Age | Commit message (Collapse) | Author |
|
|
|
|
|
airbag :T2088: make airbag explicit
|
|
airbag must now be explicitly installed.
the patch also allow to fully disables the installation of the logging
code at setup (and not just installing and doing nothing)
|
|
After commit d5b58517f883 ("dhcpv6-pd: pppoe: T2506: restructure CLI") the
CLI syntax has been adjusted for a better definition of DHCPv6-PD prefix length
option. Verifying a properly rendered template indeed did not happen which
cause the function to vanish for non PPPoE interfaces.
|
|
|
|
Some ISPs (e.g. Comcast) only delegate a /64 by default. You have to explicitly
"ask" for a bigger (e.g. /60) prefix. This commit adds a CLI node to request
a specific prefix length in the range 32 - 64.
dhcpv6-options {
prefix-delegation {
length 60
}
}
|
|
Rename the CLI nodes for prefix delegation from "dhcpv6-options delegate
<interface>" to "dhcpv6-options prefix-delegation interface <interface>".
The change is required to add the possibility to request for specific prefix
sized via the CLI. That option was not possible with the old configuration
tree.
|
|
|
|
|
|
By default MACsec only authenticates traffic but has support for optional
encryption. Encryption can now be enabled using:
set interfaces macsec <interface> encrypt
|
|
|
|
|
|
|
|
|
|
util: T2467: automatically add sudo to known commands
|
|
|
|
|
|
|
|
Add support for prefix delegation when receiving the prefix via ethernet,
bridge, bond, wireless.
|
|
|
|
Dictionary is used to remove the amount of duplicated code by e.g. ethernet
or bridge interface.
|
|
|
|
|
|
|
|
The following configuration will assign a /64 prefix out of a /56 delegation
to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64.
If you do not know the prefix size delegated to you, start with sla-len 0.
pppoe pppoe0 {
authentication {
password vyos
user vyos
}
description sadfas
dhcpv6-options {
delegate eth0 {
interface-id 65535
sla-id 0
sla-len 8
}
}
ipv6 {
address {
autoconf
}
enable
}
source-interface eth1
}
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 2001:db8:8003:400::ffff/64 u/u
|
|
ISC does not support running the client on PPP(oE) interfaces which makes it
unusable for DHCPv6 Prefix Delegation tasks.
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Unsupported device type 512 for "pppoe0"
|
|
Currently accept_ra was set to 0 if 'address dhcpv6' was set on an
interface. This is wrong, as without RA, the system will get no routes
to the DHCPv6-obtained prefix.
Since the logic for accept_ra was moved to the interface scripts,
it can be removed from the dhclient code.
|
|
|
|
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2
(default for accept_ra is 1).
|
|
|
|
validator: T2417: try to make the code clearer
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Previously all vlan configs, which are dicts, were appended to a simple
list, with the distinguishing 'id' stored inside the dicts themselves.
This worked, but wasn't ideal.
This commit converts them to dicts, where the key is the VLAN ID and
value the config dict of that VLAN. This makes it posible to access
single VLANs by their ID (key) and we can for-loop and get both the ID
and config with: 'for vif_id, vif in conf["vif"].items():'
|
|
Commit 3fdf0093a introduced code that removed all addresses from an
interface when that interface is disabled. This is wrong, as other
configured services may be listening on these addresses and may fail to
start if their configured address isn't present.
It also caused a commit error when applying dhcp-server configuration:
DHCP server configuration error!
None of configured DHCP subnets does not have appropriate
primary IP address on any broadcast interface.
This commit reverts it to prior behavior, which was to just put the
interface admin down and leave all addresses configured, other than the
IPv6 'fe80::EUI-64/64' link-local, which it deletes, as the interface
may not have a MAC if it's put down.
|
|
Since lists in python are assigned by reference, taking the return value
from these functions and modifying it will modify all other return values
of functions that called the function before and did not explicitly copy
it.
To be safe, always make a copy of lists before returning them.
|
|
Add a function that converts an interface name to its config path.
For example: 'eth0.1.2' -> 'ethernet eth0 vif-s 1 vif-c 2'
|
|
Previously the function returned the correct basename only for vif interfaces
as it stopped at the 2nd dot. If we had a vif-s vif-c interface 'eth0.1.2' it
would return 'eth0.'. It is now fixed to strip both vif-s and vif-c if
'vlan=True' (default).
|
|
|
|
Bridge members should not have addresses assigned.
|
|
Bridge members should not have addresses assigned.
|
|
Previously, set_vrf was always called, which uses the same master and nomaster
commands as bridge, so it removed the interface from the bridge.
- add checks to make VRF and bridge membership mutually exclusive
- always re-add the interface back to any bridge it is part of in
case it is deleted and recreated (e.g. changing egress/ingress-qos)
|
|
Will be called by all interface scripts to re-add themselves to a bridge
after deleting and recreating themselves.
|