From: Ruoyu Date: Wed, 5 Aug 2020 07:26:43 +0000 (+0800) Subject: Minor updates for cnf X-Git-Tag: v1.0~14 X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=78eb9b5ad48620c0286b7c3ac5dde7a21aefb1be;p=icn%2Fsdwan.git Minor updates for cnf * Update the configmap for cnf * Change default values set for dpd * Add length check for zone name Change-Id: Ic0d8fcca36aca2f712354ed3c03ae0e7ae961b43 Signed-off-by: Ruoyu --- diff --git a/platform/cnf/src/ipsec_exec b/platform/cnf/src/ipsec_exec index 6b906a3..032d732 100755 --- a/platform/cnf/src/ipsec_exec +++ b/platform/cnf/src/ipsec_exec @@ -141,6 +141,7 @@ config_conn() { local dpddelay local inactivity local keyexchange + local closeaction config_get mode "$1" mode "route" config_get local_subnet "$1" local_subnet "" @@ -155,11 +156,12 @@ config_conn() { config_get ikelifetime "$1" ikelifetime "3h" config_get lifetime "$1" lifetime "1h" config_get margintime "$1" margintime "9m" - config_get keyingtries "$1" keyingtries "3" - config_get dpdaction "$1" dpdaction "none" + config_get keyingtries "$1" keyingtries "%forever" + config_get dpdaction "$1" dpdaction "restart" config_get dpddelay "$1" dpddelay "30s" config_get inactivity "$1" inactivity config_get keyexchange "$1" keyexchange "ikev2" + config_get closeaction "$1" closeaction "restart" config_get mark "$1" mark "" [ -n "$local_nat" ] && local_subnet=$local_nat @@ -180,6 +182,7 @@ config_conn() { ipsec_xappend " keyingtries=$keyingtries" ipsec_xappend " dpdaction=$dpdaction" ipsec_xappend " dpddelay=$dpddelay" + ipsec_xappend " closeaction=$closeaction" [ -n "$inactivity" ] && ipsec_xappend " inactivity=$inactivity" diff --git a/platform/cnf/src/rest_v1/firewall_rest.lua b/platform/cnf/src/rest_v1/firewall_rest.lua index 28afdfd..41c748e 100644 --- a/platform/cnf/src/rest_v1/firewall_rest.lua +++ b/platform/cnf/src/rest_v1/firewall_rest.lua @@ -13,7 +13,7 @@ uci_conf = "firewall" zone_validator = { create_section_name=false, - {name="name"}, + {name="name", validator=function(value) return is_valid_name(value) end, message="invalid zone name"}, {name="network", item_validator=function(value) return is_network_interface_available(value) end, message="invalid network"}, {name="masq", validator=function(value) return utils.in_array(value, {"0", "1"}) end, message="invalid masq"}, {name="masq_src", item_validator=function(value) return is_valid_masq_subset(value) end, message="invalid masq_src"}, @@ -109,6 +109,15 @@ function is_network_interface_available(interface) return true, interface end +function is_valid_name(name) + local len = string.len(name) + if len > 11 then + return false, "The length of Name shall not exceed 11 characters" + else + return true, name + end +end + function is_valid_masq_subset(s) local ip = s if utils.start_with(ip, "!") then @@ -255,4 +264,4 @@ function update_zone(zone) end return false, code, msg -end \ No newline at end of file +end diff --git a/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml b/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml index 01c6726..3e07b4e 100644 --- a/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml +++ b/platform/crd-ctrlr/examples/cnf-deployment-older-than-1.16.yaml @@ -17,6 +17,7 @@ data: interface=$(echo $net | jq -r .interface) ipaddr=$(ifconfig $interface | awk '/inet/{print $2}' | cut -f2 -d ":" | awk 'NR==1 {print $1}') vif="$interface" + netmask=$(ifconfig $interface | awk '/inet/{print $4}'| cut -f2 -d ":" | head -1) cat >> /etc/config/network <> /etc/config/network <> ./cnf/values.yaml +helm init helm package ./cnf helm install ./cnf-0.1.0.tgz