summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2024-02-08 16:14:28 +0000
committerGitHub <noreply@github.com>2024-02-08 16:14:28 +0000
commitec60a936645a22050db1550de12ca1fbb63abfbe (patch)
treea38bd396210e621a8eac110151936c9f4f5f3f68
parent5f66a2d1422badaac89028d97aa12165a99fbb8a (diff)
parent4e4c645b47e81ec54c8b02d2f4377664e5689a86 (diff)
downloadvyos-1x-ec60a936645a22050db1550de12ca1fbb63abfbe.tar.gz
vyos-1x-ec60a936645a22050db1550de12ca1fbb63abfbe.zip
Merge pull request #2964 from vyos/mergify/bp/sagitta/pr-2952
vrf: T5973: module is now statically compiled into the kernel (backport #2952)
-rwxr-xr-xsmoketest/scripts/cli/test_vrf.py7
-rwxr-xr-xsrc/conf_mode/vrf.py14
-rw-r--r--src/etc/sysctl.d/30-vyos-router.conf2
3 files changed, 7 insertions, 16 deletions
diff --git a/smoketest/scripts/cli/test_vrf.py b/smoketest/scripts/cli/test_vrf.py
index 6207a1b41..a3090ee41 100755
--- a/smoketest/scripts/cli/test_vrf.py
+++ b/smoketest/scripts/cli/test_vrf.py
@@ -53,14 +53,17 @@ class VRFTest(VyOSUnitTestSHIM.TestCase):
# call base-classes classmethod
super(VRFTest, cls).setUpClass()
+ def setUp(self):
+ # VRF strict_most ist always enabled
+ tmp = read_file('/proc/sys/net/vrf/strict_mode')
+ self.assertEqual(tmp, '1')
+
def tearDown(self):
# delete all VRFs
self.cli_delete(base_path)
self.cli_commit()
for vrf in vrfs:
self.assertNotIn(vrf, interfaces())
- # If there is no VRF defined, strict_mode should be off
- self.assertEqual(sysctl_read('net.vrf.strict_mode'), '0')
def test_vrf_vni_and_table_id(self):
base_table = '1000'
diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
index f2c544aa6..a2f4956be 100755
--- a/src/conf_mode/vrf.py
+++ b/src/conf_mode/vrf.py
@@ -27,7 +27,6 @@ from vyos.ifconfig import Interface
from vyos.template import render
from vyos.template import render_to_string
from vyos.utils.dict import dict_search
-from vyos.utils.kernel import check_kmod
from vyos.utils.network import get_interface_config
from vyos.utils.network import get_vrf_members
from vyos.utils.network import interface_exists
@@ -223,18 +222,6 @@ def apply(vrf):
# Delete the VRF Kernel interface
call(f'ip link delete dev {tmp}')
- # Enable/Disable VRF strict mode
- # When net.vrf.strict_mode=0 (default) it is possible to associate multiple
- # VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a
- # table can be associated to a single VRF device.
- #
- # A VRF table can be used by the VyOS CLI only once (ensured by verify()),
- # this simply adds an additional Kernel safety net
- strict_mode = '0'
- # Set to 1 if any VRF is defined
- if 'name' in vrf: strict_mode = '1'
- sysctl_write('net.vrf.strict_mode', strict_mode)
-
if 'name' in vrf:
# Linux routing uses rules to find tables - routing targets are then
# looked up in those tables. If the lookup got a matching route, the
@@ -323,7 +310,6 @@ def apply(vrf):
if __name__ == '__main__':
try:
- check_kmod(k_mod)
c = get_config()
verify(c)
generate(c)
diff --git a/src/etc/sysctl.d/30-vyos-router.conf b/src/etc/sysctl.d/30-vyos-router.conf
index 6291be5f0..c9b8ef8fe 100644
--- a/src/etc/sysctl.d/30-vyos-router.conf
+++ b/src/etc/sysctl.d/30-vyos-router.conf
@@ -108,3 +108,5 @@ net.ipv4.tcp_congestion_control=bbr
# Disable IPv6 Segment Routing packets by default
net.ipv6.conf.all.seg6_enabled = 0
net.ipv6.conf.default.seg6_enabled = 0
+
+net.vrf.strict_mode = 1