ifstate 1.13.6__py3-none-any.whl → 1.13.8__py3-none-any.whl

ifstate/ifstate.py

@@ -128,7 +128,7 @@ def main():
     group = parser.add_mutually_exclusive_group()
     parser.add_argument('--version', action='version',
                         version='%(prog)s {version}'.format(version=__version__))
-    group.add_argument("-v", "--verbose", action="store_true",
+    group.add_argument("-v", "--verbose", action="count", default=0,
                        help="be more verbose")
     group.add_argument("-q", "--quiet", action="store_true",
                        help="be more quiet, print only warnings and errors")
@@ -162,10 +162,10 @@ def main():
         "name", type=str, help="name of the vrrp group or instance")
 
     args = parser.parse_args()
-    if args.verbose:
+    if args.verbose > 0:
         lvl = logging.DEBUG
     elif args.quiet:
-        lvl = logging.ERROR
+        lvl = logging.WARNING
     else:
         lvl = logging.INFO
 
@@ -178,7 +178,7 @@ def main():
         shell()
         exit(0)
 
-    ifslog = IfStateLogging(lvl, action=args.action)
+    ifslog = IfStateLogging(lvl, args.verbose > 1, action=args.action)
 
     if args.action in [Actions.SHOW, Actions.SHOWALL]:
         # preserve dict order on python 3.7+

ifstate/vrrp.py

@@ -139,7 +139,7 @@ def vrrp_fifo(args_fifo, ifs_config):
 
     try:
         status_pattern = re.compile(
-            r'(group|instance) "([^"]+)" (' + '|'.join(KEEPALIVED_STATES) + ')( \d+)?$', re.IGNORECASE)
+            r'(group|instance) "([^"]+)" (' + '|'.join(KEEPALIVED_STATES) + r')( \d+)?$', re.IGNORECASE)
 
         with open(args_fifo) as fifo:
             logger.debug("entering fifo loop...")

{ifstate-1.13.6.dist-info → ifstate-1.13.8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ifstate
-Version: 1.13.6
+Version: 1.13.8
 Summary: Manage host interface settings in a declarative manner
 Home-page: https://ifstate.net/
 Author: Thomas Liske

{ifstate-1.13.6.dist-info → ifstate-1.13.8.dist-info}/RECORD

@@ -1,37 +1,37 @@
 ifstate/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-ifstate/ifstate.py,sha256=l6VxiAXWyoqj7T5J495gM5Nhn807f5pHmL8_kh1uJAc,8891
+ifstate/ifstate.py,sha256=am8x-ONL1QziOuTfD3Fmr5wVg_Mt2sH9Pi9DTn6YqYY,8921
 ifstate/shell.py,sha256=7_JFpi4icr9MijynDzbb0v5mxhFsng6PCC4m3uQ255A,2177
-ifstate/vrrp.py,sha256=cXzQZ2v-QS56ZBS8raLM4GyCjPFtTV6tg_9Drkgul1k,5952
-ifstate-1.13.6.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-libifstate/__init__.py,sha256=SgY_-99Mn-OJzZsU1B1KEhfQI4EKa7dk0QxMLsGCKTc,30950
-libifstate/exception.py,sha256=5i59BZdl56J_sNJbyU9n6uHuUNJEyDOO4FJ-neDn9Ds,2608
-libifstate/log.py,sha256=XVoZdwdQoWsjuupFIuG6OP0OrBpXpx7oqyAaUhQ-nJk,4553
+ifstate/vrrp.py,sha256=FJ9b1eJseTtZFfknHU-xV68Qz7cPrRrc5PTcjUVj-fY,5953
+ifstate-1.13.8.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+libifstate/__init__.py,sha256=9ovYpLf4AVTDNWFru4o4DaR60SQW0tXCrNMXLuoTPpU,31245
+libifstate/exception.py,sha256=QgG4hdP1KYbdVBNfy-bT59aCcYF0IuFdEwZrY3QrwTc,2688
+libifstate/log.py,sha256=rG0ISWyeGGlC_jRREoSpkdySc5EmyhOQIgSfvRqlaZA,4651
 libifstate/util.py,sha256=WzbGKX78iWUunnZ-v_3OREmxMiYt7vVM_QyCgTcMYow,10802
-libifstate/address/__init__.py,sha256=zIGM7UWXSvoijHMD06DfS2CDtiHpiJlqDgJG7Dl1IPE,3222
+libifstate/address/__init__.py,sha256=SobrZ9e2ItrmEidnKPBhUMitRDdTEajbkU9Rkmtx-gQ,3165
 libifstate/bpf/__init__.py,sha256=NVzaunTmJU2PbIQg9eWBMKpFgLh3EnD3ujNa7Yt6rNc,7699
 libifstate/bpf/ctypes.py,sha256=kLZJHZlba09Vc-tbsJAcKpDwdoNO2IjlYVLCopawHmA,4274
 libifstate/bpf/map.py,sha256=cLHNMvRBDNW2yVCEf3z242_oRdU0HqVbFEYVkKXng0w,10818
 libifstate/brport/__init__.py,sha256=NzdA8F4hr2se1bXKNnyKZbvOFlCWBq_cdjwsL1H0Y-o,2964
 libifstate/fdb/__init__.py,sha256=9dpL5n8ct3CaA-z8I6ZEkD3yL6yWJQeq3fpIe9pc2zw,6486
 libifstate/link/__init__.py,sha256=epVw6jY8exNeJZUmmUas91yJoeupfgIY7rthq7SGIIw,142
-libifstate/link/base.py,sha256=Si31tqRTRGnHusn1hRPLrfdEmeQqRyNP4aua1DlGc_Q,34319
+libifstate/link/base.py,sha256=PLHJ594UQboe98jEVZVQvaD1Ka_Ah6EySDfcJtYTVH0,34863
 libifstate/link/dsa.py,sha256=Y3axTtcym6YL1voKblxctx4PoKDZHzpteKQNnEBUrS8,264
-libifstate/link/physical.py,sha256=cJiq-MCfy-3XQoU-OxzgfPZZtu_pJ8u2ioJgn9VYdGk,560
-libifstate/link/tun.py,sha256=m55o5cwO3h3DCLofUR-68fM4ggLoTKElp6ZJ2LrJSCc,959
+libifstate/link/physical.py,sha256=rmf8ltjDy1s2NEfaQtOwKBTpESlzqjZd53yfcZCfSPo,579
+libifstate/link/tun.py,sha256=YEW09fYNLvmb0IU4Jb1uNh0iCt0bgIii2pPvOYtgw6U,978
 libifstate/link/veth.py,sha256=V_jmQCizI5Vv8-pcsfldSfMRTn1knR11wZDZI_yXvks,2249
 libifstate/neighbour/__init__.py,sha256=FJJpbJvqnxvOEii6QDMYzW5jQDEbiEy71GQOEbqaS48,2463
-libifstate/netns/__init__.py,sha256=oqUqU22C6RVMDwlgLccntQ3icenf9hiDs2FIWJIgny0,8772
+libifstate/netns/__init__.py,sha256=-xJ5Qa-x2_MveGHWWR2pv--EBmQzLSZUYeC8vebnLUE,9029
 libifstate/parser/__init__.py,sha256=byz1W0G7UewVc5FFie-ti3UZjGK3-75wHIaOeq0oySQ,88
 libifstate/parser/base.py,sha256=VFAo05O3tiKtI381LVUMYfsDTseMKoQGTfkgnEkm3H4,4770
 libifstate/parser/yaml.py,sha256=MC0kmwqt3P45z61fb_wfUqoj0iZyhFYkdPyr0UqMSZA,1415
-libifstate/routing/__init__.py,sha256=Hmj-LHBEtVXs5tlRzY8JS_C5qdnN3alD3cIznmzQ-rY,20469
+libifstate/routing/__init__.py,sha256=5kcIzWpM2v-T_ndxFO5qwF8hla-Fqh2yP1QtmohWZl0,22777
 libifstate/sysctl/__init__.py,sha256=EF52CdOOkVSUFR2t21A99KlG1-PjsD4qOiceQC4eI24,3074
-libifstate/tc/__init__.py,sha256=inPdampCOIr_4oKNB3awqMkW0Eh4fpPh9jvSba6sPVg,12092
-libifstate/wireguard/__init__.py,sha256=HEmGsrtIX8MEjxtMbqgzP-e2BIUicyfmcywnRE93lRQ,6579
+libifstate/tc/__init__.py,sha256=T8LEBxiHZH4sayPn9lK5hK8eB8dskuw6-kw81W_aMWU,12097
+libifstate/wireguard/__init__.py,sha256=RPJdMdp7Uv3Kk_koGH8bu0lVQaKlJQwkyobGFqtmp0E,6839
 libifstate/xdp/__init__.py,sha256=X1xhEIGng7R5d5F4KsChykT2g6H-XBRWbWABijoYDQA,7208
 schema/ifstate.conf.schema.json,sha256=NOPeI8_r1jXvgAAJeBqz92ZACNvxskId3qMykj-sG7M,201292
-ifstate-1.13.6.dist-info/METADATA,sha256=uB4WuIOTixV34kGTfJVlhRSQv0j5bRm6lz4J04-aT0E,1598
-ifstate-1.13.6.dist-info/WHEEL,sha256=wXxTzcEDnjrTwFYjLPcsW_7_XihufBwmpiBeiXNBGEA,91
-ifstate-1.13.6.dist-info/entry_points.txt,sha256=HF6jX7Uu_nF1Ly-J9uEPeiRapOxnM6LuHsb2y6Mt-k4,52
-ifstate-1.13.6.dist-info/top_level.txt,sha256=A7peI7aKBaM69fsiSPvMbL3rzTKZZr5qDxKC-pHMGdE,19
-ifstate-1.13.6.dist-info/RECORD,,
+ifstate-1.13.8.dist-info/METADATA,sha256=dNYDgkvVdmbpS-A7CdZnwhmz-RXww8btSS8YunJ_WUg,1598
+ifstate-1.13.8.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+ifstate-1.13.8.dist-info/entry_points.txt,sha256=HF6jX7Uu_nF1Ly-J9uEPeiRapOxnM6LuHsb2y6Mt-k4,52
+ifstate-1.13.8.dist-info/top_level.txt,sha256=A7peI7aKBaM69fsiSPvMbL3rzTKZZr5qDxKC-pHMGdE,19
+ifstate-1.13.8.dist-info/RECORD,,

{ifstate-1.13.6.dist-info → ifstate-1.13.8.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.1.0)
+Generator: setuptools (80.9.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

libifstate/__init__.py

@@ -48,7 +48,7 @@ import json
 import errno
 import logging
 
-__version__ = "1.13.6"
+__version__ = "1.13.8"
 
 
 class IfState():
@@ -347,8 +347,8 @@ class IfState():
                     # ignore if the link is already gone, this might happen
                     # when removing veth link peers
                     if err.code != errno.ENODEV:
-                        logger.warning('removing link {} failed: {}'.format(
-                            ifname, err.args[1]), extra={'netns': item.netns})
+                        logger.warning('removing failed: {}'.format(
+                            err.args[1]), extra={'iface': ifname, 'netns': item.netns})
             return True
         else:
             # shutdown physical interfaces
@@ -362,8 +362,8 @@ class IfState():
                     except Exception as err:
                         if not isinstance(err, netlinkerror_classes):
                             raise
-                        logger.warning('updating link {} failed: {}'.format(
-                            ifname, err.args[1]), extra={'netns': item.netns})
+                        logger.warning('updating failed: {}'.format(
+                            err.args[1]), extra={'iface': ifname, 'netns': item.netns})
             return False
 
     def _dependencies(self, netns):
@@ -455,7 +455,7 @@ class IfState():
 
         # create and destroy namespaces to match config
         if not by_vrrp and self.namespaces is not None:
-            prepare_netns(do_apply, self.namespaces.keys(), self.new_namespaces)
+            prepare_netns(do_apply, self.namespaces.keys(), self.new_namespaces, self.ignore.get('netns', []))
             logger.info("")
 
         # get link dependency tree
@@ -467,8 +467,10 @@ class IfState():
             cleanup_items = []
             for item in self.link_registry.registry:
                 ifname = item.attributes['ifname']
-                # items without a link are orphan - keep them if they match the ignore regex list...
-                if item.link is None and not any(re.match(regex, ifname) for regex in self.ignore.get('ifname', [])):
+                # items without a link are orphan - keep them if they match the ignore (ifname|netns) regex list...
+                if item.link is None and \
+                   not any(re.match(regex, ifname) for regex in self.ignore.get('ifname', [])) and \
+                   not any(re.match(regex, item.netns.netns or '') for regex in self.ignore.get('netns', [])):
                     # ...or are in a netns namespace while the config has no `namespaces` setting
                     if self.namespaces is not None or item.netns.netns is None:
                         if not had_cleanup:
@@ -514,9 +516,8 @@ class IfState():
                 if link_dep.netns is None:
                     self._apply_iface(do_apply, self.root_netns, link_dep, by_vrrp, vrrp_type, vrrp_name, vrrp_state)
                 else:
-                    if link_dep.netns not in self.namespaces:
-                        logger.warning("add link {} failed: netns '{}' is unknown".format(link_dep.ifname, link_dep.netns))
-                        return
+                    if self.namespaces is None or link_dep.netns not in self.namespaces:
+                        logger.warning("apply link {} failed: netns '{}' is unknown".format(link_dep.ifname, link_dep.netns))
                     else:
                         self._apply_iface(do_apply, self.namespaces[link_dep.netns], link_dep, by_vrrp, vrrp_type, vrrp_name, vrrp_state)
 
@@ -555,8 +556,10 @@ class IfState():
 
     def _apply_iface(self, do_apply, netns, link_dep, by_vrrp, vrrp_type, vrrp_name, vrrp_state):
         ifname = link_dep.ifname
-        if ifname in netns.links:
-            link = netns.links[ifname]
+        if not ifname in netns.links:
+            logger.warning('no link settings found', extra={'iface': ifname, 'netns': netns})
+            return
+        link = netns.links[ifname]
 
         # check for vrrp mode:
         #   disable: vrrp type & name matches, but vrrp state not

libifstate/address/__init__.py

@@ -18,8 +18,8 @@ class Addresses():
         # get ifindex
         idx = next(iter(self.netns.ipr.link_lookup(ifname=self.iface)), None)
 
+        # check if interface exists
         if idx == None:
-            logger.warning('link missing', extra={'iface': self.iface, 'netns': self.netns})
             return
 
         # get active ip addresses

libifstate/exception.py

@@ -12,8 +12,9 @@ except ModuleNotFoundError:
     pass
 
 class ExceptionCollector():
-    def __init__(self, ifname):
+    def __init__(self, ifname, netns):
         self.ifname = ifname
+        self.netns = netns
         self.reset()
 
     def reset(self):
@@ -27,8 +28,9 @@ class ExceptionCollector():
             'args': kwargs,
         })
         if not self.quiet:
-            logger.warning('{} link {} failed: {}'.format(
-                op, self.ifname, excpt.args[1]))
+            logger.warning('{} failed: {}'.format(
+                op, excpt.args[1]),
+                extra={'iface': self.ifname, 'netns': self.netns})
 
     def has_op(self, op):
         for e in self.excpts:

libifstate/link/base.py

@@ -443,7 +443,7 @@ class Link(ABC):
         return self.match_vrrp_select(vrrp_type, vrrp_name) and (vrrp_state in self.vrrp['states'])
 
     def apply(self, do_apply, sysctl):
-        excpts = ExceptionCollector(self.settings['ifname'])
+        excpts = ExceptionCollector(self.settings['ifname'], self.netns)
         osettings = copy.deepcopy(self.settings)
 
         # lookup for attributes requiring a interface index
@@ -452,11 +452,20 @@ class Link(ABC):
                 netns_attr = "{}_netns".format(attr)
                 netnsid_attr = "{}_netnsid".format(attr)
                 if netns_attr in self.settings:
-                    # ToDo: throw exception for unknown netns
-                    (peer_ipr, peer_nsid) = self.netns.get_netnsid(self.settings[netns_attr])
-                    self.settings[netnsid_attr] = peer_nsid
-                    idx = next(iter(peer_ipr.link_lookup(
-                        ifname=self.settings[attr])), None)
+                    # ignore *_netns settings if the netns is the same as the interface's one
+                    # (there is no IFLA_LINK_NETNSID attribute in such cases)
+                    if self.settings[netns_attr] != self.netns.netns:
+                        try:
+                            (peer_ipr, peer_nsid) = self.netns.get_netnsid(self.settings[netns_attr])
+                        except NetnsUnknown as ex:
+                            excpts.add('apply', ex)
+                            return excpts
+                        self.settings[netnsid_attr] = peer_nsid
+                        idx = next(iter(peer_ipr.link_lookup(
+                            ifname=self.settings[attr])), None)
+                    else:
+                        idx = next(iter(self.netns.ipr.link_lookup(
+                            ifname=self.settings[attr])), None)
 
                     del(self.settings[netns_attr])
                 else:

libifstate/link/physical.py

@@ -10,4 +10,4 @@ class PhysicalLink(Link):
         self.ethtool = ethtool
  
     def create(self, do_apply, sysctl, excpts, oper="add"):
-        logger.warning('Unable to create missing physical link: {}'.format(self.settings.get('ifname')))
+        logger.warning('unable to create physical link', extra={'iface': self.settings.get('ifname'), 'netns': self.netns})

libifstate/link/tun.py

@@ -18,6 +18,6 @@ class TunLink(Link):
  
     def create(self, do_apply, sysctl, excpts, oper="add"):
         if not self.cap_create:
-            logger.warning('Unable to create missing non-persistent tuntap link: {}'.format(self.settings.get('ifname')))
+            logger.warning('unable to create non-persistent tuntap link', extra={'iface': self.settings.get('ifname'), 'netns': self.netns})
         else:
             super().create(do_apply, sysctl, excpts, oper)

libifstate/log.py

@@ -73,13 +73,16 @@ class IfStateLogging:
             return IfStateLogging.ANSI_YELLOW
         return ""
 
-    def __init__(self, level, handlers=[], action=None, log_stderr=True):
+    def __init__(self, level, global_level, handlers=[], action=None, log_stderr=True):
         if level != logging.DEBUG:
             sys.tracebacklimit = 0
 
-        logging.basicConfig(
-            level=level,
-        )
+        if global_level:
+            logging.basicConfig(
+                level=level,
+            )
+        else:
+            logger.level = level
 
         if log_stderr:
             has_stderr = sys.stderr is not None

libifstate/netns/__init__.py

@@ -1,3 +1,4 @@
+from libifstate.exception import NetnsUnknown
 from libifstate.util import logger, IfStateLogging, IPRouteExt, NetNSExt, root_ipr
 from libifstate.sysctl import Sysctl
 
@@ -68,9 +69,11 @@ class NetNameSpace():
         if peer_netns_name is None:
             peer_ipr = root_ipr
             peer_pid = 1
-        else:
+        elif peer_netns_name in netns_name_map:
             peer_ipr = netns_name_map[peer_netns_name]
             peer_pid = peer_ipr.child
+        else:
+            raise NetnsUnknown(peer_netns_name)
 
         result = self.ipr.get_netnsid(pid=peer_pid)
         if result['nsid'] == 4294967295:
@@ -81,7 +84,7 @@ class NetNameSpace():
 
         return (peer_ipr, peer_nsid)
 
-def prepare_netns(do_apply, target_netns_list, new_netns_list):
+def prepare_netns(do_apply, target_netns_list, new_netns_list, ignore_netns):
     logger.info("configure network namespaces...")
 
     # get mapping of netns names to lists of pids
@@ -94,14 +97,15 @@ def prepare_netns(do_apply, target_netns_list, new_netns_list):
     for name in sorted(names_set):
         # cleanup orphan netns
         if name not in target_netns_list:
-            if name in ns_pids:
-                logger.warning(
-                    'pids: {}'.format(', '.join((str(x) for x in ns_pids[name]))),
-                    extra={'iface': name})
-            logger.log_del(name)
-
-            if do_apply:
-                pyroute2.netns.remove(name)
+            if not any(re.match(regex, name) for regex in ignore_netns):
+                if name in ns_pids:
+                    logger.warning(
+                        'pids: {}'.format(', '.join((str(x) for x in ns_pids[name]))),
+                        extra={'iface': name})
+                logger.log_del(name)
+
+                if do_apply:
+                    pyroute2.netns.remove(name)
 
         # create missing netns
         elif name not in current_netns_list or name in new_netns_list:

libifstate/routing/__init__.py

@@ -1,6 +1,6 @@
 from libifstate.util import logger, IfStateLogging
 from libifstate.exception import RouteDuplicate, netlinkerror_classes
-from ipaddress import ip_address, ip_network, IPv6Network
+from ipaddress import ip_address, ip_interface, ip_network, IPv6Network
 from pyroute2.netlink.rtnl.fibmsg import FR_ACT_VALUES
 from pyroute2.netlink.rtnl import rt_type
 import collections.abc
@@ -15,6 +15,147 @@ from socket import AF_INET, AF_INET6
 def route_matches(r1, r2, fields=('dst', 'priority', 'proto'), indent=None):
     return _matches(r1, r2, fields, indent)
 
+def parse_route(route, implicit_defaults=True):
+    rt = {}
+
+    if implicit_defaults:
+        rt['type'] = route.get('type', 'unicast')
+
+    if 'to' in route:
+        dst = ip_network(route['to'])
+        rt['dst'] = dst.with_prefixlen
+        has_to = True
+    else:
+        has_to = False
+
+    for key, lookup in RT_LOOKUPS_DICT.items():
+        try:
+            if implicit_defaults:
+                rt[key] = route.get(key, RT_LOOKUPS_DEFAULTS[key])
+                rt[key] = lookup.lookup_id(rt[key])
+            else:
+                if key in route:
+                    rt[key] = route[key]
+                    rt[key] = lookup.lookup_id(rt[key])
+        except KeyError as err:
+            # mapping not available - catch exception and skip it
+            logger.warning('ignoring unknown %s "%s"', key, rt[key],
+                            extra={'iface': rt['dst']})
+            rt[key] = RT_LOOKUPS_DEFAULTS[key]
+
+    if 'type' in rt and type(rt['type']) == str:
+        rt['type'] = rt_type[rt['type']]
+
+    if 'dev' in route:
+        rt['oif'] = route['dev']
+
+    if 'via' in route:
+        via = ip_address(route['via'])
+
+        if not has_to or via.version == dst.version:
+            rt['gateway'] = str(via)
+        else:
+            if via.version == 4:
+                rt['via'] = {
+                    'family': int(AF_INET),
+                    'addr': str(via),
+                }
+            else:
+                rt['via'] = {
+                    'family': int(AF_INET6),
+                    'addr': str(via),
+                }
+
+    if 'src' in route:
+        rt['prefsrc'] = route['src']
+
+    if 'preference' in route:
+        rt['priority'] = route['preference']
+    elif has_to and implicit_defaults:
+        if isinstance(dst, IPv6Network):
+            rt['priority'] = 1024
+        else:
+            rt['priority'] = 0
+
+    if 'vrrp' in route:
+        rt['_vrrp'] = route['vrrp']
+
+    return rt
+
+def parse_routes(routes, implicit_defaults=True):
+    return [parse_route(route, implicit_defaults) for route in routes]
+
+def parse_rule(rule, implicit_defaults=True):
+    ru = {}
+
+    if implicit_defaults:
+        ru['table'] = RTLookups.tables.lookup_id(rule.get('table', 254))
+        ru['protocol'] = RTLookups.protos.lookup_id(rule.get('proto', 0))
+        ru['tos'] = rule.get('tos', 0)
+    else:
+        if 'table' in rule:
+            ru['table'] = RTLookups.tables.lookup_id(rule['table'])
+        if 'proto' in rule:
+            ru['protocol'] = RTLookups.protos.lookup_id(rule['proto'])
+        if 'tos' in rule:
+            ru['tos'] = rule['tos']
+
+    if 'action' in rule and type(rule['action']) == str:
+        ru['action'] = {
+            "to_tbl": "FR_ACT_TO_TBL",
+            "unicast": "FR_ACT_UNICAST",
+            "blackhole": "FR_ACT_BLACKHOLE",
+            "unreachable": "FR_ACT_UNREACHABLE",
+            "prohibit": "FR_ACT_PROHIBIT",
+            "nat": "FR_ACT_NAT",
+        }.get(rule['action'], rule['action'])
+    elif implicit_defaults:
+        ru['action'] = "FR_ACT_TO_TBL"
+
+    if 'fwmark' in rule:
+        ru['fwmark'] = rule['fwmark']
+
+    if 'ipproto' in rule:
+        if type(rule['ipproto']) == str:
+            ru['ip_proto'] = socket.getprotobyname(rule['ipproto'])
+        else:
+            ru['ip_proto'] = rule['ipproto']
+
+    if 'to' in rule:
+        ru['dst'] = str(ip_network(rule['to']).network_address)
+        ru['dst_len'] = ip_network(rule['to']).prefixlen
+
+    if 'from' in rule:
+        if  rule['from'] != "all":
+            ru['src'] = str(ip_interface(rule['from']).ip)
+            ru['src_len'] = ip_network(ip_interface(rule['from']).network).prefixlen
+        else:
+            ru['src'] = "0.0.0.0"
+            ru['src_len'] = 0
+
+    if 'iif' in rule:
+        ru['iifname'] = rule['iif']
+
+    if 'oif' in rule:
+        ru['oifname'] = rule['oif']
+
+    if 'priority' in rule:
+        ru['priority'] = rule['priority']
+
+    if 'vrrp' in rule:
+        ru['_vrrp'] = rule['vrrp']
+
+    if 'family' in rule:
+        assert rule['family'] in ("AF_INET", "inet", 2, "AF_INET6", "inet6", 10), "rule['family'] doesn't have a valid value. This should have already been rejected by the schema validation."
+        if rule['family'] in ("AF_INET", "inet", 2):
+            ru['family'] = AF_INET
+        elif rule['family'] in ("AF_INET6", "inet6", 10):
+            ru['family'] = AF_INET6
+
+    return ru
+
+def parse_rules(rules, implicit_defaults=True):
+    return [parse_rule(rule, implicit_defaults) for rule in rules]
 
 def rule_matches(r1, r2, fields=('priority', 'iif', 'oif', 'dst', 'metric', 'protocol'), indent=None):
     return _matches(r1, r2, fields, indent)
@@ -133,64 +274,36 @@ class Tables(collections.abc.Mapping):
     def __len__(self):
         return len(self.tables)
 
-    def add(self, route):
-        dst = ip_network(route['to'])
-        rt = {
-            'type': route.get('type', 'unicast'),
-            'dst': dst.with_prefixlen,
-        }
-
-        for key, lookup in RT_LOOKUPS_DICT.items():
-            try:
-                rt[key] = route.get(key, RT_LOOKUPS_DEFAULTS[key])
-                rt[key] = lookup.lookup_id(rt[key])
-            except KeyError as err:
-                # mapping not available - catch exception and skip it
-                logger.warning('ignoring unknown %s "%s"', key, rt[key],
-                               extra={'iface': rt['dst'], 'netns': self.netns})
-                rt[key] = RT_LOOKUPS_DEFAULTS[key]
-
-        if type(rt['type']) == str:
-            rt['type'] = rt_type[rt['type']]
-
-        if 'dev' in route:
-            rt['oif'] = route['dev']
-
-        if 'via' in route:
-            via = ip_address(route['via'])
-
-            if via.version == dst.version:
-                rt['gateway'] = str(via)
-            else:
-                if via.version == 4:
-                    rt['via'] = {
-                        'family': int(AF_INET),
-                        'addr': str(via),
-                    }
-                else:
-                    rt['via'] = {
-                        'family': int(AF_INET6),
-                        'addr': str(via),
-                    }
-
-        if 'src' in route:
-            rt['prefsrc'] = route['src']
+    def parse_ignores(self, ignores):
+        parsed = []
+        for ignore in ignores:
+            ignore = parse_route(ignore, False)
+
+            for attr in ['dev', 'oif', 'iif']:
+                if attr in ignore and type(ignore[attr]) == str:
+                    idx = next(
+                        iter(self.netns.ipr.link_lookup(ifname=ignore[attr])), None)
+                    if idx is None:
+                        logger.debug("{} '{}' is unknown, skipping ignore".format(attr, ignore[attr]))
+                        continue
+                    else:
+                        ignore[attr] = idx
+            parsed.append(ignore)
 
-        if 'preference' in route:
-            rt['priority'] = route['preference']
-        elif isinstance(dst, IPv6Network):
-            rt['priority'] = 1024
-        else:
-            rt['priority'] = 0
+        return parsed
 
-        if 'vrrp' in route:
-            rt['_vrrp'] = route['vrrp']
+    def add(self, route):
+        # convert config dict into IFLA keys and values
+        rt = parse_route(route)
 
+        # track route in the corresponding table
         if not rt['table'] in self.tables:
             self.tables[rt['table']] = []
         self.tables[rt['table']].append(rt)
 
     def show_routes(self, ignores):
+        ignores = self.parse_ignores(ignores)
+
         routes = []
         for route in self.netns.ipr.get_routes(family=AF_INET) + self.netns.ipr.get_routes(family=AF_INET6):
             # skip routes from local table
@@ -322,6 +435,8 @@ class Tables(collections.abc.Mapping):
         return routes
 
     def apply(self, ignores, do_apply, by_vrrp, vrrp_type, vrrp_name, vrrp_state):
+        ignores = self.parse_ignores(ignores)
+
         for table, croutes in self.tables.items():
             log_str = RTLookups.tables.lookup_str(table)
             if self.netns.netns != None:
@@ -413,53 +528,10 @@ class Rules():
         self.rules = []
 
     def add(self, rule):
-        ru = {
-            'table': RTLookups.tables.lookup_id(rule.get('table', 254)),
-            'protocol': RTLookups.protos.lookup_id(rule.get('proto', 0)),
-            'tos': rule.get('tos', 0),
-        }
-
-        if 'action' in rule and type(rule['action']) == str:
-            ru['action'] = {
-                "to_tbl": "FR_ACT_TO_TBL",
-                "unicast": "FR_ACT_UNICAST",
-                "blackhole": "FR_ACT_BLACKHOLE",
-                "unreachable": "FR_ACT_UNREACHABLE",
-                "prohibit": "FR_ACT_PROHIBIT",
-                "nat": "FR_ACT_NAT",
-            }.get(rule['action'], rule['action'])
-        else:
-            ru['action'] = rule.get('action'.lower(), "FR_ACT_TO_TBL")
-
-        if 'fwmark' in rule:
-            ru['fwmark'] = rule['fwmark']
-
-        if 'ipproto' in rule:
-            if type(rule['ipproto']) == str:
-                ru['ip_proto'] = socket.getprotobyname(rule['ipproto'])
-            else:
-                ru['ip_proto'] = rule['ipproto']
-
-        if 'to' in rule:
-            ru['dst'] = str(ip_network(rule['to']).network_address)
-            ru['dst_len'] = ip_network(rule['to']).prefixlen
-
-        if 'from' in rule:
-            ru['src'] = str(ip_network(rule['from']).network_address)
-            ru['src_len'] = ip_network(rule['from']).prefixlen
-
-        if 'iif' in rule:
-            ru['iifname'] = rule['iif']
-
-        if 'oif' in rule:
-            ru['oifname'] = rule['oif']
-
-        if 'priority' in rule:
-            ru['priority'] = rule['priority']
-
-        if 'vrrp' in rule:
-            ru['_vrrp'] = rule['vrrp']
+        # convert config dict into IFLA keys and values
+        ru = parse_rule(rule)
 
+        # track rule
         self.rules.append(ru)
 
     def kernel_rules(self):
@@ -491,14 +563,13 @@ class Rules():
         return rules
 
     def show_rules(self, ignores):
+        ignores = parse_rules(ignores, implicit_defaults=False)
+
         rules = []
         for rule in self.kernel_rules():
             # skip ignored routes
             ignore = False
             for irule in ignores:
-                if 'proto' in irule:
-                    irule['protocol'] = irule['proto']
-                    del irule['proto']
                 if rule_matches(rule, irule, irule.keys()):
                     ignore = True
                     break
@@ -534,6 +605,9 @@ class Rules():
         return rules
 
     def apply(self, ignores, do_apply, by_vrrp, vrrp_type, vrrp_name, vrrp_state):
+        ignores = parse_rules(ignores, implicit_defaults=False)
+
+        # get rules that are currently in the kernels list
         krules = self.kernel_rules()
         for rule in self.rules:
             log_str = '#{}'.format(rule['priority'])

libifstate/tc/__init__.py

@@ -254,7 +254,7 @@ class TC():
         return changes
 
     def apply(self, do_apply):
-        excpts = ExceptionCollector(ifname=self.iface)
+        excpts = ExceptionCollector(self.iface, self.netns)
 
         # get ifindex
         self.idx = next(iter(self.netns.ipr.link_lookup(ifname=self.iface)), None)

libifstate/wireguard/__init__.py

@@ -4,7 +4,9 @@ from wgnlpy import WireGuard as WG
 from ipaddress import ip_network
 import collections
 from copy import deepcopy
+import os
 import pyroute2.netns
+from pyroute2 import NetlinkError
 import socket
 
 class WireGuard():
@@ -56,6 +58,9 @@ class WireGuard():
         try:
             state = self.wg.get_interface(
                 self.iface, spill_private_key=True, spill_preshared_keys=True)
+        except NetlinkError as err:
+            logger.warning('query wireguard details failed: {}'.format(os.strerror(err.code)), extra={'iface': self.iface, 'netns': self.netns})
+            return
         except TypeError as err:
             # wgnlpy 0.1.5 can triggger a TypeError exception
             # if the WGPEER_A_LAST_HANDSHAKE_TIME NLA does not
@@ -113,10 +118,10 @@ class WireGuard():
                     for setting in peer.keys():
                         attr = getattr(peers[pubkey], setting)
                         if setting == 'allowedips':
-                            attr = set(attr)
+                            attr = [str(ip) for ip in attr]
                         logger.debug('  peer.%s: %s => %s', setting, attr,
                                      peer[setting], extra={'iface': self.iface})
-                        if type(attr) == set:
+                        if type(attr) == list:
                             pchange |= not (attr == peer[setting])
                         else:
                             pchange |= str(peer[setting]) != str(getattr(