Age | Commit message (Collapse) | Author |
|
|
|
ConfigTreeQuery()
When VyOS is booting and an interface is brought up (PPPoE) which requires a
user callback script that is executed asynchronously when the interface is up
we can not use Config(). The problem is, Config() is not available when
the system starts and the initial commit is still processed.
We need to move to ConfigTreeQuery() which was build for this exact same
purpose. TO reduce side effects and also dependencies on the entire
vyos.configdict library the set_level()/get_level() calls got eliminated
from within the library. All calls to functions like:
* get_removed_vlans()
* is_node_changed()
* leaf_node_changed()
* is_mirror_intf()
* ...
Now require that the full config path to the node is passed.
|
|
|
|
|
|
|
|
Interface.get_config() was always a pure helper which exposed a "per interface
type" dictionary which was then fed by the caller to create interfaces by
iproute2 which required additional options during creation time.
Such interfaces had been:
* tunnel
* vxlan
* geneve
* macsec
* wifi
* macvlan / pseudo-ethernet
The code was always duplicated to convert from the VyOS CLI based get_config_dict()
to a dict which can be used to feed iproute2.
This path has been removed and we now always feed in the entire dictionary
retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper
get_interface_dict() to the interface we wan't to create.
This also adds the - personally long awaited - possibility to get rid of the
derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on.
|
|
|
|
The config path is altered in get_interface_dict() to the base of the interface
in question, e.g. 'interfaces macsec macsec1' - this must be reflected when
calling othe methods of Config().
|
|
If for whatever reason the macsec interface dropped out of the Kernel - only
call .remove() when it still exists to avoid any exceptions at all.
|
|
Introduced in commit 818a75c024e ("ifconfig: T2653: get_mtu() should return
int() for easier comparison") where the variable used in the formatted string
has not been adjusted.
|
|
Using an MTU less then the required 1280 bytes (as per RFC) on an interface
where IPv6 is not explicitly disabled by:
- set interfaces ethernet eth1 ipv6 address no-default-link-local
- not having any other IPv6 address configured
Will now trigger a commit error via verify() instead of raising
FileNotFoundError!
|
|
|
|
|
|
Add verify() step to ensure the macsec source-interface is not already part
of a bridge interface. This should probably also be checked for bond interfaces.
|
|
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for
802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not
make the user juggle with the MTU bytes if he enables VLAN support later on,
which is yet to come.
|
|
A lot of derived classes from Interface implemented their own get_config()
method which more or less was the same everywhere. We also hat different
qualifiers like @staticmethod or @classmethod.
This is now changed to only have the @classmethod in Interface base class which
will return the necessary dictionary keys for the required interfaces. This
change is a mid reduction in lines of code which is always a very nice thing!
|
|
|
|
Further reduce the boiler-plate code to determine interface tag node or not.
It can be passed into get_interface_dict() if explicitly required - else it
is taken from the environment.
|
|
After switching from raw parsing of the interface options to get_config_dict()
this utilizes another utility function which wraps get_config_dict() and adds
other common and reused parameters (like deleted or bridge member).
Overall this drops redundant code (again) and makes the rest more maintainable
as we only utilize a single function.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
airbag must now be explicitly installed.
the patch also allow to fully disables the installation of the logging
code at setup (and not just installing and doing nothing)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
With enabled encryption keys must be configured.
|
|
|
|
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node
should reflect that.
|
|
|
|
This is best suited as a key is required, too.
|
|
|
|
|
|
By default MACsec only authenticates traffic but has support for optional
encryption. Encryption can now be enabled using:
set interfaces macsec <interface> encrypt
|
|
|