| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Revert "veth: T3829: Allow moving veth into netns"
|
|
netns management for any Vyos interfaces doesn't work past the initial
creation, because Vyos always tries to recreate it/move it into the
netns even though it already exists. Until this is fixed, don't let
anyone even attempt to use this:
set interfaces virtual-ethernet veth10 peer-name 'veth100'
set interfaces virtual-ethernet veth100 netns 'ns01'
set interfaces virtual-ethernet veth100 peer-name 'veth10'
set netns name ns01
commit
vyos@r14# sudo ip netns exec ns01 ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: veth100@if13: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ee:8f:0b:bd:a2:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[edit]
vyos@r14#
set interfaces virtual-ethernet veth100 description MyNetns
commit
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 111, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 101, in apply
p.update(veth)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1413, in update
self.set_netns(config.get('netns', ''))
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 552, in set_netns
self.set_interface('netns', netns)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 183, in set_interface
return self._set_command(self.config, name, value)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 110, in _set_command
return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd))
^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd
return cmd(command, self.debug)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: ip link set dev veth100 netns ns01
returned:
exit code: 1
noteworthy:
cmd 'ip link set dev veth100 netns ns01'
returned (out):
returned (err):
Cannot find device "veth100"
This reverts commit f5cc8453860568351cd9b3b7a05d06e1462460e8.
|
|
There is no need for the backend code to call ethtool and try to change speed or
duplex settings every time there is a change in the interface configuration,
but no change for the speed/duplex subnodes. This also makes the commit itself
faster when working with ethernet interfaces.
Bonus: no repeating CLI messages that the driver does not support speed/duplex
changes, as we do not change anything here.
Extension to commit f2ecc9710 ("ethernet: T3891: honor auto-negotiation support
per NIC")
|
|
This makes netns infinitely more useful as they can be chained together
in many ways to build complex network structures all on the host.
Signed-off-by: Joe Groocock <me@frebib.net>
|
|
Not all drivers/NICs or combination of NIC + transceiver support auto-
negotiation. The current auto-negotiation capability is evaluated and taken
into account when applying spped/duplex settings. If auto-negotiation is
not supported - we skip the setting to avoid errors during configuration.
|
|
VLANIf('eth0.10').remove() will create and remove the VLAN in one command.
Thus one can ensure when calling remove() on a VLAN it will always
succeed.
|
|
|
|
Tunnel interface multicast settings can be "enabled or disabled". As we prefer
valueless nodes, and the linux kernel default is "disabled" we should add a
set interfaces tunnel tunXX enable-multicast
command
|
|
Multicast has not been implemented for the tunnel interfaces.
We have only configuration CLI commands that do anything.
Fix it.
ip link set dev <tag> multicast on
ip link set dev <tag> multicast off
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
|
|
Inform user about the interface where the warning occured.
|
|
|
|
Fix ValueError: Unknown format code 'x' for object of type 'str' added in
commit c0ffb8ba4e663 ("ethernet: rps: T4928: adjust to Kernel ABI changes").
|
|
In the past we could simply set all bits for all CPUs even if they did not
exist. With 6.1.y Kernel series this is no longer possible and the input data
is validated against the available number of CPUs.
|
|
vyos@vyos# show interfaces sstpc
sstpc sstpc10 {
authentication {
password vyos
user vyos
}
server sstp.vyos.net
ssl {
ca-certificate VyOS-CA
}
}
|
|
* 'T4825' of https://github.com/sever-sever/vyos-1x:
T4825: Add basic smoketest for veth interfaces
T4825: Add interface type veth
|
|
Add interface type veth (Virtual ethernet)
One of the usecases it's interconnect different vrf's and
default vrf via bridge
set interfaces virtual-ethernet veth0 peer-name 'veth1010'
set interfaces virtual-ethernet veth1010 address '10.0.0.10/24'
set interfaces virtual-ethernet veth1010 peer-name 'veth0'
set interfaces virtual-ethernet veth1010 vrf 'foo'
set interfaces bridge br0 address '10.0.0.1/24'
set interfaces bridge br0 member interface veth0
|
|
|
|
The initial implementation from commit ac4e07f9 ("rfs: T4689: Support RFS
(Receive Flow Steering)") always adjusted the global rps_sock_flow_entries
configuration. So if RFS was enabled for one NIC but not the other - it did not
work.
According to the documentation:
RFS is only available if the kconfig symbol CONFIG_RPS is enabled (on by
default for SMP). The functionality remains disabled until explicitly
configured. The number of entries in the global flow table is set through:
/proc/sys/net/core/rps_sock_flow_entries
The number of entries in the per-queue flow table are set through:
/sys/class/net/<dev>/queues/rx-<n>/rps_flow_cnt
Both of these need to be set before RFS is enabled for a receive queue. Values
for both are rounded up to the nearest power of two. The suggested flow count
depends on the expected number of active connections at any given time, which
may be significantly less than the number of open connections. We have found
that a value of 32768 for rps_sock_flow_entries works fairly well on a
moderately loaded server.
This commit sets rps_sock_flow_entries via sysctl on bootup leafing the RFS
configuration to the interface level.
|
|
|
|
private key
This prevents habing any leftover private-key files in /tmp directory.
|
|
The initial implementation in commit 9fb9e5cade ("ethernet: T3171: add CLI
option to enable RPS (Receive Packet Steering)" only changed the CPU affinity
for RX queue 0.
This commit takes all RX queues into account.
|
|
When any configured peer is set to `disable` while the Wireguard tunnel is up
and running it does not get actively revoked and removed. This poses a security
risk as connections keep beeing alive.
Whenever any parameter of a peer changes we actively remove the peer and fully
recreate it on the fly.
|
|
|
|
|
|
This reverts commit 53355271a2864d844daca89a064c21e514e10adb.
|
|
|
|
Fixes several bugs around bonding member interface states not matching
the committed configuration, including:
- Disabled removed interfaces coming back up
- Newly added disabled interfaces not staying down
- Newly added interfaces not showing up in the bond
|
|
Commit 31169fa8a763e ("vyos.ifconfig: T3619: only set offloading options if
supported by NIC") added the new implementation which handles NIC offloading.
Unfortunately every single implementation was copied from "gro" which resulted
in a change to gro for each offloading option - thus options like lro, sg, tso
had no effect at all.
It all comes down to copy/paste errors ... one way or another.
|
|
is set
Adds a sysctl parameter to ignore the default router obtained from router
advertisements when pppoe no-default-route is set.
|
|
Sometimes we are only interested in the parent interfaces without any VLAN
subinterfaces. Extend the API with a vlan argument that defaults to True to
keep the current behavior in place.
|
|
The VLAN aware bridge was forwarding traffic between member ports, but traffic
destined torwards the CPU was dropped. This resulted in a gateway not reachable
or DHCP leases that could not be handed out.
Tested via:
VyOS
set interfaces bridge br0 enable-vlan
set interfaces bridge br0 member interface eth1 allowed-vlan '10'
set interfaces bridge br0 member interface eth1 allowed-vlan '20'
set interfaces bridge br0 member interface eth1 allowed-vlan '30'
set interfaces bridge br0 member interface eth1 allowed-vlan '40'
set interfaces bridge br0 member interface eth1 native-vlan '40'
set interfaces bridge br0 member interface eth2 allowed-vlan '30'
set interfaces bridge br0 member interface eth2 allowed-vlan '20'
set interfaces bridge br0 member interface eth2 allowed-vlan '10'
set interfaces bridge br0 member interface eth2 allowed-vlan '40'
set interfaces bridge br0 vif 10 address '10.0.10.1/24'
set interfaces bridge br0 vif 20 address '10.0.20.1/24'
set interfaces bridge br0 vif 30 address '10.0.30.1/24'
set interfaces bridge br0 vif 40 address '10.0.40.1/24'
Arista vEOS
vlan 10,20,30,40
interface Ethernet1
switchport trunk allowed vlan 10,20,30,40
interface Vlan10
ip address 10.0.10.2/24
interface Vlan20
ip address 10.0.20.2/24
interface Vlan30
ip address 10.0.30.2/24
interface Vlan40
ip address 10.0.40.2/24
interface Ethernet1
switchport trunk allowed vlan 10,20,30,40
switchport mode trunk
spanning-tree portfast
Cisco vIOS
interface GigabitEthernet0/0
ip address 10.0.40.3 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 10.0.10.3 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 10.0.20.3 255.255.255.0
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 10.0.30.3 255.255.255.0
!
|
|
Ability to get MTU from DHCP-server and don't touch it per
any interface change if interface 'dhcp-options mtu' is
configured
|
|
|
|
Interface() base class already takes care about VLAN creation/removal of
newly added or no longer required interfaces. No need to code this logic again.
|
|
When removing a VRF from an ethernet interface and adding the interface to a
bond in the same commit led to an OSError: [Errno 16] Device or resource busy!
|
|
|
|
Linux Kernel supports to specify the MII link monitoring frequency in
milliseconds. This determines how often the link state of each slave is
inspected for link failures. A value of zero disables MII link monitoring.
A value of 100 is a good starting point.
The default value is 100.
set interfaces bonding bond0 mii-mon-interval <n>
|
|
|
|
The code path for changing the interval is never executed.
|
|
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644.
By default Linux kernel doesn't forward directed broadcast
packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding`
and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
|
|
Interface should receive an auto generated link-local IPv6 address as we do
with all VyOS interfaces by default.
|
|
This PR adds an config option to enable/disable IGMP/MLD snooping.
```
set interfaces bridge brN igmp snooping
```
|
|
|
|
present for DHCP
VyOS 1.4 still leverages PPPd internals on the CLI.
pppd supports three options for a default route, none, auto, force.
* none: No default route is installed on interface up
* auto: Default route is only installed if there is yet no default route
* force: overwrite any default route
There are several drawbacks in this design for VyOS and the users. If auto is
specified, this only counted for static default routes - but what about dynamic
ones? Same for force, only a static default route got replaced but dynamic ones
did not got taken into account.
The CLI is changed and we now re-use already existing nodes from the DHCP
interface configuration:
* no-default-route:
On link up no default route is installed, same as the previous
default-route none
* default-route-distance:
We can now specify the distance of this route for the routing table on the
system. This defaults to 210 as we have for DHCP interfaces. All this will be
migrated using a CLI migration script.
|
|
|
|
set interfaces vxlan vxlan0 parameters ip df <set|unset|inherit>
set interfaces geneve gnv0 parameters ip df <set|unset|inherit>
|
|
|
|
|
