From 8faf67c1fab0eced732cf414d02a6c8d7affc626 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 8 Feb 2025 11:33:21 +0100 Subject: [PATCH 1/2] netplug: T5103: only execute helper scripts on physical interfaces Helper scripts should only work on physical interfaces not on individual sub-interfaces. Moving e.g. a VLAN interface in/out a VRF will also trigger this script which should be prohibited - bail out early --- src/etc/netplug/vyos-netplug-dhcp-client | 32 +++++++++--------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/src/etc/netplug/vyos-netplug-dhcp-client b/src/etc/netplug/vyos-netplug-dhcp-client index 55d15a163d..83fed70f0e 100755 --- a/src/etc/netplug/vyos-netplug-dhcp-client +++ b/src/etc/netplug/vyos-netplug-dhcp-client @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright 2023 VyOS maintainers and contributors +# Copyright 2023-2025 VyOS maintainers and contributors # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -20,10 +20,11 @@ import sys from time import sleep from vyos.configquery import ConfigTreeQuery +from vyos.configdict import get_interface_dict +from vyos.ifconfig import Interface from vyos.ifconfig import Section from vyos.utils.boot import boot_configuration_complete from vyos.utils.commit import commit_in_progress -from vyos.utils.process import call from vyos import airbag airbag.enable() @@ -35,28 +36,19 @@ if not boot_configuration_complete(): airbag.noteworthy("System bootup not yet finished...") sys.exit(1) +interface = sys.argv[1] +# helper scripts should only work on physical interfaces not on individual +# sub-interfaces. Moving e.g. a VLAN interface in/out a VRF will also trigger +# this script which should be prohibited - bail out early +if '.' in interface: + sys.exit(0) + while commit_in_progress(): sleep(1) -interface = sys.argv[1] in_out = sys.argv[2] config = ConfigTreeQuery() interface_path = ['interfaces'] + Section.get_config_path(interface).split() - -for _, interface_config in config.get_config_dict(interface_path).items(): - # Bail out early if we do not have an IP address configured - if 'address' not in interface_config: - continue - # Bail out early if interface ist administrative down - if 'disable' in interface_config: - continue - systemd_action = 'start' - if in_out == 'out': - systemd_action = 'stop' - # Start/Stop DHCP service - if 'dhcp' in interface_config['address']: - call(f'systemctl {systemd_action} dhclient@{interface}.service') - # Start/Stop DHCPv6 service - if 'dhcpv6' in interface_config['address']: - call(f'systemctl {systemd_action} dhcp6c@{interface}.service') +_, interface_config = get_interface_dict(config, interface_path[:-1], ifname=interface, with_pki=True) +Interface(interface).update(interface_config) From 9e313faaef139215dbcff0f79721164e627bed30 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 8 Feb 2025 11:36:14 +0100 Subject: [PATCH 2/2] vyos.ifconfig: T5103: always stop the DHCP client process bevore changing VRF Always stop the DHCP client process to clean up routes within the VRF where the process was originally started. There is no need to add a condition to only call the method if "address dhcp" was defined, as this is handled inside set_dhcp(v6) by only stopping if the daemon is running. DHCP client process restart will be handled later on once the interface is moved to the new VRF. --- python/vyos/ifconfig/interface.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 5d8326bb32..979b625787 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -615,8 +615,18 @@ def set_vrf(self, vrf: str) -> bool: # Get current VRF table ID old_vrf_tableid = get_vrf_tableid(self.ifname) - self.set_interface('vrf', vrf) + # Always stop the DHCP client process to clean up routes within the VRF + # where the process was originally started. There is no need to add a + # condition to only call the method if "address dhcp" was defined, as + # this is handled inside set_dhcp(v6) by only stopping if the daemon is + # running. DHCP client process restart will be handled later on once the + # interface is moved to the new VRF. + self.set_dhcp(False) + self.set_dhcpv6(False) + + # Move interface in/out of VRF + self.set_interface('vrf', vrf) if vrf: # Get routing table ID number for VRF vrf_table_id = get_vrf_tableid(vrf)