Age | Commit message (Collapse) | Author |
|
|
|
When removing e.g. a macsec interface and also its associated member interface
from the bridge, it will happen that the macsec interface instance is long gone
before we reach the code in the bridge interface which will remove it from the
bridge itself.
When this is the case, we can not call BridgeIf.del_port() as it will throw an
exception that the interface does not exist. We now only remove a bridge member
if the interface in question is still available in the kernel.
|
|
A lot of derived classes from Interface implemented their own get_config()
method which more or less was the same everywhere. We also hat different
qualifiers like @staticmethod or @classmethod.
This is now changed to only have the @classmethod in Interface base class which
will return the necessary dictionary keys for the required interfaces. This
change is a mid reduction in lines of code which is always a very nice thing!
|
|
In the past we had to provide the ethertype value used for the VLAN
protocol (0x88A8 -> 802.1ad or 0x8100 -> 802.1q).
This should be changed to a more user friendly CLI node (protocol over
ethertype) and 802.1ad over it's raw value 0x88A8. There is no need in
presenting RAW information from the ethernet header to the user. Also iproute2
calls it protocol which makes way more sense over the "raw" value.
|
|
hostapd/wpa_supplicant will control the admin state of an interface, thus we
should re-add it to a bridge after we have launched those services.
|
|
|
|
Instead of using an Adapter pattern to make interfaces VLAN-aware, create a
derived class named VLANIf to represent a VLAN. This change was necessary to
eliminate mixed code in Interfaces class which was VLAN - free, but recently
gained some VLAN specific code for set_admin_state().
In addition this "autoresolves" the issue in T2894 as a bond vlan interface
will no longer change the lower interface.
|
|
|
|
Removing a member from a bond/LACP will turn the physical interface always in
admin-down state. This is invalid, the interface should be placed into the state
configured on the VyOS CLI.
Smoketest on bond interfaces is extended to check this behavior.
|
|
Specifies the minimum number of links that must be active before asserting
carrier. It is similar to the Cisco EtherChannel min-links feature. This allows
setting the minimum number of member ports that must be up (link-up state)
before marking the bond device as up (carrier on). This is useful for situations
where higher level services such as clustering want to ensure a minimum number
of low bandwidth links are active before switchover.
This option only affects 802.3ad mode.
The default value is 0. This will cause carrier to be asserted (for 802.3ad
mode) whenever there is an active aggregator, regardless of the number of
available links in that aggregator. Note that, because an aggregator cannot be
active without at least one available link, setting this option to 0 or to 1
has the exact same effect.
|
|
With VyOS 1.2 the default WireGuard behavior is used. This means that when a
WireGuard interface is added to the system, there is no "MAC" address - also
there is no IPv6 link-local address assigned by the Kernel to this particular
interface.
With implementation of T2653 all interfaces now receive an IPv6 address - which
is also valid for WireGuard interfaces - unfortunately this logic relies on the
interface MAC address - and as there is none, the link-local address will be
always the same. The logic behind is coded here [1].
We generate an IPv6 link-local address even when there is no "MAC" address. The
behavior/functionality (as with VyOS 1.2) must be restored to not have a
link-local IPv6 address at all. Any user can add any IPv6 link-local address
manually by issuing: set interfaces wireguard wg01 address fe80::ff:1/64.
Change vyos.ifconfig.add_ipv6_eui64_address to only add the EUI64-based
link-local address if a MAC address is available.
[1] https://github.com/vyos/vyos-1x/blob/3077158391ceee4ce04c27dec33f629529727c36/python/vyos/ifconfig/interface.py#L468
|
|
Now that b40c52682a256 ("config: T2636: get_config_dict() returns a list on
multi node by default") is implemented the workarounds can be removed.
|
|
|
|
|
|
|
|
This reverts commit 5a5974d5a00b482cabd3dee92bc365d3c9f399bc.
Required for operational mode "show interfaces" command.
|
|
Currently DHCPv6-PD requires an interface address configured to dhcpv6 on the
CLI. This is not required also sometimes there is either no dhcpv6 interface
addressing available (PPPoE) or wanted. This limitation was artificial due to
the old interface code.
Change the implementation to spawn the DHCPv6 client and request a prefix even
when there is no address request configured.
|
|
|
|
|
|
DHCP service was not stopped when an DHCP address got removed from the
interface. DHCP service is now always stopped if it is not configured
explicitly.
|
|
Commit 21bc98f1 ("ifconfig: dhcp: T2767: client must not start when interface
is disabled") dropped the vyos.ifconfig.dhcp module but not removed it
from the modules import list.
|
|
ISC DHCP client will always place an Interface in admin-up state once it is
started. We must ensure that if an interface is placed in A/D state that the
DHCP client proccess is not launched and terminated if it is running.
|
|
We must ignore any return code when invoking dhcpc6 initially. This is required
to enable DHCPv6-PD for interfaces which are yet not up and running and my be
started later by VyOS.
|
|
Pass the interface dictionary transparently to the DHCP module and render the
DHCP client config template directly from the same source instead of transcoding
it once more.
|
|
This removes additional code paths as we can instatly work with the input dict
the same was as it was done for PPPoE. This fixes the entire DHCPv6-PD support
on non PPPoE interfaces as this was lost in translation while processing T2653.
|
|
Commit 29dd5079 ("ifconfig: T2653: remove duplicated code for address flush")
used the class method for address flushing, but it was cvalled in the wrong way.
|
|
After the fresh rewrite of the interfaces to a unified solution (T2653) IPv6
link-local addresses are no longer added. This will result in e.g. broken RAs.
|
|
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
... as it is only used inside the interface class.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
This is required as other interfaces (e.g. pseudo-ethernet or bond) will have
VLANs, too.
|
|
Every derived class must implement update() to set the interfaces admin
up/down state. This is required to prevend extensive link flaps when e.g.
reconfiguring bond interfaces.
|
|
This test is reused by a lot of instances and thus must be moved to the
base class.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
While providing a new update() method in vyos.ifconfig.interfaces() this is
extended for bridge interfaces in the derived bridge class.
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
|
A VLAN interface can only be placed in admin up state when the lower interface
is up, too. If this is not the case the operating system will throw and
exception.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
While providing a new update() method in vyos.ifconfig.interfaces() this is
extended for ethernet based interfaces which also supports 802.1q, 802.1ad
VLANs. This commit migrates the existing codebase for an ethernet based
interfaces and implements the missing parts for VLANs. Adding or migrating other
interfaces (e.g. bridge or bond) will become much easier as they must reuse
the entire functionality - we now walk towards a single codepath.
Thanks for all who made this combined effort possible!
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
|
This adds the last IP of the subnet being added as the broadcast address.
Example: adding 192.0.2.1/24 would yield:
inet 192.0.2.1/24 brd 192.0.2.255 scope global dum0
Without this the broadcast address would be missing.
Addidionally join two is_ipv4 calls into one.
|
|
interface
Changes are made in the interface.py script in order to bring the admin state to 'UP' after the mac is manually added in system config.The script is marking the interface from up to down state(as the MAC address can only be changed if interface is in 'down' state) but it is not bringing it up after the change
|
|
|
|
|
|
This changes the dummy interface implementation to make use of get_config_dict()
and also implement a new vyos.ifconfig.Interface().update() function to gather
all the scattered calls to update common interface configuration options.
Derived classes of Interface() should extend update() to their needs for their
special interface type - e.g. bond or bridge.
|
|
|
|
Commit 289f513 ("wireguard: T2632: support PSK on multiple peers") introduced
a regression when multiple allowed-ips have been configured. They were not
properly quoted when passing them down to the wg binary.
|
|
Commit 9390988709 ("vxlan: T2629: fix multiple configuration issues") called
append() on a list and passed two arguments which is invalid.
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 300, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 245, in apply
v = VXLANIf(vxlan['intf'], **conf)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 221, in __init__
self._create()
File "/usr/lib/python3/dist-packages/vyos/ifconfig/vxlan.py", line 84, in _create
cmdline.append('group', 'src_interface')
TypeError: append() takes exactly one argument (2 given)
|
|
validation: T2630: bound to interface mtu if available
|
|
|
|
vxlan: T2629: fix multiple configuration issues
|
|
It was not possible to configure two WG peers with both utilized a pre-shared
key. This has been corrected.
WG psk can only be read from a file when starting the interface. The code for
creating this temporary file has been moved into the ifconfig.WireGuardIf()
class.
Tested with:
============
set interfaces wireguard wg0 address '192.0.2.0/31'
set interfaces wireguard wg0 peer one allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer one preshared-key 'e+SIIUcrnrSDHhbTtpjwKhSlSdUALA5ZvoCjfQXcvmA='
set interfaces wireguard wg0 peer one pubkey '/qQGAQ2HfLSZBSCpdgps04r9wRlK7bSFraCH9+MScmw='
set interfaces wireguard wg0 peer two allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer two pubkey '/qQGAQ2HfLSZBSCpdgfooor9wRlK7bSFraCH9+MScmw='
|