Age | Commit message (Collapse) | Author |
|
In some cases, we need to wait until local address is assigned.
And only then l2tpv3 tunnel can be configured.
For example when ipv6 address is in "tentative" state
or we wait for some routing daemon/route for a remote address.
|
|
This reverts commit e4d697b1d3aad0cb8e81f4c36bcaa4c089195f43.
We need those classes for the operational level "show interfaces" command.
|
|
It is easier to backport the entire vyos.ifconfig library from 1.4 instead of
backporting single pieces which are required to add new feature to the tunnel
interface section.
In addition that both libraries are now back in sync it will become much easier
to backport any other new feature introduced in VyOS 1.4!
|
|
PPPoE uses an entire different approach to setup the interface and VTI is still
implemented using the old node.def definitions from vyatta-cfg-system.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Keep the vyos.util function clean and not pull in the rest of the world
when importing it.
|
|
When waiting for processes that don't take long,
we need add an inotify watcher _before_ starting that process.
The pre-hook arguments allows the user to pass a () -> () anonymous function
to be called before adding a watch.
|
|
|
|
|
|
|
|
|
|
Ethtool version used on Debian Bullseye changed the output format from 0 -> n/a.
As we are only interested in the tx/rx keys we do not care about RX Mini/Jumbo.
(cherry picked from commit d48dddab0509e562209adfb115b0e691b8e47f54)
|
|
(cherry picked from commit 4b2fef88644bb75dadbe33b9638a4150def7e14f)
|
|
A validator is missing checking that if authentication is used on a PPPoE
interface, both username and password are set.
|
|
(cherry picked from commit c2a1c071e7d0a9ca754d7f5016eed7db188b3d1a)
|
|
(cherry picked from commit 80fe3ef4d49f6ee277d52ef5847f011e5775e7fb)
|
|
(cherry picked from commit 38b3dff1ebdf8c26a28d0befa6dcf0b4f51f21be)
|
|
(cherry picked from commit 5e1ed4086f96141611680892911dad82c28795ee)
|
|
Replace function get_interface_config to
function get_interface_config, as we have
in 1.4 branch.
It need after this cherry-picked commit edcdea8
|
|
Implementing a wrapper which will - based on the command - add a sudo prefix
to the execution string seemed to be a nice idea but unfortunately it did not
only not get momentum but also the codebase somethis added an implicit "sudo"
call a second time.
This resulted in a call: "sudo sudo systemctl"
The entire functionality was removed again and if an op-mode script requires
root priviledges it must be explicitly called with them - no black magic.
(cherry picked from commit b76931e6d3a4bd0cdb74ca447a746ab6855fcf55)
|
|
It is not possible to change the VLAN encapsulation protocol "on-the-fly". For
this "quirk" we need to actively delete and re-create the VIF-S interface.
(cherry picked from commit cd504035015dca62149b57bc07d8e002bd8723b1)
|
|
Option specifying the rate in which we'll ask our link partner to transmit
LACPDU packets in 802.3ad mode.
set interfaces bonding bond0 lacp-rate <slow|fast>
slow: Request partner to transmit LACPDUs every 30 seconds (default)
fast: Request partner to transmit LACPDUs every 1 second
(cherry picked from commit 8e392a3dbc16f7b80a979f7b4e9c11408d700e6f)
|
|
(cherry-picked from commit 60e3b3ef23a56edadab6abac00175433f99986c8)
|
|
(cherry-picked from commit efa744c63b388773a4ea76d0f690042ec1689159)
|
|
(cherry picked from commit e96932cbd99f508f9f5c24b207b5650aa8817e45)
|
|
(cherry picked from commit bafdc46e7af94b32aa3fed90c287ac170d764b7d)
|
|
util: T3356: Fix password variables
|
|
|
|
Removing a VLAN (VIF) interface from the CLI always deleted all interfaces the
kernel listed as "upper" in the /sys/class/net folder. This had the drawback
that when deleting a VIF, also the VRF interface was simply deleted - killing
all VRF related services.
(cherry picked from commit 6458f91735412fb2e6e7e37f7b3e6ca587a5a235)
|
|
T3356, T3284: Backport remote.py fixes to Equuleus
|
|
|
|
We can leak routes back to the default VRF, thus the check added by commit
9184dfb5 ("static: vrf: T3344: add target vrf verify()") must have a "bail out"
option when one want's to leak routes into the default VRF.
(cherry picked from commit 5adcc4ca30676338fca9a06409bbc72af4f68a1f)
|
|
T3284: Merge Paramiko-based remote.py implementation
|
|
|
|
(cherry picked from commit dd2eb5e5686655c996ae95285b8ad7eb73d63d0b)
|
|
This is an extension to commit 801c5235 ("xdp: T2666: disable this highly
experimental feature in 1.3 LTS") by dropping all XDP references in the
equuleus codebase.
|
|
VyOS 1.2 had a default ttl of 16 hardcoded to the node.def file [1], so until
this is handled via a migration script we have to obey that particular
setting.
[1]: https://github.com/vyos/vyatta-cfg-system/blob/crux/templates/interfaces/vxlan/node.def#L23
|
|
There had been four implementations of "ip -d -j link show interface" scattered
accross the codebase. Those implementations have now been combined into a new
helper:
vyos.util.get_json_iface_options()
(cherry picked from commit f13cc56d665a91ff3fac47df260301afefb1a3a5)
|
|
When a VIF/VLAN interface is placed in admin down state but the lower
interface, serving the vlan, is moved from admin down -> admin up, all its
vlan interfaces will be placed in admin up state, too.
This is bad as a VLAN interface will become admin up even if its specified as
admin down after a reboot.
To reproduce:
set interfaces ethernet eth1 vif 20 disable
set interfaces ethernet eth1 disable
commit
delete interfaces ethernet eth1 disable
commit
Now check the interface state and it returns UP,LOWER_UP
7: eth1.20@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:50:56:b3:09:07 brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:56ff:feb3:907/64 scope link
valid_lft forever preferred_lft forever
(cherry picked from commit 49bc3f1e3ff8416908fc986bb60b444a75a1722d)
|
|
(cherry picked from commit bddeae3755c8d83f4c47bc3b3798858a95427530)
|
|
In addition to commit cf1156a60e ("ethernet: T3163: probe driver for maximum
rx/tx ring-buffer size") this extends the logic in a way as not every driver
supports setting the buffers at all so it will properly error out.
When invoking "ethtool -g" both stdout and stderr are captured and no exception
is raised if it's an unsupported driver feature. The verify() section will
inform the user about the illegal operation.
(cherry picked from commit 159899ed9ba5661e4bdcfdadf1292e237f117063)
|
|
(cherry picked from commit a3e11ace758f447ddbbabd31d4903b3f71baa0b8)
|
|
(cherry picked from commit cf1156a60e1d03a752cde0baadbc9ac8118b2a52)
|
|
If the subprocess is producing enough data (in this case showConfig on a
large config file), then the construction:
p = subprocess.Popen(.., stdout=subprocess.PIPE, ..)
p.wait()
will deadlock with the subprocess waiting for data to be consumed, while
the Python process waits for its termination. So consume data, then wait
for termination.
(cherry picked from commit 83bcd13775323bec35d018223029e9a8b13179c8)
|
|
is_ip_network and compare_netmask Jinja2 filter have been added via commit
920789798 ("nat: T2947: add many-many translation") on "current" and are
required for the 1:1 NAT functionality.
jinja2.exceptions.TemplateAssertionError: no filter named 'is_ip_network'
|