| Age | Commit message (Collapse) | Author |
|---|
|
Found an odd behavior on Linux and the VyOS CLI implementation. If adding VXLAN
interfaces using iproute2 the MTU differs depending on the creation syntax:
ip -4 link add vxlan100 type vxlan dstport 4789 external df unset tos inherit \
ttl 16 nolearning vnifilter local 172.16.33.201
ip -4 link add vxlan200 type vxlan id 200 dstport 4789 local 172.16.33.201 dev eth0
ip -6 link add vxlan300 type vxlan id 300 dstport 4789 local 2001:db8:1::1 dev eth0
132: vxlan300: <BROADCAST,MULTICAST> mtu 1430 qdisc noop state DOWN group default qlen 1000
link/ether 4e:fb:e3:f5:d9:59 brd ff:ff:ff:ff:ff:ff
133: vxlan200: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000
link/ether 0e:4e:f4:76:59:3f brd ff:ff:ff:ff:ff:ff
134: vxlan100: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ba:b6:b7:0c:b1:37 brd ff:ff:ff:ff:ff:ff
VyOS always sets a default MTU of 1450 bytes which is correct for IPv4 p2p links
or multicast, but invalid for IPv6 p2p. Also this will break EVPN deployments
as ethernet bridges with MTU < 1500 bytes are less fun.
Increase default MTU to 1500 bytes. Migrate old configurations to use 1450
bytes if not specified otherwise on the CLI.
|
|
Example:
set interfaces ethernet eth0 dhcp-options user-class VyOS
or
set interfaces ethernet eth0 dhcp-options user-class 56:79:4f:53
|
|
The string data type specifies either an NVT ASCII string enclosed in double
quotes, or a series of octets specified in hexadecimal, separated by colons.
For example:
set interfaces ethernet eth0 dhcp-options client-id CLIENT-FOO
or
set interfaces ethernet eth0 dhcp-options client-id 43:4c:49:45:54:2d:46:4f:4f
As of now there was no input validation performed.
|
|
Migrate CLI configuration retrival to common get_config_dict(). In addition
add new functionality to VyOS that is PIM related and already available in FRR.
|
|
- Migrate IPv4 source-validation to nftables
- Interface source-validation value takes priority, fallback to global value
|
|
|
|
setting
|
|
|
|
Start IPv4/IPv6 DHCP clients on an interface bound to a given VRF. Verify that
the client process runs in the VRF context.
|
|
|
|
|
|
|
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
|
|
|
|
Current state of vyos-1x smoketests have hardcoded features to test. The
feature support is inside the base class BasicInterfaceTest
class BasicInterfaceTest:
class TestCase(VyOSUnitTestSHIM.TestCase):
_test_dhcp = False
_test_ip = False
_test_mtu = False
_test_vlan = False
_test_qinq = False
_test_ipv6 = False
_test_ipv6_pd = False
_test_ipv6_dhcpc6 = False
_test_mirror = False
All derived classes need to enable the tests that are supported on this
interface type. Adding new feature to a given interface (like vif support in
T5237) require manually enabling those tests for the given interface.
It would make much more sense, if we can query the config backend for supported
interface options - or in other words - is there a CLI node available that
corresponds to set interfaces ethernet <name> vif - if that's the case,
_test_vlan = True.
|
|
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
|
|
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644.
By default Linux kernel doesn't forward directed broadcast
packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding`
and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
|
|
|
|
|
|
Commit 5d14a04b ("smoketest: dhcp: T4203: move testcase to base class") added
global support in the test case framework for DHCP tests. Some interfaces (e.g.
MACsec) require additional options to be passed before the test can be launched.
In the MACsec case this includes a source interface, or encryption ciphers.
|
|
We do not only provide DHCP functionality to ethernet interfaces, it's a common
feature so the testcase should be made available for multiple interface types.
|
|
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
|
|
|
|
(cherry picked from commit 1a814661a0ade01f144398b91dd6998e42018fdd)
|
|
|
|
|
|
There is no need to delete the old ingres-qos and egres-qos values as it's not
a multi node and thus the values are simply overwritten. Also address validation
is not required as it's done in a dedicates test.
|
|
|
|
|
|
This commit also extends the smoketest to verify that the exception for this
error is raised.
|
|
|
|
level
Getting rid of "set firewall options" and move it from:
set firewall options interface ethX adjust-mss 1400
set firewall options interface ethX adjust-mss6 1400
to:
set interfaces ethernet ethX ip adjust-mss 1400
set interfaces ethernet ethX ipv6 adjust-mss 1400
In addition add an extra option called clamp-mss-to-pmtu instead of a value.
|
|
interfaces
The MTU size of the source-interface must be greater or equal to the MTU of the
pseudo ethernet interface.
|
|
|
|
|
|
|
|
|
|
This is the smoketest for the fix added in commit cd504035 ("vyos.ifconfig:
T3532: re-create Q-in-Q interface on protocol change").
|
|
For an unknown reason this regularely fails on the QEMU builds, thus the test
for reading back IP addresses is temporary disabled. There is no big deal here,
as this uses the same methods on 802.1q and here it works and is verified.
|
|
|
|
Currently every smoketest does the setup and destruction of the configsession
on its own durin setUp(). This creates a lot of overhead and one configsession
should be re-used during execution of every smoketest script.
In addiion a test that failed will leaf the system in an unconsistent state.
For this reason before the test is executed we will save the running config
to /tmp and the will re-load the config after the test has passed, always
ensuring a clean environment for the next test.
|
|
|
|
When a VIF/VLAN interface is placed in admin down state but the lower
interface, serving the vlan, is moved from admin down -> admin up, all its
vlan interfaces will be placed in admin up state, too.
This is bad as a VLAN interface will become admin up even if its specified as
admin down after a reboot.
To reproduce:
set interfaces ethernet eth1 vif 20 disable
set interfaces ethernet eth1 disable
commit
delete interfaces ethernet eth1 disable
commit
Now check the interface state and it returns UP,LOWER_UP
7: eth1.20@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:50:56:b3:09:07 brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:56ff:feb3:907/64 scope link
valid_lft forever preferred_lft forever
|
|
There had been four implementations of "ip -d -j link show interface" scattered
accross the codebase. Those implementations have now been combined into a new
helper:
vyos.util.get_json_iface_options()
|
|
This reverts commit 1992d9aed31b6906806635687c2b2d2d52310990.
After commit b4889039 ("smoketest: refactor setUp() for all interface based
testcases") we can now use dynamic duid tests.
|
|
For a yet undetermined reason incrementing the duid dynamically in the test
script leads to an error - for the time beeing work with a fixed duid.
|
|
UnboundLocalError: local variable 'client_base' referenced before assignment
|
|
|
