summaryrefslogtreecommitdiff
path: root/python/vyos/ifconfig
AgeCommit message (Collapse)Author
2023-12-14T5749: Add a more scrict search for get_vrf methodViacheslav Hletenko
The current implementation is wrong as it searches `master` in the iproute2 JSON output. It is a worng as it could include bridges or bonding interfaces Add the more strict search `info_slave_kind == vrf`
2023-11-22Merge pull request #2499 from c-po/t5753-vxlan-vnifilterChristian Breunig
vxlan: T5753: add support for VNI filtering
2023-11-21macsec: T5770: enable iproute2 "encrypt on" stanzaGiga Murphy
2023-11-18vxlan: T5753: add support for VNI filteringChristian Breunig
In a service provider network a service provider typically supports multiple bridge domains with overlapping vlans. One bridge domain per customer. Vlans in each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to each customer. Without the ability of VNI filtering, we can not provide VXLAN tunnels with multiple tenants all requiring e.g. VLAN 10. To Test: set interfaces vxlan vxlan987 parameters external set interfaces vxlan vxlan987 source-interface eth0 set interfaces vxlan vxlan987 parameters vni-filter set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050 set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051 set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052 set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053 set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054 set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060 set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069 set interfaces bridge br0 member interface vxlan987 Add new op-mode command: show bridge vni Interface VNI ----------- ----------- vxlan987 10050-10054 vxlan987 10060 vxlan987 10069
2023-11-16tunnel: T3894: improve get_mac_synthetic() codeChristian Breunig
Remove stray whitespace in sed script and call Section.interfaces with vlan=False instead of a custom filter. This extends commit f19c92f25 ("tunnel: T3894: fix design when building synthetic MAC addresses")
2023-11-16T5747: op-mode add MAC and MTU for show interfaces summaryViacheslav Hletenko
Add op-mode "show interfaces summary" Add MAC, VRF and MTU options: vyos@r4# run show interfaces summary Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1 eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2 eth3 - 52:54:00:09:a4:b4 default 1500 A/D
2023-11-02wireguard: T5707: remove previously deconfigured peerChristian Breunig
Changing the public key of a peer (updating the key material) left the old WireGuard peer in place, as the key removal command used the new key. WireGuard only supports peer removal based on the configured public-key, by deleting the entire interface this is the shortcut instead of parsing out all peers and removing them one by one. Peer reconfiguration will always come with a short downtime while the WireGuard interface is recreated.
2023-10-31Merge pull request #2413 from c-po/t5668-vxlanChristian Breunig
vxlan: T5668: add CLI knob to enable ARP/ND suppression
2023-10-30vxlan: T5699: migrate "external" CLI know to "parameters external"Christian Breunig
As we have a bunch of options under "paramteres" already and "external" is clearly one of them it should be migrated under that node as well.
2023-10-30vxlan: T5668: add CLI knob to enable ARP/ND suppressionChristian Breunig
In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions [1] that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host. In Linux, the above is implemented in the bridge driver using a per-port option called "neigh_suppress" that was added in kernel version 4.15. [1] https://www.rfc-editor.org/rfc/rfc7432#section-10
2023-10-03bonding: T5254: Fixed changing ethernet when it is a bond memberaapostoliuk
If ethernet interface is a bond memeber: 1. Allow for changing only specific parameters which are specified in EthernetIf.get_bond_member_allowed_options function. 2. Added inheritable parameters from bond interface to ethernet interface which are scpecified in BondIf.get_inherit_bond_options. Users can change inheritable options under ethernet interface but in commit it will be copied from bond interface. 3. All other parameters are denied for changing. Added migration script. It deletes all denied parameters under ethernet interface if it is a bond member.
2023-09-19firewall: ethernet: T4502: Add interface offload node and verify interface ↵sarthurdev
supports HW flowtable offload - Add required offload setting for interfaces + flowtable offload (hw-tc-offload) - Verification of interface support for hardware offloaded flowtables
2023-09-09vxlan: T3700: support VLAN tunnel mapping of VLAN aware bridgesChristian Breunig
FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a VNI is configured against a container VXLAN interface which is referred to as a 'Single VXLAN device (SVD)'. Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI. Sample configuration of SVD with VLAN to VNI mappings is shown below. set interfaces bridge br0 member interface vxlan0 set interfaces vxlan vxlan0 external set interfaces vxlan vxlan0 source-interface 'dum0' set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010' set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011' set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030' set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031'
2023-09-05interface: T5550: Interface source-validation priority over global valuesarthurdev
- Migrate IPv4 source-validation to nftables - Interface source-validation value takes priority, fallback to global value
2023-09-05netns: T5241: simplify network namespace handlingChristian Breunig
2023-09-03netns: T5241: provide is_netns_interface utility helperChristian Breunig
2023-09-03Merge branch 'T5241-control-edition' of ↵Christian Breunig
https://github.com/sever-sever/vyos-1x into netns * 'T5241-control-edition' of https://github.com/sever-sever/vyos-1x: T5241: Support netns for veth and dummy interfaces
2023-08-25interface: T3509: Add per-interface IPv6 source validationsarthurdev
2023-08-23Merge pull request #2156 from giga1699/T5447Christian Breunig
T5447: Initial support for MACsec static keys
2023-08-20T5447: Remove redundant self.set_admin_stateGiga Murphy
2023-08-20T5447: Update copyright yearsGiga Murphy
2023-08-20T5447: Corrected comment in _create headerGiga Murphy
2023-08-20T5447: Corrected comment for interface downGiga Murphy
2023-08-20T5447: Implement maintainer feedbackGiga Murphy
2023-08-18T5447: Initial support for MACsec static keysGiga Murphy
2023-08-17Merge pull request #2130 from aapostoliuk/T5409-sagittaChristian Breunig
wireguard: T5409: Added 'set interfaces wireguard wgX threaded'
2023-08-17wireguard: T5409: rename threaded CLI not to per-client-threadChristian Breunig
Using threaded as CLI node is a very deep term used by kernel threads. To make this more understandable to users, rename the node to per-client-thread. It's also not necessary to test if any one peer is configured and probing if the option is set. There is a base test which requires at least one peer to be configured.
2023-08-11ipv6: T5464: add support for per-interface dad (duplicate address detection) ↵Christian Breunig
setting
2023-08-11ipv6: T5464: use proper XML default for DAD transmitsChristian Breunig
This is only a cosmetic change so that the default value is properly retrieved from the defaultValue XML node.
2023-08-07dhcp(v6): T5428: add proper return statements in set_dhcp(v6) methodsChristian Breunig
2023-08-07wireguard: T5409: Added 'set interfaces wireguard wgX threaded'aapostoliuk
Added 'set interfaces wireguard wgX threaded' command. Process traffic from each peer in a dedicated thread.
2023-08-06T5195: move helpers from vyos.validate to vyos.utils packageChristian Breunig
2023-08-05dhcpv6: T5428: client renewal fails when running inside VRFChristian Breunig
2023-08-04dhcp: T5428: client renewal fails when running inside VRFChristian Breunig
vyos@vyos# run show vrf MGMT processes 2282 sshd There is no dhclient process running in given VRF. dhclient complains it can not send out packets via the given interface (as it's not bound to that VRF) Aug 02 20:29:54 dhclient[1686]: send_packet: Network is unreachable Aug 02 20:29:54 dhclient[1686]: send_packet: please consult README file regarding broadcast address. Aug 02 20:29:54 dhclient[1686]: dhclient.c:3001: Failed to send 300 byte long packet over fallback interface.
2023-08-04dhcp: T5428: provide common direcotry path via vyos.defaults.directoriesChristian Breunig
Multiple scripts use the same hardcoded path for DHCP client leases in different direcotries - this can't be worse.
2023-07-31dhcpv6-pd: T5387: add support for no-release flag1vivy
When no-release is specified, dhcp6c client will not release allocated address or prefix on client exit. vyos.ifconfig: dhcpv6: T5387: re-use options_file for no release flag [WIP] * Todo: render Jinja2 template and fill it vyos.ifconfig: dhcpv6: T5387: finish options_file and no release flag in cli vyos.ifconfig: dhcpv6: T5387: fix missing/wrong end tag vyos.ifconfig: dhcpv6: T5387: fix options, no var for -n dhcpv6-client: T5387: fix missing / from filepaths
2023-07-15T5195: vyos.util -> vyos.utils package refactoring part #2Christian Breunig
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-07-05geneve: T5339: add option to use ipv4 instead of ethernetfett0
2023-06-12T5286: drop XDP support for ethernet and bonding interfacesChristian Breunig
... this is a step towards a new and better implementation that will utilize VPP.
2023-06-03T5241: Support netns for veth and dummy interfacesViacheslav Hletenko
Add netns configuration for dummy and virtual-ethernet interfaces Change Interface class to get/set data to netns
2023-05-29ifconfig: T2104: use link_local_prefix literal for fe80::/64Christian Breunig
2023-05-14Merge pull request #2007 from frebib/veth-netns-revertChristian Breunig
Revert "veth: T3829: Allow moving veth into netns"
2023-05-14Revert "veth: T3829: Allow moving veth into netns"Joe Groocock
netns management for any Vyos interfaces doesn't work past the initial creation, because Vyos always tries to recreate it/move it into the netns even though it already exists. Until this is fixed, don't let anyone even attempt to use this: set interfaces virtual-ethernet veth10 peer-name 'veth100' set interfaces virtual-ethernet veth100 netns 'ns01' set interfaces virtual-ethernet veth100 peer-name 'veth10' set netns name ns01 commit vyos@r14# sudo ip netns exec ns01 ip link show 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 12: veth100@if13: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether ee:8f:0b:bd:a2:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 [edit] vyos@r14# set interfaces virtual-ethernet veth100 description MyNetns commit Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 111, in <module> apply(c) File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 101, in apply p.update(veth) File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1413, in update self.set_netns(config.get('netns', '')) File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 552, in set_netns self.set_interface('netns', netns) File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 183, in set_interface return self._set_command(self.config, name, value) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 110, in _set_command return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd)) ^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd return cmd(command, self.debug) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd raise OSError(code, feedback) PermissionError: [Errno 1] failed to run command: ip link set dev veth100 netns ns01 returned: exit code: 1 noteworthy: cmd 'ip link set dev veth100 netns ns01' returned (out): returned (err): Cannot find device "veth100" This reverts commit f5cc8453860568351cd9b3b7a05d06e1462460e8.
2023-05-12ethernet: T3891: add conditional code-path when doing speed/duplex changesChristian Breunig
There is no need for the backend code to call ethtool and try to change speed or duplex settings every time there is a change in the interface configuration, but no change for the speed/duplex subnodes. This also makes the commit itself faster when working with ethernet interfaces. Bonus: no repeating CLI messages that the driver does not support speed/duplex changes, as we do not change anything here. Extension to commit f2ecc9710 ("ethernet: T3891: honor auto-negotiation support per NIC")
2023-05-10veth: T3829: Allow moving veth into netnsJoe Groocock
This makes netns infinitely more useful as they can be chained together in many ways to build complex network structures all on the host. Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-04ethernet: T3891: honor auto-negotiation support per NICChristian Breunig
Not all drivers/NICs or combination of NIC + transceiver support auto- negotiation. The current auto-negotiation capability is evaluated and taken into account when applying spped/duplex settings. If auto-negotiation is not supported - we skip the setting to avoid errors during configuration.
2023-04-15vyos.ifconfig: T2104: support adding and removing VLANs in one call.Christian Breunig
VLANIf('eth0.10').remove() will create and remove the VLAN in one command. Thus one can ensure when calling remove() on a VLAN it will always succeed.
2023-03-28interfaces: T4885: fix Perl to Python rewrite of clear/reset_countersJohn Estabrook
2023-02-25tunnel: T5034: migrate "multicast enable" CLI node to enable-multicastChristian Breunig
Tunnel interface multicast settings can be "enabled or disabled". As we prefer valueless nodes, and the linux kernel default is "disabled" we should add a set interfaces tunnel tunXX enable-multicast command