| Age | Commit message (Collapse) | Author |
|---|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
While providing a new update() method in vyos.ifconfig.interfaces() this is
extended for ethernet based interfaces which also supports 802.1q, 802.1ad
VLANs. This commit migrates the existing codebase for an ethernet based
interfaces and implements the missing parts for VLANs. Adding or migrating other
interfaces (e.g. bridge or bond) will become much easier as they must reuse
the entire functionality - we now walk towards a single codepath.
Thanks for all who made this combined effort possible!
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
|
This adds the last IP of the subnet being added as the broadcast address.
Example: adding 192.0.2.1/24 would yield:
inet 192.0.2.1/24 brd 192.0.2.255 scope global dum0
Without this the broadcast address would be missing.
Addidionally join two is_ipv4 calls into one.
|
|
interface
Changes are made in the interface.py script in order to bring the admin state to 'UP' after the mac is manually added in system config.The script is marking the interface from up to down state(as the MAC address can only be changed if interface is in 'down' state) but it is not bringing it up after the change
|
|
|
|
|
|
This changes the dummy interface implementation to make use of get_config_dict()
and also implement a new vyos.ifconfig.Interface().update() function to gather
all the scattered calls to update common interface configuration options.
Derived classes of Interface() should extend update() to their needs for their
special interface type - e.g. bond or bridge.
|
|
|
|
Commit 289f513 ("wireguard: T2632: support PSK on multiple peers") introduced
a regression when multiple allowed-ips have been configured. They were not
properly quoted when passing them down to the wg binary.
|
|
Commit 9390988709 ("vxlan: T2629: fix multiple configuration issues") called
append() on a list and passed two arguments which is invalid.
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 300, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 245, in apply
v = VXLANIf(vxlan['intf'], **conf)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 221, in __init__
self._create()
File "/usr/lib/python3/dist-packages/vyos/ifconfig/vxlan.py", line 84, in _create
cmdline.append('group', 'src_interface')
TypeError: append() takes exactly one argument (2 given)
|
|
validation: T2630: bound to interface mtu if available
|
|
|
|
vxlan: T2629: fix multiple configuration issues
|
|
It was not possible to configure two WG peers with both utilized a pre-shared
key. This has been corrected.
WG psk can only be read from a file when starting the interface. The code for
creating this temporary file has been moved into the ifconfig.WireGuardIf()
class.
Tested with:
============
set interfaces wireguard wg0 address '192.0.2.0/31'
set interfaces wireguard wg0 peer one allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer one preshared-key 'e+SIIUcrnrSDHhbTtpjwKhSlSdUALA5ZvoCjfQXcvmA='
set interfaces wireguard wg0 peer one pubkey '/qQGAQ2HfLSZBSCpdgps04r9wRlK7bSFraCH9+MScmw='
set interfaces wireguard wg0 peer two allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer two pubkey '/qQGAQ2HfLSZBSCpdgfooor9wRlK7bSFraCH9+MScmw='
|
|
|
|
|
|
|
|
|
|
|
|
|
|
After commit d5b58517f883 ("dhcpv6-pd: pppoe: T2506: restructure CLI") the
CLI syntax has been adjusted for a better definition of DHCPv6-PD prefix length
option. Verifying a properly rendered template indeed did not happen which
cause the function to vanish for non PPPoE interfaces.
|
|
Rename the CLI nodes for prefix delegation from "dhcpv6-options delegate
<interface>" to "dhcpv6-options prefix-delegation interface <interface>".
The change is required to add the possibility to request for specific prefix
sized via the CLI. That option was not possible with the old configuration
tree.
|
|
|
|
By default MACsec only authenticates traffic but has support for optional
encryption. Encryption can now be enabled using:
set interfaces macsec <interface> encrypt
|
|
|
|
|
|
|
|
|
|
The following configuration will assign a /64 prefix out of a /56 delegation
to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64.
If you do not know the prefix size delegated to you, start with sla-len 0.
pppoe pppoe0 {
authentication {
password vyos
user vyos
}
description sadfas
dhcpv6-options {
delegate eth0 {
interface-id 65535
sla-id 0
sla-len 8
}
}
ipv6 {
address {
autoconf
}
enable
}
source-interface eth1
}
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 2001:db8:8003:400::ffff/64 u/u
|
|
ISC does not support running the client on PPP(oE) interfaces which makes it
unusable for DHCPv6 Prefix Delegation tasks.
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Unsupported device type 512 for "pppoe0"
|
|
Currently accept_ra was set to 0 if 'address dhcpv6' was set on an
interface. This is wrong, as without RA, the system will get no routes
to the DHCPv6-obtained prefix.
Since the logic for accept_ra was moved to the interface scripts,
it can be removed from the dhclient code.
|
|
|
|
Add a function that converts an interface name to its config path.
For example: 'eth0.1.2' -> 'ethernet eth0 vif-s 1 vif-c 2'
|
|
Previously the function returned the correct basename only for vif interfaces
as it stopped at the 2nd dot. If we had a vif-s vif-c interface 'eth0.1.2' it
would return 'eth0.'. It is now fixed to strip both vif-s and vif-c if
'vlan=True' (default).
|
|
Will be called by all interface scripts to re-add themselves to a bridge
after deleting and recreating themselves.
|
|
- detriplicate list appending
- detriplicate returns
- use if-elif-else
- move check if address is already added to beginning
- move caching in variable to after address assignment so a failed
assignment won't cache the address
|
|
|
|
|
|
T2367: flush addresses when adding bond/bridge members
|
|
Add function that flushes all addresses from an interface.
|
|
Correctly track addresses in cache _addr variable
|
|
disable :T2372: disable sub-interface if parent is
|
|
tolls intact
|
|
The intermedite class only held the path to the configuration files - thus
its existence was doubtworthy. For better readability and a clean
inheritance graph that class has been dropped.
|
|
|
|
|
|
|
|
|
|
|
|
tunnel: T2354: do not allow display as bridge option
|
|
vrrp: T2331: fix show vrrp
|
