T7388: IPv6 neighbor discovery not supported by every interface type

c-po · c-po · commit b2ed3d9a9e94 · 2025-06-01T21:45:26.000+02:00
The commit b124f0b ("interface: T4627: support IPv6 Interface Identifier (token) for SLAAC") revealed an incorrect assumption in VyOS: that all interface types in use inherently support SLAAC and IPv6 Neighbor Discovery (ND). However, this assumption does not hold true for WireGuard, Tunnel, and VTI interfaces. Therefore, the corresponding CLI option should not be available for these interface types. Additionally, SLAAC support should be removed for them in a future pull request. To address this, remove the "ipv6 address autoconf" CLI tree from the following interface types using a migration script: * WireGuard * Tunnel * VTI
diff --git a/interface-definitions/include/interface/ipv6-options-base.xml.i b/interface-definitions/include/interface/ipv6-options-base.xml.i
@@ -15,7 +15,6 @@
         <help>IPv6 address configuration modes</help>
       </properties>
       <children>
-        #include <include/interface/ipv6-address-autoconf.xml.i>
         #include <include/interface/ipv6-address-eui64.xml.i>
         #include <include/interface/ipv6-address-no-default-link-local.xml.i>
       </children>
diff --git a/interface-definitions/include/interface/ipv6-options-neighbor-discovery.xml.i b/interface-definitions/include/interface/ipv6-options-neighbor-discovery.xml.i
@@ -3,6 +3,7 @@
   <children>
     <node name="address">
       <children>
+        #include <include/interface/ipv6-address-autoconf.xml.i>
         #include <include/interface/ipv6-address-interface-identifier.xml.i>
       </children>
     </node>
diff --git a/interface-definitions/include/version/interfaces-version.xml.i b/interface-definitions/include/version/interfaces-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/interfaces-version.xml.i -->
-<syntaxVersion component='interfaces' version='33'></syntaxVersion>
+<syntaxVersion component='interfaces' version='34'></syntaxVersion>
 <!-- include end -->
diff --git a/smoketest/configs/dialup-router-wireguard-ipv6 b/smoketest/configs/dialup-router-wireguard-ipv6
@@ -977,6 +977,11 @@ interfaces {
     }
     wireguard wg100 {
         address 172.16.252.128/31
+        ipv6 {
+            address {
+                autoconf
+            }
+        }
         mtu 1500
         peer HR6 {
             address 100.65.151.213
@@ -988,6 +993,11 @@ interfaces {
     }
     wireguard wg200 {
         address 172.16.252.130/31
+        ipv6 {
+            address {
+                autoconf
+            }
+        }
         mtu 1500
         peer WH56 {
             address 80.151.69.205
diff --git a/smoketest/configs/tunnel-broker b/smoketest/configs/tunnel-broker
@@ -63,6 +63,11 @@ interfaces {
         address 172.16.0.5/30
         encapsulation gre
         dhcp-interface eth0
+        ipv6 {
+            address {
+                autoconf
+           }
+        }
         remote-ip 192.0.2.101
     }
     tunnel tun300 {
diff --git a/src/migration-scripts/interfaces/33-to-34 b/src/migration-scripts/interfaces/33-to-34
@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2025 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+# T7388: remove "ipv6 address autoconf" from certain CLI nodes whose
+#        underlaying interface does not support IPv6 neighbor discovery
+
+from vyos.configtree import ConfigTree
+
+base = ['interfaces']
+
+def migrate(config: ConfigTree) -> None:
+    for iftype in ['tunnel', 'wireguard', 'vti']:
+        # bail out early if interface type does not exist in config
+        base_iftype = base + [iftype]
+        if not config.exists(base_iftype):
+            continue
+        for interface in config.list_nodes(base_iftype):
+            base_interface = base_iftype + [interface]
+
+            autoconf_path = base_interface + ['ipv6', 'address', 'autoconf']
+            if config.exists(autoconf_path):
+                config.delete(autoconf_path)
+                # delete empty CLI config under 'address' node
+                if len(config.list_nodes(autoconf_path[:-1])) == 0:
+                    config.delete(autoconf_path[:-1])
+                # delete empty CLI config under 'ipv6' node
+                if len(config.list_nodes(autoconf_path[:-2])) == 0:
+                    config.delete(autoconf_path[:-2])
