append(value)
else:
if uniquekeys:
data[key] = value
else:
data[key] = [value]
else:
pass
return data
def process_running(pid_file):
""" Checks if a process with PID in pid_file is running """
with open(pid_file, 'r') as f:
pid = f.read().strip()
return psutil.pid_exists(int(pid))
def seconds_to_human(s, separator=""):
""" Converts number of seconds passed to a human-readable
interval such as 1w4d18h35m59s
"""
s = int(s)
week = 60 * 60 * 24 * 7
day = 60 * 60 * 24
hour = 60 * 60
remainder = 0
result = ""
weeks = s // week
if weeks > 0:
result = "{0}w".format(weeks)
s = s % week
days = s // day
if days > 0:
result = "{0}{1}{2}d".format(result, separator, days)
s = s % day
hours = s // hour
if hours > 0:
result = "{0}{1}{2}h".format(result, separator, hours)
s = s % hour
minutes = s // 60
if minutes > 0:
result = "{0}{1}{2}m".format(result, separator, minutes)
s = s % 60
seconds = s
if seconds > 0:
result = "{0}{1}{2}s".format(result, separator, seconds)
return result
def get_cfg_group_id():
group_data = grp.getgrnam(vyos.defaults.cfg_group)
return group_data.gr_gid
def file_is_persistent(path):
if not re.match(r'^(/config|/opt/vyatta/etc/config)', os.path.dirname(path)):
warning = "Warning: file {0} is outside the /config directory\n".format(path)
warning += "It will not be automatically migrated to a new image on system update"
return (False, warning)
else:
return (True, None)
def commit_in_progress():
""" Not to be used in normal op mode scripts! """
# The CStore backend locks the config by opening a file
# The file is not removed after commit, so just checking
# if it exists is insufficient, we need to know if it's open by anyone
# There are two ways to check if any other process keeps a file open.
# The first one is to try opening it and see if the OS objects.
# That's faster but prone to race conditions and can be intrusive.
# The other one is to actually check if any process keeps it open.
# It's non-intrusive but needs root permissions, else you can't check
# processes of other users.
#
# Since this will be used in scripts that modify the config outside of the CLI
# framework, those knowingly have root permissions.
# For everything else, we add a safeguard.
id = subprocess.check_output(['/usr/bin/id', '-u']).decode().strip()
if id != '0':
raise OSError("This functions needs root permissions to return correct results")
for proc in psutil.process_iter():
try:
files = proc.open_files()
if files:
for f in files:
if f.path == vyos.defaults.commit_lock:
return True
except psutil.NoSuchProcess as err:
# Process died before we could examine it
pass
# Default case
return False
def wait_for_commit_lock():
""" Not to be used in normal op mode scripts! """
# Very synchronous approach to multiprocessing
while commit_in_progress():
time.sleep(1)
def ask_yes_no(question, default=False) -> bool:
"""Ask a yes/no question via input() and return their answer."""
default_msg = "[Y/n]" if default else "[y/N]"
while True:
sys.stdout.write("%s %s " % (question, default_msg))
c = input().lower().strip()
if c == '':
return default
elif c in ("y", "ye", "yes"):
return True
elif c in ("n", "no"):
return False
else:
sys.stdout.write("Please respond with yes/y or no/n\n")
+
+def process_named_running(name):
+ """ Checks if process with given name is running and returns its PID.
+ If Process is not running, return None
+ """
+ for p in psutil.process_iter():
+ if name in p.name():
+ return p.pid
+ return None
diff --git a/src/conf_mode/igmp_proxy.py b/src/conf_mode/igmp_proxy.py
index cd0704124..0e1c2c569 100755
--- a/src/conf_mode/igmp_proxy.py
+++ b/src/conf_mode/igmp_proxy.py
@@ -1,182 +1,193 @@
#!/usr/bin/env python3
#
# Copyright (C) 2018 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
import sys
import os
import jinja2
from netifaces import interfaces
from vyos.config import Config
from vyos import ConfigError
config_file = r'/etc/igmpproxy.conf'
# Please be careful if you edit the template.
config_tmpl = """
########################################################
#
# autogenerated by igmp_proxy.py
#
# The configuration file must define one upstream
# interface, and one or more downstream interfaces.
#
# If multicast traffic originates outside the
# upstream subnet, the "altnet" option can be
# used in order to define legal multicast sources.
# (Se example...)
#
# The "quickleave" should be used to avoid saturation
# of the upstream link. The option should only
# be used if it's absolutely nessecary to
# accurately imitate just one Client.
#
########################################################
{% if not disable_quickleave -%}
quickleave
{% endif -%}
{% for interface in interfaces %}
# Configuration for {{ interface.name }} ({{ interface.role }} interface)
{% if interface.role == 'disabled' -%}
phyint {{ interface.name }} disabled
{%- else -%}
phyint {{ interface.name }} {{ interface.role }} ratelimit 0 threshold {{ interface.threshold }}
{%- endif -%}
{%- for subnet in interface.alt_subnet %}
altnet {{ subnet }}
{%- endfor %}
{%- for subnet in interface.whitelist %}
whitelist {{ subnet }}
{%- endfor %}
{% endfor %}
"""
default_config_data = {
'disable': False,
'disable_quickleave': False,
'interfaces': [],
}
def get_config():
igmp_proxy = default_config_data
conf = Config()
+
+ if conf.exists('protocols igmp'):
+ igmp_proxy['igmp_configured'] = True
+
+ if conf.exists('protocols pim'):
+ igmp_proxy['pim_configured'] = True
+
if not conf.exists('protocols igmp-proxy'):
return None
else:
conf.set_level('protocols igmp-proxy')
# Network interfaces to listen on
if conf.exists('disable'):
igmp_proxy['disable'] = True
# Option to disable "quickleave"
if conf.exists('disable-quickleave'):
igmp_proxy['disable_quickleave'] = True
for intf in conf.list_nodes('interface'):
conf.set_level('protocols igmp-proxy interface {0}'.format(intf))
interface = {
'name': intf,
'alt_subnet': [],
'role': 'downstream',
'threshold': '1',
'whitelist': []
}
if conf.exists('alt-subnet'):
interface['alt_subnet'] = conf.return_values('alt-subnet')
if conf.exists('role'):
interface['role'] = conf.return_value('role')
if conf.exists('threshold'):
interface['threshold'] = conf.return_value('threshold')
if conf.exists('whitelist'):
interface['whitelist'] = conf.return_values('whitelist')
# Append interface configuration to global configuration list
igmp_proxy['interfaces'].append(interface)
return igmp_proxy
def verify(igmp_proxy):
# bail out early - looks like removal from running config
if igmp_proxy is None:
return None
# bail out early - service is disabled
if igmp_proxy['disable']:
return None
+ if 'igmp_configured' in igmp_proxy or 'pim_configured' in igmp_proxy:
+ raise ConfigError('Can not configure both IGMP proxy and PIM '\
+ 'at the same time')
+
# at least two interfaces are required, one upstream and one downstream
if len(igmp_proxy['interfaces']) < 2:
raise ConfigError('Must define an upstream and at least 1 downstream interface!')
upstream = 0
for interface in igmp_proxy['interfaces']:
if interface['name'] not in interfaces():
raise ConfigError('Interface "{}" does not exist'.format(interface['name']))
if "upstream" == interface['role']:
upstream += 1
if upstream == 0:
raise ConfigError('At least 1 upstream interface is required!')
elif upstream > 1:
raise ConfigError('Only 1 upstream interface allowed!')
return None
def generate(igmp_proxy):
# bail out early - looks like removal from running config
if igmp_proxy is None:
return None
# bail out early - service is disabled, but inform user
if igmp_proxy['disable']:
print('Warning: IGMP Proxy will be deactivated because it is disabled')
return None
tmpl = jinja2.Template(config_tmpl)
config_text = tmpl.render(igmp_proxy)
with open(config_file, 'w') as f:
f.write(config_text)
return None
def apply(igmp_proxy):
if igmp_proxy is None or igmp_proxy['disable']:
# IGMP Proxy support is removed in the commit
os.system('sudo systemctl stop igmpproxy.service')
if os.path.exists(config_file):
os.unlink(config_file)
else:
os.system('sudo systemctl restart igmpproxy.service')
return None
if __name__ == '__main__':
try:
c = get_config()
verify(c)
generate(c)
apply(c)
except ConfigError as e:
print(e)
sys.exit(1)
diff --git a/src/conf_mode/protocols_igmp.py b/src/conf_mode/protocols_igmp.py
index 983ca4c3a..45ab78419 100755
--- a/src/conf_mode/protocols_igmp.py
+++ b/src/conf_mode/protocols_igmp.py
@@ -1,158 +1,180 @@
#!/usr/bin/env python3
#
# Copyright (C) 2020 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import jinja2
import copy
import os
import vyos.validate
from ipaddress import IPv4Address
from sys import exit
from vyos import ConfigError
from vyos.config import Config
+from vyos.util import process_named_running
+from signal import SIGTERM
+
+# Required to use the full path to pimd, in another case daemon will not be started
+pimd_cmd = 'sudo /usr/lib/frr/pimd -d -F traditional --daemon -A 127.0.0.1'
config_file = r'/tmp/igmp.frr'
config_tmpl = """
!
{% for iface in old_ifaces -%}
interface {{ iface }}
{% for group in old_ifaces[iface].gr_join -%}
{% if old_ifaces[iface].gr_join[group] -%}
{% for source in old_ifaces[iface].gr_join[group] -%}
no ip igmp join {{ group }} {{ source }}
{% endfor -%}
{% else -%}
no ip igmp join {{ group }}
{% endif -%}
{% endfor -%}
no ip igmp
!
{% endfor -%}
{% for iface in ifaces -%}
interface {{ iface }}
{% if ifaces[iface].version -%}
ip igmp version {{ ifaces[iface].version }}
{% else -%}
{# IGMP default version 3 #}
ip igmp
{% endif -%}
{% if ifaces[iface].query_interval -%}
ip igmp query-interval {{ ifaces[iface].query_interval }}
{% endif -%}
{% if ifaces[iface].query_max_resp_time -%}
ip igmp query-max-response-time {{ ifaces[iface].query_max_resp_time }}
{% endif -%}
{% for group in ifaces[iface].gr_join -%}
{% if ifaces[iface].gr_join[group] -%}
{% for source in ifaces[iface].gr_join[group] -%}
ip igmp join {{ group }} {{ source }}
{% endfor -%}
{% else -%}
ip igmp join {{ group }}
{% endif -%}
{% endfor -%}
!
{% endfor -%}
!
"""
def get_config():
conf = Config()
igmp_conf = {
- 'igmp_conf' : False,
+ 'igmp_configured' : False,
+ 'pim_configured' : False,
'old_ifaces' : {},
'ifaces' : {}
}
if not (conf.exists('protocols igmp') or conf.exists_effective('protocols igmp')):
return None
+ if conf.exists('protocols igmp-proxy'):
+ igmp_conf['igmp_proxy_configured'] = True
+
+ if conf.exists('protocols pim'):
+ igmp_conf['pim_configured'] = True
+
if conf.exists('protocols igmp'):
- igmp_conf['igmp_conf'] = True
+ igmp_conf['igmp_configured'] = True
conf.set_level('protocols igmp')
# # Get interfaces
for iface in conf.list_effective_nodes('interface'):
igmp_conf['old_ifaces'].update({
iface : {
'version' : conf.return_effective_value('interface {0} version'.format(iface)),
'query_interval' : conf.return_effective_value('interface {0} query-interval'.format(iface)),
'query_max_resp_time' : conf.return_effective_value('interface {0} query-max-response-time'.format(iface)),
'gr_join' : {}
}
})
for gr_join in conf.list_effective_nodes('interface {0} join'.format(iface)):
igmp_conf['old_ifaces'][iface]['gr_join'][gr_join] = conf.return_effective_values('interface {0} join {1} source'.format(iface, gr_join))
for iface in conf.list_nodes('interface'):
igmp_conf['ifaces'].update({
iface : {
'version' : conf.return_value('interface {0} version'.format(iface)),
'query_interval' : conf.return_value('interface {0} query-interval'.format(iface)),
'query_max_resp_time' : conf.return_value('interface {0} query-max-response-time'.format(iface)),
'gr_join' : {}
}
})
for gr_join in conf.list_nodes('interface {0} join'.format(iface)):
igmp_conf['ifaces'][iface]['gr_join'][gr_join] = conf.return_values('interface {0} join {1} source'.format(iface, gr_join))
return igmp_conf
def verify(igmp):
if igmp is None:
return None
- if igmp['igmp_conf']:
+ if 'igmp_proxy_configured' in igmp:
+ raise ConfigError('Can not configure both IGMP proxy and PIM at the same time')
+
+ if igmp['igmp_configured']:
# Check interfaces
if not igmp['ifaces']:
raise ConfigError("IGMP require defined interfaces!")
# Check, is this multicast group
for intfc in igmp['ifaces']:
for gr_addr in igmp['ifaces'][intfc]['gr_join']:
if IPv4Address(gr_addr) < IPv4Address('224.0.0.0'):
raise ConfigError(gr_addr + " not a multicast group")
def generate(igmp):
if igmp is None:
return None
tmpl = jinja2.Template(config_tmpl)
config_text = tmpl.render(igmp)
with open(config_file, 'w') as f:
f.write(config_text)
return None
def apply(igmp):
if igmp is None:
return None
- if os.path.exists(config_file):
- os.system("sudo vtysh -d pimd -f " + config_file)
- os.remove(config_file)
+ pim_pid = process_named_running('pimd')
+ if igmp['igmp_configured'] or igmp['pim_configured']:
+ if not pim_pid:
+ os.system(pimd_cmd)
+
+ if os.path.exists(config_file):
+ os.system('vtysh -d pimd -f ' + config_file)
+ os.remove(config_file)
+ elif pim_pid:
+ os.kill(int(pim_pid), SIGTERM)
return None
if __name__ == '__main__':
try:
c = get_config()
verify(c)
generate(c)
apply(c)
except ConfigError as e:
print(e)
exit(1)
diff --git a/src/conf_mode/protocols_pim.py b/src/conf_mode/protocols_pim.py
index ee5cc035f..1428c449b 100755
--- a/src/conf_mode/protocols_pim.py
+++ b/src/conf_mode/protocols_pim.py
@@ -1,178 +1,200 @@
#!/usr/bin/env python3
#
# Copyright (C) 2020 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import jinja2
import copy
import os
import vyos.validate
from ipaddress import IPv4Address
from sys import exit
from vyos import ConfigError
from vyos.config import Config
+from vyos.util import process_named_running
+from signal import SIGTERM
+
+# Required to use the full path to pimd, in another case daemon will not be started
+pimd_cmd = 'sudo /usr/lib/frr/pimd -d -F traditional --daemon -A 127.0.0.1'
config_file = r'/tmp/pimd.frr'
config_tmpl = """
!
{% for rp_addr in old_pim.rp -%}
{% for group in old_pim.rp[rp_addr] -%}
no ip pim rp {{ rp_addr }} {{ group }}
{% endfor -%}
{% endfor -%}
{% if old_pim.rp_keep_alive -%}
no ip pim rp keep-alive-timer {{ old_pim.rp_keep_alive }}
{% endif -%}
{% for iface in old_pim.ifaces -%}
interface {{ iface }}
no ip pim
!
{% endfor -%}
{% for iface in pim.ifaces -%}
interface {{ iface }}
ip pim
{% if pim.ifaces[iface].dr_prio -%}
ip pim drpriority {{ pim.ifaces[iface].dr_prio }}
{% endif -%}
{% if pim.ifaces[iface].hello -%}
ip pim hello {{ pim.ifaces[iface].hello }}
{% endif -%}
!
{% endfor -%}
{% for rp_addr in pim.rp -%}
{% for group in pim.rp[rp_addr] -%}
ip pim rp {{ rp_addr }} {{ group }}
{% endfor -%}
{% endfor -%}
{% if pim.rp_keep_alive -%}
ip pim rp keep-alive-timer {{ pim.rp_keep_alive }}
{% endif -%}
!
"""
def get_config():
conf = Config()
pim_conf = {
- 'pim_conf' : False,
+ 'pim_configured' : False,
+ 'igmp_configured' : False,
'old_pim' : {
'ifaces' : {},
'rp' : {}
},
'pim' : {
'ifaces' : {},
'rp' : {}
}
}
if not (conf.exists('protocols pim') or conf.exists_effective('protocols pim')):
return None
if conf.exists('protocols pim'):
- pim_conf['pim_conf'] = True
+ pim_conf['pim_configured'] = True
+
+ if conf.exists('protocols igmp-proxy'):
+ pim_conf['igmp_proxy_configured'] = True
+
+ if conf.exists('protocols igmp'):
+ pim_conf['igmp_configured'] = True
conf.set_level('protocols pim')
# Get interfaces
for iface in conf.list_effective_nodes('interface'):
pim_conf['old_pim']['ifaces'].update({
iface : {
'hello' : conf.return_effective_value('interface {0} hello'.format(iface)),
'dr_prio' : conf.return_effective_value('interface {0} dr-priority'.format(iface))
}
})
for iface in conf.list_nodes('interface'):
pim_conf['pim']['ifaces'].update({
iface : {
'hello' : conf.return_value('interface {0} hello'.format(iface)),
'dr_prio' : conf.return_value('interface {0} dr-priority'.format(iface)),
}
})
conf.set_level('protocols pim rp')
# Get RPs addresses
for rp_addr in conf.list_effective_nodes('address'):
pim_conf['old_pim']['rp'][rp_addr] = conf.return_effective_values('address {0} group'.format(rp_addr))
for rp_addr in conf.list_nodes('address'):
pim_conf['pim']['rp'][rp_addr] = conf.return_values('address {0} group'.format(rp_addr))
# Get RP keep-alive-timer
if conf.exists_effective('rp keep-alive-timer'):
pim_conf['old_pim']['rp_keep_alive'] = conf.return_effective_value('rp keep-alive-timer')
if conf.exists('rp keep-alive-timer'):
pim_conf['pim']['rp_keep_alive'] = conf.return_value('rp keep-alive-timer')
return pim_conf
def verify(pim):
if pim is None:
return None
- if pim['pim_conf']:
+ if 'igmp_proxy_configured' in pim:
+ raise ConfigError('Can not configure both IGMP proxy and PIM at the same time')
+
+ if pim['pim_configured']:
# Check interfaces
if not pim['pim']['ifaces']:
raise ConfigError("PIM require defined interfaces!")
if not pim['pim']['rp']:
raise ConfigError("RP address required")
# Check unique multicast groups
uniq_groups = []
for rp_addr in pim['pim']['rp']:
if not pim['pim']['rp'][rp_addr]:
raise ConfigError("Group should be specified for RP " + rp_addr)
for group in pim['pim']['rp'][rp_addr]:
if (group in uniq_groups):
raise ConfigError("Group range " + group + " specified cannot exact match another")
# Check, is this multicast group
gr_addr = group.split('/')
if IPv4Address(gr_addr[0]) < IPv4Address('224.0.0.0'):
raise ConfigError(group + " not a multicast group")
uniq_groups.extend(pim['pim']['rp'][rp_addr])
def generate(pim):
if pim is None:
return None
tmpl = jinja2.Template(config_tmpl)
config_text = tmpl.render(pim)
with open(config_file, 'w') as f:
f.write(config_text)
return None
def apply(pim):
if pim is None:
return None
- if os.path.exists(config_file):
- os.system("sudo vtysh -d pimd -f " + config_file)
- os.remove(config_file)
+ pim_pid = process_named_running('pimd')
+ if pim['igmp_configured'] or pim['pim_configured']:
+ if not pim_pid:
+ os.system(pimd_cmd)
+
+ if os.path.exists(config_file):
+ os.system('vtysh -d pimd -f ' + config_file)
+ os.remove(config_file)
+ elif pim_pid:
+ os.kill(int(pim_pid), SIGTERM)
return None
if __name__ == '__main__':
try:
c = get_config()
verify(c)
generate(c)
apply(c)
except ConfigError as e:
print(e)
exit(1)