| Age | Commit message (Collapse) | Author |
|---|
|
A macsec interface requires a dedicated source interface, it can not be
shared with another macsec or a pseudo-ethernet interface.
set interfaces macsec macsec10 address '192.168.2.1/30'
set interfaces macsec macsec10 security cipher 'gcm-aes-256'
set interfaces macsec macsec10 security encrypt
set interfaces macsec macsec10 security mka cak '232e44b7fda6f8e2d88a07bf78a7aff4232e44b7fda6f8e2d88a07bf78a7aff4'
set interfaces macsec macsec10 security mka ckn '09924585a6f3010208cf5222ef24c821405b0e34f4b4f63b1f0ced474b9bb6e6'
set interfaces macsec macsec10 source-interface 'eth1'
commit
set interfaces pseudo-ethernet peth0 source-interface eth1
commit
Reuslts in
FileNotFoundError: [Errno 2] failed to run command: ip link add peth0 link eth1 type macvlan mode private
returned:
exit code: 2
noteworthy:
cmd 'ip link add peth0 link eth1 type macvlan mode private'
returned (out):
returned (err):
RTNETLINK answers: Device or resource busy
[[interfaces pseudo-ethernet peth0]] failed
Commit failed
(cherry picked from commit eb4a7ee3afc0765671ce0fa379ab5e3518e9e49e)
|
|
interface dict on error
(cherry picked from commit 475fbb785dca76868715827833dc44115635c4a6)
|
|
... otherwise functionality like bridge VLANs will loose configuration
on membe rinterface update (e.g. description)
(cherry picked from commit a295ec1fc4cb9cdbb0bd5efd7c8e72060ce036f5)
|
|
(cherry picked from commit 99ff0ac7d29a65466a0fe4a12ef1a42cce90ece0)
|
|
This extends commit 39157912 ("vyos.configdict(): T4228: is_member() must use
the "real" hardware interface") and returns the config dict of the used member
interfaces.
(cherry picked from commit 5b4f76429989a6ab8ca64aeed5a1fae09fe7c6ca)
|
|
Commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real"
hardware interface") added a bugfix on calling is_member() to retrieve the real
physical information about an interface. It did not include a code path to also
split up VLAN interfaces.
This has been fixed.
(cherry picked from commit fdeae251431cb747e8f60d96269b4365b7401807)
|
|
When is_member() is inspecting the bridge/Bond member interfaces it must work
with the real interface (e.g. eth1) under the "ethernet" node and not work on
the "member interface eth1" CLI tree, that makes no sense at all.
(cherry picked from commit 3915791216998a18bf6831450df68ee199e2e4f8)
|
|
(cherry picked from commit 714346e2ee0c61a08a9d17fdb962f2fbea9f73c9)
|
|
If a valueLess node is added or removed from the CLI, a call to
leaf_node_changed() will not detect it.
If node is valueLess, on change old or new (depending on addition or deletion)
will be {} and is treated as None.
Add handler for this special case where old or new is an instance of a
dictionary but empty.
(cherry picked from commit 149f704a172fb14f16d0ba00ef237b972539492f)
|
|
In the past whenever a change happened to any interface and it was configured
as a DHCP client, VyOS always had a breif outage as DHCP released the old lease
and re-aquired a new one - bad!
This commit changes the behavior that DHCP client is only restarted if any one
of the possible options one can set for DHCP client under the "dhcp-options"
node is altered.
(cherry picked from commit 3a1a7c40a13ee9f5561823a79876d88d3f5bf053)
|
|
(cherry picked from commit 5e7e96380b314587bbd8bd584848d39caef86f3f)
|
|
Commit e8c6595fc47 ("vyos.ifconfig: T2738: do not remove OS assigned IP
addresses from interface") addressed an issue with IP addresses added to
interfaces by daemons and not by the CLI. The solution in this commit for IP
address removal unfortunately did not cover VLAN (802.1q and 802.1ad) IP address
removal in the same way as it is done for non VLAN interfaces. The code was
missing.
|
|
Generic get_removed_vlans() function replaced the entire config dict when any
QinQ vif-c subinterface was deleted.
(cherry picked from commit b3be36586c85005538d5cc994c7c9694b9907d81)
|
|
|
|
When using VRRP on any given interface and performing an action against that
interface - be it even only changing the alias - will trigger a removal of the
VRRP IP address.
The issue is caused by:
# determine IP addresses which are assigned to the interface and build a
# list of addresses which are no longer in the dict so they can be removed
cur_addr = self.get_addr()
for addr in list_diff(cur_addr, new_addr):
When the script calls into the library - we will drop all IP addresses set on
the adapter but not available in the config dict.
We should only remove the IP addresses marked by the CLI to be deleted!
(cherry picked from commit e80d0aebd691f1a707ab534b4d1340fa0b793e01)
|
|
node is added
Commit f476e456 ("vyos.configdict: leaf_node_changed() must return empty dict
when node is added") returned [''] as "empty" dict - but this is not empty.
>>> if ['']:
... print('foo')
...
foo
It should rather be: []
(cherry picked from commit e28a80a2b742ea3d9d4bcb8ae66c7a0d51aaaff6)
|
|
This change is required and currently only impacts WireGuards peer configuration,
so that the peers name is not mangled.
(cherry picked from commit 4d2201eed00ac4780d0196abf53dd9b7cb943a09)
|
|
vyos@vyos# show interfaces pppoe
pppoe pppoe10 {
+ access-concentrator asdfg
authentication {
password bar
user foo
}
default-route force
no-peer-dns
source-interface eth0.202
}
vyos@vyos# python3
Python 3.9.2 (default, Feb 28 2021, 17:03:44)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from vyos.config import Config
>>> from vyos.configdict import get_interface_dict
>>> from vyos.configdict import leaf_node_changed
>>> conf = Config()
>>> base = ['interfaces', 'pppoe']
>>> tmp = get_interface_dict(conf, base, 'pppoe10')
>>> leaf_node_changed(conf, ['access-concentrator'])
>>> ['']
(cherry picked from commit f476e456e20393e7e7e91b73e369c9b033fbf048)
|
|
(cherry picked from commit 9c97bd1b0214e102ac36eae8b2c3c9ff672a0bf3)
|
|
(cherry picked from commit 80fe3ef4d49f6ee277d52ef5847f011e5775e7fb)
|
|
(cherry picked from commit 452a9c504f472dcaee8c93947a889dab4f8259ce)
|
|
- remove redundant code paths apply_mirror() / apply_mirror_of_monitor()
- have single source available
|
|
Since the dependency problem has not been solved before,
if the monitoring interface does not exist when the
mirror rule is created, the execution will be abnormal
|
|
setting and streamline the code
|
|
|
|
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined.
All places now have been converged into vyos.template as they are used both
in the Jinja2 templates and also in our scripts.
|
|
|
|
Renamed using snippet below:
----------------------------
for file in $(find . -name "*.py")
do
sed -i "s/vyos_dict_search/dict_search/" $file
done
|
|
|
|
The current implementation for bridge based interfaces has an issue which is
caused by priority inheritance. We always assumed that the bridge interface will
be created last, but this may not be true in all cases, where some interfaces
will be created "on demand" - e.g. OpenVPN or late (VXLAN, GENEVE).
As we already have a bunch of verify steps in place we should not see a bridge
interface leak to the underlaying infrastructure code. This means, whenever an
interface will be member of a bridge, and the bridge does yet not exist, we will
create it in advance in the interface context, as the bridge code will be run
in the same commit but maybe sooner or later.
This will also be the solution for T2924.
|
|
We must use XML node style (hyphen over underscore).
|
|
|
|
Every interface knows if it is part of a bridge or not - except a VLAN (VIF)
interface. Also VLANs should be aware of its master bridge.
Add a testcase to ensure when VIFs on an interface change the bridge does not
loos one of it's members.
|
|
We must use exists() as get_config_dict() will always return {} - even when an
empty interface node like
+macsec macsec1 {
+}
exists.
|
|
As we already check that a bond/bridge member interface is not a member of any
other bridge or bond, the check must be extended. We also need to ensure that
the bond member interface is not used as a source-interface to pppoe, macsec,
tunnel, pseudo-ethernet, vxlan interfaces.
|
|
|
|
|
|
|
|
Now that b40c52682a256 ("config: T2636: get_config_dict() returns a list on
multi node by default") is implemented the workarounds can be removed.
|
|
|
|
The current CLI did not support multiple prefix-delegations per interface. Some
ISPs only send one /64 to a client per prefix-delegation request, but they
allow the customer to request multiple prefixes.
The 'dhcpv6-options prefix-delegation' node has been renamed and converted to a
tag node named 'dhcpv6-options pd'. The tag node specifies a PD request (>=0).
In the past the user needed to know what prefix will be assigned and required
to calculate the sla-len by himself. The 'sla-len' node was dropped and is now
calculated in the background from the 'dhcpv6-options pd 0 length' node.
It is no longer mandatory to supply the 'sla-id' node, if sla-id is not
specified it is 'guessed' by counting upwards.
Example configuration:
----------------------
ethernet eth1 {
address dhcpv6
dhcpv6-options {
pd 0 {
length 56
interface eth2 {
address 1
}
}
}
}
This will request a /56 assignment from the ISP and will delegate a /64 network
to interface eth2. VyOS will use the interface address ::1 on the delegate
interface (eth2) as its local address.
|
|
|
|
Further reduce the boiler-plate code to determine interface tag node or not.
It can be passed into get_interface_dict() if explicitly required - else it
is taken from the environment.
|
|
After all interfaces have been moved to the targetted implementation of T2653
the old implementations of migrating a CLI session to a configuration dict can
be dropped.
|
|
... as it is only used inside the interface class.
|
|
As we wrap up additional functions from this library it should be part of it.
|
|
With dict.update() existing keys will get overwritten when blending in interface
default values.
|
|
This can be used to see if a tagNode has been changed. It will return a list
of changed nodes.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
While providing a new update() method in vyos.ifconfig.interfaces() this is
extended for bridge interfaces in the derived bridge class.
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
While providing a new update() method in vyos.ifconfig.interfaces() this is
extended for ethernet based interfaces which also supports 802.1q, 802.1ad
VLANs. This commit migrates the existing codebase for an ethernet based
interfaces and implements the missing parts for VLANs. Adding or migrating other
interfaces (e.g. bridge or bond) will become much easier as they must reuse
the entire functionality - we now walk towards a single codepath.
Thanks for all who made this combined effort possible!
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
