Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 11b273108d78ab1588be3c077f40b2ac876369a4)
|
|
To reproduce:
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit
This resulted in an error while interacting with nftables:
[Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
The reason is that the old mapping entry still exists and was not removed.
This commit adds a new utility function get_vrf_tableid() and compares the
current and new VRF table IDs assigned to an interface. If the IDs do not
match, the nftables ct_iface_map entry is removed before the new entry is added.
(cherry picked from commit 452068ce78581bb6fba2df4dba197e95b9aeb33d)
|
|
get_current_user()
(cherry picked from commit 710bb184045baa85897d589ffbc8af14b0fce629)
|
|
filesystem
(cherry picked from commit d7a18a3da949bfa3df89661cc0871e8f23b18a10)
|
|
(cherry picked from commit e1a34e661d3e5f0090550796ac266dac15e1e337)
|
|
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
|
|
and return False if the user interrupts the prompt with Ctrl-C
|
|
|
|
We only supported calculating seconds to weeks but not seconds to years. This
has been added.
Testcase:
from vyos.utils.convert import seconds_to_human
minute = 60
hour = minute * 60
day = hour * 24
week = day * 7
year = day * 365.25
for separator in ['', ' ', '-', '/']:
print(f'----- Using separator "{separator}" -----')
print(seconds_to_human(10, separator))
print(seconds_to_human(5* minute, separator))
print(seconds_to_human(3* hour, separator))
print(seconds_to_human(4* day, separator))
print(seconds_to_human(7 * week, separator))
print(seconds_to_human(10 * year, separator))
print(seconds_to_human(5*year + 4*week + 3*day + 2*hour + minute + 5, separator))
print()
cpo@LR1.wue3:~$ ./foo.py
----- Using separator "" -----
10s
5m
3h
4d
7w
10y
5y4w3d2h1m5s
----- Using separator " " -----
10s
5m
3h
4d
7w
10y
5y 4w 3d 2h 1m 5s
----- Using separator "-" -----
10s
5m
3h
4d
7w
10y
5y-4w-3d-2h-1m-5s
----- Using separator "/" -----
10s
5m
3h
4d
7w
10y
5y/4w/3d/2h/1m/5s
|
|
When handling optional separators rather build up a list and join the list
with the requested delimiter to form the resulting human readable time string.
|
|
|
|
|
|
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf
|
|
|
|
interface with vrf
|
|
This extends commit 9199c87cf ("init: T2044: always start/stop rpki during
system boot") to check the bootup configuration if an RPKI cache is defined.
Only start RPKI if this is the case.
|
|
|
|
dhcp: T3316: T5787: T5912: Extend scope of DHCP options, bugfixes
|
|
supported by Kea
|
|
Commit ad9bdfc24 ("T5195: add timeout argument to process_named_running()")
added a 2*10 seconds penalty for every interface test (dhcp and dhcpv6).
This leads to long runs of "make test" after an ISO build.
There is no need to wait 10 seconds for a test that checks for a process
not running. The timeout is there to give the process some time to startup.
|
|
Smoketests heavily rely on process_named_running() so in order to "relax"
system constraints during a test we will add a timeout of 10 seconds for
every testcase provided by base_interfaces_test.py
|
|
After deleting a user account and working with a newly added account, we see
that after rebooting in the previously saved configuration, the user is
re-added but it's home directory might have an old UID set on the filesystem.
This is due to the fact that vyos config does not store UIDs. When adding a
user account to the system we now check if the home directory already exists
and adjust the ownership to the new UID.
|
|
* Move Kea socket permission change on-demand and speed up conf scripts
* Fix issue with DHCP reservations when no `ip-address` value
|
|
|
|
dhcp: T3316: Migrate dhcp/dhcpv6 server to Kea
|
|
|
|
|
|
The iproute2 master argument is used for both a VRF and a bridge device. Using
this in the VRF context would retrieve and report back the wrong interfaces:
Old implementation:
===================
>>> from vyos.utils.network import get_vrf_members
>>> get_vrf_members('br1')
['eth1', 'eth2', 'vxlan1']
>>> get_vrf_members('black')
['br1.3002', 'br1.4000', 'pim6reg10200']
The new implementation:
=======================
>>> from vyos.utils.network import get_vrf_members
>>> get_vrf_members('br1')
[]
>>> get_vrf_members('black')
['br1.3002', 'br1.4000', 'pim6reg10200']
|
|
vxlan: T5753: add support for VNI filtering
|
|
In a service provider network a service provider typically supports multiple
bridge domains with overlapping vlans. One bridge domain per customer. Vlans in
each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to
each customer.
Without the ability of VNI filtering, we can not provide VXLAN tunnels
with multiple tenants all requiring e.g. VLAN 10.
To Test:
set interfaces vxlan vxlan987 parameters external
set interfaces vxlan vxlan987 source-interface eth0
set interfaces vxlan vxlan987 parameters vni-filter
set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050
set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051
set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052
set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053
set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054
set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060
set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069
set interfaces bridge br0 member interface vxlan987
Add new op-mode command: show bridge vni
Interface VNI
----------- -----------
vxlan987 10050-10054
vxlan987 10060
vxlan987 10069
|
|
|
|
|
|
|
|
|
|
remote: T5726: Disable the progressbar if the shell is noninteractive or the terminal is missing capabilities
|
|
terminal is missing capabilities
|
|
Reduce amount of duplicated (3 times) code in op-mode scripts for ping,
traceroute and mtr.
|
|
remote: T5650: Resize-aware progressbar implementation
|
|
|
|
If ethernet interface is a bond memeber:
1. Allow for changing only specific parameters which are specified
in EthernetIf.get_bond_member_allowed_options function.
2. Added inheritable parameters from bond interface to ethernet
interface which are scpecified
in BondIf.get_inherit_bond_options.
Users can change inheritable options under ethernet interface
but in commit it will be copied from bond interface.
3. All other parameters are denied for changing.
Added migration script. It deletes all denied parameters under
ethernet interface if it is a bond member.
|
|
|
|
|
|
address, and not only global ipv6 address. This allows to configure ipv6 link local address on vrrp hello-source-address parameter.
|
|
|
|
|
|
FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when
working with the Linux kernel. In this new way, the mapping of a VLAN to a VNI
is configured against a container VXLAN interface which is referred to as a
'Single VXLAN device (SVD)'.
Multiple VLAN to VNI mappings can be configured against the same SVD. This
allows for a significant scaling of the number of VNIs since a separate VXLAN
interface is no longer required for each VNI.
Sample configuration of SVD with VLAN to VNI mappings is shown below.
set interfaces bridge br0 member interface vxlan0
set interfaces vxlan vxlan0 external
set interfaces vxlan vxlan0 source-interface 'dum0'
set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010'
set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011'
set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030'
set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031'
|
|
* netns:
smoketest: T5241: re-work netns assertions and provide common utility helper
netns: T5241: simplify network namespace handling
netns: T5241: improve get_interface_namespace() robustness
netns: T5241: use common interface_exists() helper
netns: T5241: provide is_netns_interface utility helper
T5241: Support netns for veth and dummy interfaces
|
|
|
|
Checks if an IPv6 address on a specific network interface is
in the tentative state. IPv6 tentative addresses are not fully configured
and are undergoing Duplicate Address Detection (DAD) to ensure they are
unique on the network.
inet6 2001:db8::3/125 scope global tentative
It tentative state the group enters in FAULT state. Fix it
|