diff --git a/Dockerfile.vnet_router2 b/Dockerfile.vnet_router2
new file mode 100644
index 0000000000000000000000000000000000000000..9b2537a61a8a7c6139c61053af574b5c92db09cc
--- /dev/null
+++ b/Dockerfile.vnet_router2
@@ -0,0 +1,83 @@
+
+##############################################################################
+##############################################################################
+# instructions:
+
+# 1. build container, e.g., by:
+#> docker build -f Dockerfile.vnet_router1 -t vnet .
+
+# 2. before running container make sure openvswitch module is loaded in kernel (modprobe openvswitch) and run container with --privileged (needed for openvswitch inside container)
+#> modprobe openvswitch
+#> docker run -t -i --privileged vnet
+
+# 3. after being started you can additionally enter the container (find its DOCKERID by 'docker ps'), e.g., by:
+#> docker exec -i -t DOCKERID /fod_vnet_router --mnexec h1 ping h2
+#> docker exec -i -t DOCKERID /fod_vnet_router --mnexec h2 hping3 --udp -s 15 -k 10.0.0.3
+
+
+# ADDITIONAL USE:
+
+# 4. '/fod_vnet_router --init.sysstart' in the start CMD below accepts mininet arguments after '--init.sysstart' which it will pass on to the started mininet; so change line below accordingly (and rebuild container): e.g.,
+# CMD [ "/fod_vnet_router", "--init.sysstart", "--topo=linear,10" ]
+# CMD [ "/fod_vnet_router", "--init.sysstart", "--topo=tree" ]
+# or alternatively just use modified command for running the container, e.g., by:
+#> docker run -t -i --privileged vnet /fod_vnet_router --init.sysstart --topo=linear,10
+#> docker run -t -i --privileged vnet /fod_vnet_router --init.sysstart --topo=tree,2
+
+# 5. alternatively use container running in background only with netconf db server on startup
+# (running more permanently, e.g., in order to remember netconf db data (FoD rules) + rules info with counters in ovs/snmp state file):
+#> docker run -d -t -i --privileged vnet /fod_vnet_router --init.netconfserver
+# then start vnet_router management in entered shell in container (find its DOCKERID by 'docker ps'), e.g., by:
+#> docker exec -i -t DOCKERID /fod_vnet_router --init --topo=tree,2 # accepts arguments for mininet as --init.sysstart
+# after exiting mininet shell, now ovs and snmpd will stay running
+
+# ADDITIONAL INFOMATION:
+# Of course one needs to have a running working FoD container in parallel
+# and that one has to be configured
+# to use the vnet_router container for NETCONF and SNMP stats polling:
+# flowspy/settings.py OR flowspy/settings_local.py (the latter will override settings of thee former):
+
+# ...
+# 'NETCONF_DEVICE': '172.17.0.3', # only an example, so change value to whatever is the IP address of the netconf db server container
+# 'NETCONF_PASS': 'netconf',
+# 'NETCONF_PORT': 830,
+# 'NETCONF_USER': 'netconf',
+#
+# 'SNMP_IP': ['172.17.0.3'], # only an example, so change value to whatever is the IP address of the netconf db server container
+# 'SNMP_COMMUNITY': 'public',
+# ...
+
+##############################################################################
+##############################################################################
+# Dockerfile proper:
+
+# 1. start from already built and working NETCONF container
+# (built from router-container/Dockerfile , but currently fails to be rebuilt):
+FROM cejkat/fod-router
+
+##
+
+# 2. install all dependencies in advance (/fod_vnet_router --init.sysstart will check again and might install anything still missing)
+RUN apt-get -qqy update
+RUN DEBIAN_FRONTEND="noninteractive" apt-get -qqy install mininet iptables iproute2 tcpdump tshark iputils-ping iputils-tracepath hping3 gawk sshpass lsof strace snmpd snmp
+
+RUN DEBIAN_FRONTEND="noninteractive" apt-get -qqy install netconfd yangcli socat openssh-server rsyslog
+
+# 3. copy vnet_router management script + snmp feeder pass_persisttest_bgpflowspec (+ pass_persisttest only for testing/demonstration)
+COPY vnet_router/configuration.yang /opt/dev/
+
+COPY vnet_router/fod_vnet_router /
+COPY vnet_router/snmp/pass_persisttest_bgpflowspec /
+COPY vnet_router/snmp/snmp-release/pass_persisttest /
+
+##
+
+# ./vnet_router/fod_vnet_router
+# 4. default start command:
+#CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+#CMD [ "bash", "-c", "set -x; nohup /usr/bin/supervisord -c /etc/supervisord.conf & sleep 5 ;/fod_vnet_router --init" ]
+CMD [ "/fod_vnet_router", "--init.sysstart.netconfd" ]
+
+##############################################################################
+##############################################################################
+
diff --git a/vnet_router/configuration.yang b/vnet_router/configuration.yang
new file mode 100644
index 0000000000000000000000000000000000000000..92df4151117d6cfa2a4e969dc2ca680842c91c80
--- /dev/null
+++ b/vnet_router/configuration.yang
@@ -0,0 +1,1102 @@
+module configuration {
+ namespace "http://xml.juniper.net/xnm/1.1/xnm";
+ prefix jc;
+
+ organization
+ "Juniper Networks, Inc.";
+ description
+ "Junos YANG module for a subset of configuration hierarchies - it represents a route rules that are used by Firewall on Demand";
+
+ revision 2021-10-06 {
+ description "Adapted configuration module in progress.";
+ }
+
+
+ typedef daemon {
+ type string;
+ }
+
+ typedef filename {
+ type string;
+ }
+
+ typedef client-filename {
+ type string;
+ }
+
+ typedef hostname {
+ type string;
+ }
+
+ typedef ipaddr {
+ type string;
+ }
+
+ typedef sysid {
+ type string;
+ }
+
+ typedef interface-device {
+ type string;
+ }
+
+ typedef ddl-bits {
+ type string;
+ }
+
+ typedef isoaddr {
+ type string;
+ }
+
+ typedef ipprefix {
+ type string;
+ }
+
+ typedef ipprefix-mandatory {
+ type string;
+ }
+
+ typedef interface-unit {
+ type string;
+ }
+
+ typedef ipaddr-or-interface {
+ type string;
+ }
+
+ typedef areaid {
+ type string;
+ }
+
+ typedef interface-name {
+ type string;
+ }
+
+ typedef community {
+ type string;
+ }
+
+ typedef interface-wildcard {
+ type string;
+ }
+
+ typedef unreadable {
+ type string;
+ }
+
+ typedef ipprefix-optional {
+ type string;
+ }
+
+ typedef policy-algebra {
+ type string;
+ }
+
+ typedef regular-expression {
+ type string;
+ }
+
+ typedef group-glob {
+ type string;
+ }
+
+ typedef atm-vci {
+ type string;
+ }
+
+ typedef ipprefix-only {
+ type string;
+ }
+
+ typedef ipv4addr {
+ type string;
+ }
+
+ typedef ipv4prefix {
+ type string;
+ }
+
+ typedef ipv4prefix-mandatory {
+ type string;
+ }
+
+ typedef ipv4addr-or-interface {
+ type string;
+ }
+
+ typedef ipv4prefix-optional {
+ type string;
+ }
+
+ typedef ipv4prefix-only {
+ type string;
+ }
+
+ typedef ipv6addr {
+ type string;
+ }
+
+ typedef ipv6prefix {
+ type string;
+ }
+
+ typedef ipv6prefix-mandatory {
+ type string;
+ }
+
+ typedef ipv6addr-or-interface {
+ type string;
+ }
+
+ typedef ipv6prefix-optional {
+ type string;
+ }
+
+ typedef ipv6prefix-only {
+ type string;
+ }
+
+ typedef interface-device-wildcard {
+ type string;
+ }
+
+ typedef time {
+ type string;
+ }
+
+ typedef mac-addr {
+ type string;
+ }
+
+ typedef mac-addr-prefix {
+ type string;
+ }
+
+ typedef mac-unicaset {
+ type string;
+ }
+
+ typedef mac-unicast-prefix {
+ type string;
+ }
+
+ typedef mac-multicast {
+ type string;
+ }
+
+ typedef mac-multicast-prefix {
+ type string;
+ }
+
+ typedef mpls-label {
+ type string;
+ }
+
+ typedef unsigned-float {
+ type string;
+ }
+
+ typedef isoprefix {
+ type string;
+ }
+
+ typedef isosysid {
+ type string;
+ }
+
+ typedef string-huge {
+ type string;
+ }
+
+ typedef variable {
+ type string;
+ }
+
+ typedef glob-variable {
+ type string;
+ }
+
+ typedef vlan-range {
+ type string;
+ }
+
+ typedef interface-range-wild {
+ type string;
+ }
+
+ typedef fc-addr {
+ type string;
+ }
+
+ typedef wwn {
+ type string;
+ }
+
+ typedef logfilename {
+ type string;
+ }
+
+ typedef range {
+ type string;
+ }
+
+ typedef esi {
+ type string;
+ }
+
+ grouping juniper-config {
+ leaf rcsid {
+ type string;
+ description
+ "Revision control system identifier";
+ }
+
+ leaf version {
+ type string;
+ description
+ "Software version information";
+ }
+
+ container routing-options {
+ description
+ "Protocol-independent routing option configuration";
+ uses juniper-routing-options;
+ }
+ }
+
+ grouping juniper-routing-options {
+ uses apply-advanced;
+
+ container flow {
+ description
+ "Locally defined flow routing information";
+ uses apply-advanced;
+
+ list route {
+ key "name";
+ ordered-by user;
+ description
+ "Flow route";
+ uses flow-route-inet;
+ }
+ }
+
+ leaf router-id {
+ type ipv4addr;
+ description
+ "Router identifier";
+ }
+ }
+
+ grouping apply-advanced {
+ description
+ "Apply advanced configuration logic";
+ leaf-list apply-groups {
+ type string;
+ description
+ "Groups from which to inherit configuration data";
+ }
+
+ leaf-list apply-groups-except {
+ type string;
+ description
+ "Don't inherit configuration data from these groups";
+ }
+ }
+
+ grouping flow-route-inet {
+ leaf name {
+ type string;
+ description
+ "(null)";
+ }
+
+ uses apply-advanced;
+
+ leaf no-install {
+ type empty;
+ description
+ "Don't install firewall filter in forwarding";
+ }
+
+ container then {
+ description
+ "Actions to take for this flow";
+ uses flow-route-op;
+ }
+
+ container match {
+ description
+ "Flow definition";
+ uses flow-route-qualifier-inet;
+ }
+ }
+
+ grouping flow-route-inet6 {
+ leaf route_name {
+ type string;
+ description
+ "(null)";
+ }
+
+ uses apply-advanced;
+
+ leaf no-install {
+ type empty;
+ description
+ "Don't install firewall filter in forwarding";
+ }
+
+ container then {
+ description
+ "Actions to take for this flow";
+ uses flow-route-op;
+ }
+
+ container match {
+ description
+ "Flow definition";
+ uses flow-route-qualifier-inet6;
+ }
+ }
+
+ grouping flow-route-op {
+ uses apply-advanced;
+
+ leaf community {
+ type string;
+ description
+ "Name of BGP community";
+ }
+
+ choice flow_op_action {
+ leaf accept {
+ type empty;
+ description
+ "Allow traffic through";
+ }
+
+ leaf discard {
+ type empty;
+ description
+ "Discard all traffic for this flow";
+ }
+
+ leaf rate-limit {
+ type string;
+ description
+ "Rate in bits/sec to limit the flow traffic";
+ }
+ }
+
+ leaf routing-instance {
+ type string;
+ description
+ "Redirect to instance identified via Route Target community";
+ }
+
+ leaf sample {
+ type empty;
+ description
+ "Sample traffic that matches this flow";
+ }
+
+ leaf mark {
+ type uint32 {
+ range "0 .. 63";
+ }
+ description
+ "Set DSCP value for traffic that matches this flow";
+ }
+
+ leaf next-term {
+ type empty;
+ description
+ "Continue the filter evaluation after matching this flow";
+ }
+ }
+
+ grouping flow-route-qualifier-inet6 {
+ uses apply-advanced;
+
+ leaf-list protocol {
+ type enumeration {
+ enum "icmp" {
+ description
+ "Internet Control Message Protocol";
+ }
+ enum "igmp" {
+ description
+ "Internet Group Management Protocol";
+ }
+ enum "ipip" {
+ description
+ "IP in IP";
+ }
+ enum "tcp" {
+ description
+ "Transmission Control Protocol";
+ }
+ enum "egp" {
+ description
+ "Exterior gateway protocol";
+ }
+ enum "udp" {
+ description
+ "User Datagram Protocol";
+ }
+ enum "rsvp" {
+ description
+ "Resource Reservation Protocol";
+ }
+ enum "gre" {
+ description
+ "Generic routing encapsulation";
+ }
+ enum "esp" {
+ description
+ "IPSec Encapsulating Security Payload";
+ }
+ enum "ah" {
+ description
+ "IP Security authentication header";
+ }
+ enum "icmp6" {
+ description
+ "Internet Control Message Protocol Version 6";
+ }
+ enum "ospf" {
+ description
+ "Open Shortest Path First";
+ }
+ enum "pim" {
+ description
+ "Protocol Independent Multicast";
+ }
+ enum "sctp" {
+ description
+ "Stream Control Transmission Protocol";
+ }
+ enum "expression" {
+ description
+ "(null)";
+ }
+ }
+ description
+ "IP protocol value";
+ }
+
+ leaf-list port {
+ type string;
+ ordered-by user;
+ description
+ "Source or destination TCP/UDP port";
+ }
+
+ leaf-list destination-port {
+ type string;
+ ordered-by user;
+ description
+ "Destination TCP/UDP port";
+ }
+
+ leaf-list source-port {
+ type string;
+ ordered-by user;
+ description
+ "Source TCP/UDP port";
+ }
+
+ leaf-list tcp-flags {
+ type enumeration {
+ enum "fin" {
+ description
+ "FIN";
+ }
+ enum "syn" {
+ description
+ "SYN";
+ }
+ enum "rst" {
+ description
+ "RST";
+ }
+ enum "push" {
+ description
+ "PUSH";
+ }
+ enum "ack" {
+ description
+ "ACK";
+ }
+ enum "urgent" {
+ description
+ "Urgent";
+ }
+ enum "expression" {
+ description
+ "(null)";
+ }
+ }
+ description
+ "TCP flags";
+ }
+
+ leaf-list packet-length {
+ type policy-algebra;
+ description
+ "Packet length (0-65535)";
+ }
+
+ leaf-list dscp {
+ type policy-algebra;
+ description
+ "Differentiated Services (DiffServ) code point (DSCP) (0-63)";
+ }
+
+ leaf-list fragment {
+ type enumeration {
+ enum "dont-fragment" {
+ description
+ "Don't Fragment flag is set";
+ }
+ enum "not-a-fragment" {
+ description
+ "Not a fragment";
+ }
+ enum "is-fragment" {
+ description
+ "Fragmented packet";
+ }
+ enum "first-fragment" {
+ description
+ "First fragment";
+ }
+ enum "last-fragment" {
+ description
+ "Last fragment";
+ }
+ }
+ description
+ "(null)";
+ }
+
+ container destination {
+ description
+ "Destination prefix for this traffic flow";
+ uses flow-prefix-with-offset;
+ }
+
+ container source {
+ description
+ "Source prefix for this traffic flow";
+ uses flow-prefix-with-offset;
+ }
+
+ leaf-list icmp6-type {
+ type enumeration {
+ enum "echo-request" {
+ description
+ "Echo request";
+ }
+ enum "echo-reply" {
+ description
+ "Echo reply";
+ }
+ enum "destination-unreachable" {
+ description
+ "Unreachable";
+ }
+ enum "router-advertisement" {
+ description
+ "Router advertisement";
+ }
+ enum "router-solicit" {
+ description
+ "Router solicit";
+ }
+ enum "time-exceeded" {
+ description
+ "Time exceeded";
+ }
+ enum "parameter-problem" {
+ description
+ "Parameter problem";
+ }
+ enum "packet-too-big" {
+ description
+ "Packet too big";
+ }
+ enum "membership-query" {
+ description
+ "Query for multicast listener";
+ }
+ enum "membership-report" {
+ description
+ "Report for multicast listener";
+ }
+ enum "membership-termination" {
+ description
+ "Terminate multicast listener";
+ }
+ enum "redirect" {
+ description
+ "Router informs host of a better first hop for a destination";
+ }
+ enum "neighbor-solicit" {
+ description
+ "Request link-layer address of neighbor";
+ }
+ enum "neighbor-advertisement" {
+ description
+ "Provide link-layer address to neighbor";
+ }
+ enum "router-renumbering" {
+ description
+ "Router renumbering command";
+ }
+ enum "node-information-request" {
+ description
+ "Query for information on address or name";
+ }
+ enum "node-information-reply" {
+ description
+ "Reply to node information request";
+ }
+ enum "expression" {
+ description
+ "(null)";
+ }
+ }
+ description
+ "ICMP message type";
+ }
+
+ leaf-list icmp6-code {
+ type enumeration {
+ enum "no-route-to-destination" {
+ description
+ "Route to destination not found";
+ }
+ enum "administratively-prohibited" {
+ description
+ "Communication with destination prohibited by filter";
+ }
+ enum "address-unreachable" {
+ description
+ "Problem with resolving address or other link-specific problem";
+ }
+ enum "port-unreachable" {
+ description
+ "Port unreachable";
+ }
+ enum "ttl-eq-zero-during-transit" {
+ description
+ "TTL eq zero during transit";
+ }
+ enum "ttl-eq-zero-during-reassembly" {
+ description
+ "TTL eq zero during reassembly";
+ }
+ enum "ip6-header-bad" {
+ description
+ "IP header bad";
+ }
+ enum "unrecognized-next-header" {
+ description
+ "Unrecognized next header type encountered";
+ }
+ enum "unrecognized-option" {
+ description
+ "Unrecogzined IPv6 option";
+ }
+ enum "expression" {
+ description
+ "(null)";
+ }
+ }
+ description
+ "ICMP message code";
+ }
+
+ leaf-list flow-label {
+ type policy-algebra;
+ description
+ "Flow-label (0-1048575)";
+ }
+ }
+
+ grouping flow-route-qualifier-inet {
+ uses apply-advanced;
+
+ leaf-list protocol {
+ type enumeration {
+ enum "icmp" {
+ description
+ "Internet Control Message Protocol";
+ }
+ enum "igmp" {
+ description
+ "Internet Group Management Protocol";
+ }
+ enum "ipip" {
+ description
+ "IP in IP";
+ }
+ enum "tcp" {
+ description
+ "Transmission Control Protocol";
+ }
+ enum "egp" {
+ description
+ "Exterior gateway protocol";
+ }
+ enum "udp" {
+ description
+ "User Datagram Protocol";
+ }
+ enum "rsvp" {
+ description
+ "Resource Reservation Protocol";
+ }
+ enum "gre" {
+ description
+ "Generic routing encapsulation";
+ }
+ enum "esp" {
+ description
+ "IPSec Encapsulating Security Payload";
+ }
+ enum "ah" {
+ description
+ "IP Security authentication header";
+ }
+ enum "icmp6" {
+ description
+ "Internet Control Message Protocol Version 6";
+ }
+ enum "ospf" {
+ description
+ "Open Shortest Path First";
+ }
+ enum "pim" {
+ description
+ "Protocol Independent Multicast";
+ }
+ enum "sctp" {
+ description
+ "Stream Control Transmission Protocol";
+ }
+ enum "expression" {
+ description
+ "(null)";
+ }
+ }
+ description
+ "IP protocol value";
+ }
+
+ leaf-list port {
+ type string;
+ ordered-by user;
+ description
+ "Source or destination TCP/UDP port";
+ }
+
+ leaf-list destination-port {
+ type string;
+ ordered-by user;
+ description
+ "Destination TCP/UDP port";
+ }
+
+ leaf-list source-port {
+ type string;
+ ordered-by user;
+ description
+ "Source TCP/UDP port";
+ }
+
+ leaf-list tcp-flags {
+ type enumeration {
+ enum "fin" {
+ description
+ "FIN";
+ }
+ enum "syn" {
+ description
+ "SYN";
+ }
+ enum "rst" {
+ description
+ "RST";
+ }
+ enum "push" {
+ description
+ "PUSH";
+ }
+ enum "ack" {
+ description
+ "ACK";
+ }
+ enum "urgent" {
+ description
+ "Urgent";
+ }
+ enum "expression" {
+ description
+ "(null)";
+ }
+ }
+ description
+ "TCP flags";
+ }
+
+ leaf-list packet-length {
+ type policy-algebra;
+ description
+ "Packet length (0-65535)";
+ }
+
+ leaf-list dscp {
+ type policy-algebra;
+ description
+ "Differentiated Services (DiffServ) code point (DSCP) (0-63)";
+ }
+
+ leaf-list fragment {
+ type enumeration {
+ enum "dont-fragment" {
+ description
+ "Don't Fragment flag is set";
+ }
+ enum "not-a-fragment" {
+ description
+ "Not a fragment";
+ }
+ enum "is-fragment" {
+ description
+ "Fragmented packet";
+ }
+ enum "first-fragment" {
+ description
+ "First fragment";
+ }
+ enum "last-fragment" {
+ description
+ "Last fragment";
+ }
+ }
+ description
+ "(null)";
+ }
+
+ leaf destination {
+ type ipprefix;
+ description
+ "Destination prefix for this traffic flow";
+ }
+
+ leaf source {
+ type ipprefix;
+ description
+ "Source prefix for this traffic flow";
+ }
+
+ leaf-list icmp-code {
+ type enumeration {
+ enum "network-unreachable" {
+ description
+ "Network unreachable";
+ }
+ enum "host-unreachable" {
+ description
+ "Host unreachable";
+ }
+ enum "protocol-unreachable" {
+ description
+ "Protocol unreachable";
+ }
+ enum "port-unreachable" {
+ description
+ "Port unreachable";
+ }
+ enum "fragmentation-needed" {
+ description
+ "Fragmentation needed";
+ }
+ enum "source-route-failed" {
+ description
+ "Source route failed";
+ }
+ enum "destination-network-unknown" {
+ description
+ "Destination network unknown";
+ }
+ enum "destination-host-unknown" {
+ description
+ "Destination host unknown";
+ }
+ enum "source-host-isolated" {
+ description
+ "Source host isolated";
+ }
+ enum "destination-network-prohibited" {
+ description
+ "Destination network prohibited";
+ }
+ enum "destination-host-prohibited" {
+ description
+ "Destination host prohibited";
+ }
+ enum "network-unreachable-for-tos" {
+ description
+ "Network unreachable for ToS";
+ }
+ enum "host-unreachable-for-tos" {
+ description
+ "Host unreachable for ToS";
+ }
+ enum "communication-prohibited-by-filtering" {
+ description
+ "Communication prohibited by filtering";
+ }
+ enum "host-precedence-violation" {
+ description
+ "Host precedence violation";
+ }
+ enum "precedence-cutoff-in-effect" {
+ description
+ "Precedence cutoff in effect";
+ }
+ enum "redirect-for-network" {
+ description
+ "Redirect for network";
+ }
+ enum "redirect-for-host" {
+ description
+ "Redirect for host";
+ }
+ enum "redirect-for-tos-and-net" {
+ description
+ "Redirect for ToS and net";
+ }
+ enum "redirect-for-tos-and-host" {
+ description
+ "Redirect for ToS and host";
+ }
+ enum "ttl-eq-zero-during-transit" {
+ description
+ "TTL eq zero during transit";
+ }
+ enum "ttl-eq-zero-during-reassembly" {
+ description
+ "TTL eq zero during reassembly";
+ }
+ enum "ip-header-bad" {
+ description
+ "IP header bad";
+ }
+ enum "required-option-missing" {
+ description
+ "Required option missing";
+ }
+ enum "expression" {
+ description
+ "(null)";
+ }
+ }
+ description
+ "ICMP message code";
+ }
+
+ leaf-list icmp-type {
+ type enumeration {
+ enum "echo-request" {
+ description
+ "Echo request";
+ }
+ enum "echo-reply" {
+ description
+ "Echo reply";
+ }
+ enum "unreachable" {
+ description
+ "Unreachable";
+ }
+ enum "source-quench" {
+ description
+ "Source quench";
+ }
+ enum "redirect" {
+ description
+ "Redirect";
+ }
+ enum "router-advertisement" {
+ description
+ "Router advertisement";
+ }
+ enum "router-solicit" {
+ description
+ "Router solicit";
+ }
+ enum "time-exceeded" {
+ description
+ "Time exceeded";
+ }
+ enum "parameter-problem" {
+ description
+ "Parameter problem";
+ }
+ enum "timestamp" {
+ description
+ "Timestamp";
+ }
+ enum "timestamp-reply" {
+ description
+ "Timestamp reply";
+ }
+ enum "info-request" {
+ description
+ "Informational request";
+ }
+ enum "info-reply" {
+ description
+ "Informational reply";
+ }
+ enum "mask-request" {
+ description
+ "Mask request";
+ }
+ enum "mask-reply" {
+ description
+ "Mask reply";
+ }
+ enum "expression" {
+ description
+ "(null)";
+ }
+ }
+ description
+ "ICMP message type";
+ }
+ }
+
+ grouping flow-prefix-with-offset {
+ leaf prefix {
+ type ipprefix;
+ description
+ "(null)";
+ }
+
+ leaf prefix-offset {
+ type uint32;
+ description
+ "Offset from where prefix match will start";
+ }
+ }
+
+ container configuration {
+ uses juniper-config;
+ }
+}
diff --git a/vnet_router/fod_vnet_router b/vnet_router/fod_vnet_router
index c9e082e78ea73f2e32b0f7abb4a0058d5d5b7ef3..2dad134701dcbc6f089bea411b1f89be89405b0f 100755
--- a/vnet_router/fod_vnet_router
+++ b/vnet_router/fod_vnet_router
@@ -39,24 +39,12 @@ if [ "$1" = "--init" ]; then #arg
##
- "$0" --loop &> /dev/null &
+ #"$0" --loop &> /dev/null &
+ nohup "$0" --loop &> poll-loop.log &
jobs
"$0" --runmn "$@" #arg rest
-elif [ "$1" = "--init.sysstart" ]; then #arg
- shift 1
-
- "$0" --init.netconfserver &
- sleep 5
-
- exec "$0" --init "$@"
-
-elif [ "$1" = "--init.netconfserver" ]; then #arg
- shift 1
-
- exec nohup /usr/bin/supervisord -c /etc/supervisord.conf # start NETCONF container
-
elif [ "$1" = "--runmn" ]; then #arg
shift 1
@@ -110,6 +98,60 @@ elif [ "$1" = "--init-snmp" ]; then #arg
snmpwalk -v2c -cpublic localhost .1
+##############################################################################
+##############################################################################
+# related to netconf server init
+
+elif [ "$1" = "--init.sysstart.netopeer2" -o "$1" = "--init.sysstart" ]; then #arg
+ shift 1
+
+ "$0" --init.netconfserver.netopeer2 &
+ sleep 5
+
+ exec "$0" --init "$@"
+
+elif [ "$1" = "--init.netconfserver.netopeer2" -o "$1" = "--init.netconfserver" ]; then #arg
+ shift 1
+
+ exec nohup /usr/bin/supervisord -c /etc/supervisord.conf # start netopeer2 NETCONF container, as provided in the docker image
+
+elif [ "$1" = "--init.sysstart.netconfd" -o "$1" = "--init.sysstart2" ]; then #arg
+ shift 1
+
+ "$0" --init.netconfserver.netconfd &
+ sleep 5
+
+ exec "$0" --init "$@"
+
+elif [ "$1" = "--init.netconfserver.netconfd" ]; then #arg # alternative to netopeer2 netconf server
+ shift 1
+
+ apt-get -qqy update
+ DEBIAN_FRONTEND="noninteractive" apt-get -qqy install netconfd yangcli socat openssh-server rsyslog
+
+ if ! grep -q "Subsystem netconf /usr/sbin/netconf-subsystem" "/etc/ssh/sshd_config"; then
+ (
+ echo "Port 22"
+ echo "Port 830"
+ echo "Subsystem netconf /usr/sbin/netconf-subsystem"
+ )>>/etc/ssh/sshd_config
+ fi
+
+ useradd netconf
+ chsh -s /bin/bash netconf
+
+ if grep -q '^netconf:' /etc/shadow; then
+ sed -i -e 's/^netconf:.*$/netconf:$6$VaQVpTvj$YKvNyGgEjtfohuXuFsp8WhMOY1WnpuNGs0KYksRu98IlNBAKY65E2DOmZulczhu.bsaeJWBSEM4rLlhK8.vOf0:18905:0:99999:7:::/' /etc/shadow # passwd = netconf
+ else
+ echo 'netconf:$6$VaQVpTvj$YKvNyGgEjtfohuXuFsp8WhMOY1WnpuNGs0KYksRu98IlNBAKY65E2DOmZulczhu.bsaeJWBSEM4rLlhK8.vOf0:18905:0:99999:7:::/' >> /etc/shadow # passwd = netconf
+ fi
+
+ /etc/init.d/ssh start
+ /etc/init.d/rsyslog start
+
+ #netconfd --module configuration --superuser=netconf --log-level=debug4
+ nohup netconfd --module configuration --superuser=netconf --log-level=info &> netconfd.log &
+
##############################################################################
##############################################################################
# related to netconf data fetching, parsing to ruleinfo list and processing that list to take effect on the switches
@@ -156,12 +198,34 @@ elif [ "$1" = "--process_netconf" ]; then #arg
elif [ "$1" = "--get_netconf_data" ]; then #arg
shift 1
- mkdir -p ~/.ssh
- ssh-keygen -l -f ~/.ssh/known_hosts -F [localhost]:830 >/dev/null || ssh-keyscan -4 -p 830 localhost >> ~/.ssh/known_hosts
+ if type -p yangcli &>/dev/null; then
+
+ #echo -e "connect server=localhost user=netconf password=netconf\nget-config --source running" | yangcli
+
+ #if type -p mktemp &>/dev/null; then
+ # tmpscript1="$(mktemp)"
+ #else
+ # tmpscript1="tmpscript1"
+ #fi
+ #echo "get-config --source running" > "$tmpscript1"
+ #yangcli display-mode=xml server=localhost user=netconf password=netconf batch-mode run-script="$tmpscript1" | awk '/^RPC Data Reply/ { start=1; } start { print; }'
+ #rm -f "$tmpscript1"
+
+ #which socat &>/dev/null || apt-get install socat 1>&2
+ #echo "get-config --source running" | socat - EXEC:'yangcli display-mode=xml server=localhost user=netconf password=netconf',pty,setsid,ctty | awk '/^yangcli netconf@localhost> get-config --source running/ { start=1; } start { print; }'
- which sshpass &>/dev/null || apt-get install sshpass 1>&2
- #echo -e "connect -l netconf -p 830 localhost\nget-config --source running" | sshpass -pnetconf /usr/local/bin/netopeer2-cli
- echo -e "connect -l netconf -p 830 localhost\nget-config --source running" | sshpass -v -PPassword: -pnetconf /usr/local/bin/netopeer2-cli
+ # yangcli has issue when it is not running on a terminal, even in batch-mode
+ echo "get-config --source running" | socat - EXEC:'yangcli display-mode=xml server=localhost user=netconf password=netconf',pty,setsid,ctty | awk '/^RPC Data Reply/ { start=1; } start { print; }'
+
+ elif [ -x /usr/local/bin/netopeer2-cli ]; then
+ mkdir -p ~/.ssh
+ ssh-keygen -l -f ~/.ssh/known_hosts -F [localhost]:830 >/dev/null || ssh-keyscan -4 -p 830 localhost >> ~/.ssh/known_hosts
+
+ which sshpass &>/dev/null || apt-get install sshpass 1>&2
+ #echo -e "connect -l netconf -p 830 localhost\nget-config --source running" | sshpass -pnetconf /usr/local/bin/netopeer2-cli
+ echo -e "connect -l netconf -p 830 localhost\nget-config --source running" | sshpass -v -PPassword: -pnetconf /usr/local/bin/netopeer2-cli
+
+ fi
elif [ "$1" = "--parse_netconf_to_ruleinfo" -o "$1" = "--parse" ]; then #arg
shift 1
@@ -370,7 +434,10 @@ elif [ "$1" = "--counter" ]; then #arg # for manual querying/testing only
else #arg
#exec "$0" --init "$@" #arg rest
- exec "$0" --process1 "$@" #arg rest
+ #exec "$0" --process1 "$@" #arg rest
+
+ echo "unknown args $*" 1>&2
+ exit 2
fi