Age | Commit message (Collapse) | Author |
|
vti: T6085: bring VTI interfaces up only when the IPsec tunnel is up (backport #3157)
|
|
This reverts commit ab30509b25d54dac99294b76ba03fd49c3d2c946.
As in T6152 there seem to be some NICs that have a non working implementation
of reading the EEE registers. Remove this feature in the meantime until there
is a less exploding solution hindering boards to boot.
Return to Kernel defaults by removing this code path.
(cherry picked from commit 946f93778f15f4af9f31cd5b164efcd931693635)
|
|
Extend the way how we determine if interfaces exist in VyOS. In the past we
only validated if the interface in question really exists at the OS level.
This has some drawbacks as services (like OSPF or OSPFv3) can also handle
interfaces dynamically which appear or leaf the OS.
This commit not only checks for OS interfaces but also if the interface in
question was configured at the CLI level, this is proof enough to pass the
check. If it does not exist at the CLI level, we continue searching it it's
maybe a Kernel interface - useful for container networks.
In addition we can now not only raise() an error but simply show a warning if
an interface does not exist.
(cherry picked from commit f7250ecf1d119f14d72f99ee379deaaae0790f0e)
|
|
When a VTI interface is just created, it is in ADMIN UP state by default, even
if an IPSec peer is not connected. After the peer is disconnected the interface
goes to DOWN state as expected.
This breaks routing logic - for example, static routes through VTI interfaces
will be active even if a peer is not connected.
This changes to logic so ADMIN UP/DOWN state can only be changed by the
vti-up-down helper script.
Error was introduced during the Perl -> Python migration and move to the generic
vyos.ifconfig abstraction during the 1.4 development cycle.
(cherry picked from commit 9eb018c4935235d292d7c693ac15da5761be064a)
|
|
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType
value of 0x88A8 is required.
Reusing CLI command from VIF-S (QinQ) interfaces:
set interfaces bridge br0 protocol 802.1ad
(cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
|
|
add mtu to default and specified class
update smoke test
(cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
|
|
(cherry picked from commit 4291a1a423c3cbbae9e4142575b36d6fbe1c126f)
|
|
To iterate files on ext* file systems GRUB reads their inodes one by one,
ignoring names. This breaks our configuration logic that relies on proper
loading order.
This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB
configuration files are created. It recreates files, changing their inodes in a
way where inodes order matches alphabetical order.
(cherry picked from commit f74923202311e853b677e52cd83bae2be9605c26)
|
|
(cherry picked from commit 73e215dc338c8c3a6c9b3d10c952477ba00b923b)
|
|
(cherry picked from commit 8f2534e9654b61b7db45788bb52ac6cf8017b054)
|
|
(cherry picked from commit 2104424c1a43dc027567e051262e1eed6506491f)
|
|
settings
(cherry picked from commit 5ee89f46096626ca8aac37da9237635e3d17766a)
|
|
Feature detection is used to see if certain offload settings are available on
the given NIC.
(cherry picked from commit 63ccdc5125e19f8737bf1445938998bef803d1bd)
|
|
is a network.
(cherry picked from commit a7a0c90404d03f7deccb74a46d0fe1f99116907a)
|
|
(cherry picked from commit b984cf8d179cf3d4b16e7f3e5cf94f822055cb04)
|
|
(cherry picked from commit c7f5b510cfd117e57f2d22e259c843600ef4cc76)
|
|
EEE enabled status is on the 2nd line of ethtool output and not the 3rd. Subsequently, reading the 3rd line was causing an out-of-bounds access for the bnx2x driver as well.
(cherry picked from commit 775348a4cda34e6be16454d43c77b525e57c4e47)
|
|
required
(cherry picked from commit 6f7d1e15665655e37e8ca830e28d9650445c1217)
|
|
(cherry picked from commit 5949ff72a9f953da9d06d1ad75add0e6023d0dc4)
|
|
Removed dhcp-interface option (l2tp)
Added wins-server (sstp)
Added description (ipoe, pppoe, sstp, pptp)
Added exteded-script (l2tp, sstp, pptp)
Added shaper (ipoe, pptp, sstp, l2tp)
Added limits (ipoe, pptp, sstp, l2tp)
Added snmp ( ipoe, pptp,sstp, l2tp)
Refactoring and reformated code.
(cherry picked from commit ac6a16f6c5ad7700789759e1ec093236c2e182a2)
|
|
set pki openssh rpki private key ...
set pki openssh rpki public key ...
set pki openssh rpki public type 'ssh-rsa'
(cherry picked from commit 8c78ef0879f22ffd4a5f7fdb175e9109b46e9d7b)
|
|
The `class_id_max` is wrong due to `tmp.sort` of Strings
If we have class 5 and class 10 we get sorted max value 5, expected 10
```
>>> tmp = ['5', '10']
>>> tmp.sort()
>>> tmp
['10', '5']
>>>
>>> hex(5+1)
'0x6'
>>>
>>> hex(10+1)
'0xb'
>>>
```
This way we get wrong default maximum class value:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6
```
Expect:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b
```
Fix this converting Strings to Integers and get max value.
(cherry picked from commit 2e8fa45c7f0663549edd118622b3381e7c428b2e)
|
|
T5828: fix grub installation on arm64-efi machines (backport #2643)
|
|
Since the migration of GRUB handling to vyos-1x, the grub install
sequence has hardcoded references to x86.
Change the GRUB sequence so it can work on arm64 as well.
(cherry picked from commit 37bd574c4e1f49b03f985c4293513ff7107ae82f)
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
(cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
|
|
This extends commit 9199c87cf ("init: T2044: always start/stop rpki during
system boot") to check the bootup configuration if an RPKI cache is defined.
Only start RPKI if this is the case.
(cherry picked from commit 9b8e11e078c42e3ae86ebfa45fec57336f25a0af)
|
|
The current calculation `r2q` is wrong as it uses `Floor division`
but expecting `division`
This way `math.ceil` calculate wrong value as we expect
round a number upward to its nearest integer
For example for speed 710 mbits expected value `444` but we get `443`
```
from math import ceil
MAXQUANTUM = 200000
speed = 710000000
speed_bps = int(speed) // 8
>>> speed_bps // MAXQUANTUM
443
>>> speed_bps / MAXQUANTUM
443.75
>>>
>>>
>>> ceil(speed_bps // MAXQUANTUM)
443
>>> ceil(speed_bps / MAXQUANTUM)
444
>>>
```
(cherry picked from commit ce1035e1e8642bf740e2a21693a72fe2127b8f72)
|
|
(cherry picked from commit d80530c48a78dfeb55293494a257f6234b0ef76d)
|
|
Commit b152b5202 ("configdict: T5894: add get_config_dict() flag with_pki")
added the generic PKI flag but if there was no PKI subsystem available
in the configuration, no pki dict key ever manifested in the resulting
dictionary requested by the caller.
This is different to the old behavior (which each caller implementing the call
itself) where there always was a pki key present - even if it was empty.
This triggered a bug in the IPSec script
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 600, in <module>
verify(ipsec)
File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 372, in verify
verify_pki_rsa(ipsec['pki'], rsa)
~~~~~^^^^^^^
KeyError: 'pki'
As it wanted to verify keys, but there was no pki dictionary key available.
This commit restores the previous behavior.
(cherry picked from commit 9b56a86def674886721a367c02371f9da65c3fd3)
|
|
(cherry picked from commit 61342083d7db8c30d015474fae5cb71f480487d8)
|
|
T5971: Rewritten ppp options in accel-ppp services (backport #2891)
|
|
Rewritten 'ppp-options' to the same view in all accel-ppp services.
Adding IPv6 support to PPTP.
(cherry picked from commit d9e57fe65dd538c6ea80637f4f6f23cf11dc583d)
|
|
|
|
appropiate commands to populate such groups using source and destination address of the packet.
(cherry picked from commit 6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122)
|
|
T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp (backport #2832)
|
|
The default `bandwidth` and `ceiling` should calculate values
based on <tag> bandwidth but currently it gets the value from
qos.base `/sys/class/net/{self._interface}/speed`
```
set qos policy shaper SHAPER bandwidth '20mbit'
set qos policy shaper SHAPER default bandwidth '95%'
set qos policy shaper SHAPER default ceiling '100%'
```
It causes wrong calculations for class `default` i.e
950Mbit for bandwidth (expected 95% of bandwidth, 19Mbit)
1Gbit for ceil (expected 100% of bandwidth, 20Mbit)
Gets incorrect values
```
r4# tc class show dev eth1
class htb 1:1 root rate 20Mbit ceil 20Mbit burst 1600b cburst 1600b
class htb 1:a parent 1:1 leaf 8053: prio 0 rate 200Kbit ceil 200Kbit burst 1Mb cburst 1600b
class htb 1:b parent 1:1 leaf 8054: prio 7 rate 950Mbit ceil 1Gbit burst 15200b cburst 1375b
```
Fix this
(cherry picked from commit 6ddfe6328e1cbdde1b70763b39e3a87f8374755a)
|
|
Moved ipv6 pools to named ipv6 pools in accel-ppp services
(cherry picked from commit d187803c31175e471397dd4f77040ab56d2e1073)
|
|
system-option: T5979: Add configurable kernel boot options (backport #2886)
|
|
(cherry picked from commit 858ccb20b3e0c326fc7b7f791bd6798cf15b6b46)
|
|
(cherry picked from commit d603b1e3b2d0edb5a996b687236c12b50ad60259)
|
|
(cherry picked from commit 1b1569d5b88a20994fc65fd529f8103db371bf3f)
|
|
Typo (missaligned -/_) in the code causes hw-tc-offload to never be enabled in
the underlaying hardware via ethtool.
(cherry picked from commit bfb7e4f2b3743ae3c9a132daf4e2109e90d27f26)
|
|
T5957: fix removal of interface in firewall rules. (backport #2873)
|
|
(cherry picked from commit 0a436e1fce66391311799bc970f05f6f4ba880ad)
|
|
QoS policy shaper-hfsc was not implemented after rewriting the
traffic-policy to qos policy. We had CLI but it does not use the
correct class. Add a basic implementation of policy shaper-hfsc.
Write the class `TrafficShaperHFS`
(cherry picked from commit f6b6ee636e34f98d336ee53599666afd1f395d78)
|
|
firewall: T5729: T5681: T5217: backport subsystem from current branch
|
|
This is a combined backport for all accumulated changes done to the firewall
subsystem on the current branch.
|
|
If we have QoS policy shaper class match `vif` (VLAN) we have to
use `basic match "meta(vlan mask 0xfff eq xxx)` instead of
`action policy`
Actual incorrect TC filter:
tc filter add dev eth1 parent 1: protocol all prio 1 action police rate 100000000 burst 15k flowid 1:64
The correct TC filter after fix:
tc filter add dev eth1 parent 1: protocol all prio 1 basic match "meta(vlan mask 0xfff eq 100)" flowid 1:64
(cherry picked from commit bb532f7f65930f8bc42e3bf3ebbcc690bffcfd0a)
|
|
It is impossible to detect interface speed for some devices
for exmaple virtio interfaces:
```
vyos@r4:~$ cat /sys/class/net/eth1/speed
-1
```
It causes wrong negative calcultaions like:
- bandwidth: -1000000
- 4% of bandwidth: -40000
tc class replace dev eth1 parent 1: classid 1:1 htb rate -1000000
tc class replace dev eth1 parent 1:1 classid 1:a htb rate -40000
Fix this with checking negative value.
Add default interface speed to 1000 Mbit if we cannot detect the
interface speed, the current default value 10 Mbit is too low
for nowadays
(cherry picked from commit a7fe02e989cf7034609cb833c86143660eb609d5)
|
|
(cherry picked from commit 844e35dea0500c48ff942ef4542dbb7a25b9dc7d)
|