summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-02-28vif: T3349: use fixed ordering when enabling parent and child interfaceChristian Poessinger
When a VIF/VLAN interface is placed in admin down state but the lower interface, serving the vlan, is moved from admin down -> admin up, all its vlan interfaces will be placed in admin up state, too. This is bad as a VLAN interface will become admin up even if its specified as admin down after a reboot. To reproduce: set interfaces ethernet eth1 vif 20 disable set interfaces ethernet eth1 disable commit delete interfaces ethernet eth1 disable commit Now check the interface state and it returns UP,LOWER_UP 7: eth1.20@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:50:56:b3:09:07 brd ff:ff:ff:ff:ff:ff inet6 fe80::250:56ff:feb3:907/64 scope link valid_lft forever preferred_lft forever
2021-02-28vyos.util: provide single implementation for get_json_iface_options()Christian Poessinger
There had been four implementations of "ip -d -j link show interface" scattered accross the codebase. Those implementations have now been combined into a new helper: vyos.util.get_json_iface_options()
2021-02-28vxlan: T1513: add dont-fragment CLI optionChristian Poessinger
2021-02-28l2tpv3: T3366: migrate local-ip and remote-ip CLI optionsChristian Poessinger
Rename CLI options local-ip to source-address and remote-ip to remote to get a consistent CLI experience for the user.
2021-02-28Merge pull request #754 from sever-sever/T3353Christian Poessinger
pppoe: T3353: Modify template for vlan-mon and interface
2021-02-28pppoe: T3353: Modify template for vlan-mon and interfacesever-sever
2021-02-28validators: fqdn: T3370: support "private" or "local" domain namesChristian Poessinger
2021-02-28vxlan: T3369: add underlay IPv6 supportChristian Poessinger
2021-02-28Merge pull request #747 from c-po/vxlan-tunnel-parametersChristian Poessinger
vyos.ifconfig: cleanup and tunnel refactoring
2021-02-28macsec: T3368: add support for gcm-aes-256 cipherChristian Poessinger
2021-02-28tunnel: T3366: rename remote-ip to remoteChristian Poessinger
Streamline the CLI configuration where we try to use remote on other interfaces like vxlan, geneve.
2021-02-28tunnel: T3366: rename local-ip to source-addressChristian Poessinger
Streamline the CLI configuration where we try to use source-address when creating connections which are especially sourced from a discrete address.
2021-02-28tunnel: T3364: rename encapsulation mode "gre-bridge" to "gretap"Christian Poessinger
The following list shows the mapping of VyOS tunnel encapsulation modes to the corresponding Linux modes. VyOS Linux gre gre gre-bridge gretap ipip ipip ipip6 ipip6 ip6ip6 ip6ip6 ip6gre ip6gre sit sit Besides gre-bridge this is pretty consistent. As bridge interfaces are also called tap interfaces gre-bridge will be renamed to gretap to make the post-processing much easier. This means (in detail) that there are no more child classes of _Tunnel and there will be now one geneirc TunnelIf class handling all sorts of encapsulation.
2021-02-28vxlan: T1513: add additional EVPN related CLI optionsChristian Poessinger
A VXLAN tunnel may now get a TTL, TOS, Flowlabel option specified. It is also possible to disable learning of unknown addresses into the forwarding database.
2021-02-28vyos.ifconfig: T1579: remove calls to vyos.ifconfig.Interface.get_config()Christian Poessinger
Interface.get_config() was always a pure helper which exposed a "per interface type" dictionary which was then fed by the caller to create interfaces by iproute2 which required additional options during creation time. Such interfaces had been: * tunnel * vxlan * geneve * macsec * wifi * macvlan / pseudo-ethernet The code was always duplicated to convert from the VyOS CLI based get_config_dict() to a dict which can be used to feed iproute2. This path has been removed and we now always feed in the entire dictionary retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper get_interface_dict() to the interface we wan't to create. This also adds the - personally long awaited - possibility to get rid of the derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on.
2021-02-27Merge pull request #753 from sever-sever/T3365Christian Poessinger
bgp: T3365: Fix frr template for interface remote-as
2021-02-27bgp: T3365: After commit bf9c914 config interface become out of the checksever-sever
2021-02-27Merge pull request #752 from sever-sever/T3365Christian Poessinger
bgp: T3365: Fix remote-as ordering for neighbor
2021-02-27Merge pull request #751 from sever-sever/T3225Christian Poessinger
bgp: T3225: is_addr_assigned should check only ipv4 ipv6 neighbors
2021-02-27bgp: T3225: is_addr_assigned should check only ipv4 ipv6 neighborssever-sever
2021-02-27bgp: T3365: Fix remote-as ordering for neighborsever-sever
2021-02-27smoketest: bgp: T2100: fix "simple" testcase for ebgp-requires-policyChristian Poessinger
Commit 4bf55f97 ("BGP: T2100: Adding RFC8212 option toggle.") added a CLI option to enable RFC8212 ebgp-requires-policy checks. The extended smoketests assumed that this will lead to an FRR configuration line of "bgp ebgp-requires-policy" - which is not the case as this is a default option and FRR hides default options from the config. In order to properly verify this functionality we must conduct the negative test and ensure the option is not present in the CLI at all.
2021-02-27Merge pull request #750 from sever-sever/T3320Christian Poessinger
bgp: T3320: Add checks for peer-group
2021-02-26bgp: T3320: Add checks for peer-groupsever-sever
2021-02-26Merge pull request #744 from Cheeze-It/currentChristian Poessinger
bgp: T2100: Changing RFC8212 behavior and option toggle
2021-02-26Merge pull request #749 from sever-sever/T3225Christian Poessinger
bgp: T3225: Move is_addr_assigned check to neighbor
2021-02-26bgp: T3225: Move is_addr_assigned check to netighborsever-sever
2021-02-26BGP: T2100: Adding RFC8212 option toggle.Cheeze_It
In this commit we add the default operation within BGP to have RFC8212 disabled for eBGP routes. This default should preserve the normal behavior for VyOS from earlier releases of FRR to the current latest release. Another option that we add is the ability to toggle whether or not RFC8212 is enabled or disabled.
2021-02-26Merge pull request #748 from sever-sever/T3225Christian Poessinger
bgp: T3225: Checks if neighbor configured as system address
2021-02-26bgp: T3225: Checks if neighbor configured as system addresssever-sever
2021-02-26https: T3357: redirect http request on non-standard https portJohn Estabrook
2021-02-26Merge pull request #746 from sever-sever/T3324Christian Poessinger
bgp: T3324: Add checks for peer password
2021-02-26bgp: T3324: Add checks for peer passwordsever-sever
2021-02-26Merge pull request #745 from sever-sever/T3323Daniil Baturin
bgp: T3323: Add verify for ttl-security and ebgp-multihop
2021-02-26bgp: T3323: Add verify for ttl-security and ebgp-multihopsever-sever
2021-02-25configd: T3302: set mode correctly on open for redirectJohn Estabrook
2021-02-25smoketest: configs: extend bgp-small-internet-exchange with more policiesChristian Poessinger
2021-02-25smoketest: extend "policy" smoke testsChristian Poessinger
Only missing is the route-map smoketest which tens to become very "heavy"
2021-02-24smoketest: add basic "policy access-list" test caseChristian Poessinger
2021-02-24test: remove "test_ethtool.py" as this does not run on JenkinsChristian Poessinger
2021-02-24ethernet: T3163: fix typos in vyos.ethtool commentsChristian Poessinger
2021-02-24Debian: bump package version to 1.4dev0Christian Poessinger
2021-02-24ethernet: T3163: not all NIC drivers support ring-buffer configurationChristian Poessinger
In addition to commit cf1156a60e ("ethernet: T3163: probe driver for maximum rx/tx ring-buffer size") this extends the logic in a way as not every driver supports setting the buffers at all so it will properly error out. When invoking "ethtool -g" both stdout and stderr are captured and no exception is raised if it's an unsupported driver feature. The verify() section will inform the user about the illegal operation.
2021-02-24validators: interface-name script must also support VLAN interfacesChristian Poessinger
2021-02-24xml: add missing constaint to source-interface includeChristian Poessinger
2021-02-24route: static: T2450: add missing "dhcp-interface" route optionChristian Poessinger
As thought in the beginning the dhcp-interface route option can not be superseeded by the interface option. When a route is installed for a DHCP interface, that interface is usually a broadcast interface which can not be used for plain interface-based routes. The old Vyatta logic was migrated to Python where the current received next-hop address from the DHCP interface is installed as next-hop address.
2021-02-24Merge pull request #742 from erkin/currentChristian Poessinger
op-mode: Correct help messages
2021-02-24op-mode: Correct help messageserkin
2021-02-23configd: T3302: redirect script stdout/err to file on bootJohn Estabrook
2021-02-23Merge pull request #740 from DmitriyEshenko/1x2302202001Christian Poessinger
dhcp-server: T2927: Add empty args if does not possible to determine …