| Age | Commit message (Collapse) | Author |
|---|
|
|
|
DHCP service was not stopped when an DHCP address got removed from the
interface. DHCP service is now always stopped if it is not configured
explicitly.
|
|
Commit 21bc98f1 ("ifconfig: dhcp: T2767: client must not start when interface
is disabled") dropped the vyos.ifconfig.dhcp module but not removed it
from the modules import list.
|
|
ISC DHCP client will always place an Interface in admin-up state once it is
started. We must ensure that if an interface is placed in A/D state that the
DHCP client proccess is not launched and terminated if it is running.
|
|
We must ignore any return code when invoking dhcpc6 initially. This is required
to enable DHCPv6-PD for interfaces which are yet not up and running and my be
started later by VyOS.
|
|
Pass the interface dictionary transparently to the DHCP module and render the
DHCP client config template directly from the same source instead of transcoding
it once more.
|
|
This removes additional code paths as we can instatly work with the input dict
the same was as it was done for PPPoE. This fixes the entire DHCPv6-PD support
on non PPPoE interfaces as this was lost in translation while processing T2653.
|
|
Commit 29dd5079 ("ifconfig: T2653: remove duplicated code for address flush")
used the class method for address flushing, but it was cvalled in the wrong way.
|
|
After the fresh rewrite of the interfaces to a unified solution (T2653) IPv6
link-local addresses are no longer added. This will result in e.g. broken RAs.
|
|
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
... as it is only used inside the interface class.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
This is required as other interfaces (e.g. pseudo-ethernet or bond) will have
VLANs, too.
|
|
Every derived class must implement update() to set the interfaces admin
up/down state. This is required to prevend extensive link flaps when e.g.
reconfiguring bond interfaces.
|
|
This test is reused by a lot of instances and thus must be moved to the
base class.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
While providing a new update() method in vyos.ifconfig.interfaces() this is
extended for bridge interfaces in the derived bridge class.
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
|
A VLAN interface can only be placed in admin up state when the lower interface
is up, too. If this is not the case the operating system will throw and
exception.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
While providing a new update() method in vyos.ifconfig.interfaces() this is
extended for ethernet based interfaces which also supports 802.1q, 802.1ad
VLANs. This commit migrates the existing codebase for an ethernet based
interfaces and implements the missing parts for VLANs. Adding or migrating other
interfaces (e.g. bridge or bond) will become much easier as they must reuse
the entire functionality - we now walk towards a single codepath.
Thanks for all who made this combined effort possible!
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
|
This adds the last IP of the subnet being added as the broadcast address.
Example: adding 192.0.2.1/24 would yield:
inet 192.0.2.1/24 brd 192.0.2.255 scope global dum0
Without this the broadcast address would be missing.
Addidionally join two is_ipv4 calls into one.
|
|
interface
Changes are made in the interface.py script in order to bring the admin state to 'UP' after the mac is manually added in system config.The script is marking the interface from up to down state(as the MAC address can only be changed if interface is in 'down' state) but it is not bringing it up after the change
|
|
|
|
|
|
This changes the dummy interface implementation to make use of get_config_dict()
and also implement a new vyos.ifconfig.Interface().update() function to gather
all the scattered calls to update common interface configuration options.
Derived classes of Interface() should extend update() to their needs for their
special interface type - e.g. bond or bridge.
|
|
|
|
Commit 289f513 ("wireguard: T2632: support PSK on multiple peers") introduced
a regression when multiple allowed-ips have been configured. They were not
properly quoted when passing them down to the wg binary.
|
|
Commit 9390988709 ("vxlan: T2629: fix multiple configuration issues") called
append() on a list and passed two arguments which is invalid.
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 300, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-vxlan.py", line 245, in apply
v = VXLANIf(vxlan['intf'], **conf)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 221, in __init__
self._create()
File "/usr/lib/python3/dist-packages/vyos/ifconfig/vxlan.py", line 84, in _create
cmdline.append('group', 'src_interface')
TypeError: append() takes exactly one argument (2 given)
|
|
validation: T2630: bound to interface mtu if available
|
|
|
|
vxlan: T2629: fix multiple configuration issues
|
|
It was not possible to configure two WG peers with both utilized a pre-shared
key. This has been corrected.
WG psk can only be read from a file when starting the interface. The code for
creating this temporary file has been moved into the ifconfig.WireGuardIf()
class.
Tested with:
============
set interfaces wireguard wg0 address '192.0.2.0/31'
set interfaces wireguard wg0 peer one allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer one preshared-key 'e+SIIUcrnrSDHhbTtpjwKhSlSdUALA5ZvoCjfQXcvmA='
set interfaces wireguard wg0 peer one pubkey '/qQGAQ2HfLSZBSCpdgps04r9wRlK7bSFraCH9+MScmw='
set interfaces wireguard wg0 peer two allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer two pubkey '/qQGAQ2HfLSZBSCpdgfooor9wRlK7bSFraCH9+MScmw='
|
|
|
|
|
|
|
|
|
|
|
|
|
|
After commit d5b58517f883 ("dhcpv6-pd: pppoe: T2506: restructure CLI") the
CLI syntax has been adjusted for a better definition of DHCPv6-PD prefix length
option. Verifying a properly rendered template indeed did not happen which
cause the function to vanish for non PPPoE interfaces.
|
|
Rename the CLI nodes for prefix delegation from "dhcpv6-options delegate
<interface>" to "dhcpv6-options prefix-delegation interface <interface>".
The change is required to add the possibility to request for specific prefix
sized via the CLI. That option was not possible with the old configuration
tree.
|
|
|
|
By default MACsec only authenticates traffic but has support for optional
encryption. Encryption can now be enabled using:
set interfaces macsec <interface> encrypt
|
|
|
|
|
|
|
|
|
|
The following configuration will assign a /64 prefix out of a /56 delegation
to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64.
If you do not know the prefix size delegated to you, start with sla-len 0.
pppoe pppoe0 {
authentication {
password vyos
user vyos
}
description sadfas
dhcpv6-options {
delegate eth0 {
interface-id 65535
sla-id 0
sla-len 8
}
}
ipv6 {
address {
autoconf
}
enable
}
source-interface eth1
}
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 2001:db8:8003:400::ffff/64 u/u
|
|
ISC does not support running the client on PPP(oE) interfaces which makes it
unusable for DHCPv6 Prefix Delegation tasks.
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Unsupported device type 512 for "pppoe0"
|
|
Currently accept_ra was set to 0 if 'address dhcpv6' was set on an
interface. This is wrong, as without RA, the system will get no routes
to the DHCPv6-obtained prefix.
Since the logic for accept_ra was moved to the interface scripts,
it can be removed from the dhclient code.
|
|
|
