-
-
Notifications
You must be signed in to change notification settings - Fork 244
/
iproute.py
1913 lines (1553 loc) · 64.3 KB
/
iproute.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# -*- coding: utf-8 -*-
'''
IPRoute quickstart
------------------
**IPRoute** in two words::
$ sudo pip install pyroute2
$ cat example.py
from pyroute2 import IPRoute
ip = IPRoute()
print([x.get_attr('IFLA_IFNAME') for x in ip.get_links()])
$ python example.py
['lo', 'p6p1', 'wlan0', 'virbr0', 'virbr0-nic']
Responses
---------
The pyroute2 netlink socket implementation is agnostic
to the particular netlink protocols, and always returns
a list of messages as the response to a request sent to
the kernel::
# this request returns one match
eth0 = ipr.link_lookup(ifname='eth0')
len(eth0) # -> 1, if exists, else 0
# but that one returns a set of
up = ipr.link_lookup(operstate='UP')
len(up) # -> k, where 0 <= k <= [interface count]
Thus, always expect a list in the response, running any
`IPRoute()` netlink request.
NLMSG_ERROR responses
~~~~~~~~~~~~~~~~~~~~~
Some kernel subsystems return `NLMSG_ERROR` in the response
to any request. It is OK as long as
`nlmsg["header"]["error"] is None`. Otherwise an
exception will be raised by the parser.
So if instead of an exception you get a `NLMSG_ERROR` message,
it means `error == 0`, the same as `$? == 0` in bash.
How to work with messages
~~~~~~~~~~~~~~~~~~~~~~~~~
Every netlink message contains header, fields and NLAs
(netlink attributes). Every NLA is a netlink message...
(see "recursion").
And the library provides parsed messages according to
this scheme. Every RTNL message contains:
* `nlmsg['header']` -- parsed header
* `nlmsg['attrs']` -- NLA chain (parsed on demand)
* 0 .. k data fields, e.g. `nlmsg['flags']` etc.
* `nlmsg.header` -- the header fields spec
* `nlmsg.fields` -- the data fields spec
* `nlmsg.nla_map` -- NLA spec
An important parser feature is that NLAs are parsed
on demand, when someone tries to access them. Otherwise
the parser doesn't waste CPU cycles.
The NLA chain is a list-like structure, not a dictionary.
The netlink standard doesn't require NLAs to be unique
within one message::
{'__align': (),
'attrs': [('IFLA_IFNAME', 'lo'), # [1]
('IFLA_TXQLEN', 1),
('IFLA_OPERSTATE', 'UNKNOWN'),
('IFLA_LINKMODE', 0),
('IFLA_MTU', 65536),
('IFLA_GROUP', 0),
('IFLA_PROMISCUITY', 0),
('IFLA_NUM_TX_QUEUES', 1),
('IFLA_NUM_RX_QUEUES', 1),
('IFLA_CARRIER', 1),
...],
'change': 0,
'event': 'RTM_NEWLINK', # [2]
'family': 0,
'flags': 65609,
'header': {'error': None, # [3]
'flags': 2,
'length': 1180,
'pid': 28233,
'sequence_number': 257, # [4]
'type': 16}, # [5]
'ifi_type': 772,
'index': 1}
# [1] every NLA is parsed upon access
# [2] this field is injected by the RTNL parser
# [3] if not None, an exception will be raised
# [4] more details in the netlink description
# [5] 16 == RTM_NEWLINK
To access fields::
msg['index'] == 1
To access one NLA::
msg.get_attr('IFLA_CARRIER') == 1
When the NLA with the specified name is not present in the
chain, `get_attr()` returns `None`. To get the list of all
NLAs of that name, use `get_attrs()`. A real example with
NLA hierarchy, take notice of `get_attr()` and
`get_attrs()` usage::
# for macvlan interfaces there may be several
# IFLA_MACVLAN_MACADDR NLA provided, so use
# get_attrs() to get all the list, not only
# the first one
(msg
.get_attr('IFLA_LINKINFO') # one NLA
.get_attr('IFLA_INFO_DATA') # one NLA
.get_attrs('IFLA_MACVLAN_MACADDR')) # a list of
Pls read carefully the message structure prior to start the
coding.
Threaded vs. threadless architecture
------------------------------------
Since v0.3.2, IPRoute class is threadless by default.
It spawns no additional threads, and receives only
responses to own requests, no broadcast messages. So,
if you prefer not to cope with implicit threading, you
can safely use this module.
To get broadcast messages, use `IPRoute.bind()` call.
Please notice, that after calling `IPRoute.bind()` you
MUST get all the messages in time. In the case of the
kernel buffer overflow, you will have to restart the
socket.
With `IPRoute.bind(async=True)` one can launch async
message receiver thread with `Queue`-based buffer. The
buffer is thread-safe and completely transparent from
the programmer's perspective. Please read also
`NetlinkSocket` documentation to know more about async
mode.
Think about IPDB
----------------
If you plan to regularly fetch loads of objects, think
about IPDB also. Unlike to IPRoute, IPDB does not fetch
all the objects from OS every time you request them, but
keeps a cache that is asynchronously updated by the netlink
broadcasts. For a long-term running programs, that often
retrieve info about hundreds or thousands of objects, it
can be better to use IPDB as it will load CPU significantly
less.
API
---
'''
import errno
import types
import logging
from socket import AF_INET
from socket import AF_INET6
from socket import AF_UNSPEC
from socket import AF_BRIDGE
from pyroute2.netlink import NLMSG_DONE
from pyroute2.netlink import NLMSG_ERROR
from pyroute2.netlink import NLM_F_ATOMIC
from pyroute2.netlink import NLM_F_ROOT
from pyroute2.netlink import NLM_F_REPLACE
from pyroute2.netlink import NLM_F_REQUEST
from pyroute2.netlink import NLM_F_ACK
from pyroute2.netlink import NLM_F_DUMP
from pyroute2.netlink import NLM_F_CREATE
from pyroute2.netlink import NLM_F_EXCL
from pyroute2.netlink import NLM_F_APPEND
from pyroute2.netlink.rtnl import RTM_NEWADDR
from pyroute2.netlink.rtnl import RTM_GETADDR
from pyroute2.netlink.rtnl import RTM_DELADDR
from pyroute2.netlink.rtnl import RTM_NEWLINK
from pyroute2.netlink.rtnl import RTM_GETLINK
from pyroute2.netlink.rtnl import RTM_DELLINK
from pyroute2.netlink.rtnl import RTM_NEWQDISC
from pyroute2.netlink.rtnl import RTM_GETQDISC
from pyroute2.netlink.rtnl import RTM_DELQDISC
from pyroute2.netlink.rtnl import RTM_NEWTFILTER
from pyroute2.netlink.rtnl import RTM_GETTFILTER
from pyroute2.netlink.rtnl import RTM_DELTFILTER
from pyroute2.netlink.rtnl import RTM_NEWTCLASS
from pyroute2.netlink.rtnl import RTM_GETTCLASS
from pyroute2.netlink.rtnl import RTM_DELTCLASS
from pyroute2.netlink.rtnl import RTM_NEWRULE
from pyroute2.netlink.rtnl import RTM_GETRULE
from pyroute2.netlink.rtnl import RTM_DELRULE
from pyroute2.netlink.rtnl import RTM_NEWROUTE
from pyroute2.netlink.rtnl import RTM_GETROUTE
from pyroute2.netlink.rtnl import RTM_DELROUTE
from pyroute2.netlink.rtnl import RTM_NEWNEIGH
from pyroute2.netlink.rtnl import RTM_GETNEIGH
from pyroute2.netlink.rtnl import RTM_DELNEIGH
from pyroute2.netlink.rtnl import RTM_SETLINK
from pyroute2.netlink.rtnl import RTM_GETNEIGHTBL
from pyroute2.netlink.rtnl import TC_H_ROOT
from pyroute2.netlink.rtnl import rt_type
from pyroute2.netlink.rtnl import rt_scope
from pyroute2.netlink.rtnl import rt_proto
from pyroute2.netlink.rtnl.req import IPLinkRequest
from pyroute2.netlink.rtnl.req import IPBridgeRequest
from pyroute2.netlink.rtnl.req import IPBrPortRequest
from pyroute2.netlink.rtnl.req import IPRouteRequest
from pyroute2.netlink.rtnl.req import IPRuleRequest
from pyroute2.netlink.rtnl.tcmsg import plugins as tc_plugins
from pyroute2.netlink.rtnl.tcmsg import tcmsg
from pyroute2.netlink.rtnl.rtmsg import rtmsg
from pyroute2.netlink.rtnl import ndmsg
from pyroute2.netlink.rtnl.ndtmsg import ndtmsg
from pyroute2.netlink.rtnl.fibmsg import fibmsg
from pyroute2.netlink.rtnl.ifinfmsg import ifinfmsg
from pyroute2.netlink.rtnl.ifaddrmsg import ifaddrmsg
from pyroute2.netlink.rtnl.iprsocket import IPRSocket
from pyroute2.netlink.rtnl.iprsocket import IPBatchSocket
from pyroute2.netlink.rtnl.riprsocket import RawIPRSocket
from pyroute2.common import AF_MPLS
from pyroute2.common import basestring
from pyroute2.common import getbroadcast
from pyroute2.netlink.exceptions import NetlinkError
DEFAULT_TABLE = 254
log = logging.getLogger(__name__)
def transform_handle(handle):
if isinstance(handle, basestring):
(major, minor) = [int(x if x else '0', 16) for x in handle.split(':')]
handle = (major << 8 * 2) | minor
return handle
class IPRouteMixin(object):
'''
`IPRouteMixin` should not be instantiated by itself. It is intended
to be used as a mixin class that provides RTNL API. Following classes
use `IPRouteMixin`:
* `IPRoute` -- RTNL API to the current network namespace
* `NetNS` -- RTNL API to another network namespace
* `IPBatch` -- RTNL compiler
It is an old-school API, that provides access to rtnetlink as is.
It helps you to retrieve and change almost all the data, available
through rtnetlink::
from pyroute2 import IPRoute
ipr = IPRoute()
# create an interface
ipr.link('add', ifname='brx', kind='bridge')
# lookup the index
dev = ipr.link_lookup(ifname='brx')[0]
# bring it down
ipr.link('set', index=dev, state='down')
# change the interface MAC address and rename it just for fun
ipr.link('set', index=dev,
address='00:11:22:33:44:55',
ifname='br-ctrl')
# add primary IP address
ipr.addr('add', index=dev,
address='10.0.0.1', mask=24,
broadcast='10.0.0.255')
# add secondary IP address
ipr.addr('add', index=dev,
address='10.0.0.2', mask=24,
broadcast='10.0.0.255')
# bring it up
ipr.link('set', index=dev, state='up')
'''
def _match(self, match, msgs):
# filtered results
f_ret = []
for msg in msgs:
if hasattr(match, '__call__'):
if match(msg):
f_ret.append(msg)
elif isinstance(match, dict):
matches = []
for key in match:
KEY = msg.name2nla(key)
if isinstance(match[key], types.FunctionType):
if msg.get(key) is not None:
matches.append(match[key](msg.get(key)))
elif msg.get_attr(KEY) is not None:
matches.append(match[key](msg.get_attr(KEY)))
else:
matches.append(False)
else:
matches.append(msg.get(key) == match[key] or
msg.get_attr(KEY) ==
match[key])
if all(matches):
f_ret.append(msg)
return f_ret
# 8<---------------------------------------------------------------
#
# Listing methods
#
def get_qdiscs(self, index=None):
'''
Get all queue disciplines for all interfaces or for specified
one.
'''
msg = tcmsg()
msg['family'] = AF_UNSPEC
ret = self.nlm_request(msg, RTM_GETQDISC)
if index is None:
return ret
else:
return [x for x in ret if x['index'] == index]
def get_filters(self, index=0, handle=0, parent=0):
'''
Get filters for specified interface, handle and parent.
'''
msg = tcmsg()
msg['family'] = AF_UNSPEC
msg['index'] = index
msg['handle'] = handle
msg['parent'] = parent
return self.nlm_request(msg, RTM_GETTFILTER)
def get_classes(self, index=0):
'''
Get classes for specified interface.
'''
msg = tcmsg()
msg['family'] = AF_UNSPEC
msg['index'] = index
return self.nlm_request(msg, RTM_GETTCLASS)
def get_vlans(self, **kwarg):
'''
Dump available vlan info on bridge ports
'''
# IFLA_EXT_MASK, extended info mask
#
# include/uapi/linux/rtnetlink.h
# 1 << 0 => RTEXT_FILTER_VF
# 1 << 1 => RTEXT_FILTER_BRVLAN
# 1 << 2 => RTEXT_FILTER_BRVLAN_COMPRESSED
# 1 << 3 => RTEXT_FILTER_SKIP_STATS
#
# maybe place it as mapping into ifinfomsg.py?
#
match = kwarg.get('match', None) or kwarg or None
return self.link('dump', family=AF_BRIDGE, ext_mask=2, match=match)
def get_links(self, *argv, **kwarg):
'''
Get network interfaces.
By default returns all interfaces. Arguments vector
can contain interface indices or a special keyword
'all'::
ip.get_links()
ip.get_links('all')
ip.get_links(1, 2, 3)
interfaces = [1, 2, 3]
ip.get_links(*interfaces)
'''
result = []
links = argv or [0]
if links[0] == 'all': # compat syntax
links = [0]
if links[0] == 0:
cmd = 'dump'
else:
cmd = 'get'
for index in links:
kwarg['index'] = index
result.extend(self.link(cmd, **kwarg))
return result
def get_neighbors(self, family=AF_UNSPEC):
'''
Alias of `get_neighbours()`, deprecated.
'''
log.warning('The `get_neighbors()` call is deprecated')
log.warning('Use `get_neighbours() instead')
return self.get_neighbours(family)
def get_neighbours(self, family=AF_UNSPEC, match=None, **kwarg):
'''
Dump ARP cache records.
The `family` keyword sets the family for the request:
e.g. `AF_INET` or `AF_INET6` for arp cache, `AF_BRIDGE`
for fdb.
If other keyword arguments not empty, they are used as
filter. Also, one can explicitly set filter as a function
with the `match` parameter.
Examples::
# get neighbours on the 3rd link:
ip.get_neighbours(ifindex=3)
# get a particular record by dst:
ip.get_neighbours(dst='172.16.0.1')
# get fdb records:
ip.get_neighbours(AF_BRIDGE)
# and filter them by a function:
ip.get_neighbours(AF_BRIDGE, match=lambda x: x['state'] == 2)
'''
return self.neigh('dump', family=family, match=match or kwarg)
def get_ntables(self, family=AF_UNSPEC):
'''
Get neighbour tables
'''
msg = ndtmsg()
msg['family'] = family
return self.nlm_request(msg, RTM_GETNEIGHTBL)
def get_addr(self, family=AF_UNSPEC, match=None, **kwarg):
'''
Dump addresses.
If family is not specified, both AF_INET and AF_INET6 addresses
will be dumped::
# get all addresses
ip.get_addr()
It is possible to apply filters on the results::
# get addresses for the 2nd interface
ip.get_addr(index=2)
# get addresses with IFA_LABEL == 'eth0'
ip.get_addr(label='eth0')
# get all the subnet addresses on the interface, identified
# by broadcast address (should be explicitly specified upon
# creation)
ip.get_addr(index=2, broadcast='192.168.1.255')
A custom predicate can be used as a filter::
ip.get_addr(match=lambda x: x['index'] == 1)
'''
return self.addr((RTM_GETADDR, NLM_F_REQUEST | NLM_F_DUMP),
family=family,
match=match or kwarg)
def get_rules(self, family=AF_UNSPEC, match=None, **kwarg):
'''
Get all rules. By default return all rules. To explicitly
request the IPv4 rules use `family=AF_INET`.
Example::
ip.get_rules() # get all the rules for all families
ip.get_rules(family=AF_INET6) # get only IPv6 rules
'''
return self.rule((RTM_GETRULE,
NLM_F_REQUEST | NLM_F_ROOT | NLM_F_ATOMIC),
family=family,
match=match or kwarg)
def get_routes(self, family=AF_UNSPEC, match=None, **kwarg):
'''
Get all routes. You can specify the table. There
are 255 routing classes (tables), and the kernel
returns all the routes on each request. So the
routine filters routes from full output.
Example::
ip.get_routes() # get all the routes for all families
ip.get_routes(family=AF_INET6) # get only IPv6 routes
ip.get_routes(table=254) # get routes from 254 table
'''
msg_flags = NLM_F_DUMP | NLM_F_REQUEST
nkw = {}
nkw['callback'] = kwarg.pop('callback', None)
# get a particular route?
if isinstance(kwarg.get('dst'), basestring):
dlen = 32 if family == AF_INET else \
128 if family == AF_INET6 else 0
msg_flags = NLM_F_REQUEST
nkw['dst'] = kwarg.pop('dst')
nkw['dst_len'] = kwarg.pop('dst_len', dlen)
return self.route((RTM_GETROUTE, msg_flags),
family=family, match=match or kwarg, **nkw)
# 8<---------------------------------------------------------------
# 8<---------------------------------------------------------------
#
# Shortcuts
#
def get_default_routes(self, family=AF_UNSPEC, table=DEFAULT_TABLE):
'''
Get default routes
'''
# according to iproute2/ip/iproute.c:print_route()
return [x for x in self.get_routes(family, table=table)
if (x.get_attr('RTA_DST', None) is None and
x['dst_len'] == 0)]
def link_create(self, **kwarg):
# Create interface
#
# Obsoleted method. Use `link("add", ...)` instead.
log.warning("link_create() is obsoleted, use link('add', ...)")
return self.link('add', **IPLinkRequest(kwarg))
def link_up(self, index):
# Link up.
#
# Obsoleted method. Use `link("set", ...)` instead.
log.warning("link_up() is obsoleted, use link('set', ...)")
return self.link('set', index=index, state='up')
def link_down(self, index):
# Link up.
#
# Obsoleted method. Use `link("set", ...)` instead.
log.warning("link_down() is obsoleted, use link('set', ...)")
return self.link('set', index=index, state='down')
def link_rename(self, index, name):
# Rename interface.
#
# Obsoleted method. Use `link("set", ...)` instead.
log.warning("link_rename() is obsoleted, use link('set', ...)")
return self.link('set', index=index, ifname=name)
def link_remove(self, index):
# Remove interface.
#
# Obsoleted method. Use `link("del", ...)` instead.
log.warning("link_remove() is obsoleted, use link('del', ...)")
return self.link('del', index=index)
def link_lookup(self, **kwarg):
'''
Lookup interface index (indeces) by first level NLA
value.
Example::
ip.link_lookup(address="52:54:00:9d:4e:3d")
ip.link_lookup(ifname="lo")
ip.link_lookup(operstate="UP")
Please note, that link_lookup() returns list, not one
value.
'''
name = tuple(kwarg.keys())[0]
value = kwarg[name]
name = str(name).upper()
if not name.startswith('IFLA_'):
name = 'IFLA_%s' % (name)
return [k['index'] for k in
[i for i in self.get_links() if 'attrs' in i] if
[l for l in k['attrs'] if l[0] == name and l[1] == value]]
# 8<---------------------------------------------------------------
# 8<---------------------------------------------------------------
#
# Shortcuts to flush RTNL objects
#
def flush_routes(self, *argv, **kwarg):
'''
Flush routes -- purge route records from a table.
Arguments are the same as for `get_routes()`
routine. Actually, this routine implements a pipe from
`get_routes()` to `nlm_request()`.
'''
ret = []
match = kwarg.get('match') or kwarg
def callback(msg):
if msg['header']['type'] == NLMSG_DONE:
# this message will pass to the get()
return False
if self._match(match, [msg]):
# delete matching routes
self.put(msg, msg_type=RTM_DELROUTE, msg_flags=NLM_F_REQUEST)
return True
nkw = {}
nkw.update(kwarg)
nkw['table'] = kwarg.get('table', 0)
nkw['callback'] = callback
self.get_routes(*argv, **nkw)
return ret
def flush_addr(self, *argv, **kwarg):
'''
Flush IP addresses.
Examples::
# flush all addresses on the interface with index 2:
ipr.flush_addr(index=2)
# flush all addresses with IFA_LABEL='eth0':
ipr.flush_addr(label='eth0')
'''
flags = NLM_F_ACK | NLM_F_CREATE | NLM_F_EXCL | NLM_F_REQUEST
ret = []
for addr in self.get_addr(*argv, **kwarg):
try:
ret.append(self.nlm_request(addr,
msg_type=RTM_DELADDR,
msg_flags=flags))
except NetlinkError as e:
if e.code != errno.EADDRNOTAVAIL:
raise
return ret
def flush_rules(self, *argv, **kwarg):
'''
Flush rules. Please keep in mind, that by default the function
operates on **all** rules of **all** families. To work only on
IPv4 rules, one should explicitly specify `family=AF_INET`.
Examples::
# flush all IPv4 rule with priorities above 5 and below 32000
ipr.flush_rules(family=AF_INET, priority=lambda x: 5 < x < 32000)
# flush all IPv6 rules that point to table 250:
ipr.flush_rules(family=socket.AF_INET6, table=250)
'''
flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_CREATE | NLM_F_EXCL
ret = []
for rule in self.get_rules(*argv, **kwarg):
ret.append(self.nlm_request(rule,
msg_type=RTM_DELRULE,
msg_flags=flags))
return ret
# 8<---------------------------------------------------------------
# 8<---------------------------------------------------------------
#
# Extensions to low-level functions
#
def brport(self, command, **kwarg):
'''
Set bridge port parameters. Example::
idx = ip.link_lookup(ifname='eth0')
ip.brport("set", index=idx, unicast_flood=0, cost=200)
ip.brport("show", index=idx)
Possible keywords are NLA names for the `protinfo_bridge` class,
without the prefix and in lower letters.
'''
if (command in ('dump', 'show')) and ('match' not in kwarg):
match = kwarg
else:
match = kwarg.pop('match', None)
flags_dump = NLM_F_REQUEST | NLM_F_DUMP
flags_req = NLM_F_REQUEST | NLM_F_ACK
commands = {'set': (RTM_SETLINK, flags_req),
'dump': (RTM_GETLINK, flags_dump),
'show': (RTM_GETLINK, flags_dump)}
(command, msg_flags) = commands.get(command, command)
msg = ifinfmsg()
if command == RTM_GETLINK:
msg['index'] = kwarg.get('index', 0)
else:
msg['index'] = kwarg.pop('index', 0)
msg['family'] = AF_BRIDGE
protinfo = IPBrPortRequest(kwarg)
msg['attrs'].append(('IFLA_PROTINFO', protinfo, 0x8000))
ret = self.nlm_request(msg,
msg_type=command,
msg_flags=msg_flags)
if match is not None:
return self._match(match, ret)
else:
return ret
def vlan_filter(self, command, **kwarg):
'''
Vlan filters is another approach to support vlans in Linux.
Before vlan filters were introduced, there was only one way
to bridge vlans: one had to create vlan interfaces and
then add them as ports::
+------+ +----------+
net --> | eth0 | <--> | eth0.500 | <---+
+------+ +----------+ |
v
+------+ +-----+
net --> | eth1 | | br0 |
+------+ +-----+
^
+------+ +----------+ |
net --> | eth2 | <--> | eth0.500 | <---+
+------+ +----------+
It means that one has to create as many bridges, as there were
vlans. Vlan filters allow to bridge together underlying interfaces
and create vlans already on the bridge::
# v500 label shows which interfaces have vlan filter
+------+ v500
net --> | eth0 | <-------+
+------+ |
v
+------+ +-----+ +---------+
net --> | eth1 | <--> | br0 |<-->| br0v500 |
+------+ +-----+ +---------+
^
+------+ v500 |
net --> | eth2 | <-------+
+------+
In this example vlan 500 will be allowed only on ports `eth0` and
`eth2`, though all three eth nics are bridged.
Some example code::
# create bridge
ip.link("add",
ifname="br0",
kind="bridge")
# attach a port
ip.link("set",
index=ip.link_lookup(ifname="eth0")[0],
master=ip.link_lookup(ifname="br0")[0])
# set vlan filter
ip.vlan_filter("add",
index=ip.link_lookup(ifname="eth0")[0],
vlan_info={"vid": 500})
# create vlan interface on the bridge
ip.link("add",
ifname="br0v500",
kind="vlan",
link=ip.link_lookup(ifname="br0")[0],
vlan_id=500)
# set all UP
ip.link("set",
index=ip.link_lookup(ifname="br0")[0],
state="up")
ip.link("set",
index=ip.link_lookup(ifname="br0v500")[0],
state="up")
ip.link("set",
index=ip.link_lookup(ifname="eth0")[0],
state="up")
# set IP address
ip.addr("add",
index=ip.link_lookup(ifname="br0v500")[0],
address="172.16.5.2",
mask=24)
Now all the traffic to the network 172.16.5.2/24 will go
to vlan 500 only via ports that have such vlan filter.
Required arguments for `vlan_filter()` -- `index` and `vlan_info`.
Vlan info struct::
{"vid": uint16,
"flags": uint16}
More details:
* kernel:Documentation/networking/switchdev.txt
* pyroute2.netlink.rtnl.ifinfmsg:... vlan_info
One can specify `flags` as int or as a list of flag names:
* `master` == 0x1
* `pvid` == 0x2
* `untagged` == 0x4
* `range_begin` == 0x8
* `range_end` == 0x10
* `brentry` == 0x20
E.g.::
{"vid": 20,
"flags": ["pvid", "untagged"]}
# is equal to
{"vid": 20,
"flags": 6}
Commands:
**add**
Add vlan filter to a bridge port. Example::
ip.vlan_filter("add", index=2, vlan_info={"vid": 200})
**del**
Remove vlan filter from a bridge port. Example::
ip.vlan_filter("del", index=2, vlan_info={"vid": 200})
'''
flags_req = NLM_F_REQUEST | NLM_F_ACK
commands = {'add': (RTM_SETLINK, flags_req),
'del': (RTM_DELLINK, flags_req)}
kwarg['family'] = AF_BRIDGE
kwarg['kwarg_filter'] = IPBridgeRequest
(command, flags) = commands.get(command, command)
return self.link((command, flags), **kwarg)
def fdb(self, command, **kwarg):
'''
Bridge forwarding database management.
More details:
* kernel:Documentation/networking/switchdev.txt
* pyroute2.netlink.rtnl.ndmsg
**add**
Add a new FDB record. Works in the same way as ARP cache
management, but some additional NLAs can be used::
# simple FDB record
#
ip.fdb('add',
ifindex=ip.link_lookup(ifname='br0')[0],
lladdr='00:11:22:33:44:55',
dst='10.0.0.1')
# specify vlan
# NB: vlan should exist on the device, use
# `vlan_filter()`
#
ip.fdb('add',
ifindex=ip.link_lookup(ifname='br0')[0],
lladdr='00:11:22:33:44:55',
dst='10.0.0.1',
vlan=200)
# specify vxlan id and port
# NB: works only for vxlan devices, use
# `link("add", kind="vxlan", ...)`
#
# if port is not specified, the default one is used
# by the kernel.
#
# if vni (vxlan id) is equal to the device vni,
# the kernel doesn't report it back
#
ip.fdb('add',
ifindex=ip.link_lookup(ifname='vx500')[0]
lladdr='00:11:22:33:44:55',
dst='10.0.0.1',
port=5678,
vni=600)
**append**
Append a new FDB record. The same syntax as for **add**.
**del**
Remove an existing FDB record. The same syntax as for **add**.
**dump**
Dump all the FDB records. If any `**kwarg` is provided,
results will be filtered::
# dump all the records
ip.fdb('dump')
# show only specific lladdr, dst, vlan etc.
ip.fdb('dump', lladdr='00:11:22:33:44:55')
ip.fdb('dump', dst='10.0.0.1')
ip.fdb('dump', vlan=200)
'''
kwarg['family'] = AF_BRIDGE
# nud -> state
if 'nud' in kwarg:
kwarg['state'] = kwarg.pop('nud')
if (command in ('add', 'del', 'append')) and \
not (kwarg.get('state', 0) & ndmsg.states['noarp']):
# state must contain noarp in add / del / append
kwarg['state'] = kwarg.pop('state', 0) | ndmsg.states['noarp']
# other assumptions
if not kwarg.get('state', 0) & (ndmsg.states['permanent'] |
ndmsg.states['reachable']):
# permanent (default) or reachable
kwarg['state'] |= ndmsg.states['permanent']
if not kwarg.get('flags', 0) & (ndmsg.flags['self'] |
ndmsg.flags['master']):
# self (default) or master
kwarg['flags'] = kwarg.get('flags', 0) | ndmsg.flags['self']
#
return self.neigh(command, **kwarg)
# 8<---------------------------------------------------------------
#
# General low-level configuration methods
#
def neigh(self, command, **kwarg):
'''
Neighbours operations, same as `ip neigh` or `bridge fdb`
**add**
Add a neighbour record, e.g.::
# add a permanent record on veth0
idx = ip.link_lookup(ifname='veth0')[0]
ip.neigh('add',
dst='172.16.45.1',
lladdr='00:11:22:33:44:55',
ifindex=ip.link_lookup(ifname='veth0')[0]
state=ndmsg.states['permanent'])
**set**
Set an existing record or create a new one, if it doesn't exist.
**change**
Change an existing record or fail, if it doesn't exist.
**del**
Delete an existing record.
**dump**
Dump all the records in the NDB.
'''
if (command == 'dump') and ('match' not in kwarg):
match = kwarg
else:
match = kwarg.pop('match', None)
flags_dump = NLM_F_REQUEST | NLM_F_DUMP
flags_base = NLM_F_REQUEST | NLM_F_ACK
flags_make = flags_base | NLM_F_CREATE | NLM_F_EXCL
flags_append = flags_base | NLM_F_CREATE | NLM_F_APPEND
flags_change = flags_base | NLM_F_REPLACE
flags_replace = flags_change | NLM_F_CREATE
commands = {'add': (RTM_NEWNEIGH, flags_make),
'set': (RTM_NEWNEIGH, flags_replace),
'replace': (RTM_NEWNEIGH, flags_replace),
'change': (RTM_NEWNEIGH, flags_change),
'del': (RTM_DELNEIGH, flags_make),
'remove': (RTM_DELNEIGH, flags_make),
'delete': (RTM_DELNEIGH, flags_make),
'dump': (RTM_GETNEIGH, flags_dump),
'append': (RTM_NEWNEIGH, flags_append)}
(command, flags) = commands.get(command, command)
if 'nud' in kwarg:
kwarg['state'] = kwarg.pop('nud')
msg = ndmsg.ndmsg()
for field in msg.fields: