Age | Commit message (Collapse) | Author |
|
|
|
Add verify() step to ensure the macsec source-interface is not already part
of a bridge interface. This should probably also be checked for bond interfaces.
|
|
When removing e.g. a macsec interface and also its associated member interface
from the bridge, it will happen that the macsec interface instance is long gone
before we reach the code in the bridge interface which will remove it from the
bridge itself.
When this is the case, we can not call BridgeIf.del_port() as it will throw an
exception that the interface does not exist. We now only remove a bridge member
if the interface in question is still available in the kernel.
|
|
|
|
|
|
|
|
|
|
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for
802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not
make the user juggle with the MTU bytes if he enables VLAN support later on,
which is yet to come.
|
|
A lot of derived classes from Interface implemented their own get_config()
method which more or less was the same everywhere. We also hat different
qualifiers like @staticmethod or @classmethod.
This is now changed to only have the @classmethod in Interface base class which
will return the necessary dictionary keys for the required interfaces. This
change is a mid reduction in lines of code which is always a very nice thing!
|
|
Both PPPoE and WWAN interfaces are dialer interfaces handled by ppp, but use
different CLI nodes for the same functionality. PPPoE has "connect-on-demand"
to initiate an "on-demand" dialing and WWAN uses "ondemand" for this purpose.
Rename WWAN "ondemand" node to "connect-on-demand".
|
|
In the past we had to provide the ethertype value used for the VLAN
protocol (0x88A8 -> 802.1ad or 0x8100 -> 802.1q).
This should be changed to a more user friendly CLI node (protocol over
ethertype) and 802.1ad over it's raw value 0x88A8. There is no need in
presenting RAW information from the ethernet header to the user. Also iproute2
calls it protocol which makes way more sense over the "raw" value.
|
|
|
|
|
|
Despite the fact that running verify on Config() is "bad" and "not as intended"
the level of the configuration must match the keys that are checked by exits().
Re-set proper Config() level before querying the system nodes.
|
|
hostapd/wpa_supplicant will control the admin state of an interface, thus we
should re-add it to a bridge after we have launched those services.
|
|
|
|
|
|
Instead of using an Adapter pattern to make interfaces VLAN-aware, create a
derived class named VLANIf to represent a VLAN. This change was necessary to
eliminate mixed code in Interfaces class which was VLAN - free, but recently
gained some VLAN specific code for set_admin_state().
In addition this "autoresolves" the issue in T2894 as a bond vlan interface
will no longer change the lower interface.
|
|
|
|
A regression showed that when adding a vif to a bond the bond interface will
loose all its member interfaces. This is - of course - super bad!
|
|
ethernet: T2891: Add ethernet ring-buffer CLI commands
|
|
|
|
|
|
|
|
|
|
... an error would be presented: jinja2.exceptions.TemplateSyntaxError:
expected token 'end of statement block', got 'mhz_incapable', thus we simply
rename the key before rendering the template.
|
|
|
|
VyOS 1.2 confirmed it was a regular node - copy/paste error.
|
|
|
|
|
|
|
|
|
|
Removing a member from a bond/LACP will turn the physical interface always in
admin-down state. This is invalid, the interface should be placed into the state
configured on the VyOS CLI.
Smoketest on bond interfaces is extended to check this behavior.
|
|
|
|
|
|
op-mode: T2874: Add new utill for mtu-check
|
|
|
|
|
|
|
|
vyos@vyos:~$ show interfaces bonding bond5 detail
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: down
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
Slave Interface: eth1
MII Status: down
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: 00:50:56:bf:ef:aa
Slave queue ID: 0
Aggregator ID: 1
Actor Churn State: churned
Partner Churn State: churned
Actor Churned Count: 1
Partner Churned Count: 1
Slave Interface: eth2
MII Status: down
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: 00:50:56:bf:19:26
Slave queue ID: 0
Aggregator ID: 2
Actor Churn State: churned
Partner Churn State: churned
Actor Churned Count: 1
Partner Churned Count: 1
|
|
Specifies the minimum number of links that must be active before asserting
carrier. It is similar to the Cisco EtherChannel min-links feature. This allows
setting the minimum number of member ports that must be up (link-up state)
before marking the bond device as up (carrier on). This is useful for situations
where higher level services such as clustering want to ensure a minimum number
of low bandwidth links are active before switchover.
This option only affects 802.3ad mode.
The default value is 0. This will cause carrier to be asserted (for 802.3ad
mode) whenever there is an active aggregator, regardless of the number of
available links in that aggregator. Note that, because an aggregator cannot be
active without at least one available link, setting this option to 0 or to 1
has the exact same effect.
|
|
|
|
|
|
|
|
|
|
This reverts commit bd076f694a763991a0b0d3a7bb0fa5d194d56d7c.
|
|
|
|
With VyOS 1.2 the default WireGuard behavior is used. This means that when a
WireGuard interface is added to the system, there is no "MAC" address - also
there is no IPv6 link-local address assigned by the Kernel to this particular
interface.
With implementation of T2653 all interfaces now receive an IPv6 address - which
is also valid for WireGuard interfaces - unfortunately this logic relies on the
interface MAC address - and as there is none, the link-local address will be
always the same. The logic behind is coded here [1].
We generate an IPv6 link-local address even when there is no "MAC" address. The
behavior/functionality (as with VyOS 1.2) must be restored to not have a
link-local IPv6 address at all. Any user can add any IPv6 link-local address
manually by issuing: set interfaces wireguard wg01 address fe80::ff:1/64.
Change vyos.ifconfig.add_ipv6_eui64_address to only add the EUI64-based
link-local address if a MAC address is available.
[1] https://github.com/vyos/vyos-1x/blob/3077158391ceee4ce04c27dec33f629529727c36/python/vyos/ifconfig/interface.py#L468
|
|
show log:T2872:"Show log" options for nat and openvpn got inter-mixed
|
|
The possible completion of the "show log" shows only nat and the description shows for openvpn. Corrected the duplicate entry
|