summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-08-31vyos.ethtool: T3163: purify code to read current speed and duplex settingsChristian Poessinger
It makes no sense to have a parser for the ethtool value sin ethtool.py and ethernet.py - one instance ios more then enough! (cherry picked from commit 6f5fb5c503b5df96d0686002355da3633b1fc597)
2021-08-31ethernet: T2241: check if interface supports changing speed/duplex settingsChristian Poessinger
Not all interface drivers have the ability to change the speed and duplex settings. Known drivers with this limitation are vmxnet3, virtio_net and xen_netfront. If this driver is detected, an error will be presented to the user. (cherry picked from commit cc742d48579e4f76e5d3230d87e22f71f76f9301)
2021-08-31ethernet: T3514: bail out early on invalid adapter speed/duplex settingChristian Poessinger
Ethernet adapters have a discrete set of available speed and duplex settings. Instead of passing every value down to ethtool and let it decide, we can do this early in the VyOS verify() function for ethernet interfaces. (cherry picked from commit 91892e431349ca0edb5e3e3023e4f340ab9b777f)
2021-08-31vyos.ethtool: T3163: use long option names when calling the ethtool binrayChristian Poessinger
This makes understanding the code easier what is "really" called without opening the man page. (cherry picked from commit a086dc2c429aea9614ac7a9c735c6475c2d6da59)
2021-08-31ssh: T3789: add custom validator for base64 encoded CLI dataChristian Poessinger
SSH keys used for remote login are supplied as base64 encoded data on the CLI. The key is not validated, thus an invalid copy/pasted key will render the login useless. This commit adds a custom and re-usable validator which check if the data is properly base64 encoded. (cherry picked from commit 00efce716912680354d47a2dca9769cd8c5c89ae)
2021-08-31Merge pull request #985 from sever-sever/T3782-equChristian Poessinger
interface: T3782: Fix unexpected delete qdisc rule
2021-08-31interface: T3782: Fix unexpected delete qdisc ruleViacheslav
Some tc qdisc rules are generated by old perl code It prevent to unexpected override this code by python.
2021-08-30tunnel: T3786: Add checks for source any and not keyViacheslav
(cherry picked from commit 5c29377fa91595088118419275f6d05b1fbfbd1d)
2021-08-30ethernet: T3787: remove deprecated UDP fragmentation offloading optionChristian Poessinger
Deprecated in the Linux Kernel by commit 08a00fea6de277df12ccfadc21 ("net: Remove references to NETIF_F_UFO from ethtool.").
2021-08-30ethernet: T3619: fix VyOS 1.2 -> 1.3 performance degradationChristian Poessinger
An analysis of the code base from VyOS 1.2 -> 1.3 -> 1.4 revealed the following "root-cause" VyOS 1.2 uses the "old" node.def file format for: * Generic Segmentation Offloading * Generic Receive Offloading So if any of the above settings is available on the configuration CLI, the node.def file will be executed - this is how it works. By default, this CLI option is not enabled in VyOS 1.2 - but the Linux Kernel enables offloading "under the hood" by default for GRO, GSO... which will boost the performance for users magically. With the rewrite in VyOS 1.3 of all the interface related code T1579, and especially T1637 this was moved to a new approach. There is now only one handler script which is called whenever a user changes something under the interfaces ethernet tree. The Full CLI configuration is assembled by get_interface_dict() - a wrapper for get_config_dict() which abstracts and works for all of our interface types - single source design. The problem now comes into play when the gathered configuration is actually written to the hardware, as there is no GSO, GRO or foo-offloading setting defined - we behave as instructed and disable the offloading. So the real bug originates from VyOS 1.2 and the old Vyatta codebase, but the recent XML Python rewrites brought that one up to light. Solution: A configuration migration script will be provided starting with VyOS 1.3 which will read in the CLI configuration of the ethernet interfaces and if not enabled, will query the adapter if offloading is supported at all, and if so, will enable the CLI nodes. One might say that this will "blow" the CLI configuration but it only represents the truth - which was masked in VyOS 1.2.
2021-08-30vyos.ifconfig: T3619: only inform user about real offload change for invalid ↵Christian Poessinger
option Commit 31169fa8 ("vyos.ifconfig: T3619: only set offloading options if supported by NIC") added a warning for the user if an offload option was about to change that was not possible at all (harware limit). Unfortunately the warning was even displayed if nothing was done at all. This got corrected. (cherry picked from commit ce784a9fcb7199f87949f17777b7b736227c85b3)
2021-08-30vyos.ethtool: T3163: remove test and debug method get_rx_vlan_offload()Christian Poessinger
(cherry picked from commit 50364a4b7a9de85fe59a6a4fb611bafb64c9f7f0)
2021-08-30vyos.ethtool: T3163: add check_speed_duplex() methodChristian Poessinger
Add a new method which supports checking if the desired speed and duplex setting is actually supported by the underlaying network interface card. >>> from vyos.ethtool import Ethtool >>> tmp = Ethtool('eth0') >>> tmp.check_speed_duplex('100', 'full') False >>> tmp.check_speed_duplex('1000', 'full') True (cherry picked from commit 147f655a69cd9526cd23f51ab18027cb5abc95b2)
2021-08-30vyos.ethtool: T3163: prefix class internal data structures with _Christian Poessinger
(cherry picked from commit 324aa9598c7d90efc917a00447380f985553b657)
2021-08-30vyos.ethtool: T3163: drop obsoleted is_fixed_lro() methodChristian Poessinger
Commit d22f97af ("vyos.ethtool: T3163: rename unused methods for offload validation") reworked the entire class on how data should be presented to the user, but forgot to drop the is_fixed_lro() method. (cherry picked from commit eac8915413cedce089234fdbef57ad25da208eec)
2021-08-30config: T2941: ignore unicode characters, e.g., in description fieldJohn Estabrook
(cherry picked from commit 80ee5233aa8245ded09d04f2618a580d5dcc6b46)
2021-08-29xml: add missing "u32:" value declarator on integer rangesChristian Poessinger
(cherry picked from commit 794f193d11c8c1b5fed78f4e40280480446ab593)
2021-08-29Merge pull request #981 from sever-sever/T3777Christian Poessinger
interfaces: T3777: Does not delete empty eui64 address
2021-08-29interfaces: T3777: Does not delete empty eui64 addressViacheslav
Check eui64_old value before deleting It can be empty or not ipv6 address.
2021-08-28vyos.ifconfig: T3619: only set offloading options if supported by NICChristian Poessinger
In the past we always told ethtool to change the offloading settings, even if this was not supported by the underlaying driver. This commit will only change the offloading options if they differ from the current state of the NIC and only if it's supported by the NIC. If the NIC does not support setting the offloading options, a message will be displayed for the user: vyos@vyos# set interfaces ethernet eth2 offload gro vyos@vyos# commit [ interfaces ethernet eth2 ] Adapter does not support changing large-receive-offload settings! (cherry picked from commit 31169fa8a763e36f6276632139da46b1aca3a7af)
2021-08-28vyos.ethtool: T3163: rename unused methods for offload validationChristian Poessinger
(cherry picked from commit d22f97af23abb5c12f8ea79c50fdda7ee0a3832d)
2021-08-27smoketest: nat: T3781: temporary disable testcaseChristian Poessinger
2021-08-26nat: T3781: do not ship the nftables implementation - fallback to vyatta-natChristian Poessinger
Migrate back to old iptables NAT implementation as we can not use nft which requires Kernel 5.10 for proper prefix translation support. Kernel 5.10 unfortunately breaks with Intel QAT :(
2021-08-26Merge pull request #978 from c-po/t3776-frr-restartChristian Poessinger
FRR: op-mode: T3776: rename "restart frr <daemon>" to "restart <daemon>"
2021-08-26smoketest: config: add example configs from current branchChristian Poessinger
This commit adds configurations usable for "make testc" that are known to be good on VyOS 1.2 installations - thus they must work on 1.3.
2021-08-26smoketest: config: drop empty newline at EOF for "isis-small" testChristian Poessinger
(cherry picked from commit dbe406c8b0d174f7ef3f80d189521cddd6cca5ef)
2021-08-25smoketest: config: add tunnel-broker configurationChristian Poessinger
2021-08-25isis: T3779: backport entire 1.4 (current) featuresetChristian Poessinger
As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4 (required by T3417) it makes sense to synchronize the CLI configuration for both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse the userbase already with a brand new feature. As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards, this is the perfect time.
2021-08-25vyos.configverify: add common verify_common_route_maps() functionChristian Poessinger
Partial backport of commit 421fa38445a, this is required to backport the complete IS-IS functionality from current.
2021-08-25frr: T3217: Abbility to save routing configsChristian Poessinger
(cherry picked from commit d9d923ea4e0bbe0cc154dc2fbdd626585b5d7449)
2021-08-25T3773: delete the original "show system integrity" commandDaniil Baturin
(cherry picked from commit 059307f924c604eb2bdeab19a2db8ce6d8e09f90)
2021-08-25op-mode: frr: T1514: add possibility to restart isis daemonChristian Poessinger
2021-08-25op-mode: T3776: drop "frr" level from "restart frr ospfd|bgpd|staticd" commandsChristian Poessinger
The current command to restart any of the FRR processes is: vyos@vyos:~$ restart frr Possible completions: <Enter> Execute the current command bfdd Restart Bidirectional Forwarding Detection daemon bgpd Restart Border Gateway Protocol daemon ospf6d Restart OSPFv3 daemon ospfd Restart OSPFv2 daemon ripd Restart Routing Information Protocol daemon ripngd Restart RIPng daemon staticd Restart Static Route daemon zebra Restart IP routing manager daemon From a real-life example: Two engineers needed 5 minutes to figure it is under "restart frr" - that is why this commit drops the artificial "frr" level on the op-mode commands to restart routing protocol daemons. It's less intuitive to have "restart frr ospfd" or "restart frr bgpd" compared to "restart ospf" and "restart bgp" - we have the same for "restart ssh" or "restart snmp" and not "restart openssh sshd". This commit also drops the d (daemon) suffix of the op-mode comamands so the commands align with the VyOS CLI, else there would be a miss-understanding from ospf6d to ospfv3.
2021-08-24vyos.ifconfig: T3772: bugfix missing VRRP interfacesChristian Poessinger
When the interface name was stripped down from "eth0.201" to "eth" to determine the appropriate interface section, VRRP interfaces got left out on the call to rstrip(). VRRP interfaces now show up in "show interfaces" as they did in VyOS 1.2. vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- dum0 172.18.254.201/32 u/u eth0 - u/u eth0.10 172.16.33.8/24 u/u eth0.201 172.18.201.10/24 u/u eth1 10.1.1.2/24 u/u eth1v10 10.1.1.1/24 u/u eth2 - u/u lo 127.0.0.1/8 u/u ::1/128 (cherry picked from commit df22bc2c96d5095eaec978a58bf5d2361d758a86)
2021-08-23Makefile: T3165: do not allow empty node.def files for op-mode commandsChristian Poessinger
Commit 99440fc0 ("Makefile: fix logic to detect empty "node.def" files") disabled the detection of empty node.def files for op-mode commands. The generation of a duplicate and thus empty node.def file is not prohibited by commit 17b5ac14 ("T3165: op-mode: prevent override of populated node.def file with empty content") and thus the check is re-enabled! (cherry picked from commit e99cdf40c72dec8b9019eca728aaad0f82c6030b)
2021-08-23xml: op-mode: add missing help test for "reset openvpn" commandChristian Poessinger
(cherry picked from commit 68567d60626aa7ee5f990af792eb63f6887d93de)
2021-08-23xml: op-mode: add missing help test for "monitor protocol ospf" commandsChristian Poessinger
(cherry picked from commit d225f938b2250229621c7013c47ce52b839ae169)
2021-08-23xml: op-mode: remove multiple "Reset a service" help definitionsChristian Poessinger
That nasty workaround to always specify the same value for the node.def file as the help text is no longer necessary after commit 17b5ac14 ("T3165: op-mode: prevent override of populated node.def file with empty content". The redundant definitions are no longer necessary. (cherry picked from commit 536991d0c6f305256ce6ab5975d15116f027b7b6)
2021-08-23T3165: op-mode: prevent override of populated node.def file with empty contentChristian Poessinger
This is an extension to commit b4fdcebe ("T3165: prevent override of populated node.def file with empty content") which implemented the same thing for the configuration mode commands. (cherry picked from commit 17b5ac143c9128ac3e187d8d8167dd8fe6cbca7d)
2021-08-23scripts: op-mode: use Python 'f'ormat strings on debug messagesChristian Poessinger
(cherry picked from commit 252bc820b0d130d8d81b5711586eca41287abdca)
2021-08-22bridge: T3137: backport vlan features from 1.4 currentChristian Poessinger
2021-08-22pppoe: T1318: set source interface next to rp-pppoe.so plugin in peer templateChristian Poessinger
(cherry picked from commit 8fc06b5f8bbfcc49e69406fd70cd5cd42fb6d39f)
2021-08-22vyos.configverify: use build-in functions for verify_interface_exists()Christian Poessinger
(cherry picked from commit ddff5eba85feea2a8d6d24e1914ce6d51ce2ea74)
2021-08-22pppoe: T1318: bump priority by 1 so we can source from pseudo-ethernet ↵Christian Poessinger
interfaces (cherry picked from commit 081e0334c00887c373fafde761cca960667be21b)
2021-08-22pppoe: T1318: implement missing access-concentrator CLI optionChristian Poessinger
(cherry picked from commit b121ee14ff1961b56568b0116de3c246ea4af934)
2021-08-22vyos.configdict: leaf_node_changed() must return empty dict when node is addedChristian Poessinger
vyos@vyos# show interfaces pppoe pppoe pppoe10 { + access-concentrator asdfg authentication { password bar user foo } default-route force no-peer-dns source-interface eth0.202 } vyos@vyos# python3 Python 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from vyos.config import Config >>> from vyos.configdict import get_interface_dict >>> from vyos.configdict import leaf_node_changed >>> conf = Config() >>> base = ['interfaces', 'pppoe'] >>> tmp = get_interface_dict(conf, base, 'pppoe10') >>> leaf_node_changed(conf, ['access-concentrator']) >>> [''] (cherry picked from commit f476e456e20393e7e7e91b73e369c9b033fbf048)
2021-08-22vyos.ifconfig: provide generic get_mac_synthetic() methodChristian Poessinger
WireGuard, Tunnel and also PPPoE all need a ways to calculate a synthetic MAC address used for the EUI64 link-local addresses. Instead of copying the code from Tunnel to WireGuard to PPPoE, use a generic implementation. (cherry picked from commit b7d30137b17da49ed5099d4d96659b363fc7bcc9)
2021-08-22smoketest: base: abbreviate path to /proc/sys/netChristian Poessinger
(cherry picked from commit 8c1c9e1c37be9e88e8a7ea0182a43a3396eff623)
2021-08-22vyos.configdict: add note when using leaf_node_changed()Christian Poessinger
(cherry picked from commit 9c97bd1b0214e102ac36eae8b2c3c9ff672a0bf3)
2021-08-22vyos.ifconfig: bridge: remove missleading comment in update()Christian Poessinger
(cherry picked from commit e1debb1b57a445fa2357f7dbb5b3f04383f8b1e3)