Age | Commit message (Collapse) | Author |
|
Commit 081e23996f (vyos.ifconfig: get_mac_synthetic() must generate a stable
"MAC") calculated a "stable" synthetic MAC address per the interface based on
UUID and the interface name. The problem is that this calculation is too stable
when run on multiple instances of VyOS on different hosts/hypervisors.
Having R1 and R2 setup a connection both via "tun10" interface will become the
same "synthetic" MAC address manifesting in the same link-local IPv6 address.
This e.g. breaks OSPFv3 badly as both neighbors communicate using the same
link-local address.
As workaround one can:
set interfaces tunnel tun1337 address 'fe80::1:1337/64'
set interfaces tunnel tun1337 ipv6 address no-default-link-local
This commit changes the way in how the synthetic MAC address is generated. It's
based on the first 48 bits of a sha256 sum build from a CPU ID retrieved via
DMI, the MAC address of eth0 and the interface name as used before. This should
add enough entropy to get a stable pseudo MAC address.
|
|
|
|
Commit dd2eb5e5686655 ("dhcp: T3300: add DHCP default route distance") changed
the logic on how the DHCP process is going to be started. The systemd unit was
always "started" even if it was already running. It should rather be re-started
to track changes in e.g. the DHCP hostname setting.
|
|
|
|
Move keepalived configuration from /etc/keepalived to /run/keepalived.
|
|
|
|
Commit b7d30137b1 ("vyos.ifconfig: provide generic get_mac_synthetic() method")
provided a common helper to generate MAC addresses used by EUI64 addresses for
interfaces not having a layer2 interface (WireGuard or ip tunnel).
The problem is that every call to the helper always yielded a new MAC address.
This becomes problematic when IPv6 link-local addresses are generated and
modified on the interface as multiple link-local (fe80::/64) addresses can
easily be added to the interface leaving ... a mess.
This commit changes the way how the "synthetic" MAC is generated, we generate a
UUID which is stable as it is based on the interface name. We take out the last
48 bits of the UUID and form the "MAC" address.
|
|
When IPv6 is disbaled on an interface also the sysfs files related to IPv6 for
this interface vanish. We need to check if the file exists before we read it.
|
|
When using VRRP on any given interface and performing an action against that
interface - be it even only changing the alias - will trigger a removal of the
VRRP IP address.
The issue is caused by:
# determine IP addresses which are assigned to the interface and build a
# list of addresses which are no longer in the dict so they can be removed
cur_addr = self.get_addr()
for addr in list_diff(cur_addr, new_addr):
When the script calls into the library - we will drop all IP addresses set on
the adapter but not available in the config dict.
We should only remove the IP addresses marked by the CLI to be deleted!
|
|
node is added
Commit f476e456 ("vyos.configdict: leaf_node_changed() must return empty dict
when node is added") returned [''] as "empty" dict - but this is not empty.
>>> if ['']:
... print('foo')
...
foo
It should rather be: []
|
|
There is no need to alter interface parameters if they have not changed at all.
|
|
The key defaults to 0 and will match any policies which similarly do not have
a lookup key configuration. This means that a vti0 named interface will pull in
all traffic and others will stop working. Thus we simply shift the key by one
to also support a vti0 interface.
|
|
|
|
|
|
(cherry picked from commit 3037661951d0e5d1f6264f886781b7ddc019329e)
|
|
states
Turns out an AX88179 USB 3.0 NIC does not support reading back the speed and
duplex settings in every operating state. While the NIC is beeing
initialized, reading the speed setting will return:
$ cat /sys/class/net/eth6/speed
cat: /sys/class/net/eth6/speed: Invalid argument
Thus if this happens, we simply tell the system that the current NIC speed
matches the requested speed and nothing is changed at this point in time.
(cherry picked from commit e2b7e1766cc22c5cd718a5001be6336bdca92eec)
|
|
Move the two implementations to get the driver name of a NIC from ethernet.py
and ethtool.py to only ethtool.py.
(cherry picked from commit 07840977834816b69fa3b366817d90f44b5dc7a7)
|
|
(cherry picked from commit 1572edd2cef355710d1129907d3e49451a6c31d4)
|
|
This change is required and currently only impacts WireGuards peer configuration,
so that the peers name is not mangled.
|
|
|
|
|
|
This commit also extends the smoketest to verify that the exception for this
error is raised.
|
|
data = {
'interfaces': {'dummy': {'dum0': {'address': ['192.0.2.17/29']}},
'ethernet': {'eth0': {'address': ['2001:db8::1/64', '192.0.2.1/29'],
'description': 'Test123',
'duplex': 'auto',
'hw_id': '00:00:00:00:00:01',
'speed': 'auto'},
'eth1': {'address': ['192.0.2.9/29'],
'description': 'Test456',
'duplex': 'auto',
'hw_id': '00:00:00:00:00:02',
'speed': 'auto'}}}
}
dict_search_recursive(data, 'hw_id') will yield both '00:00:00:00:00:01' and
'00:00:00:00:00:02' as generator object.
|
|
implementations
|
|
Commit 29082959 ("ethernet: T3163: only change ring-buffer settings if
required") added a delta-check code for the ring buffer values, unfortunately
this was never properly evaluated as str() and int() got compared resulting
always in an unequal result.
|
|
It makes no sense to have a parser for the ethtool values in ethtool.py
and ethernet.py - one instance ios more then enough!
|
|
Only update the RX/TX ring-buffer settings if they are different from the ones
currently programmed to the hardware. There is no need to write the same value
to the hardware again - this could cause traffic disruption on some NICs.
|
|
It makes no sense to have a parser for the ethtool value sin ethtool.py
and ethernet.py - one instance ios more then enough!
|
|
Not all interface drivers have the ability to change the speed and duplex
settings. Known drivers with this limitation are vmxnet3, virtio_net and
xen_netfront. If this driver is detected, an error will be presented to the
user.
|
|
This makes understanding the code easier what is "really" called without
opening the man page.
|
|
Deprecated in the Linux Kernel by commit 08a00fea6de277df12ccfadc21 ("net:
Remove references to NETIF_F_UFO from ethtool.").
(cherry picked from commit f5e46ee6cc2b6c1c1869e26beca4ccd5bf52b62f)
|
|
option
Commit 31169fa8 ("vyos.ifconfig: T3619: only set offloading options if
supported by NIC") added a warning for the user if an offload option was about
to change that was not possible at all (harware limit).
Unfortunately the warning was even displayed if nothing was done at all. This
got corrected.
|
|
|
|
|
|
interface: T3782: Fix unexpected delete qdisc rule
|
|
Some tc qdisc rules are generated by old perl code
It prevent to unexpected override this code by python.
|
|
Add a new method which supports checking if the desired speed and duplex
setting is actually supported by the underlaying network interface card.
>>> from vyos.ethtool import Ethtool
>>> tmp = Ethtool('eth0')
>>> tmp.check_speed_duplex('100', 'full')
False
>>> tmp.check_speed_duplex('1000', 'full')
True
|
|
|
|
Commit d22f97af ("vyos.ethtool: T3163: rename unused methods for offload
validation") reworked the entire class on how data should be presented to the
user, but forgot to drop the is_fixed_lro() method.
|
|
Check eui64_old value before deleting
It can be empty or not ipv6 address.
(cherry picked from commit 0de23064b9d575ce0569839e3b4453a0c2e9dc1c)
|
|
In the past we always told ethtool to change the offloading settings, even if
this was not supported by the underlaying driver.
This commit will only change the offloading options if they differ from the
current state of the NIC and only if it's supported by the NIC. If the NIC does
not support setting the offloading options, a message will be displayed
for the user:
vyos@vyos# set interfaces ethernet eth2 offload gro
vyos@vyos# commit
[ interfaces ethernet eth2 ]
Adapter does not support changing large-receive-offload settings!
|
|
|
|
wireguard: T3763: Added check for listening port availability
|
|
We need to copy the configuration before this is done in super().update() as we
utilize self.set_dhcpv6() before this is done by the base class.
|
|
`print` was removed or replaced to `ValueError`, where possible.
|
|
Each wireguard interface requires a unique port for in and out
connections. This commit adds the new `vyos.util` function -
`check_port_availability`, and uses it to be sure that a port
that is planned to be used for wireguard interface is truly
available and not used by any other services (not only other
wireguard interfaces).
|
|
... there was a type setting ecp512 instead of ecp521.
|
|
When the interface name was stripped down from "eth0.201" to "eth" to determine
the appropriate interface section, VRRP interfaces got left out on the call
to rstrip().
VRRP interfaces now show up in "show interfaces" as they did in VyOS 1.2.
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
dum0 172.18.254.201/32 u/u
eth0 - u/u
eth0.10 172.16.33.8/24 u/u
eth0.201 172.18.201.10/24 u/u
eth1 10.1.1.2/24 u/u
eth1v10 10.1.1.1/24 u/u
eth2 - u/u
lo 127.0.0.1/8 u/u
::1/128
|
|
|
|
vyos@vyos# show interfaces pppoe
pppoe pppoe10 {
+ access-concentrator asdfg
authentication {
password bar
user foo
}
default-route force
no-peer-dns
source-interface eth0.202
}
vyos@vyos# python3
Python 3.9.2 (default, Feb 28 2021, 17:03:44)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from vyos.config import Config
>>> from vyos.configdict import get_interface_dict
>>> from vyos.configdict import leaf_node_changed
>>> conf = Config()
>>> base = ['interfaces', 'pppoe']
>>> tmp = get_interface_dict(conf, base, 'pppoe10')
>>> leaf_node_changed(conf, ['access-concentrator'])
>>> ['']
|