Age | Commit message (Collapse) | Author |
|
The original commit 2c1c36135 ("wireguard: T5413: Blocked adding the peer with
the router's public key") did not honor the fact that there might be no
private-key CLI node defined for a WireGuard interface. If this is the case,
private-key defaults to "default". This fact needs to be handled in the
migration script.
|
|
Disabled adding the peer with the same public key as the router has.
Backport from current
https://github.com/vyos/vyos-1x/pull/2122
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
(cherry-picked form commit bd9416a6aa9d5d0a746dc2cebc8d0330fd27d1a2)
|
|
|
|
It makes no sense to have a parser for the ethtool values in ethtool.py
and ethernet.py - one instance ios more then enough!
(cherry picked from commit 0229645c8248decb5664056df8aa5cd5dff41802)
|
|
Not all interface drivers have the ability to change the speed and duplex
settings. Known drivers with this limitation are vmxnet3, virtio_net and
xen_netfront. If this driver is detected, an error will be presented to the
user.
(cherry picked from commit cc742d48579e4f76e5d3230d87e22f71f76f9301)
|
|
Deprecated in the Linux Kernel by commit 08a00fea6de277df12ccfadc21 ("net:
Remove references to NETIF_F_UFO from ethtool.").
|
|
An analysis of the code base from VyOS 1.2 -> 1.3 -> 1.4 revealed the following
"root-cause"
VyOS 1.2 uses the "old" node.def file format for:
* Generic Segmentation Offloading
* Generic Receive Offloading
So if any of the above settings is available on the configuration CLI, the
node.def file will be executed - this is how it works.
By default, this CLI option is not enabled in VyOS 1.2 - but the Linux Kernel
enables offloading "under the hood" by default for GRO, GSO... which will boost
the performance for users magically.
With the rewrite in VyOS 1.3 of all the interface related code T1579, and
especially T1637 this was moved to a new approach. There is now only one handler
script which is called whenever a user changes something under the interfaces
ethernet tree. The Full CLI configuration is assembled by get_interface_dict() -
a wrapper for get_config_dict() which abstracts and works for all of our
interface types - single source design.
The problem now comes into play when the gathered configuration is actually
written to the hardware, as there is no GSO, GRO or foo-offloading setting
defined - we behave as instructed and disable the offloading.
So the real bug originates from VyOS 1.2 and the old Vyatta codebase, but the
recent XML Python rewrites brought that one up to light.
Solution:
A configuration migration script will be provided starting with VyOS 1.3 which
will read in the CLI configuration of the ethernet interfaces and if not
enabled, will query the adapter if offloading is supported at all, and if so,
will enable the CLI nodes.
One might say that this will "blow" the CLI configuration but it only represents
the truth - which was masked in VyOS 1.2.
|
|
It is easier to backport the entire vyos.ifconfig library from 1.4 instead of
backporting single pieces which are required to add new feature to the tunnel
interface section.
In addition that both libraries are now back in sync it will become much easier
to backport any other new feature introduced in VyOS 1.4!
|
|
(cherry picked from commit e24e35e1ac11a0771b15417af191694fd0b88022)
|
|
(cherry picked from commit d20dd7a0e6af08a80c7c911e7b151f28e4666173)
|
|
(cherry picked from commit c2a1c071e7d0a9ca754d7f5016eed7db188b3d1a)
|
|
Commit c17f259d ("router-advert: T3561: add support for specific routes") used
tabs over spaces in the Migration script which triggered a TabError (inconsistent
use of tabs and spaces in indentation").
(cherry picked from commit acc701bac3483a3242c77a2e00c076890e27eea9)
|
|
Co-authored-by: Mark Royds <mark.royds@vitaminit.co.uk>
(cherry picked from commit c17f259d09abd2bf632d09400fe8deb4c2781d32)
|
|
Migrate from
ethernet eth1 {
offload-options {
generic-receive on
generic-segmentation on
scatter-gather on
tcp-segmentation on
udp-fragmentation on
}
}
to
ethernet eth1 {
offload {
ufo
tso
sg
gso
gro
}
}
|
|
|
|
|
|
|
|
IPv6 enable can be considered once the ipv6 node is present!
|
|
When VyOS boots the first time with the default configuration there it actually
no "interface ethernet" node present in the config, thus we must exit the
migrator.
Without this change vyos.configtree.ConfigTreeError: Path [b'interfaces ethernet']
doesn't exist will be thrown.
|
|
After migrating the ethernet interfaces from the good old Perl days the
smp-affinity node yet has no effect anymore as the code is still missing (my
bad, sorry).
Drop the smp-affinity node and rather use tuned instead with the
network-throughput or network-latency profile.
- network-throughput: Profile for throughput network tuning. It is based on the
throughput-performance profile. It additionaly increases kernel network buffers.
- network-latency: Profile for low latency network tuning. It is based on the
latency-performance profile. It additionaly disables transparent hugepages,
NUMA balancing and tunes several other network related sysctl parameters.
I'd set network-throughput as the default on a new set system option performance
<throughput | latency> CLI node which is present in the default configuration.
https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf
|
|
definition
|
|
|
|
Both PPPoE and WWAN interfaces are dialer interfaces handled by ppp, but use
different CLI nodes for the same functionality. PPPoE has "connect-on-demand"
to initiate an "on-demand" dialing and WWAN uses "ondemand" for this purpose.
Rename WWAN "ondemand" node to "connect-on-demand".
|
|
In the past we had to provide the ethertype value used for the VLAN
protocol (0x88A8 -> 802.1ad or 0x8100 -> 802.1q).
This should be changed to a more user friendly CLI node (protocol over
ethertype) and 802.1ad over it's raw value 0x88A8. There is no need in
presenting RAW information from the ethernet header to the user. Also iproute2
calls it protocol which makes way more sense over the "raw" value.
|
|
The current CLI did not support multiple prefix-delegations per interface. Some
ISPs only send one /64 to a client per prefix-delegation request, but they
allow the customer to request multiple prefixes.
The 'dhcpv6-options prefix-delegation' node has been renamed and converted to a
tag node named 'dhcpv6-options pd'. The tag node specifies a PD request (>=0).
In the past the user needed to know what prefix will be assigned and required
to calculate the sla-len by himself. The 'sla-len' node was dropped and is now
calculated in the background from the 'dhcpv6-options pd 0 length' node.
It is no longer mandatory to supply the 'sla-id' node, if sla-id is not
specified it is 'guessed' by counting upwards.
Example configuration:
----------------------
ethernet eth1 {
address dhcpv6
dhcpv6-options {
pd 0 {
length 56
interface eth2 {
address 1
}
}
}
}
This will request a /56 assignment from the ISP and will delegate a /64 network
to interface eth2. VyOS will use the interface address ::1 on the delegate
interface (eth2) as its local address.
|
|
Migration files on the storage should be done one time by a migration script
instead of every time the configuration changes. Moving this to an older
migration script is fine as this is around for a long time and all rolling
releases are already up2date. It only affects updates from VyOS 1.2 series.
|
|
By implementation misstake we exited the migrationscript if no VXLAN interface
was found but this was wrong as the same loop is used on pseudo-ethernet
interfaces. The Migrator previously only worked on pseudo-ethernet when
also a VXLAN interface was present. This has been corrected.
|
|
Boolean nodes have been removed b/c a boolean value makes less sense. The same
behavior can be achieved with the presence or absence of a node. Unfortunately
the 'autonomous-flag' node has been a negated one which did not migrate
it to 'no-autonomous-flag' if it was set to false previously.
|
|
During testing it was discovered that there is a well known problem (we had for
ethernet interfaces) also in the serial port world. They will be enumerated and
mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially
painful on my development APU4 board which also has a Sierra Wireless MC7710
LTE module installed.
The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the
amount of serial port extenders attached (FT4232H).
The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves
this by enumerating the devices into /dev/serial/by-id folder with their name
and serial number - it's a very good idea but I've found that not all of the
FT4232H dongles have a serial number programmed - this leads to the situation
that when you plug in two cables with both having serial number 0 - only one
device symlink will appear - the previous one is always overwritten by the
latter one.
Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus
directory and group devices by attached USB root port.
vyos@vyos:~$ find /dev/serial/by-bus/ -name usb* -exec basename {} \; | sort
usb0b1.3p1.0
usb0b1.3p1.2
usb0b1.3p1.3
usb0b2.4p1.0
usb0b2.4p1.1
usb0b2.4p1.2
usb0b2.4p1.3
So we have USB root 0 with bus 1.3 and port 1.0. The enumeration is constant
accross reboots.
|
|
|
|
Rename the CLI nodes for prefix delegation from "dhcpv6-options delegate
<interface>" to "dhcpv6-options prefix-delegation interface <interface>".
The change is required to add the possibility to request for specific prefix
sized via the CLI. That option was not possible with the old configuration
tree.
|
|
|
|
|
|
WireGuard has been the only subsystem combining a remote ip address and a
remote port number into a single node. This is bad as there is no possiblity
for the XML based input validation for IP address and port numbers.
That's the reason the peer endpoint node goets migrated into a peer address
and a peer port node utilizing the embedded syntax node checking for IP
addresses and port ranges.
|
|
|
|
|
|
... those nodes mean link-mtu advertisement is disabled in radvd and thus we
delete the node completely as it's useless.
|
|
|
|
Instead of letting the user choose between auto and none where auto is default,
it makes more sesne to just offer an option to disable the default behavior.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
vyos@vyos# show interfaces pppoe
pppoe pppoe0 {
default-route force
link eth2.7
mtu 400
name-server auto
password 12345678
user-id vyos@vyos.io
}
|
|
|
|
VLAN interfaces assigned to a bridge as member have not been migrated so far.
This was the case for vif, vif-s and vif-c interfaces. The migration code has
been generalized in migrate_bridge() so it is re-usable for regular interfaces,
vif, vif-s and vif-c interfaces - all now use the same code.
|
|
Adopt RADIUS configuration and harmonize it with the rest of VyOS. Move the
following configuration block:
security {
wpa {
cipher CCMP
mode wpa2
radius-server 172.16.100.10 {
port 1812
secret secretkey
}
radius-server 172.16.100.11 {
port 1812
secret secretkey
}
}
}
to the harmonized version of:
security {
wpa {
cipher CCMP
mode wpa2
radius {
server 172.16.100.10 {
port 1812
secret secretkey
}
server 172.16.100.11 {
port 1812
secret secretkey
}
}
}
}
And add the new "set interfaces wireless wlan0 security wpa radius
source-address" CLI command to specify the origin of any RADIUS query on
systems having multiple IP addresses.
|