summaryrefslogtreecommitdiff
path: root/interface-definitions/interfaces-bridge.xml.in
AgeCommit message (Collapse)Author
2022-11-11policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵sarthurdev
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle
2022-11-03xml: T4795: superseed allowed-vlan validator by numeric range validatorChristian Poessinger
Reduce CPU time when spawning the python interpreter. Same can be done by the numeric validator.
2022-09-13firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵sarthurdev
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script
2022-06-29bridge: add option to enable/disable IGMP/MLD snoopingYuxiang Zhu
This PR adds an config option to enable/disable IGMP/MLD snooping. ``` set interfaces bridge brN igmp snooping ```
2022-04-29xml: T4047: use full string match in the regex validatorChristian Poessinger
2022-04-07qos: T4284: rename "traffic-policy" node to "qos policy"Christian Poessinger
"set traffic-policy" now becomes "set qos policy" "set interface ethernet eth0 traffic-policy" now bvecomes "set qos interface eth0"
2022-03-21qos: T4284: initial XML interface definitions for rewriteChristian Poessinger
2022-02-24scripts: T4269: node.def generator should automatically add default valuesChristian Poessinger
Since introducing the XML <defaultValue> node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help.
2022-02-03T4227:Bridge: Typo in completion help of hello-time optionsrividya0208
There is spelling mistake in "advertisement" of hello-time option's completion help
2021-12-06policy: T2199: Migrate policy route to XML/Pythonsarthurdev
2021-12-06firewall: T2199: Migrate firewall to XML/Pythonsarthurdev
2021-08-29xml: add missing "u32:" value declarator on integer rangesChristian Poessinger
2021-08-20xml: remove superfluous "interface" prefix from interface includesChristian Poessinger
2021-03-19bridge: T3415: add port isolation / private-vlan optionChristian Poessinger
Private VLAN, also known as port isolation, is a technique in computer networking where a VLAN contains switch ports that are restricted such that they can only communicate with a given "uplink". The restricted ports are called "private ports". Each private VLAN typically contains many private ports, and a single uplink. The uplink will typically be a port (or link aggregation group) connected to a router, firewall, server, provider network, or similar central resource. Q: https://en.wikipedia.org/wiki/Private_VLAN
2021-03-14xml: T1579: re-arrange xml interface include building blocksChristian Poessinger
As the amount of include files now has reached a certain amount, it is getting more and more crowsded, thuse introducing "per topic" subdirectories on the filesystem to keep a clean structure makes sense.
2021-01-16bridge: T3137: Improved verification logicjack9603301
2021-01-15bridge: T3137: Let VLAN aware bridge approach the behavior of professional ↵jack9603301
equipment According to the consensus, the specific behavior of a VLAN aware bridge should conform to the behavior of professional equipment. This commit makes a significant change to the behavior of VLAN aware bridge, and has the following behaviors: 1. Disable `vif 1` configuration 2. When the VLAN aware bridge is enabled, the parent interface is always VLAN 1 3. When `native-vlan` is not configured, the default behavior of the device is `native-vlan 1` 4. The VLAN ids forwarded by the bridge are determined by `vif` 5. It has an `enable-vlan` node to enable VLAN awareness 6. VLAN configuration is allowed only when VLAN aware bridge is activated
2020-12-03interface: T3089: Migrate port mirroring to vyos-1xjack9603301
2020-11-13bridge: T3042: Fix VLAN filter invalid workjack9603301
1. Due to the previous focus on the implementation of VLAN filter, it was not considered to include MTU settings, which will lead to MTU setting errors in some cases 2. In order to make VLAN aware of the work of the bridge, it is necessary to specify the allowed VLAN ID range for the bridge itself, and forget to join it before
2020-11-12bridge: T3042: ease help string on allowed-vlan and native-vlanChristian Poessinger
2020-11-10bridge: T3042: Support VLAN filter and VLAN sub-interface on the bridgejack9603301
2020-11-07T2653: migrate "ip" and "ipv6" interface options to generic includesChristian Poessinger
This reduces duplicated #include statements as each interface type already contained the individual includes.
2020-10-17ifconfig: T2985: support on demand bridge creationChristian Poessinger
The current implementation for bridge based interfaces has an issue which is caused by priority inheritance. We always assumed that the bridge interface will be created last, but this may not be true in all cases, where some interfaces will be created "on demand" - e.g. OpenVPN or late (VXLAN, GENEVE). As we already have a bunch of verify steps in place we should not see a bridge interface leak to the underlaying infrastructure code. This means, whenever an interface will be member of a bridge, and the bridge does yet not exist, we will create it in advance in the interface context, as the bridge code will be run in the same commit but maybe sooner or later. This will also be the solution for T2924.
2020-10-17sysctl-forwarding: T752: Add disable forwarding for ipv4sever-sever
2020-07-25bridge: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. While providing a new update() method in vyos.ifconfig.interfaces() this is extended for bridge interfaces in the derived bridge class. Signed-off-by: Christian Poessinger <christian@poessinger.com>
2020-05-17xml: split dhcp, dhcpv6 to individual filesChristian Poessinger
2020-04-03interfaces: XML: constraint: add start of line ^ to regexChristian Poessinger
2020-04-02bridge: l2tpv3: T1823: readjust overall prioritiesChristian Poessinger
Every interface on the system can be a member of a bridge - thus the bridge interface must be the one interface which has the highest priority compared to all other interfaces - incl. l2tpv3. With this change the system boots up fine with also l2tpv3 interfaces participating as bridge members. This change was needed as a l2tpv3 interface requires proper configured routing oin the system, else adding the interface will fail miserably: FileNotFoundError: [Errno 2] ip l2tp add tunnel tunnel_id 200 peer_tunnel_id 100 udp_sport 4000 udp_dport 3000 encap udp local 172.18.201.10 remote 172.18.203.10 returned: RTNETLINK answers: Network is unreachable
2020-03-28ipv6: T1831: migrate autoconf nodeChristian Poessinger
Autoconfigure addresses using Prefix Information in Router Advertisements.
2020-03-28ipv6: T1831: migrate forwarding and dup-addr-detect-transmits nodesChristian Poessinger
... to new XML and Python based frontend/backend.
2020-03-06vrf: T31: enable vrf support for bridge interfaceChristian Poessinger
2020-01-26Interfaces: unify interface help textChristian Poessinger
2020-01-03ifconfig: T1939: provide abstraction for interface "ip" optionChristian Poessinger
Provide an XML/Python abstraction to * ip disable-arp-filter * ip enable-arp-accept * ip enable-arp-announce * ip enable-arp-ignore The old implementation can co-exist until the last interfaces have been migrated.
2019-12-22interfaces: fix tagNode regex constraint (remove ^)Christian Poessinger
2019-12-06T1843: use include files for interface arp-cache-timeout configurationChristian Poessinger
2019-12-06T1843: use include files for interface link-detect featureChristian Poessinger
2019-12-06T1843: use include files for interface MAC addressChristian Poessinger
2019-12-06T1843: use include files to disable interface (admin down)Christian Poessinger
2019-12-06T1843: use include files for interface descriptionChristian Poessinger
2019-12-06T1843: use include files for DHCP/DHCPv6 optionsChristian Poessinger
As 219779b ("T1843: run interface-definitions though GCC preprocessor") implemented the foundation of using the GCC preprocessor to make our XML definitions more lightweight this commit transforms the configuration of DHCP/ DHCPv6 configuration options to this new style. It implementes it for the following interface types: * bonding * bridge * ethernet * wireless * vif/vif-s interfaces
2019-12-06T1843: recursively include IP address definitions in VIF/VIF-S definitionsChristian Poessinger
2019-12-06T1843: use include files for IPv4/IPv6 interface address configurationChristian Poessinger
As 219779bc6151 ("T1843: run interface-definitions though GCC preprocessor") implemented the foundation of using the GCC preprocessor to make our XML definitions more lightweight this commit transforms the configuration of an IPv4/IPv6 address to this new style. It implementes it for the following interface types: * bond * bridge * dummy * ethernet * geneve * loopback * vxlan * wireguard * wireless
2019-12-06T1843: run interface-definitions though GCC preprocessorChristian Poessinger
A lot of XML code is duplicated (VLAN, interface address) for instance. Such XML definitions should be moved to feature.xml.i files and then just pulled in via GCC preprocessor #include definition in e.g. bond or ethernet definitions. This will give us the ability to single-source repeating node definitions as: * Interface Address * Interface Description * Interface Disable * VLAN (both vif-s and vif-c) The .in suffix of the interface-definitions is a marker that those files are input files to the GCC preprocessor. They will be rendered into proper XML files in the build directory. Some node definitions have been reworder to remove escaped double quote occurances which would have been warned about by the GCC preprocessor.