Age | Commit message (Collapse) | Author |
|
T4331: IPv6 link local addresses are not configured when an interface is in a VRF (equuleus)
|
|
If we have link-local static address and vrf, for example:
set interfaces ethernet eth2 address 'fe80::5200:ff:fe55:222/64'
set interfaces ethernet eth2 vrf 'foo'
This IPv6 address was assigned before vrf, as result after
attaching the intreface to vrf we lose this static linklocal
address
DEBUG/IFCONFIG cmd 'ip addr add fe80::5200:ff:fe55:222/64 dev eth2'
DEBUG/IFCONFIG cmd 'ip link set dev eth2 master foo'
DEBUG/IFCONFIG cmd 'ip addr add fe80::5208:ff:fe13:2/64 dev eth2'
This commit fixes this, the address is assigned after vrf assign
(cherry picked from commit d6e22b28887c7a3f7d2f8b955c2e90bcadaeeeba)
|
|
This extends the fix from 53e20097 ("vyos.ifconfig: T4330: bugfix changing MTU
when IPv6 is disabled") by ordering the execution in a way the Kernel does not
complain.
(cherry picked from commit 601ab19fd8c81a998b3c966cc83b85ed60ac5ae0)
|
|
Commit f8b3d8999c ("ipv6: T4319: do not configure IPv6 related settings if it's
disabled") moved the MTU configuration part under the code path which is only
run if IPv6 is enabled on the system.
This prevented MTU changes on IPv6 disabled systems.
(cherry picked from commit 53e20097d227ebf4bdb4dc6c85427ec9c5ec3982)
|
|
(cherry picked from commit 60f009defadb9d36bf84def1e839cb11a0b3d619)
|
|
(cherry picked from commit df0fbfeedce0f163e9d10be21d58ad4dc797a28a)
|
|
(cherry picked from commit f8b3d8999cbea988ce8e7d303957558308ddc1bc)
|
|
In the past whenever a change happened to any interface and it was configured
as a DHCP client, VyOS always had a breif outage as DHCP released the old lease
and re-aquired a new one - bad!
This commit changes the behavior that DHCP client is only restarted if any one
of the possible options one can set for DHCP client under the "dhcp-options"
node is altered.
(cherry picked from commit 3a1a7c40a13ee9f5561823a79876d88d3f5bf053)
|
|
It seems not all systems have eth0 - get a list of all available Ethernet
interfaces on the system (without VLAN subinterfaces) and then take the
first one.
(cherry picked from commit f19c92f255011149eeb7626a2e158456abe4c9b8)
|
|
We can not pass None as VRF name, this raises an exception.
OSError: [Errno 255] failed to run command: ip link set dev eth2 master None
|
|
Commit 081e23996f (vyos.ifconfig: get_mac_synthetic() must generate a stable
"MAC") calculated a "stable" synthetic MAC address per the interface based on
UUID and the interface name. The problem is that this calculation is too stable
when run on multiple instances of VyOS on different hosts/hypervisors.
Having R1 and R2 setup a connection both via "tun10" interface will become the
same "synthetic" MAC address manifesting in the same link-local IPv6 address.
This e.g. breaks OSPFv3 badly as both neighbors communicate using the same
link-local address.
As workaround one can:
set interfaces tunnel tun1337 address 'fe80::1:1337/64'
set interfaces tunnel tun1337 ipv6 address no-default-link-local
This commit changes the way in how the synthetic MAC address is generated. It's
based on the first 48 bits of a sha256 sum build from a CPU ID retrieved via
DMI, the MAC address of eth0 and the interface name as used before. This should
add enough entropy to get a stable pseudo MAC address.
(cherry picked from commit 8d6861290f39298701b0a89bd358545763cee14b)
|
|
(cherry picked from commit d1c58addd881e06b389799a9c14d8ebf5d03c567)
|
|
Commit dd2eb5e5686655 ("dhcp: T3300: add DHCP default route distance") changed
the logic on how the DHCP process is going to be started. The systemd unit was
always "started" even if it was already running. It should rather be re-started
to track changes in e.g. the DHCP hostname setting.
(cherry picked from commit 8ba8f0e097527e3aaaf8b395bfc07cce47e2c788)
|
|
(cherry picked from commit 3f6ae12908f54222f2f79a87bed51f71e2fbac87)
|
|
Commit b7d30137b1 ("vyos.ifconfig: provide generic get_mac_synthetic() method")
provided a common helper to generate MAC addresses used by EUI64 addresses for
interfaces not having a layer2 interface (WireGuard or ip tunnel).
The problem is that every call to the helper always yielded a new MAC address.
This becomes problematic when IPv6 link-local addresses are generated and
modified on the interface as multiple link-local (fe80::/64) addresses can
easily be added to the interface leaving ... a mess.
This commit changes the way how the "synthetic" MAC is generated, we generate a
UUID which is stable as it is based on the interface name. We take out the last
48 bits of the UUID and form the "MAC" address.
(cherry picked from commit 081e23996feb60ad903caf8b0a4587f5dacc69bf)
|
|
When using VRRP on any given interface and performing an action against that
interface - be it even only changing the alias - will trigger a removal of the
VRRP IP address.
The issue is caused by:
# determine IP addresses which are assigned to the interface and build a
# list of addresses which are no longer in the dict so they can be removed
cur_addr = self.get_addr()
for addr in list_diff(cur_addr, new_addr):
When the script calls into the library - we will drop all IP addresses set on
the adapter but not available in the config dict.
We should only remove the IP addresses marked by the CLI to be deleted!
(cherry picked from commit e80d0aebd691f1a707ab534b4d1340fa0b793e01)
|
|
There is no need to alter interface parameters if they have not changed at all.
(cherry picked from commit b4c58c5aefaca4fce817b58327b9c7c3e8145d6d)
|
|
Some tc qdisc rules are generated by old perl code
It prevent to unexpected override this code by python.
|
|
Check eui64_old value before deleting
It can be empty or not ipv6 address.
|
|
WireGuard, Tunnel and also PPPoE all need a ways to calculate a synthetic MAC
address used for the EUI64 link-local addresses. Instead of copying the code
from Tunnel to WireGuard to PPPoE, use a generic implementation.
(cherry picked from commit b7d30137b17da49ed5099d4d96659b363fc7bcc9)
|
|
It is easier to backport the entire vyos.ifconfig library from 1.4 instead of
backporting single pieces which are required to add new feature to the tunnel
interface section.
In addition that both libraries are now back in sync it will become much easier
to backport any other new feature introduced in VyOS 1.4!
|
|
|
|
It is not possible to change the VLAN encapsulation protocol "on-the-fly". For
this "quirk" we need to actively delete and re-create the VIF-S interface.
(cherry picked from commit cd504035015dca62149b57bc07d8e002bd8723b1)
|
|
Removing a VLAN (VIF) interface from the CLI always deleted all interfaces the
kernel listed as "upper" in the /sys/class/net folder. This had the drawback
that when deleting a VIF, also the VRF interface was simply deleted - killing
all VRF related services.
(cherry picked from commit 6458f91735412fb2e6e7e37f7b3e6ca587a5a235)
|
|
(cherry picked from commit dd2eb5e5686655c996ae95285b8ad7eb73d63d0b)
|
|
This is an extension to commit 801c5235 ("xdp: T2666: disable this highly
experimental feature in 1.3 LTS") by dropping all XDP references in the
equuleus codebase.
|
|
When a VIF/VLAN interface is placed in admin down state but the lower
interface, serving the vlan, is moved from admin down -> admin up, all its
vlan interfaces will be placed in admin up state, too.
This is bad as a VLAN interface will become admin up even if its specified as
admin down after a reboot.
To reproduce:
set interfaces ethernet eth1 vif 20 disable
set interfaces ethernet eth1 disable
commit
delete interfaces ethernet eth1 disable
commit
Now check the interface state and it returns UP,LOWER_UP
7: eth1.20@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:50:56:b3:09:07 brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:56ff:feb3:907/64 scope link
valid_lft forever preferred_lft forever
(cherry picked from commit 49bc3f1e3ff8416908fc986bb60b444a75a1722d)
|
|
(cherry picked from commit a3e11ace758f447ddbbabd31d4903b3f71baa0b8)
|
|
If dhcpv6-options is configured without requesting a DHCPv6 address or PD, the
dhcpv6pd variable is assigned an empty dict.
(cherry picked from commit d7d916f74e7d3b3b1fc85336f24f91af66b1e2a8)
|
|
After switching to iproute2 in commit 92f36735 ("ifconfig: T2653: use iproute2
commands for alias, mac and mtu set()/get()" it is necessary to return an empty
string as iproute2 returns None.
(cherry picked from commit ea1be032e98fd1634e71d3c2d61b3e93bff841de)
|
|
(cherry picked from commit 92f3673538e0328488c14c90c8acf7ea6b2141ba)
|
|
|
|
|
|
- remove redundant code paths apply_mirror() / apply_mirror_of_monitor()
- have single source available
|
|
is wrong
In e8957b5, we used json to parse the `tc qdisc` filter to determine whether it needs
to be deleted (reduction of exception mechanism), but now we find that the json output
by this command will output unparsed json in some cases,
so We have to go back to the processing of the exception mechanism
|
|
|
|
This reverts commit 9541355433e202fade4692851bffa33ba9d48f44.
|
|
|
|
|
|
Since the dependency problem has not been solved before,
if the monitoring interface does not exist when the
mirror rule is created, the execution will be abnormal
|
|
setting and streamline the code
|
|
|
|
of `bridge` should not be overwritten
|
|
`vlan_filter` to avoid redundant paths
|
|
|
|
|
|
mirror: T3089: support two-way traffic mirroring
|
|
|
|
This is the second attempt after commit d247736f ("vyos.ifconfig: T1579: do not
remove IPv6 link-local address on reconfiguration"). We only clean out link-local
IPv6 addresses left over after an interface MAC change.
|
|
reconfiguration"
This reverts commit d247736f67cc056062b75a4215a031bebcfee2ee.
We need to clean link-local IPv6 addresses on link reconfiguration to also drop
no longer existing link-local addresse son MAC address change.
|