Commit Graph

404 Commits

Author SHA1 Message Date
f961e41ce6 Add address.get_canonical() and is_canonical()
These functions will take either an IPv4/IPv6 address, or an IPv4/IPv6
prefix, and cast them to their canonical form. Notably for IPv6 addresses,
this means lower case and with the 0-tuples correctly formatted:

2001:DB8::1 becomes 2001:db8::1
2001:db8:0:0::1 becomes 2001:db8::1

This avoids spurious diffs in vppcfg when comparing to the output of the VPP
dataplane.
2023-06-23 00:30:03 +02:00
cf5f1f0944 Add device-type, to ensure that plan --novpp generates MTU statements 2023-06-23 00:30:03 +02:00
3249432681 Move to checkout@v3 for node 16 2023-06-23 00:30:03 +02:00
8cf915e873 Bugfix: Run vppcfg plan --novpp cleanly with bondethernet and MAC addresses 2023-06-23 00:30:03 +02:00
d804422f55 Merge pull request #13 from pimvanpelt/mpls_iface
Support MPLS Interfaces
2023-06-23 00:17:57 +02:00
20b29735fc Merge pull request #12 from najieb/main
Update schema.yaml to allow for DPDK interfaces that have hexadecimal names, such as `GigabitEthernetb/0/0`. h/t najieb for the simple fix.
2023-06-23 00:13:06 +02:00
1dc9b4f393 Protect API calls that are missing, print a warning 2023-06-11 18:55:44 +02:00
d274a47888 Add documentation for MPLS on loopback interfaces 2023-06-11 18:45:30 +02:00
0cf4473ca1 Set MPLS for loopback and interface. Allow for --novpp and VPP changes 2023-06-11 18:43:43 +02:00
9efcf345e0 Allow MPLS on loopbacks too -- needed for BVIs and such. Add tests. 2023-06-11 18:18:05 +02:00
4681aec952 Add MPLS config option and interface.is_mpls()
Also add tests and documentation
2023-06-11 18:05:33 +02:00
7b160c9a82 Update schema.yaml 2023-05-31 10:04:36 +07:00
85e553c437 Fix some formatting issues 2023-05-25 18:32:54 +02:00
d5dbd11d2d Cut 0.0.4 2023-05-25 18:29:52 +02:00
0183822505 Add address.get_canonical() and is_canonical()
These functions will take either an IPv4/IPv6 address, or an IPv4/IPv6
prefix, and cast them to their canonical form. Notably for IPv6 addresses,
this means lower case and with the 0-tuples correctly formatted:

2001:DB8::1 becomes 2001:db8::1
2001:db8:0:0::1 becomes 2001:db8::1

This avoids spurious diffs in vppcfg when comparing to the output of the VPP
dataplane.
2023-05-25 18:29:52 +02:00
abd3b2adbc Add address.get_canonical() and is_canonical()
These functions will take either an IPv4/IPv6 address, or an IPv4/IPv6
prefix, and cast them to their canonical form. Notably for IPv6 addresses,
this means lower case and with the 0-tuples correctly formatted:

2001:DB8::1 becomes 2001:db8::1
2001:db8:0:0::1 becomes 2001:db8::1

This avoids spurious diffs in vppcfg when comparing to the output of the VPP
dataplane.
2023-05-25 18:24:46 +02:00
9d1d8a32d6 Add device-type, to ensure that plan --novpp generates MTU statements 2023-05-25 16:56:53 +02:00
adf4378239 Move to checkout@v3 for node 16 2023-02-25 13:37:42 +01:00
0a0413927a Bugfix: Run vppcfg plan --novpp cleanly with bondethernet and MAC addresses 2023-02-25 13:15:24 +01:00
b890a08c7e Collapse the error messages to force consistency 2023-01-16 22:22:27 +00:00
818c45e09c acl: consistency in error messages, reformatted, and updated unittests 2023-01-16 22:20:41 +00:00
7914659fa5 icmp-type/code also match for proto 58 (ipv6-icmp) 2023-01-16 21:09:08 +00:00
c190dfbd2b Add a warning in case the tag contains ' or " characters 2023-01-16 20:57:49 +00:00
5fd2d0859c Remove dangling file 2023-01-16 19:52:46 +00:00
16e946c92c Copy over the acl.tag into the description when dumping 2023-01-16 19:12:33 +00:00
ace08ac052 Refuse to work with ACLs if there are duplicate tags -- it means something/somebody has been inserting them outside of vppcfg, and this breaks the requirement that vppcfg.acls. is the same uniquely identified vpp.acl.tag 2023-01-16 19:07:04 +00:00
f654e78ed5 Fix pylint warning 2023-01-16 18:00:24 +00:00
02ca2e22cd acl: add dumper for acls
A reasonable attempt will be made to shorten the output of terms, but
due to the nature of the ACL plugin in VPP, all ACLs will be unrolled
into their individual ACEs (called 'terms').

- src/dst-port will only be emitted with UDP/TCP
- icmp-typc/code will only be emitted with ICMP/ICMPv6
- icmp-code/type and source/destination-ports ranges will be collapsed
  where appropriate.
- if protocol is 0, only L3 information will be emitted

NOTE: a bug in the VPP plugin will allow for ICMP 'sport' and 'dport'
upper value to be 16 bits. If an ACE is retrieved from the dataplane
regarding an ICMP or ICMPv6 (referring the 16 bit values to icmp type
and code), they will be truncated and a warning issued.
2023-01-16 17:12:48 +00:00
efef03ea42 address pylint 2023-01-16 14:41:07 +00:00
9a175e1bba Add an ACE with a an example prefixlist 2023-01-16 14:36:05 +00:00
5824af9666 Add a unit test for empty src/dst 2023-01-16 14:30:56 +00:00
a282a5358a acl: rework source/destination
For ACE 'source' and 'destination' is now possible to specify one of:
- ipv4 or ipv6 address
- ipv4 or ipv6 prefix
- name of a prefixlist

The validator resolves the src/dst network list, optionally filtering
this with the desired 'family' (which defaults to 'any'). Errors are
raised if the resulting src/dst network lists do not overlap, that is
to say if all src entries are IPv4 but there are no IPv4 dst entries
and vise-versa.

*  Update the example to have a 'trusted' prefixlist.
*  Update the unit tests to use the new error message(s).
2023-01-16 14:24:36 +00:00
0e4490fc06 Make 'any' a reserved name for prefixlists 2023-01-16 14:20:07 +00:00
8a7c690ee5 Add ability to filter get_network_list() by ipv4 or ipv6, and add tests 2023-01-16 12:15:41 +00:00
4e2354c3d8 Add acl.get_network_list() + tests; Update docs to reference the ability to use prefixlist as a source/destination 2023-01-16 12:03:34 +00:00
a274fdc2af Add prefixlist.get_network_list() + tests 2023-01-16 12:01:29 +00:00
597981e79b Add prefixlist (mixed IPv4 and IPv6, containing either IP addresses or prefixes + tests 2023-01-16 10:15:57 +00:00
f0da3abe6e Add an ACL yaml unit test, to cover get_acls() and get_by_name() 2023-01-16 09:42:22 +00:00
adf7c7eb24 formatting with black 2023-01-16 01:13:27 +00:00
7fd47c0854 acl: Add the aclname to error messages 2023-01-16 01:12:16 +00:00
56ffe52e20 acl: semantic validation 2023-01-16 01:09:23 +00:00
6990fb691d Allow src/dst to also be an IP address 2023-01-16 00:16:17 +00:00
b08e97107e Add first semantic check + unittest 2023-01-15 22:24:13 +00:00
da7609a685 acls: Syntax schema, example and docs
First stab at integrating the acl-plugin from VPP. Allow to craft ACLs
consisting of one-or-more ACEs (this is ensured by 'terms' being
required with min=1), and a rich language to be able to set any L3
and L4 (UDP, ICMP, TCP) matchers that the plugin provides.

Explain how the syntax will look like, although for now only YAMALE
syntax checking can be performed (semantic validation is next).

TESTED:
pim@hippo:~/src/vppcfg/vppcfg$ ./vppcfg.py check -c example.yaml
[INFO    ] root.main: Loading configfile example.yaml
[INFO    ] vppcfg.config.valid_config: Configuration validated successfully
[INFO    ] root.main: Configuration is valid
2023-01-15 21:41:58 +00:00
21d38ebd64 build: allow python3.8 and higher (due to dictionary merging code) 2022-12-03 17:03:19 +00:00
47cdd74d75 Typo fix 2022-12-03 16:22:30 +00:00
c7bf763d1f Remove OpenBSD, vppcfg won't run there. Specify Ubuntu and Debian instead 2022-12-03 16:21:42 +00:00
9e3761869c Fix testing instructions 2022-12-03 16:20:04 +00:00
ac13f54ab5 Release vppcfg 0.0.3 2022-12-03 16:18:26 +00:00
305a30b1a1 feature: stateless planning
Add a  feature to plan a configuration without reading from the VPP Dataplane.

In this mode, the configuration file is read and validated in the same way as `check` or `plan`,
but then instead of retrieving the running state from the VPP API, a state is re-created using
the physical interfaces specified in the YAML config.

Implement this by creating vppapi:mockconfig() which reads the 'interfaces' scope from the YAML
config file, and creates a VPPMessage() of type sw_interface_details for each interface that is a
PHY (for now, only supporting device-type 'dpdk').

If the flag --novpp is specified in the planner, call mockconfig() instead of readconfig().

Some further details:
- if the MAC is not set in the YAML config, it won't be set in the output exec file.
- for bondethernets, no MAC can be generated unless it's set in the first member.
- the MTU is always set, because it's mocked to 64b and the YAML file will always be higher.

TESTED:
- the unit tests and YAML tests all pass
- the integration tests all pass, but they do not call this new codepath

- Based on an empty VPP on Hippo, I compared the output of these two, side by side:
for i in intest/*yaml; do ./vppcfg.py plan -c $i -o /tmp/$i-vpp.exec; done
for i in intest/*yaml; do ./vppcfg.py plan --novpp -c $i -o /tmp/$i-novpp.exec; done

==> The only changes here are:
* if I cannot determine the bondether MAC in the --novpp case, it is not emitted
* if the MAC address is set in the YAML file, the --novpp case will always emit it
* if VPP has mtu 9000, the --novpp case will end up still emitting interface and packet MTU,
  because it mocks the interface MTU at 64.

In all cases, --novpp emits more configuration statements, and the statements that it emits are
redundant.
2022-12-03 16:03:38 +00:00