| Age | Commit message (Collapse) | Author |
|---|
|
Reproducible by:
set interfaces bridge br0 member interface eth1.10
set interfaces ethernet eth1 vif 10 address 100.64.0.1/24
File "/usr/lib/python3/dist-packages/vyos/configverify.py", line 314, in verify_vlan_config
verify_address(vlan)
File "/usr/lib/python3/dist-packages/vyos/configverify.py", line 206, in verify_address
interface = config['ifname']
KeyError: 'ifname'
|
|
Some interface drivers don't support/provide min_mtu and max_mtu values
For example VyOS in docker container with 'veth' driver on some
platforms
As a workarund add default values for min/max MTU for calculations
and pass function "verify_mtu(config)"
(cherry picked from commit 87fb9be4cab3a261406c69c723add7467e4ef1fa)
|
|
If 'client_ip_pool' not exists in config we cannot search it
in the dictionary
dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name'])
Add check for Equuleus
|
|
Add a new feature to allow to use named pools
Also it can be used with RADIUS attribute 'Framed-Pool'
set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1'
set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
|
|
A macsec interface requires a dedicated source interface, it can not be
shared with another macsec or a pseudo-ethernet interface.
set interfaces macsec macsec10 address '192.168.2.1/30'
set interfaces macsec macsec10 security cipher 'gcm-aes-256'
set interfaces macsec macsec10 security encrypt
set interfaces macsec macsec10 security mka cak '232e44b7fda6f8e2d88a07bf78a7aff4232e44b7fda6f8e2d88a07bf78a7aff4'
set interfaces macsec macsec10 security mka ckn '09924585a6f3010208cf5222ef24c821405b0e34f4b4f63b1f0ced474b9bb6e6'
set interfaces macsec macsec10 source-interface 'eth1'
commit
set interfaces pseudo-ethernet peth0 source-interface eth1
commit
Reuslts in
FileNotFoundError: [Errno 2] failed to run command: ip link add peth0 link eth1 type macvlan mode private
returned:
exit code: 2
noteworthy:
cmd 'ip link add peth0 link eth1 type macvlan mode private'
returned (out):
returned (err):
RTNETLINK answers: Device or resource busy
[[interfaces pseudo-ethernet peth0]] failed
Commit failed
(cherry picked from commit eb4a7ee3afc0765671ce0fa379ab5e3518e9e49e)
|
|
interface dict on error
(cherry picked from commit 475fbb785dca76868715827833dc44115635c4a6)
|
|
We should not print the entire dictionary - we only need the bridge interface
name:
Bug:
Cannot assign address to interface "eth1" as it is a member of bridge
"{'br0': {'allowed_vlan': ['5-50', '101'], 'native_vlan': '101'}}"!
Fixed:
Cannot assign address to interface "eth1" as it is a member of bridge
"br0"!
(cherry picked from commit 71f2f2d789bd3452ca7b5306f39df5f6537bfef0)
|
|
(cherry picked from commit 81e0f4a8dece85da7169ba05448e870206aaf57b)
|
|
(cherry picked from commit 9e626ce7bad2bd846826822a3622fedf2d937e09)
|
|
|
|
This commit also extends the smoketest to verify that the exception for this
error is raised.
(cherry picked from commit 84a429b41175b95634ec9492e0cf3a564a47abdd)
|
|
Partial backport of commit 421fa38445a, this is required to backport the
complete IS-IS functionality from current.
|
|
(cherry picked from commit ddff5eba85feea2a8d6d24e1914ce6d51ce2ea74)
|
|
VyOS will automatically append the subsystem name (pppoe-server or sstp) when
something goes wrong. No need to hardcode this into the error string a second
time.
(cherry picked from commit 29463355e6ec98195ffd52e018bc775cd4199456)
|
|
It is easier to backport the entire vyos.ifconfig library from 1.4 instead of
backporting single pieces which are required to add new feature to the tunnel
interface section.
In addition that both libraries are now back in sync it will become much easier
to backport any other new feature introduced in VyOS 1.4!
|
|
A validator is missing checking that if authentication is used on a PPPoE
interface, both username and password are set.
|
|
(cherry picked from commit 38b3dff1ebdf8c26a28d0befa6dcf0b4f51f21be)
|
|
(cherry picked from commit 5e1ed4086f96141611680892911dad82c28795ee)
|
|
We can leak routes back to the default VRF, thus the check added by commit
9184dfb5 ("static: vrf: T3344: add target vrf verify()") must have a "bail out"
option when one want's to leak routes into the default VRF.
(cherry picked from commit 5adcc4ca30676338fca9a06409bbc72af4f68a1f)
|
|
In the past it was possible to configure a vif-s interface and a vif interface
both with the same VLAN ID. VyOS 1.2 reported a Kernel error:
RTNETLINK answers: File exists
Error creating VLAN device eth1.100
so this should not be possible at all in VyOS 1.3
(cherry picked from commit ccd516b4d10c518ea445928c01d6c7dc2770777b)
|
|
(cherry picked from commit b8cddcdae36903feb84ee1807d6adb27337cf582)
|
|
|
|
configured SLA-IDs
"data/templates/dhcp-client/ipv6.tmpl" handles the auto-assigning of SLA-IDs on
lines 39, 46, and 52.
|
|
"data/templates/dhcp-client/ipv6.tmpl" handles the auto-assigning of SLA-IDs on
lines 39, 46, and 52.
|
|
VLAN interfaces contain periods, which make them incompatible with
dict_search().
|
|
|
|
|
|
|
|
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined.
All places now have been converged into vyos.template as they are used both
in the Jinja2 templates and also in our scripts.
|
|
|
|
|
|
Renamed using snippet below:
----------------------------
for file in $(find . -name "*.py")
do
sed -i "s/vyos_dict_search/dict_search/" $file
done
|
|
Commit 5db3d631 ("ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled
on the interface") checked the "mtu" key for it's value and the test only passed
if mtu was larger then the required 1280 bytes when IPv6 address have
been configured on the link.
wireless (WiFi) interfaces have no MTU node - thus this always resulted in a
Python KeyError.
|
|
|
|
Using an MTU less then the required 1280 bytes (as per RFC) on an interface
where IPv6 is not explicitly disabled by:
- set interfaces ethernet eth1 ipv6 address no-default-link-local
- not having any other IPv6 address configured
Will now trigger a commit error via verify() instead of raising
FileNotFoundError!
|
|
Currently the MTU size of an interface is only checked when entered via CLI but
if the interface supportes the configured MTU at all is not verified at all.
New helper functions get_min_mtu(), get_max_mtu() and verify_mtu() have been
added to provide a central API for validation.
|
|
When configuring DHCPv6-PD it is mandatory to also specify at least one
interface where the newly delegated prefix will be used. Without this setting
DHCPv6-PD makes no sense at all.
|
|
As we already check that a bond/bridge member interface is not a member of any
other bridge or bond, the check must be extended. We also need to ensure that
the bond member interface is not used as a source-interface to pppoe, macsec,
tunnel, pseudo-ethernet, vxlan interfaces.
|
|
|
|
|
|
|
|
We do not have a formatted string here thus the "f" keyword is wrong and
triggered an exception.
|
|
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
While providing a new update() method in vyos.ifconfig.interfaces() this is
extended for ethernet based interfaces which also supports 802.1q, 802.1ad
VLANs. This commit migrates the existing codebase for an ethernet based
interfaces and implements the missing parts for VLANs. Adding or migrating other
interfaces (e.g. bridge or bond) will become much easier as they must reuse
the entire functionality - we now walk towards a single codepath.
Thanks for all who made this combined effort possible!
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
|
|
|
|
|
|
|
While moving towards a general interface abstraction based on get_config_dict()
and the use of vyos.ifconfig.Interfaces().update() it also makes sense, to
split out common verification code to a common util file - instead of
duplicating the code, which is infact one of the main forces drivind this
transition.
vyos.configverify will hold common functions called via verify() from our
src/conf_mode scripts so we do not need to copy/paste general verifications
methods.
|
