Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T6090: policy: fix migration script #3137

Merged
merged 1 commit into from Mar 16, 2024
Merged

T6090: policy: fix migration script #3137

merged 1 commit into from Mar 16, 2024

Conversation

nicolas-fort
Copy link
Contributor

Change Summary

Migration script did not run if policy ipv6-route wasn't defined.
Now it's called properly.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

Component(s) name

policy

Proposed changes

How to test

First test:

vyos@136:~$ show config comm | grep policy
set interfaces ethernet eth3 policy route 'FOO'
set policy route FOO rule 10 protocol 'tcp'
set policy route FOO rule 10 set tcp-mss '1436'
set policy route FOO rule 10 tcp flags 'SYN'
vyos@136:~$ add system image vyos-1.5-rolling-202403151830-amd64.iso
Checking SHA256 checksums of files on the ISO image... OK.
Done!
What would you like to name this image? [1.5-rolling-202403151830]: 
OK.  This image will be named: 1.5-rolling-202403151830
Installing "1.5-rolling-202403151830" image.
Copying new release files...
Would you like to save the current configuration 
directory and config file? (Yes/No) [Yes]: Yes
Copying current configuration...
Would you like to save the SSH host keys from your 
current configuration? (Yes/No) [Yes]: 
Copying SSH keys...
Running post-install script...
Setting up grub configuration...
Done.
vyos@136:~$ 

....
After reboot:
....
[   30.772139] vyos-router[1087]: Mounting VyOS Config...done.
[   41.947427] vyos-router[1087]: Starting VyOS router: migrate configure.
[   42.640205] vyos-config[1093]: Configuration success

Welcome to VyOS - 136 ttyS0

136 login: vyos
Password: 
Welcome to VyOS!

   ┌── ┐
   . VyOS 1.5-rolling-202403151830
   └ ──┘  current

 * Documentation:  https://docs.vyos.io/en/latest
 * Project news:   https://blog.vyos.io
 * Bug reports:    https://vyos.dev

You can change this banner using "set system login banner post-login" command.

VyOS is a free software distribution that includes multiple components,
you can check individual component licenses under /usr/share/doc/*/copyright
vyos@136:~$ show config comm | grep policy
set policy route FOO interface 'eth3'
set policy route FOO rule 10 protocol 'tcp'
set policy route FOO rule 10 set tcp-mss '1436'
set policy route FOO rule 10 tcp flags syn
vyos@136:~$

And second test, also defining ipv6 route:

vyos@136:~$ show config comm | grep policy
set interfaces ethernet eth3 policy ipv6-route 'FOO6'
set interfaces ethernet eth3 policy route 'FOO'
set policy ipv6-route FOO6 rule 10 action 'drop'
set policy ipv6-route FOO6 rule 10 protocol 'udp'
set policy ipv6-route FOO6 rule 17 protocol 'tcp'
set policy ipv6-route FOO6 rule 17 set tcp-mss '1234'
set policy ipv6-route FOO6 rule 17 tcp flags 'SYN,ACK,FIN,RST'
set policy ipv6-route FOO6 rule 21 action 'drop'
set policy ipv6-route FOO6 rule 21 protocol 'tcp'
set policy ipv6-route FOO6 rule 21 tcp flags '!RST,ACK'
set policy route FOO rule 10 protocol 'tcp'
set policy route FOO rule 10 set tcp-mss '1436'
set policy route FOO rule 10 tcp flags 'SYN'
vyos@136:~$ 
vyos@136:~$ show version | grep Version
Version:          VyOS 1.3.6
vyos@136:~$ 

And after upgrade+reboot:
vyos@136:~$ show config comm | grep policy
set policy route FOO interface 'eth3'
set policy route FOO rule 10 protocol 'tcp'
set policy route FOO rule 10 set tcp-mss '1436'
set policy route FOO rule 10 tcp flags syn
set policy route6 FOO6 interface 'eth3'
set policy route6 FOO6 rule 10 action 'drop'
set policy route6 FOO6 rule 10 protocol 'udp'
set policy route6 FOO6 rule 17 protocol 'tcp'
set policy route6 FOO6 rule 17 set tcp-mss '1234'
set policy route6 FOO6 rule 17 tcp flags ack
set policy route6 FOO6 rule 17 tcp flags fin
set policy route6 FOO6 rule 17 tcp flags rst
set policy route6 FOO6 rule 17 tcp flags syn
set policy route6 FOO6 rule 21 action 'drop'
set policy route6 FOO6 rule 21 protocol 'tcp'
set policy route6 FOO6 rule 21 tcp flags ack
set policy route6 FOO6 rule 21 tcp flags not rst
vyos@136:~$

Smoketest result

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@nicolas-fort
T6090: fix policy route migration script. Ensure that tcp flags migra…
1048f49 
…tion occurs also if only <policy route> is defined.
@vyosbot vyosbot requested review from a team, dmbaturin and sarthurdev and removed request for a team March 15, 2024 21:38
@c-po c-po merged commit 828e94d into vyos:current Mar 16, 2024
8 checks passed
@c-po
Copy link
Member

c-po commented Mar 16, 2024

@Mergifyio backport sagitta

@mergify Mergify
Copy link

mergify bot commented Mar 16, 2024
edited

backport sagitta

✅ Backports have been created

@mergify mergify bot mentioned this pull request Mar 16, 2024
Merged
12 tasks
dmbaturin added a commit that referenced this pull request Mar 16, 2024
@dmbaturin
Merge pull request #3138 from vyos/mergify/bp/sagitta/pr-3137
d18d773 
T6090: policy: fix migration script (backport #3137)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

@dmbaturin dmbaturin Awaiting requested review from dmbaturin dmbaturin was automatically assigned from vyos/reviewers

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev was automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc was automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro was automatically assigned from vyos/reviewers

@sever-sever sever-sever Awaiting requested review from sever-sever sever-sever was automatically assigned from vyos/reviewers

Assignees

@nicolas-fort nicolas-fort

Labels
current
Milestone
No milestone
2 participants
@nicolas-fort @c-po