summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces-tunnel.py
AgeCommit message (Collapse)Author
2023-08-17T5223: Fix removing key id for GRE tunnelViacheslav Hletenko
Fix for removing key id from GRE tunnel Before fix: del interfaces tunnel tun10 parameters ip key commit sudo ip tunnel show tun10 tun10: gre/ip remote 203.0.113.254 local 192.168.122.11 ttl 64 tos inherit key 1234 After the fix: sudo ip tunnel show tun10 tun10: gre/ip remote 203.0.113.254 local 192.168.122.11 ttl 64 tos inherit
2023-03-09T5066: Fix GRE tunnel variable name for verify check keysViacheslav Hletenko
2022-07-18interfaces: T4525: interfaces can not be member of a bridge/bond and a VRFChristian Poessinger
(cherry picked from commit 81e0f4a8dece85da7169ba05448e870206aaf57b)
2022-02-23tunnel: T4267: "parameters ip key" on GRE not required for different remotesChristian Poessinger
(cherry picked from commit e64d45717940aa4fb4a072065bdfa04f884d00cc)
2022-02-14tunnel: T4154: import cleanupChristian Poessinger
(cherry picked from commit 122c7a53575f67759f157e02eca776f799658dc1)
2022-02-14tunnel: T4154: verify() no more then one GRE tunnel is used w/o "ip key" per ↵Christian Poessinger
interface It is impossible for the OS kernel to distinguish multiple GRE tunnels when no "gre key" is configured when sourcing tunnels from the same interface. (cherry picked from commit 6f1326d6b68f6dcb83843374c876407ef2922bd1)
2021-10-31tunnel: T3956: GRE key check must not be run on our own interface instanceChristian Poessinger
2021-10-20tunnel: T3921: bugfix KeyError for source-addressChristian Poessinger
2021-10-08tunnel: T3893: harden logic when validating tunnel parametersChristian Poessinger
Different types of tunnels have different keys set in get_interface_config(). Thus it should be properly verified (by e.g. using dict_search()) that the key in question esits to not raise KeyError. (cherry picked from commit 5aadf673497b93e2d4ad304e567de1cd571f9e25)
2021-09-06tunnel: T2920: Add checks tun with same source addr and keysViacheslav
2 tunnels with the same local-address should has different keys Check existing tunnels (source-address key) with new tunnel.
2021-09-02tunnel: T3788: Add check keys for ipip and sitViacheslav
Keys are not allowed with ipip and sit tunnels (cherry picked from commit 7e84566dedfdc532ffe05b404005daa6f21df567)
2021-08-30tunnel: T3786: Add checks for source any and not keyViacheslav
(cherry picked from commit 5c29377fa91595088118419275f6d05b1fbfbd1d)
2021-07-25ifconfig: backport ifconfig framework from 1.4 to support new tunnel optionsChristian Poessinger
It is easier to backport the entire vyos.ifconfig library from 1.4 instead of backporting single pieces which are required to add new feature to the tunnel interface section. In addition that both libraries are now back in sync it will become much easier to backport any other new feature introduced in VyOS 1.4!
2021-05-20vyos.util: T3532: Replace func get_interface_configViacheslav Hletenko
Replace function get_interface_config to function get_interface_config, as we have in 1.4 branch. It need after this cherry-picked commit edcdea8
2021-03-06tunnel: T3381: fix error when switching from mGRE to GRE modeChristian Poessinger
Linux does not support changing the remote address from any (multipoint GRE as used by DMVPN) to a discrete remote address. THis will return an error: add tunnel "tun1" failed: Invalid argument This can be handled by detecting the mGRE -> GRE change and re-create the tunnel silently. (cherry picked from commit ea2a22f7844735021fb638c911527e612abfbc69)
2021-03-06vyos.util: provide single implementation for get_json_iface_options()Christian Poessinger
There had been four implementations of "ip -d -j link show interface" scattered accross the codebase. Those implementations have now been combined into a new helper: vyos.util.get_json_iface_options() (cherry picked from commit f13cc56d665a91ff3fac47df260301afefb1a3a5)
2021-02-27tunnel: T3366: support changing tunnel parameters for gre-bridgeChristian Poessinger
Linux prevents changing parameters on a gretap (which is used by gre-bridge) interfaces. To overcome this limitation a tunnel must be destroyed and recreated on demand when gre-bridge is used.
2021-02-22tunnel: T3072: remove duplicate key from mapping dict used in apply()Christian Poessinger
(cherry picked from commit 09b1b533d14e029427234ca153c0b700dbf04a09)
2021-02-03xml: T3239: override default mtu values and remove workaroundsJohn Estabrook
(cherry picked from commit ea4c72ed0dbcee3f7e8f9693c5310190833651d8)
2021-01-07vyos.configverify: provide generic helper to check for interface existenceChristian Poessinger
2020-11-20tunnel: T3072: bugfix KeyError for IPv6 GRE verify codeChristian Poessinger
2020-11-20tunnel: T3072: support changing tunnel encapsulation on-the-flyChristian Poessinger
2020-11-20tunnel: T3072: interfaces used for NHRP can not be deletedChristian Poessinger
2020-11-20tunnel: T3072: migrate to get_config_dict()Christian Poessinger
2020-11-13vyos.template: provide general is_ip(v4|v6) helpersChristian Poessinger
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.
2020-10-17ifconfig: T2985: support on demand bridge creationChristian Poessinger
The current implementation for bridge based interfaces has an issue which is caused by priority inheritance. We always assumed that the bridge interface will be created last, but this may not be true in all cases, where some interfaces will be created "on demand" - e.g. OpenVPN or late (VXLAN, GENEVE). As we already have a bunch of verify steps in place we should not see a bridge interface leak to the underlaying infrastructure code. This means, whenever an interface will be member of a bridge, and the bridge does yet not exist, we will create it in advance in the interface context, as the bridge code will be run in the same commit but maybe sooner or later. This will also be the solution for T2924.
2020-09-22ifconfig: T2653: move is_member() from vyos.vylidate to vyos.configdictChristian Poessinger
2020-08-31configd: T2582: add scripts to include list for daemonJohn Estabrook
2020-06-29tunnel: T2649: ConfigurationState, do not inherit from ConfigThomas Mangin
2020-06-23tunnel: T2633: add support for ip (arp) commandsThomas Mangin
2020-05-29airbag: T2088: explicit enabling of the featureThomas Mangin
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing)
2020-05-18flake8: T2475: fix a number of issue reported by flake8Thomas Mangin
2020-05-12T2449: Fixing key to appropriate onekroy-the-rabbit
2020-05-12tunnel: T2449: bugfix KeyError 'address'Christian Poessinger
Commit 9e5c6a935e2f55 ("tunnel: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is set") referenced wrong key in dict.
2020-05-11tunnel: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is setJernej Jakob
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2 (default for accept_ra is 1).
2020-05-04tunnel: T2241: cleanup verify sectionJernej Jakob
- make error output more user friendly - replace .format with f-strings - split into lines less than ~80 characters long
2020-05-04tunnel: T2241: fix falling out of bridge when changing settingsJernej Jakob
Previously, set_vrf was always called, which uses the same master and nomaster commands as bridge, so it removed the interface from the bridge. - add checks to make VRF and bridge membership mutually exclusive
2020-05-04tunnel: T2241: make address and bridge membership mutually exclusiveJernej Jakob
Bridge members should not have any addresses assigned.
2020-05-04tunnel: T2241: make VRF and bridge membership mutually exclusiveJernej Jakob
2020-05-04validate: T2241: rewrite is_bridge_member to generic is_memberJernej Jakob
- rewrite the function to support both bridge and bonding interface types, if the type is passed it searches only that type, otherwise it searches both - move is_member check out of the deleted condition - move is_member check to intf_from_dict for interfaces that use it
2020-04-23tunnel: 2374: fix use of disableThomas Mangin
2020-04-21tunnel: T2204: add source-interfaceThomas Mangin
2020-04-20bridge: T2320: fix to tunnelThomas Mangin
2020-04-20bridge: T2320: add to tunnelThomas Mangin
2020-04-15tunnel: T31: check that the assigned VRF existsThomas Mangin
2020-04-12tunnel: T2028: fix issue when booting without gre remoteThomas Mangin
2020-04-11dhcp: T2265: refactor DHCP classThomas Mangin
Break the code between v4 and v6, remove need for getter/setter as they are just exposing the underlying dict. Move FixedDict from tunnel code and expose it to other part so it can be used to prevent accidental change to the dhcp option if no default exists already.
2020-04-09Revert "tunnel: T2028: prevent single 'remote' keyword"Christian Poessinger
This reverts commit 37973a13bbc168c09e5f4d1e606f91fd7ffbb41a.
2020-04-09Merge pull request #317 from thomas-mangin/T2028-remoteChristian Poessinger
tunnel: T2028: fix remote and registration
2020-04-08tunnel: T2028: prevent single 'remote' keywordThomas Mangin
When the remote keywrod is ommited, the default value of '' is still set, therefore the ip command will include it. Remote is now removed if unset.