summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces-tunnel.py
AgeCommit message (Collapse)Author
2022-02-14tunnel: T4154: import cleanupChristian Poessinger
2022-02-14tunnel: T4154: verify() no more then one GRE tunnel is used w/o "ip key" per ↵Christian Poessinger
interface It is impossible for the OS kernel to distinguish multiple GRE tunnels when no "gre key" is configured when sourcing tunnels from the same interface.
2021-10-31tunnel: T3956: GRE key check must not be run on our own interface instanceChristian Poessinger
(cherry picked from commit e482377b29df05e60dbdb31d6276ae2030ffa2f9)
2021-10-20tunnel: T3921: bugfix KeyError for source-addressChristian Poessinger
(cherry picked from commit 1312068cb9743dd4d16edd37dbed9c142724997e)
2021-10-08tunnel: T3893: harden logic when validating tunnel parametersChristian Poessinger
Different types of tunnels have different keys set in get_interface_config(). Thus it should be properly verified (by e.g. using dict_search()) that the key in question esits to not raise KeyError.
2021-09-02tunnel: T3788: Add check keys for ipip and sitViacheslav
Keys are not allowed with ipip and sit tunnels
2021-09-01tunnel: T2920: Add checks tun with same source addr and keysViacheslav
2 tunnels with the same local-address should has different keys Check existing tunnels (source-address key) with new tunnel.
2021-08-30tunnel: T3786: Add checks for source any and not keyViacheslav
2021-06-16tunnel: T3555: fix configuration error message grammarChristian Poessinger
2021-05-24tunnel: T3555: add "ignore-df" support for GRE tunnelsChristian Poessinger
2021-04-05tunnel: T3030: move erspan type into regular tunnel interfaceChristian Poessinger
Instead of having a dedicated ERSPAN interface type, rather move the specifics into "interface tunnel". A migrator is not needed as there is yet no LTS release with this feature and this is considered experimental.
2021-03-14vyos.util: rename get_json_iface_options() -> get_interface_config()Christian Poessinger
2021-03-04tunnel: T3381: fix error when switching from mGRE to GRE modeChristian Poessinger
Linux does not support changing the remote address from any (multipoint GRE as used by DMVPN) to a discrete remote address. THis will return an error: add tunnel "tun1" failed: Invalid argument This can be handled by detecting the mGRE -> GRE change and re-create the tunnel silently.
2021-03-03tunnel: T2966: add ip6gretap encapsulation supportChristian Poessinger
2021-02-28vyos.util: provide single implementation for get_json_iface_options()Christian Poessinger
There had been four implementations of "ip -d -j link show interface" scattered accross the codebase. Those implementations have now been combined into a new helper: vyos.util.get_json_iface_options()
2021-02-28tunnel: T3364: rename encapsulation mode "gre-bridge" to "gretap"Christian Poessinger
The following list shows the mapping of VyOS tunnel encapsulation modes to the corresponding Linux modes. VyOS Linux gre gre gre-bridge gretap ipip ipip ipip6 ipip6 ip6ip6 ip6ip6 ip6gre ip6gre sit sit Besides gre-bridge this is pretty consistent. As bridge interfaces are also called tap interfaces gre-bridge will be renamed to gretap to make the post-processing much easier. This means (in detail) that there are no more child classes of _Tunnel and there will be now one geneirc TunnelIf class handling all sorts of encapsulation.
2021-02-28vyos.ifconfig: T1579: remove calls to vyos.ifconfig.Interface.get_config()Christian Poessinger
Interface.get_config() was always a pure helper which exposed a "per interface type" dictionary which was then fed by the caller to create interfaces by iproute2 which required additional options during creation time. Such interfaces had been: * tunnel * vxlan * geneve * macsec * wifi * macvlan / pseudo-ethernet The code was always duplicated to convert from the VyOS CLI based get_config_dict() to a dict which can be used to feed iproute2. This path has been removed and we now always feed in the entire dictionary retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper get_interface_dict() to the interface we wan't to create. This also adds the - personally long awaited - possibility to get rid of the derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on.
2021-02-22tunnel: T3072: remove duplicate key from mapping dict used in apply()Christian Poessinger
2021-02-02tunnel: T3030: Modify the command line to streamline configuration (support ↵jack9603301
package type automatic detection)
2021-01-21xml: T3239: override default mtu values and remove workaroundsJohn Estabrook
2021-01-15tunnel: T3173: path MTU discovery option should be valuelessChristian Poessinger
2021-01-10tunnel: T3173: Add nopmtudisc parameter for tunnels conf-modesever-sever
2021-01-07vyos.configverify: provide generic helper to check for interface existenceChristian Poessinger
2020-11-20tunnel: T3072: bugfix KeyError for IPv6 GRE verify codeChristian Poessinger
2020-11-20tunnel: T3072: support changing tunnel encapsulation on-the-flyChristian Poessinger
2020-11-20tunnel: T3072: interfaces used for NHRP can not be deletedChristian Poessinger
2020-11-20tunnel: T3072: migrate to get_config_dict()Christian Poessinger
2020-11-13vyos.template: provide general is_ip(v4|v6) helpersChristian Poessinger
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.
2020-10-17ifconfig: T2985: support on demand bridge creationChristian Poessinger
The current implementation for bridge based interfaces has an issue which is caused by priority inheritance. We always assumed that the bridge interface will be created last, but this may not be true in all cases, where some interfaces will be created "on demand" - e.g. OpenVPN or late (VXLAN, GENEVE). As we already have a bunch of verify steps in place we should not see a bridge interface leak to the underlaying infrastructure code. This means, whenever an interface will be member of a bridge, and the bridge does yet not exist, we will create it in advance in the interface context, as the bridge code will be run in the same commit but maybe sooner or later. This will also be the solution for T2924.
2020-09-22ifconfig: T2653: move is_member() from vyos.vylidate to vyos.configdictChristian Poessinger
2020-08-31configd: T2582: add scripts to include list for daemonJohn Estabrook
2020-06-29tunnel: T2649: ConfigurationState, do not inherit from ConfigThomas Mangin
2020-06-23tunnel: T2633: add support for ip (arp) commandsThomas Mangin
2020-05-29airbag: T2088: explicit enabling of the featureThomas Mangin
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing)
2020-05-18flake8: T2475: fix a number of issue reported by flake8Thomas Mangin
2020-05-12T2449: Fixing key to appropriate onekroy-the-rabbit
2020-05-12tunnel: T2449: bugfix KeyError 'address'Christian Poessinger
Commit 9e5c6a935e2f55 ("tunnel: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is set") referenced wrong key in dict.
2020-05-11tunnel: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is setJernej Jakob
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2 (default for accept_ra is 1).
2020-05-04tunnel: T2241: cleanup verify sectionJernej Jakob
- make error output more user friendly - replace .format with f-strings - split into lines less than ~80 characters long
2020-05-04tunnel: T2241: fix falling out of bridge when changing settingsJernej Jakob
Previously, set_vrf was always called, which uses the same master and nomaster commands as bridge, so it removed the interface from the bridge. - add checks to make VRF and bridge membership mutually exclusive
2020-05-04tunnel: T2241: make address and bridge membership mutually exclusiveJernej Jakob
Bridge members should not have any addresses assigned.
2020-05-04tunnel: T2241: make VRF and bridge membership mutually exclusiveJernej Jakob
2020-05-04validate: T2241: rewrite is_bridge_member to generic is_memberJernej Jakob
- rewrite the function to support both bridge and bonding interface types, if the type is passed it searches only that type, otherwise it searches both - move is_member check out of the deleted condition - move is_member check to intf_from_dict for interfaces that use it
2020-04-23tunnel: 2374: fix use of disableThomas Mangin
2020-04-21tunnel: T2204: add source-interfaceThomas Mangin
2020-04-20bridge: T2320: fix to tunnelThomas Mangin
2020-04-20bridge: T2320: add to tunnelThomas Mangin
2020-04-15tunnel: T31: check that the assigned VRF existsThomas Mangin
2020-04-12tunnel: T2028: fix issue when booting without gre remoteThomas Mangin
2020-04-11dhcp: T2265: refactor DHCP classThomas Mangin
Break the code between v4 and v6, remove need for getter/setter as they are just exposing the underlying dict. Move FixedDict from tunnel code and expose it to other part so it can be used to prevent accidental change to the dhcp option if no default exists already.