| Age | Commit message (Collapse) | Author |
|---|
|
interface: T4627: support setting of IPv6 Interface Identifier(Token)
|
|
Add common IPv6 CLI option (use ethernet as example):
set interfaces ethernet eth0 ipv6 address interface-identifier
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
Allowed VLAN ranges are unnecessarily deconstructed into individual vlans, and then added one by one to the bridge. This can take a long time if a large range like 1-4084 is used.
- python/vyos/configdict.py - Added get_vlans_ids_and_range function to return configured ranges
- python/vyos/ifconfig/bridge.py - Modified add and delete vlan section to not loop unnecessarily
|
|
This reverts commit bb70ea569f4548b103c54bbb7c393221a6da0a23.
|
|
|
|
WireGuardOperational().show_interface() method"
This reverts commit 98414a69f0018915ac999f51975618dd5fbe817d.
|
|
Always stop the DHCP client process to clean up routes within the VRF where the
process was originally started. There is no need to add a condition to only
call the method if "address dhcp" was defined, as this is handled inside
set_dhcp(v6) by only stopping if the daemon is running.
DHCP client process restart will be handled later on once the interface is
moved to the new VRF.
|
|
vyos.ifconfig: T5103: force dhclient restart on VRF change
|
|
An optional argument vrf_changed was added to the function signature but it
was not put to use. We only need to restart DHCP client on add_addr().
|
|
Previously the DHCPv6 client was restarted on any change to the interface,
including changes only to the interface description. Re-use pattern from IPv4
DHCP to only restart the DHCP client if necessary.
|
|
|
|
Moving an interface in, out or between VRFs will not re-install the received
default route. This is because the dhclient binary is not restarted in the new
VRF. Dhclient itself will report an error like: "receive_packet failed on
eth0.10: Network is down".
Take the return value of vyos.ifconfig.Interface().set_vrf() into account to
forcefully restart the DHCP client process and optain a proper lease.
|
|
Method is not referenced in the code base, remove dead code.
|
|
Extend ConfigTreeQuery().get_config_dict() with arguments to read in default
CLI values, too. This removes the need for hardcoded default values at
multiple places like:
if max_dns_retry is None:
max_dns_retry = 3
in this case.
|
|
* set interfaces wireguard wgXX peer YY hostname <fqdn>
|
|
T7016: Simplify logic for force deleting dynamic IPv4 address from interface
|
|
Under very rare cases we can run into a race condition where interfaces are
still in creation phase but are already referenced..
This can trigger:
File "/usr/libexec/vyos/conf_mode/system_conntrack.py", line 270, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/system_conntrack.py", line 249, in apply
call_dependents()
File "/usr/lib/python3/dist-packages/vyos/configdep.py", line 147, in call_dependents
f()
File "/usr/lib/python3/dist-packages/vyos/configdep.py", line 118, in func_impl
run_config_mode_script(script, config)
File "/usr/lib/python3/dist-packages/vyos/configdep.py", line 106, in run_config_mode_script
mod.verify(c)
File "/usr/libexec/vyos//conf_mode/service_conntrack-sync.py", line 72, in verify
if len(get_ipv4(interface)) < 1:
^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/template.py", line 458, in get_ipv4
return Interface(interface).get_addr_v4()
^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 334, in __init__
if not self.iftype:
^^^^^^^^^^^
AttributeError: 'Interface' object has no attribute 'iftype'
This commit removes the code path in question and the class attribute check.
The reason for the iftype attribute in the past was a common _create() method
serving for all interface types. As we already have a lot of derived
implementations and not all honor the classes iftype/type member - or even
worse honor it only in 50% of the occurrences it's time to drop it.
|
|
|
|
|
|
|
|
|
|
From time to time integration tests fail as the DHCP assigned IP address is not
removed in time then dhclient stops. Add an explicit code path cleaning dynamic
assigned addresses from interface when disabling DHCP - if such a dynamic
address is remaining.
======================================================================
FAIL: test_dhcp_vrf (__main__.EthernetInterfaceTest.test_dhcp_vrf)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_ethernet.py", line 72, in tearDown
self.assertNotIn(AF_INET, ifaddresses(interface))
AssertionError: 2 unexpectedly found in {17: [{'addr': '52:54:00:00:00:00',
'broadcast': 'ff:ff:ff:ff:ff:ff'}], 2: [{'addr': '192.0.2.103', 'netmask': '255.255.255.0',
'broadcast': '192.0.2.255'}], 10: [{'addr': 'fe80::5054:ff:fe00:0%eth0',
'netmask': 'ffff:ffff:ffff:ffff::/64'}]}
|
|
pppoe: T6930: Remove unnecessary code
|
|
In case of changes in config that require reconnect PPPoEIF.remove() function is called and old default routes are removed. So we do not need to do it once again.
|
|
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 342
if not self.iftype:
^^^^^^^^^^^
AttributeError: 'Interface' object has no attribute 'iftype'
|
|
The maximun value theat could be written for the 'rpc_cpu'
is 4294967295 or 0xffffffff in the chunk splitted by commas
|
|
|
|
* T6490: Allow creation of wireguard interfaces without requiring peers
|
|
reformat file by linter rules
|
|
|
|
|
|
Commit 0ee8d5e35 ("ethernet: T6709: move EAPoL support to common framework")
added support to also have EAPoL on other interface types then ethernet. This
introduced a regression where the wireless interface wpa_supplicant configuration
would get deleted.
|
|
Instead of having EAPoL (Extensible Authentication Protocol over Local Area
Network) support only available for ethernet interfaces, move this to common
ground at vyos.ifconfig.interface making it available for all sorts of
interfaces by simply including the XML portion
#include <include/interface/eapol.xml.i>
|
|
T5873: ipsec remote access VPN: support VTI interfaces.
|
|
|
|
We always have had stale interface entries in the ct_iface_map of nftables/
conntrack for any interface that once belonged to a VRF.
This commit will always clean the nftables interface map when the interface
is deleted from the system.
|
|
To reproduce:
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit
This resulted in an error while interacting with nftables:
[Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
The reason is that the old mapping entry still exists and was not removed.
This commit adds a new utility function get_vrf_tableid() and compares the
current and new VRF table IDs assigned to an interface. If the IDs do not
match, the nftables ct_iface_map entry is removed before the new entry is added.
|
|
|
|
|
|
`bridge vni show dev vxlanX` will exit with an error if no VNI filters
are installed, but the getter is used even when we haven't installed any.
This fix avoids fetching a list of VNI filters unless we know we've
created some.
|
|
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com>
|
|
|
|
|
|
|
|
Add abiilty to change `base_reachable_time_ms` option
/proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms
|
|
If we use rfc3768-compatibility with long interface names like
eth1.100.200 it converts the VRRP interface name name
to `<interface>v<VRID><IP version>`
For example `eth2.100.200v10v4`
The limit for interface name is 15 symbols and it causes that
interface name is ignoring by keepalived
VMAC interface name 'eth2.100.200v10v4' too long or invalid characters - ignoring
And it uses the default prefix `vrrp` for such cases.
It works fine, but such interfaces are not displayed in the op-mode
Allow prefix `vrrp` for the op-mode for `show interfaces`
|
|
found using "git ls-files *.py | xargs pylint | grep W0611"
|
|
* Use interface_exists() outside of verify()
* Use verify_interface_exists() in verify() to drop common error message
|
|
|
|
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which
was present to update /etc/resolv.conf with the DHCP specified nameservers and
also the search domain list was no longer present.
This commit adds a per interface rendered script to inform vyos-hostsd about
the received IPv6 nameservers and search domains.
|
