Age | Commit message (Collapse) | Author |
|
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
|
|
|
|
Background information [1]. Specifies whether an external control plane
(e.g. ip route encap/EVPN) or the internal FDB should be used.
[1]: https://legacy.netdevconf.info/2.2/slides/prabhu-linuxbridge-tutorial.pdf
|
|
|
|
|
|
The group CLI node takes a multicast IPv4 or IPv6 address - this must be input
validated to not case any OS exception
cpo@LR1.wue3# show interfaces vxlan
vxlan vxlan0 {
+ group 254.0.0.1
source-address 172.18.254.201
+ source-interface dum0
vni 10
}
Results in OSError beeing rasied with the following context:
Error: argument "254.0.0.1" is wrong: invalid group address
|
|
|
|
|
|
|
|
As the amount of include files now has reached a certain amount, it is getting
more and more crowsded, thuse introducing "per topic" subdirectories on the
filesystem to keep a clean structure makes sense.
|
|
VyOS 1.2 had a default ttl of 16 hardcoded to the node.def file [1], so until
this is handled via a migration script we have to obey that particular
setting.
[1]: https://github.com/vyos/vyatta-cfg-system/blob/crux/templates/interfaces/vxlan/node.def#L23
|
|
|
|
|
|
Streamline the CLI configuration where we try to use remote on other interfaces
like vxlan, geneve.
|
|
A VXLAN tunnel may now get a TTL, TOS, Flowlabel option specified. It is also
possible to disable learning of unknown addresses into the forwarding database.
|
|
|
|
|
|
Commit bbc2a157 ("xml: completion-help: add helper for all local assigned IP
addresses") added a completionHelper script listing all local assigned
IPv4/IPv6 addresses. This commit extends the system to also list the available
addresses for the source-address CLI nodes.
|
|
This will render the completion help more nicely.
|
|
This reduces duplicated #include statements as each interface type already
contained the individual includes.
|
|
There is a Myricom 10G card with 16k MTU available.
|
|
|
|
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
|
|
This is a base requirement for l2vpn evpn. When source-address is configured,
the option "local <source-addr> nolearning" is appended when creating the
interface as mentioned here: https://vincent.bernat.ch/en/blog/2017-vxlan-bgp-evpn
|
|
|
|
|
|
Autoconfigure addresses using Prefix Information in Router Advertisements.
|
|
... to new XML and Python based frontend/backend.
|
|
|
|
|
|
Provide an XML/Python abstraction to
* ip disable-arp-filter
* ip enable-arp-accept
* ip enable-arp-announce
* ip enable-arp-ignore
The old implementation can co-exist until the last interfaces have been
migrated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
As 219779bc6151 ("T1843: run interface-definitions though GCC preprocessor")
implemented the foundation of using the GCC preprocessor to make our XML
definitions more lightweight this commit transforms the configuration of
an IPv4/IPv6 address to this new style. It implementes it for the following
interface types:
* bond
* bridge
* dummy
* ethernet
* geneve
* loopback
* vxlan
* wireguard
* wireless
|
|
A lot of XML code is duplicated (VLAN, interface address) for instance. Such
XML definitions should be moved to feature.xml.i files and then just pulled in
via GCC preprocessor #include definition in e.g. bond or ethernet definitions.
This will give us the ability to single-source repeating node definitions as:
* Interface Address
* Interface Description
* Interface Disable
* VLAN (both vif-s and vif-c)
The .in suffix of the interface-definitions is a marker that those files are
input files to the GCC preprocessor. They will be rendered into proper XML
files in the build directory.
Some node definitions have been reworder to remove escaped double quote
occurances which would have been warned about by the GCC preprocessor.
|