ipv6-addrgen: add ifquery check/running/ifreload support using netlink cache
[13:09:20] root:~ # ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-raw-device bridge
ipv6-addrgen no
address-virtual-ipv6-addrgen no
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24
auto bridge
iface bridge
bridge-ports swp1
[13:09:25] root:~ # ifup -a -v
info: loading builtin modules from ['/usr/share/ifupdown2/addons']
info: executing /var/lib/ifupdown2/hooks/get_reserved_vlan_range.sh
info: executing /sbin/sysctl net.bridge.bridge-allow-multiple-vlans
info: executing /bin/pidof mstpd
info: executing /bin/ip rule show
info: executing /bin/ip -6 rule show
info: address: using default mtu 1500
info: 'link_master_slave' is set. slave admin state changes will be delayed till the masters admin state change.
info: processing interfaces file /etc/network/interfaces
info: lo: running ops ...
info: netlink: ip link show
info: netlink: ip addr show
info: executing /bin/ip addr help
info: address metric support: KO
info: lo: netlink: ip link set dev lo up
info: reading '/proc/sys/net/mpls/conf/lo/input'
info: reading '/proc/sys/net/ipv4/conf/lo/forwarding'
info: reading '/proc/sys/net/ipv6/conf/lo/forwarding'
info: reading '/proc/sys/net/ipv4/conf/lo/accept_local'
info: executing /bin/systemctl is-enabled vxrd.service
info: eth0: running ops ...
info: executing /sbin/ethtool eth0
info: reading '/sys/class/net/eth0/speed'
info: reading '/sys/class/net/eth0/duplex'
info: eth0: netlink: ip link set dev eth0 up
info: dhclient4 already running on eth0. Not restarting.
info: reading '/proc/sys/net/mpls/conf/eth0/input'
info: reading '/proc/sys/net/ipv4/conf/eth0/forwarding'
info: reading '/proc/sys/net/ipv6/conf/eth0/forwarding'
info: reading '/proc/sys/net/ipv4/conf/eth0/accept_local'
info: swp1: running ops ...
info: executing /sbin/ethtool swp1
info: reading '/sys/class/net/swp1/speed'
info: reading '/sys/class/net/swp1/duplex'
info: executing /sbin/ethtool -s swp1 speed 1000 duplex full
info: reading '/proc/sys/net/mpls/conf/swp1/input'
info: reading '/proc/sys/net/ipv4/conf/swp1/accept_local'
info: bridge: running ops ...
info: bridge: netlink: ip link add bridge type bridge
info: bridge: apply bridge settings
info: bridge: set bridge-ageing 1800
info: bridge: set bridge-hashel 4096
info: bridge: set bridge-hashmax 4096
info: bridge: set bridge-mcstats on
info: reading '/sys/class/net/bridge/bridge/stp_state'
info: bridge: stp state reset, reapplying port settings
info: bridge: netlink: ip link set bridge type bridge with attributes
info: writing '1' to file /proc/sys/net/ipv6/conf/swp1/disable_ipv6
info: executing /bin/ip -force -batch - [link set dev swp1 master bridge
addr flush dev swp1
]
info: bridge: applying bridge port configuration: ['swp1']
info: bridge: swp1: set bridge-portprios 8
info: swp1: netlink: ip link set dev swp1: bridge slave attributes
info: executing /sbin/brctl showmcqv4src bridge
info: bridge: applying bridge configuration specific to ports
info: bridge: processing bridge config for port swp1
info: swp1: netlink: ip link set dev swp1 up
info: bridge: setting bridge mac to port swp1 mac
info: executing /bin/ip link set dev bridge address 90:e2:ba:2c:b1:96
info: executing /sbin/mstpctl showportdetail bridge json
info: executing /sbin/mstpctl showbridge json bridge
info: bridge: applying mstp configuration specific to ports
info: bridge: processing mstp config for port swp1
info: bridge: netlink: ip link set dev bridge up
info: reading '/proc/sys/net/mpls/conf/bridge/input'
info: executing /sbin/sysctl net.ipv4.conf.bridge.forwarding
info: executing /sbin/sysctl net.ipv6.conf.bridge.forwarding
info: executing /bin/ip -force -batch - [link set dev bridge down
link set dev bridge addrgenmode eui64
link set dev bridge up
]
info: reading '/proc/sys/net/ipv4/conf/bridge/accept_local'
info: vlan1903: running ops ...
info: vlan1903: netlink: ip link add link bridge name vlan1903 type vlan id 1903 protocol 802.1q
info: vlan1903: netlink: ip link set dev vlan1903 up
info: reading '/proc/sys/net/mpls/conf/vlan1903/input'
info: reading '/proc/sys/net/ipv4/conf/vlan1903/forwarding'
info: reading '/proc/sys/net/ipv6/conf/vlan1903/forwarding'
info: executing /bin/ip -force -batch - [link set dev vlan1903 down
link set dev vlan1903 addrgenmode none
link set dev vlan1903 up
]
info: vlan1903: netlink: ip link add link vlan1903 name vlan1903-v0 type macvlan mode private
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.accept_dad
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.accept_dad=0
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.dad_transmits
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.dad_transmits=0
info: executing /bin/ip -force -batch - [link set dev vlan1903-v0 addrgenmode none
link set dev vlan1903-v0 down
link set dev vlan1903-v0 address 00:00:5e:00:01:a3
link set dev vlan1903-v0 up
addr add 2a06:c01:1:1903::1/64 dev vlan1903-v0
addr add fe80::1/64 dev vlan1903-v0
addr add 185.98.123.1/24 dev vlan1903-v0
route del 2a06:c01:1:1903::/64 dev vlan1903-v0
route del fe80::/64 dev vlan1903-v0
route add 2a06:c01:1:1903::/64 dev vlan1903-v0 proto kernel metric 9999
route add fe80::/64 dev vlan1903-v0 proto kernel metric 9999
]
info: reading '/proc/sys/net/ipv4/conf/vlan1903/accept_local'
[13:09:29] root:~ #
[13:09:30] root:~ #
[13:09:30] root:~ # ifquery -a -c
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp [pass]
auto vlan1903
iface vlan1903 [pass]
vlan-raw-device bridge [pass]
vlan-id 1903 [pass]
ipv6-addrgen no [pass]
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24 [pass]
address-virtual-ipv6-addrgen no [pass]
auto bridge
iface bridge [pass]
bridge-ports swp1 [pass]
[13:09:33] root:~ #
[13:09:35] root:~ #
[13:09:35] root:~ # ifquery -a -r
auto vlan1903-v0
iface vlan1903-v0
ipv6-addrgen off
address 185.98.123.1/24
address 2a06:c01:1:1903::1/64
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-protocol 802.1Q
vlan-raw-device bridge
ipv6-addrgen off
address-virtual 00:00:5e:00:01:a3 185.98.123.1/242a06:c01:1:1903::1/64
address-virtual-ipv6-addrgen off
auto bridge
iface bridge
bridge-vlan-stats off
bridge-mcstats 1
bridge-ports swp1
bridge-stp yes
mstpctl-portp2p swp1=auto
mstpctl-treeportcost swp1=20000
mstpctl-portautoedge swp1=yes
auto swp1
iface swp1
auto eth0
iface eth0 inet dhcp
auto lo
iface lo inet loopback
mtu 65536
[13:09:38] root:~ # ip -d link show vlan1903
20: vlan1903@bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 90:e2:ba:2c:b1:96 brd ff:ff:ff:ff:ff:ff promiscuity 1
vlan protocol 802.1Q id 1903 <REORDER_HDR> addrgenmode none
[13:09:50] root:~ # ip -d link show vlan1903-v0
21: vlan1903-v0@vlan1903: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 00:00:5e:00:01:a3 brd ff:ff:ff:ff:ff:ff promiscuity 0
macvlan mode private addrgenmode none
[13:09:53] root:~ #
[13:09:56] root:~ # ip link set dev vlan1903-v0 addrgenmode eui64
[13:10:23] root:~ # ifquery -a -c
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp [pass]
auto vlan1903
iface vlan1903 [fail]
vlan-raw-device bridge [pass]
vlan-id 1903 [pass]
ipv6-addrgen no [pass]
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24 [pass]
address-virtual-ipv6-addrgen no [fail]
auto bridge
iface bridge [pass]
bridge-ports swp1 [pass]
[13:10:29] root:~ # ifquery -a -r
auto vlan1903-v0
iface vlan1903-v0
address 185.98.123.1/24
address 2a06:c01:1:1903::1/64
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-protocol 802.1Q
vlan-raw-device bridge
ipv6-addrgen off
address-virtual 00:00:5e:00:01:a3 185.98.123.1/242a06:c01:1:1903::1/64
address-virtual-ipv6-addrgen on
auto bridge
iface bridge
bridge-vlan-stats off
bridge-mcstats 1
bridge-ports swp1
bridge-stp yes
mstpctl-portp2p swp1=auto
mstpctl-treeportcost swp1=20000
mstpctl-portautoedge swp1=yes
nlpacket: add decode support for IFLA_AF_SPEC (AF_UNSPEC) family - inet6 attributes
This patch mostly adds support for IFLA_INET6_ADDR_GEN_MODE
nlmanager doesn't support multiple kernel version all the
other attributes like IFLA_INET6_CONF are based on DEVCONF_MAX
from _UAPI_IPV6_H.
addons: addressvirtual: flush macvlan addr cache when setting addrgenmode
When setting addrgenmode it is necessary to flap the macvlan
device. After flapping the device we also need to re-add all
the user configuration. The best way to add the user config
is to flush our internal address cache.
[10:12:39] root:~ #
[10:12:41] root:~ # ifreload -a -d
...
debug: vlan1000: up : running module addressvirtual
debug: vlan1000-v0: reset address cache <<<<<<<<<<<<<<<<<<<<<< without this reset ifupdown2 would be in a broken state
info: vlan1000: checking route entry ...
info: executing /bin/ip route get 192.168.10.0/24
info: netlink: ip link show dev vlan1000
info: netlink: ip link show dev vlan1000-v0
info: vlan1000-v0: netlink: ip link set dev vlan1000-v0 up
info: executing /bin/ip -force -batch - [link set dev vlan1000-v0 down
link set dev vlan1000-v0 addrgenmode none
link set dev vlan1000-v0 up
addr add 192.168.10.1/24 dev vlan1000-v0
addr add fc00:10::1/64 dev vlan1000-v0
addr add fe80::1/64 dev vlan1000-v0
]
...
[10:12:50] root:~ #
[10:12:51] root:~ # ip -6 -o addr show vlan1000-v0
48: vlan1000-v0 inet6 fc00:10::1/64 scope global \ valid_lft forever preferred_lft forever
48: vlan1000-v0 inet6 fe80::1/64 scope link \ valid_lft forever preferred_lft forever
[10:12:53] root:~ # ifquery vlan1000 -c
auto vlan1000
iface vlan1000 [pass]
vlan-raw-device bridge [pass]
vlan-id 1000 [pass]
address 192.168.10.1/24 [pass]
address fc00:10::1/64 [pass]
address-virtual 00:00:5e:00:01:01 192.168.10.1/24 fc00:10::1/64 fe80::1/64 [pass]
when handling mstpctl attribute on vlan-unaware bridges we don't
check the running configuration of the bridge ports (cache) thus
misconfiguring some attributes on brports.
We first create a traditional bridge with:
auto bridge1
iface bridge1
bridge-ports swp1 swp2
bridge-vlan-aware no
We check the setting:
$ mstpctl showportdetail bridge1 swp1 | grep edge
admin edge port no auto edge port yes
oper edge port yes topology change ack no
We then add the setting for swp1:
auto swp1
iface swp1
mstpctl-portautoedge no
We then do an ifreload -adv and we see two calls. First
info: executing /sbin/mstpctl setportautoedge bridge1 swp1 no
and then a little later
info: executing /sbin/mstpctl setportautoedge bridge1 swp1 yes
addons: bridge: if device exists - check if device is really a bridge
[18:43:47] root:~ # ip link show swp3
5: swp3: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 08:00:27:bc:04:3c brd ff:ff:ff:ff:ff:ff
[18:43:48] root:~ #
[18:43:49] root:~ #
[18:43:50] root:~ # cat /etc/network/interfaces
auto lo
iface lo inet loopback
this commit adds some explanation/comments in the decode function of the
AttributeMACAddress class. Some comments are moved around and placed
in the right location.
Sven Auhagen [Wed, 27 Jun 2018 05:24:21 +0000 (07:24 +0200)]
netlink: nlpacket AttributeMACAddress
This commits fixes AttributeMACAddress for GREv6.
Error message: info: netlink: link dump failed: Length of MACAddress attribute not supported: 20
Reproducible by adding a GREv6 Tunnel:
auto gre1
iface gre1 inet tunnel
mode ip6gre
local 2001:1000:1000:1000::123
endpoint 2001:1000:1000:2000::123
address 192.168.123.1/29
In netlink The IFLA_ADDRESS and IFLA_BROADCAST attributes for all interfaces has been a
6-byte MAC address. But the GRE interface uses a 4-byte IP address and GREv6 uses a 16-byte IPv6 address for this
attribute. This patch allows for decoding a 16-byte value as an IP address.
Julien Fortin [Mon, 25 Jun 2018 14:36:26 +0000 (16:36 +0200)]
addons: addressvirtual: new policy (bool): addressvirtual_with_route_metric (default: yes)
Ifupdown2 is now setting a default metric on macvlan ips. This policy will let
users disable this new default behavior. addressvirtual_with_route_metric is
boolean policy variable.
addressvirtual_with_route_metric: yes|no|on|off|1|0 (default to yes)
addons: tunnel: Add support for GRETAP tunnels. (#34)
This commit adds support to configure and check gretap tunnels. An example
configuration could look like this:
iface tap0 inet tunnel
mode gretap
local 10.132.255.3
endpoint 10.132.255.1
ttl 64
mtu 1400
tunnel-physdev eth0
#
address 10.10.0.1/2
ifup will happily configure the interface (which it does even without this
patch) and ifquery now can successfully validate the configure interface:
cr03.in.ffho.net:~# ifquery -c tap0
iface tap0 inet tunnel [[ OK ]]
tunnel-physdev eth0 [[ OK ]]
endpoint 10.132.255.1 [[ OK ]]
local 10.132.255.3 [[ OK ]]
mode gretap [[ OK ]]
ttl 64 [[ OK ]]
mtu 1400 [[ OK ]]
address 10.10.0.1/24 [[ OK ]]
Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
This commit adds support for configuring GRE/IPIP/SIT tunnel interfaces as know
from previous versions of ifupdown. Currently only configuration checks for GRE
and SIT tunnels are implemented.
A tunnel interface configuration could look like this:
auto gre42
iface gre42 inet tunnel
mode gre
local 198.51.100.1
endpoint 203.0.113.2
#
# optional tunnel attributes
ttl 64
mtu 1400
tunnel-physdev eth0
#
address 192.0.2.42/31
address 2001:db8:d0c:23::42/64
auto he-ipv6
iface he-ipv6 inet tunnel
mode sit
endpoint 203.0.113.6
local 198.51.100.66
#
# optional tunnel attributes
ttl 255
mtu 1466
tunnel-physdev vrf_external
#
address 2001:db8:666::2/64
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Julien Fortin [Mon, 18 Jun 2018 16:44:32 +0000 (18:44 +0200)]
bridge: vlan-aware: add new boolean policy "vlan_aware_bridge_address_support"
closes #58
In linux its possible to assign a vlan-aware bridge an ip address
For some use cases is it useful to restrict users from configuring
ips on bridges VA. This patch will let admins and distributions
decide if it is necessary to warn the user in such case.
The patch introduces a new 'address' policy:
vlan_aware_bridge_address_support: yes|no|on|off|0|1 (default to yes)
[16:46:09] root:~ # cat /var/lib/ifupdown2/policy.d/address.json
{
"address": {
"module_globals": {
"enable_l3_iface_forwarding_checks": "yes"
},
"defaults": {
"mtu": "1500",
"ip-forward": "on",
"ip6-forward": "on"
}
}
}
[16:46:16] root:~ # ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto bridge
iface bridge
bridge-ports swp1
bridge-vlan-aware yes
address 10.10.10.10/32
[16:46:20] root:~ # ifup -a --syntax-check
[16:46:22] root:~ # echo $?
0
[16:46:33] root:~ # nano /var/lib/ifupdown2/policy.d/address.json
[16:46:47] root:~ # cat /var/lib/ifupdown2/policy.d/address.json
{
"address": {
"module_globals": {
"enable_l3_iface_forwarding_checks": "yes",
"vlan_aware_bridge_address_support": "no"
},
"defaults": {
"mtu": "1500",
"ip-forward": "on",
"ip6-forward": "on"
}
}
}
[16:46:48] root:~ # ifup -a --syntax-check
warning: bridge: ignoring ip address. Assigning an IP address is not allowed on bridge vlan aware interfaces
[16:46:51] root:~ # echo $?
1
[16:46:52] root:~ #
Julien Fortin [Thu, 21 Jun 2018 09:36:10 +0000 (11:36 +0200)]
addons: vrf: add support for 'link-down yes' on VRF slaves
$ ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
vrf mgmt
link-down yes
auto mgmt
iface mgmt
vrf-table auto
$ ifup -a -d
...
...
debug: mgmt: pre-up : running module vrf
info: executing /usr/lib/vrf/vrf-helper create mgmt 1001
debug: mgmt: eth0: slave configured with link-down yes
info: mgmt: netlink: ip link set dev mgmt up
...
$ ip link show eth0
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master mgmt state DOWN mode DEFAULT group default qlen 1000
link/ether 08:00:27:80:e2:97 brd ff:ff:ff:ff:ff:ff
Julien Fortin [Mon, 18 Jun 2018 16:44:32 +0000 (18:44 +0200)]
ifupdown2.conf: vlan_aware_bridge_address_support: allow ip on vlan-aware bridge (closes #58)
In linux its possible to assign an ip address to a vlan-aware bridge
For some use cases is it useful to restrict users from configuring ips on
bridges VA. This patch will let admins and distributions decide if it is
necessary to warn the user in such case.
The patch introduces a new configuration variable in:
/etc/network/ifudpown2/ifupdown2.conf
vlan_aware_bridge_address_support: yes|no|on|off|0|1 (default to yes)
Julien Fortin [Mon, 18 Jun 2018 17:24:12 +0000 (19:24 +0200)]
addons: addressvirtual: if system supports addr METRIC set skip route hack
Now that some system support ip addr METRIC sets we dont have to do this
"fix_connected_route" hack. The hack was previously introduced to make
sure the primary address was the first in the routing table. Some events
could cause some issues like having the macvlan address first in the
routing table. In that case the macvlan needs to be flapped. This shouldn't
happen when we are able to set the address metric
Julien Fortin [Mon, 18 Jun 2018 14:51:51 +0000 (16:51 +0200)]
addons: addressvirtual: new attribute: address-virtual-ipv6-addrgen [on|off]
[14:53:46] root:~ # ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto vlan1903
iface vlan1903
alias LAB-CUST-VMS
vlan-id 1903
vlan-raw-device bridge
address 2a06:c01:1:1903::3/64
address 185.98.123.3/24
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24
vrf public
auto public
iface public
vrf-table auto
auto bridge
iface bridge
bridge-ports swp1
[14:53:47] root:~ # ifup -a
[14:53:50] root:~ # ip addr show vlan1903-v0
46: vlan1903-v0@vlan1903: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master public state UP group default
link/ether 00:00:5e:00:01:a3 brd ff:ff:ff:ff:ff:ff
inet 185.98.123.1/24 scope global vlan1903-v0
valid_lft forever preferred_lft forever
inet6 2a06:c01:1:1903::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::200:5eff:fe00:1a3/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
[14:53:52] root:~ #
[14:53:54] root:~ #
[14:53:54] root:~ # nano /etc/network/interfaces
[14:53:57] root:~ # ifquery vlan1903
auto vlan1903
iface vlan1903
alias LAB-CUST-VMS
vlan-id 1903
vlan-raw-device bridge
address 2a06:c01:1:1903::3/64
address 185.98.123.3/24
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24
address-virtual-ipv6-addrgen off
vrf public
[14:54:05] root:~ # ifdown -a -X eth0
[14:54:08] root:~ # ifup -a -v
...
...
info: executing /bin/ip -force -batch - [link set dev vlan1903-v0 master public
link set dev vlan1903-v0 addrgenmode none
link set dev vlan1903-v0 down
link set dev vlan1903-v0 address 00:00:5e:00:01:a3
link set dev vlan1903-v0 up
addr add 2a06:c01:1:1903::1/64 dev vlan1903-v0
addr add fe80::1/64 dev vlan1903-v0
addr add 185.98.123.1/24 dev vlan1903-v0
route del 2a06:c01:1:1903::/64 table 1001 dev vlan1903-v0
route del fe80::/64 table 1001 dev vlan1903-v0
route add 2a06:c01:1:1903::/64 table 1001 dev vlan1903-v0 proto kernel metric 9999
route add fe80::/64 table 1001 dev vlan1903-v0 proto kernel metric 9999
]
...
...
[14:54:14] root:~ # ip addr show vlan1903-v0
50: vlan1903-v0@vlan1903: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master public state UP group default
link/ether 00:00:5e:00:01:a3 brd ff:ff:ff:ff:ff:ff
inet 185.98.123.1/24 scope global vlan1903-v0
valid_lft forever preferred_lft forever
inet6 2a06:c01:1:1903::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
[14:54:16] root:~ #
Julien Fortin [Mon, 18 Jun 2018 16:57:20 +0000 (18:57 +0200)]
addons: address: new attribute: ipv6-addrgen [on/off]
[14:49:15] root:~ # ifquery swp2
auto swp2
iface swp2
[14:49:18] root:~ # ip addr show swp2
4: swp2: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 90:e2:ba:2c:b2:95 brd ff:ff:ff:ff:ff:ff
[14:49:20] root:~ # ifup swp2
[14:49:23] root:~ # ip addr show swp2
4: swp2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 90:e2:ba:2c:b2:95 brd ff:ff:ff:ff:ff:ff
inet6 fe80::92e2:baff:fe2c:b295/64 scope link
valid_lft forever preferred_lft forever
[14:49:25] root:~ #
[14:49:32] root:~ # nano /etc/network/interfaces
[14:49:34] root:~ # ifquery swp2
auto swp2
iface swp2
ipv6-addrgen off
[14:49:41] root:~ # ifup -v swp2 |& grep addrgen
link set dev swp2 addrgenmode none
[14:49:57] root:~ # ip addr show swp2
4: swp2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 90:e2:ba:2c:b2:95 brd ff:ff:ff:ff:ff:ff
[14:50:01] root:~ #
[14:50:09] root:~ #
[14:50:09] root:~ # ifup -v swp2
info: executing /bin/ip -force -batch - [link set dev swp2 down
link set dev swp2 addrgenmode none
link set dev swp2 up
]
info: reading '/proc/sys/net/ipv4/conf/swp2/accept_local'
[14:50:13] root:~ #
Add support for setting phys-dev for VXLAN interfaces.
Add interface configuration option »vxlan-physdev« to set »dev« attribute
of VXLAN interfaces and a check for the running configuration.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
This backport also:
- adds support for ifquery --running
- uses the netlink cache
- includes some pep8 fixes
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com> Signed-off-by: Maximilian Wilhelm <max@rfc2324.org> Co-authored-by: Julien Fortin <julien@cumulusnetworks.com> Co-authored-by: Maximilian Wilhelm <max@rfc2324.org>
nlmanager : nlpacket : IFLA_BRPORT_ARP_SUPPRESS : use 32 netlink value : (fixes #47)
this has been upstreamed recently in linux kernel, with
IFLA_BRPORT_NEIGH_SUPPRESS, with 32 as netlink value.
https://www.spinics.net/lists/linux-ethernet-bridging/msg06910.html
Cumulus is using a temp 152 number in his own kernel.
This is needed for bgp evpn and anycast gateway.
auto vmbr3
iface vmbr3
bridge_ports vxlan3
bridge_stp off
bridge_fd 0
auto vxlan3
iface vxlan3 inet manual
vxlan-id 3
vxlan-local-tunnelip 10.59.100.231
bridge-learning off
bridge-arp-nd-suppress on
info: reading '/sys/class/net/vmbr3/bridge/stp_state'
debug: vmbr3: evaluating port expr '['vxlan3']'
debug: _cache_get(['vxlan3', 'hwaddress']) : ['hwaddress']
debug: reading '/sys/class/net/vxlan3/address'
info: writing '1' to file /proc/sys/net/ipv6/conf/vxlan3/disable_ipv6
info: executing /bin/ip -force -batch - [link set dev vxlan3 master vmbr3
addr flush dev vxlan3
]
info: vmbr3: applying bridge port configuration: ['vxlan3']
info: vmbr3: vxlan3: set bridge-learning off
debug: (cache None)
info: vmbr3: vxlan3: set bridge-arp-nd-suppress on
debug: (cache None)
info: vmbr3: vxlan3: vxlan learning and bridge learning out of sync: set False
info: vxlan3: netlink: ip link set dev vxlan3: bridge slave attributes
debug: vxlan3: ifla_info_data {7: False}
debug: vxlan3: ifla_info_slave_data {8: False, 152: True}
ifupdown: ifupdownmain: create a copy of environment dictionary for addons scripts (fixes #49)
Today when ifupdown2 execute addons scripts we use the global environment
dictionary (os.environ) and not a copy of this dict. This corrupts the environment.
Julien Fortin [Thu, 13 Dec 2018 19:43:32 +0000 (11:43 -0800)]
ifupdown2 2.0.0 release
This is a major update coming all at once from master-next branch
master-next branch was started with --orphan option which is basically a new
branch without history.
The major changes are:
- repackaging
- cleanup the directory tree
- rewritte setup.py to allow install from deb file or pypi (pip install)
- add a Makefile to make things (like building a deb) easier
- review all debian files
addons: tunnel: Make sure tunnel modes are read correctly
Latest additions added a bunch of new tunnel modes but didn't add support
to read in these modes which breaks 'ifquery' as it falsely marks the mode
as 'fail'.
Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
addons: tunnel: Fix (re)creation of tunnelsof any kind.
Create all tunnels - except gretap - with 'ip tunnel', as this supports
most tunnel modes; create gretap tunnels with 'ip link'.
Rework the whole concept of tunnel updates and make sure a tunnel only is
changed - recreated - IFF the configuration has changed. In previos code
'tunnel change' was called on every _up() call. The 'tunnel change' part
was removed completely as it doesn't work on many occations. So IFF the
tunnel related interface configuration has changed, the tunnel is removed
and recreated.
fixes #78
Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
addons: tunnel: Add support for GRETAP tunnels. (#34)
This commit adds support to configure and check gretap tunnels. An example
configuration could look like this:
iface tap0 inet tunnel
mode gretap
local 10.132.255.3
endpoint 10.132.255.1
ttl 64
mtu 1400
tunnel-physdev eth0
#
address 10.10.0.1/2
ifup will happily configure the interface (which it does even without this
patch) and ifquery now can successfully validate the configure interface:
cr03.in.ffho.net:~# ifquery -c tap0
iface tap0 inet tunnel [[ OK ]]
tunnel-physdev eth0 [[ OK ]]
endpoint 10.132.255.1 [[ OK ]]
local 10.132.255.3 [[ OK ]]
mode gretap [[ OK ]]
ttl 64 [[ OK ]]
mtu 1400 [[ OK ]]
address 10.10.0.1/24 [[ OK ]]
Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
addons: batman_adv: Add support for more B.A.T.M.A.N. adv. attributes. (#35)
* addons: batman_adv: Rework B.A.T.M.A.N. adv. attribute handling.
This commit reworks the internal handling of B.A.T.M.A.N. adv. attributes
within the plugin. The new approach on setting and checking attributes is
more generic and allows adding more B.A.T.M.A.N. adv. which should be set
as attributes of an B.A.T.M.A.N. adv. interface in a simple way.
This commit does not introduce any changes visibile to the user.
Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
* addons: batman_adv: Add support for more B.A.T.M.A.N. adv. attributes.
This commit adds supports for setting the following optional attributes:
* gw-mode (one of { off, client, server })
* multicast-mode (can be 'enabled' or 'disabled')
* distributed-arp-table (cat be 'enabled' or 'disabled')
addons: address: Fix handling of 'pointopoint' attr. (#23)
Due to a simple logic bug the 'pointopoint' attribute was ignored when
specifying and address as <ip/mask> and only considered when IP and mask
where given seperately. This commit fixes this behaviour.
When configured in ptp mode »ip addr« will show the IP address without a
netmask which will make »ifquery -c« mark the IP as failed. The check has
been fixed, too.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Julien Fortin [Thu, 23 Feb 2017 09:42:34 +0000 (16:42 +0700)]
sbin: start-networking: adjust allow-hotplug behavior to ifupdown
Ticket: Bug#855598: src:ifupdown2: allow-hotplug behaves differently, not UPing interfaces
Reviewed By: Roopa
Testing Done: mark an interface (ethX) as hotplug then reboot
This commit adds support for configuring GRE/IPIP/SIT tunnel interfaces as know
from previous versions of ifupdown. Currently only configuration checks for GRE
and SIT tunnels are implemented.
A tunnel interface configuration could look like this:
auto gre42
iface gre42 inet tunnel
mode gre
local 198.51.100.1
endpoint 203.0.113.2
#
# optional tunnel attributes
ttl 64
mtu 1400
tunnel-physdev eth0
#
address 192.0.2.42/31
address 2001:db8:d0c:23::42/64
auto he-ipv6
iface he-ipv6 inet tunnel
mode sit
endpoint 203.0.113.6
local 198.51.100.66
#
# optional tunnel attributes
ttl 255
mtu 1466
tunnel-physdev vrf_external
#
address 2001:db8:666::2/64
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
batman_adv: Ignore non-existing batman interface when setting up batman iface.
Previously a single non existing batman member interface could prevent the
configuration of the batman interface. This patch makes sure only existing
member interfaces will be considered when setting up the interface.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Addons: vxlan: Fix check of »vxlan-svcnodeip« config option.
The »vxlan-svcnodeip« corresponds with the multicast »group« parameter
of the VXLAN interface and should be checked against this value instead
of the »remote« parameter for unicast ptp tunnels.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Add addon module for B.A.T.M.A.N. advanced interface configuration. (#12)
* Add addon module for B.A.T.M.A.N. advanced interface configuration.
This commit adds support for configuring B.A.T.M.A.N. advanced interfaces
with ifupdown2. B.A.T.M.A.N. advanced is a protocol to build Layer2 based
mesh networks with. It's supported in the Linux kernel and thus available
in many Linux environments.
where »bat0« would be the local connection to the mesh network.
The interfaces »eth1« and »eth2.23« would be used by the B.A.T.M.A.N. adv.
protocol to communicate to other member of the mesh network.
Any interfaces matching the »ifaces-ignore-regex« will be gently ignored
by ifquery and ifreload as there might be some tunnels or interfaces
added to the mesh network by other means which should not be removed by
any subsequent ifreload run.
The »hop-penalty» parameter set the penalty of this node within the mesh
network.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
* addons: batman_adv: replacing rtnetlink by netlink api call and iproute2 instantiation fix
These changes are due to modifications we introduced in debian-prep2.
We no longer use the rtnetlink_api but a new one "netlink" build on top of python-nlmanager.
* Reflect upstream change where flags are stored.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Julien Fortin [Thu, 1 Mar 2018 05:46:53 +0000 (16:46 +1100)]
iproute2: addr_add: change default broadcast to '+' so iproute2 generate broadcast addrs
today ifupdown2 doesn't generate the broadcast address for an intf while ifupdown1(debian)
does, simply changing the default broadcast value to '+' solve the issue.
$ ip addr show bond1
13: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether f4:52:14:33:ea:01 brd ff:ff:ff:ff:ff:ff
inet 88.213.145.1/24 scope global bond1
valid_lft forever preferred_lft forever
inet6 fe80::f652:14ff:fe33:ea01/64 scope link
valid_lft forever preferred_lft forever
******************************************
With ifupdown1 (debian) with the same configuration
Gaudenz Steinlin [Wed, 25 Oct 2017 00:00:27 +0000 (02:00 +0200)]
Pass environment variables to addon scripts (#32)
Pass the same environment variables to addon scripts from /etc/network/
as are passed to user defined commands in interfaces stanzas. This is
needed for compatibility with ifupdown.
For hotplug devices check if the link is present, not up (#28)
Checking operstate would require firmware to be loaded and link
negotiation to of taken place. Some firmwares take a few seconds to
upload and online the device, and some link negotiations take a second
or two.
Immediately checking operstate is not feasible here. Checking if the
link is present is a more suitable non-delaying approach.
Julien Fortin [Thu, 23 Feb 2017 09:42:34 +0000 (16:42 +0700)]
sbin: start-networking: adjust allow-hotplug behavior to ifupdown
Ticket: Bug#855598: src:ifupdown2: allow-hotplug behaves differently, not UPing interfaces
Reviewed By: Roopa
Testing Done: mark an interface (ethX) as hotplug then reboot
Roopa Prabhu [Mon, 6 Feb 2017 00:27:02 +0000 (16:27 -0800)]
addons: bridge: support for bridge-learning attribute
Ticket: CM-14683
Reviewed By: julien, mallik, anita, vivek, balki, wkok
Testing Done: tested with bridge-learning on off
- support for bridge-learning attribute on bridge ports.
(currently uses sysfs, must move to netlink soon)
- Additional feature for vxlan bridge ports: sync learning
flag to vxlan bridge ports. No ifquery check for this auto
sync feature.
example config for vxlan ports:
auto vxlan1000
iface vxlan1000
vxlan-id 1000
bridge-learning off
bridge-access 100
Ticket: CM-8424
Reviewed By: Roopa, Julien
Testing Done: using the config mentioned in bug
updelay
Specifies the time, in milliseconds, to wait before enabling a
slave after a link recovery has been detected. This option is
only valid for the miimon link monitor.
downdelay
Specifies the time, in milliseconds, to wait before disabling
a slave after a link failure has been detected. This option
is only valid for the miimon link monitor.