Julien Fortin [Wed, 19 Dec 2018 06:14:15 +0000 (07:14 +0100)]
addons: batman_adv: import and IO api refactoring
The new code base supports installation via pypi so we need to update the
imports statement.
It's also good practice to use the existing IO apis to read/write and execute
sub-commands, those API will do error handling and logging.
Add addon module for B.A.T.M.A.N. advanced interface configuration. #12
batman wasn't in master-next so it got removed during the last merge
this commit adds it back to master.
See PR #12
From Maximilian Wilhelm:
This commit adds support for configuring B.A.T.M.A.N. advanced interfaces
with ifupdown2. B.A.T.M.A.N. advanced is a protocol to build Layer2 based
mesh networks with. It's supported in the Linux kernel and thus available
in many Linux environments.
where »bat0« would be the local connection to the mesh network.
The interfaces »eth1« and »eth2.23« would be used by the B.A.T.M.A.N. adv.
protocol to communicate to other member of the mesh network.
Any interfaces matching the »ifaces-ignore-regex« will be gently ignored
by ifquery and ifreload as there might be some tunnels or interfaces
added to the mesh network by other means which should not be removed by
any subsequent ifreload run.
The »hop-penalty» parameter set the penalty of this node within the mesh
network.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com> Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Author: Maximilian Wilhelm <max@rfc2324.org>
During the recent merge between master and master-next the changes introduced
by PR #80 were lost. This commit adds them back with some refactoring to use
the new netlink cache.
Co-authored-by: Maximilian Wilhelm <max@sdn.clinic> Co-authored-by: Julien Fortin <julien@cumulusnetworks.com> Signed-off-by: Maximilian Wilhelm <max@sdn.clinic> Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Julien Fortin [Fri, 14 Dec 2018 01:09:46 +0000 (17:09 -0800)]
debian: changelog: new entry for version 1.2.2
ifupdown2 (1.2.2) unstable; urgency=medium
* Support for new iproute2 format (bridge vlan show)
* Pypi install: local addons modules should be loaded first
* Fix: link-down yes on vrf slaves
* Fix: nlmanager: use strerror to format kernel error
* Add: new checks for existing device with vxlan attributes
* Ethtool: FEC: translate None and NotSupported values to link-fec off
-- Julien Fortin <julien@cumulusnetworks.com> Thu, 13 Dec 2018 23:42:42 -0800
Julien Fortin [Thu, 6 Dec 2018 18:56:50 +0000 (10:56 -0800)]
config: local addons modules should be loaded first
ifupdown2 can be installed via apt/dpkg or via pypi (pip), those two installation methods have
two different installation directory. Our main installation dir is /usr/share/ifupdown2. This is
also were other scripts might add their own addon.
If ifupdown2 is installed via pypi we need to make sure we are loading the script-added addon modules
Julien Fortin [Thu, 6 Dec 2018 18:40:48 +0000 (10:40 -0800)]
addons: vrf: fix link-down yes on vrf slaves
because of a typo (use of wrong object) we weren't looking at the correct
ifaceobj for LINK_DOWN lookup. In some cases we didn't honor link-down yes
on VRF slaves
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports vx-1000 vx-1001 vx-1002 vx-1003 vx-1004 hostbond3 hostbond4
bridge-stp on
bridge-vids 1000-1004
bridge-pvid 1
auto vx-1002
iface vx-1002
vxlan-id 1002
bridge-access 1002
vxlan-local-tunnelip 27.0.0.15
bridge-learning off
bridge-arp-nd-suppress on
mstpctl-portbpdufilter yes
mstpctl-bpduguard yes
mtu 9152
auto hostbond4
iface hostbond4
bond-slaves swp2 swp3
bond-mode 802.3ad
bond-min-links 1
bond-lacp-rate 1
mtu 9152
alias Local Node/s TORS1 and Ports swp32s2 swp32s3 <==> Remote Node/s HOSTS12 and Ports swp1 swp2
bridge-pvid 1001
auto swp3
iface swp3
link-speed 10000
link-duplex full
link-autoneg off
auto swp2
iface swp2
link-speed 10000
link-duplex full
link-autoneg off
auto vx-1004
iface vx-1004
vxlan-id 1004
bridge-access 1004
vxlan-local-tunnelip 27.0.0.15
bridge-learning off
bridge-arp-nd-suppress on
mstpctl-portbpdufilter yes
mstpctl-bpduguard yes
mtu 9152
auto vx-1003
iface vx-1003
vxlan-id 1003
bridge-access 1003
vxlan-local-tunnelip 27.0.0.15
bridge-learning off
bridge-arp-nd-suppress on
mstpctl-portbpdufilter yes
mstpctl-bpduguard yes
mtu 9152
auto hostbond3
iface hostbond3
bond-slaves swp5 swp6
bond-mode 802.3ad
bond-min-links 1
bond-lacp-rate 1
mtu 9152
alias Local Node/s TORS1 and Ports swp32s0 swp32s1 <==> Remote Node/s HOSTS11 and Ports swp1 swp2
bridge-pvid 1000
auto swp6
iface swp6
link-speed 10000
link-duplex full
link-autoneg off
auto swp5
iface swp5
link-speed 10000
link-duplex full
link-autoneg off
auto vx-1001
iface vx-1001
vxlan-id 1001
bridge-access 1001
vxlan-local-tunnelip 27.0.0.15
bridge-learning off
bridge-arp-nd-suppress on
mstpctl-portbpdufilter yes
mstpctl-bpduguard yes
mtu 9152
auto vx-1000
iface vx-1000
vxlan-id 1000
bridge-access 1000
vxlan-local-tunnelip 27.0.0.15
bridge-learning off
bridge-arp-nd-suppress on
mstpctl-portbpdufilter yes
mstpctl-bpduguard yes
mtu 9152
Julien Fortin [Tue, 6 Nov 2018 00:35:37 +0000 (01:35 +0100)]
addons: ethtool: fec: only use and compare lowercase data
on --show-fec ethtool seems to return fec in uppercase while
we only advertise lowercase validvals. We should only deal
and compare lowercase values for running, config and default
Julien Fortin [Tue, 30 Oct 2018 10:31:11 +0000 (11:31 +0100)]
addons: address: new l3_intf_default_gateway_set_onlink policy closes #54
As shown in the following example, ifupdown1 sets the default route with the
onlink attribute. This patch will add this capability to ifupdown2 controlled
by a policy variable in the address module: "l3_intf_default_gateway_set_onlink"
default to on
[19:16:07] root:~ # cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto enp0s3
iface enp0s3 inet static
address 78.46.193.234/32
gateway 172.31.1.1
[19:16:19] root:~ # ifup -a -v
ifup: configuring interface enp0s3=enp0s3 (inet)
...
/bin/ip addr add 78.46.193.234/255.255.255.255 broadcast 78.46.193.234 dev enp0s3 label enp0s3
/bin/ip link set dev enp0s3 up
/bin/ip route add default via 172.31.1.1 dev enp0s3 onlink
...
[19:16:21] root:~ # ip route show
default via 172.31.1.1 dev enp0s3 onlink
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15
169.254.0.0/16 dev enp0s3 scope link metric 1000
[19:16:21] root:~ #
Julien Fortin [Mon, 29 Oct 2018 13:20:19 +0000 (14:20 +0100)]
addons: address: remplace sysctl calls with /proc/ read/write
Ticket: CM-21809
Reviewed By: Roopa
Testing Done:
<% num_vlans = 2048 %>
% for i in range(2,10):
% for j in range(2,num_vlans+2):
auto br${i}_${j}
iface br${i}_${j}
bridge-ports swp${i}.${j}
bridge-vlan-aware no
bridge-stp no
bridge-learning swp${i}.${j}=off
% endfor
% endfor
Julien Fortin [Fri, 26 Oct 2018 16:48:49 +0000 (18:48 +0200)]
addons: vxlan: attr vxlan-port: add DRYRUN check
-n sets DRYRUN flags, when DRYRUN is set many functions return True
(like link_exists), in this case vxlanattrs is set to False because
not cached. But since link_exists=True we still try to access it like
a dictionary.
The issue here lies with how we query the cache to get the ips addresses
configured on the macvlan. A few months ago we added support for link scope
addresses in the cache, since the kernel may add it's own link addresse to
some interfaces we need to filter them out when querying the cache (because
we just want to get the list of IPs managed by ifupdown2). To perform this
filtering we need to look at the current user configuration (/e/n/i) but we
also need to look at past configuration. To perform this filtering we need
to provide the API LinkUtils:get_running_addrs a special parameter for
address-virtual (we need an ifaceobj).
$ ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto vlan1000
iface vlan1000
address 192.168.10.2/24
address fc00:10::2/64
address-virtual 00:00:5e:00:01:01 192.168.10.1/24 fc00:10::1/64 fe80::1/64
address-virtual-ipv6-addrgen off
vlan-id 1000
vlan-raw-device bridge
vrf blue
auto bridge
iface bridge
bridge-ports swp1
auto blue
iface blue
vrf-table auto
$ ifreload -a
$ echo $?
0
$ ifquery -a -c
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp [pass]
auto vlan1000
iface vlan1000 [pass]
vlan-raw-device bridge [pass]
vlan-id 1000 [pass]
vrf blue [pass]
address 192.168.10.2/24 [pass]
address fc00:10::2/64 [pass]
address-virtual 00:00:5e:00:01:01 192.168.10.1/24 fc00:10::1/64 fe80::1/64 [pass]
address-virtual-ipv6-addrgen off [pass]
auto bridge
iface bridge [pass]
bridge-ports swp1 [pass]
File "/usr/share/ifupdown2/addons/bridge.py", line 709, in _query_check_l2protocol_tunnel_lldp
return ifla_brport_group_mask & 0x4000
TypeError: unsupported operand type(s) for &: 'NoneType' and 'int'
mstpctl might return an empty result on: mstpctl showportdetail bridge json
the cache is not filled with an empty dict so next cache lookup will be a
cache miss and therefore, ifupdown2 thinks we need to fill the cache with fresh
data and will execute showportdetail again (resulting in calling mstpctl cmd
sometime 5 or 6 times in a row).
[13:45:07] root:~ # ifup -a
[13:45:09] root:~ # echo $?
0
[13:45:10] root:~ # ip link show vlan42
34: vlan42@swp1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 90:e2:ba:2c:b1:96 brd ff:ff:ff:ff:ff:ff
[13:45:13] root:~ # nano /etc/network/interfaces
[13:45:19] root:~ # ifquery vlan42
auto vlan42
iface vlan42
address 42.42.42.42/24
vlan-id 42
vlan-raw-device swp2
[13:45:25] root:~ # ifreload -a
error: vlan42: cannot change vlan-raw-device from swp1 to swp2: operation not supported. Please delete the device with 'ifdown vlan42' and recreate it to apply the change.
[13:45:27] root:~ # echo $?
1
[13:45:30] root:~ #
Julien Fortin [Thu, 9 Aug 2018 11:19:08 +0000 (13:19 +0200)]
LinkUtils: check device MTU and /proc/../disable_ipv6 before setting ipv6-addrgen
The minimum IPv6 MTU (ipv6 stack should handle at minmum this size)
is 1280 bytes. If you set the MTU below that then you can't really
have ipv6 addrconf follows the MTU changes and if it sees change
below 1280 then it disables ipv6 on the iface
$ ifquery swp1
auto swp1
iface swp1
mtu 420
$ ifreload -a
error: swp1: cmd '/bin/ip -force -batch - [link set dev swp1 down
link set dev swp1 addrgenmode eui64
link set dev swp1 up
]' failed: returned 1 (RTNETLINK answers: Address family not supported by protocol
Command failed -:2
)
Julien Fortin [Wed, 1 Aug 2018 09:30:28 +0000 (11:30 +0200)]
README: update build instruction to switch to maste-next branch
The building instruction didn't mention that users should checkout the master-next branch and build from it. This branch contains the lastest ifupdown2 version
ipv6-addrgen: add ifquery check/running/ifreload support using netlink cache
[13:09:20] root:~ # ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-raw-device bridge
ipv6-addrgen no
address-virtual-ipv6-addrgen no
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24
auto bridge
iface bridge
bridge-ports swp1
[13:09:25] root:~ # ifup -a -v
info: loading builtin modules from ['/usr/share/ifupdown2/addons']
info: executing /var/lib/ifupdown2/hooks/get_reserved_vlan_range.sh
info: executing /sbin/sysctl net.bridge.bridge-allow-multiple-vlans
info: executing /bin/pidof mstpd
info: executing /bin/ip rule show
info: executing /bin/ip -6 rule show
info: address: using default mtu 1500
info: 'link_master_slave' is set. slave admin state changes will be delayed till the masters admin state change.
info: processing interfaces file /etc/network/interfaces
info: lo: running ops ...
info: netlink: ip link show
info: netlink: ip addr show
info: executing /bin/ip addr help
info: address metric support: KO
info: lo: netlink: ip link set dev lo up
info: reading '/proc/sys/net/mpls/conf/lo/input'
info: reading '/proc/sys/net/ipv4/conf/lo/forwarding'
info: reading '/proc/sys/net/ipv6/conf/lo/forwarding'
info: reading '/proc/sys/net/ipv4/conf/lo/accept_local'
info: executing /bin/systemctl is-enabled vxrd.service
info: eth0: running ops ...
info: executing /sbin/ethtool eth0
info: reading '/sys/class/net/eth0/speed'
info: reading '/sys/class/net/eth0/duplex'
info: eth0: netlink: ip link set dev eth0 up
info: dhclient4 already running on eth0. Not restarting.
info: reading '/proc/sys/net/mpls/conf/eth0/input'
info: reading '/proc/sys/net/ipv4/conf/eth0/forwarding'
info: reading '/proc/sys/net/ipv6/conf/eth0/forwarding'
info: reading '/proc/sys/net/ipv4/conf/eth0/accept_local'
info: swp1: running ops ...
info: executing /sbin/ethtool swp1
info: reading '/sys/class/net/swp1/speed'
info: reading '/sys/class/net/swp1/duplex'
info: executing /sbin/ethtool -s swp1 speed 1000 duplex full
info: reading '/proc/sys/net/mpls/conf/swp1/input'
info: reading '/proc/sys/net/ipv4/conf/swp1/accept_local'
info: bridge: running ops ...
info: bridge: netlink: ip link add bridge type bridge
info: bridge: apply bridge settings
info: bridge: set bridge-ageing 1800
info: bridge: set bridge-hashel 4096
info: bridge: set bridge-hashmax 4096
info: bridge: set bridge-mcstats on
info: reading '/sys/class/net/bridge/bridge/stp_state'
info: bridge: stp state reset, reapplying port settings
info: bridge: netlink: ip link set bridge type bridge with attributes
info: writing '1' to file /proc/sys/net/ipv6/conf/swp1/disable_ipv6
info: executing /bin/ip -force -batch - [link set dev swp1 master bridge
addr flush dev swp1
]
info: bridge: applying bridge port configuration: ['swp1']
info: bridge: swp1: set bridge-portprios 8
info: swp1: netlink: ip link set dev swp1: bridge slave attributes
info: executing /sbin/brctl showmcqv4src bridge
info: bridge: applying bridge configuration specific to ports
info: bridge: processing bridge config for port swp1
info: swp1: netlink: ip link set dev swp1 up
info: bridge: setting bridge mac to port swp1 mac
info: executing /bin/ip link set dev bridge address 90:e2:ba:2c:b1:96
info: executing /sbin/mstpctl showportdetail bridge json
info: executing /sbin/mstpctl showbridge json bridge
info: bridge: applying mstp configuration specific to ports
info: bridge: processing mstp config for port swp1
info: bridge: netlink: ip link set dev bridge up
info: reading '/proc/sys/net/mpls/conf/bridge/input'
info: executing /sbin/sysctl net.ipv4.conf.bridge.forwarding
info: executing /sbin/sysctl net.ipv6.conf.bridge.forwarding
info: executing /bin/ip -force -batch - [link set dev bridge down
link set dev bridge addrgenmode eui64
link set dev bridge up
]
info: reading '/proc/sys/net/ipv4/conf/bridge/accept_local'
info: vlan1903: running ops ...
info: vlan1903: netlink: ip link add link bridge name vlan1903 type vlan id 1903 protocol 802.1q
info: vlan1903: netlink: ip link set dev vlan1903 up
info: reading '/proc/sys/net/mpls/conf/vlan1903/input'
info: reading '/proc/sys/net/ipv4/conf/vlan1903/forwarding'
info: reading '/proc/sys/net/ipv6/conf/vlan1903/forwarding'
info: executing /bin/ip -force -batch - [link set dev vlan1903 down
link set dev vlan1903 addrgenmode none
link set dev vlan1903 up
]
info: vlan1903: netlink: ip link add link vlan1903 name vlan1903-v0 type macvlan mode private
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.accept_dad
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.accept_dad=0
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.dad_transmits
info: executing /sbin/sysctl net.ipv6.conf.vlan1903-v0.dad_transmits=0
info: executing /bin/ip -force -batch - [link set dev vlan1903-v0 addrgenmode none
link set dev vlan1903-v0 down
link set dev vlan1903-v0 address 00:00:5e:00:01:a3
link set dev vlan1903-v0 up
addr add 2a06:c01:1:1903::1/64 dev vlan1903-v0
addr add fe80::1/64 dev vlan1903-v0
addr add 185.98.123.1/24 dev vlan1903-v0
route del 2a06:c01:1:1903::/64 dev vlan1903-v0
route del fe80::/64 dev vlan1903-v0
route add 2a06:c01:1:1903::/64 dev vlan1903-v0 proto kernel metric 9999
route add fe80::/64 dev vlan1903-v0 proto kernel metric 9999
]
info: reading '/proc/sys/net/ipv4/conf/vlan1903/accept_local'
[13:09:29] root:~ #
[13:09:30] root:~ #
[13:09:30] root:~ # ifquery -a -c
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp [pass]
auto vlan1903
iface vlan1903 [pass]
vlan-raw-device bridge [pass]
vlan-id 1903 [pass]
ipv6-addrgen no [pass]
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24 [pass]
address-virtual-ipv6-addrgen no [pass]
auto bridge
iface bridge [pass]
bridge-ports swp1 [pass]
[13:09:33] root:~ #
[13:09:35] root:~ #
[13:09:35] root:~ # ifquery -a -r
auto vlan1903-v0
iface vlan1903-v0
ipv6-addrgen off
address 185.98.123.1/24
address 2a06:c01:1:1903::1/64
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-protocol 802.1Q
vlan-raw-device bridge
ipv6-addrgen off
address-virtual 00:00:5e:00:01:a3 185.98.123.1/242a06:c01:1:1903::1/64
address-virtual-ipv6-addrgen off
auto bridge
iface bridge
bridge-vlan-stats off
bridge-mcstats 1
bridge-ports swp1
bridge-stp yes
mstpctl-portp2p swp1=auto
mstpctl-treeportcost swp1=20000
mstpctl-portautoedge swp1=yes
auto swp1
iface swp1
auto eth0
iface eth0 inet dhcp
auto lo
iface lo inet loopback
mtu 65536
[13:09:38] root:~ # ip -d link show vlan1903
20: vlan1903@bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 90:e2:ba:2c:b1:96 brd ff:ff:ff:ff:ff:ff promiscuity 1
vlan protocol 802.1Q id 1903 <REORDER_HDR> addrgenmode none
[13:09:50] root:~ # ip -d link show vlan1903-v0
21: vlan1903-v0@vlan1903: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 00:00:5e:00:01:a3 brd ff:ff:ff:ff:ff:ff promiscuity 0
macvlan mode private addrgenmode none
[13:09:53] root:~ #
[13:09:56] root:~ # ip link set dev vlan1903-v0 addrgenmode eui64
[13:10:23] root:~ # ifquery -a -c
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp [pass]
auto vlan1903
iface vlan1903 [fail]
vlan-raw-device bridge [pass]
vlan-id 1903 [pass]
ipv6-addrgen no [pass]
address-virtual 00:00:5e:00:01:a3 2a06:c01:1:1903::1/64 fe80::1/64 185.98.123.1/24 [pass]
address-virtual-ipv6-addrgen no [fail]
auto bridge
iface bridge [pass]
bridge-ports swp1 [pass]
[13:10:29] root:~ # ifquery -a -r
auto vlan1903-v0
iface vlan1903-v0
address 185.98.123.1/24
address 2a06:c01:1:1903::1/64
auto vlan1903
iface vlan1903
vlan-id 1903
vlan-protocol 802.1Q
vlan-raw-device bridge
ipv6-addrgen off
address-virtual 00:00:5e:00:01:a3 185.98.123.1/242a06:c01:1:1903::1/64
address-virtual-ipv6-addrgen on
auto bridge
iface bridge
bridge-vlan-stats off
bridge-mcstats 1
bridge-ports swp1
bridge-stp yes
mstpctl-portp2p swp1=auto
mstpctl-treeportcost swp1=20000
mstpctl-portautoedge swp1=yes
nlpacket: add decode support for IFLA_AF_SPEC (AF_UNSPEC) family - inet6 attributes
This patch mostly adds support for IFLA_INET6_ADDR_GEN_MODE
nlmanager doesn't support multiple kernel version all the
other attributes like IFLA_INET6_CONF are based on DEVCONF_MAX
from _UAPI_IPV6_H.
addons: addressvirtual: flush macvlan addr cache when setting addrgenmode
When setting addrgenmode it is necessary to flap the macvlan
device. After flapping the device we also need to re-add all
the user configuration. The best way to add the user config
is to flush our internal address cache.
[10:12:39] root:~ #
[10:12:41] root:~ # ifreload -a -d
...
debug: vlan1000: up : running module addressvirtual
debug: vlan1000-v0: reset address cache <<<<<<<<<<<<<<<<<<<<<< without this reset ifupdown2 would be in a broken state
info: vlan1000: checking route entry ...
info: executing /bin/ip route get 192.168.10.0/24
info: netlink: ip link show dev vlan1000
info: netlink: ip link show dev vlan1000-v0
info: vlan1000-v0: netlink: ip link set dev vlan1000-v0 up
info: executing /bin/ip -force -batch - [link set dev vlan1000-v0 down
link set dev vlan1000-v0 addrgenmode none
link set dev vlan1000-v0 up
addr add 192.168.10.1/24 dev vlan1000-v0
addr add fc00:10::1/64 dev vlan1000-v0
addr add fe80::1/64 dev vlan1000-v0
]
...
[10:12:50] root:~ #
[10:12:51] root:~ # ip -6 -o addr show vlan1000-v0
48: vlan1000-v0 inet6 fc00:10::1/64 scope global \ valid_lft forever preferred_lft forever
48: vlan1000-v0 inet6 fe80::1/64 scope link \ valid_lft forever preferred_lft forever
[10:12:53] root:~ # ifquery vlan1000 -c
auto vlan1000
iface vlan1000 [pass]
vlan-raw-device bridge [pass]
vlan-id 1000 [pass]
address 192.168.10.1/24 [pass]
address fc00:10::1/64 [pass]
address-virtual 00:00:5e:00:01:01 192.168.10.1/24 fc00:10::1/64 fe80::1/64 [pass]
when handling mstpctl attribute on vlan-unaware bridges we don't
check the running configuration of the bridge ports (cache) thus
misconfiguring some attributes on brports.
We first create a traditional bridge with:
auto bridge1
iface bridge1
bridge-ports swp1 swp2
bridge-vlan-aware no
We check the setting:
$ mstpctl showportdetail bridge1 swp1 | grep edge
admin edge port no auto edge port yes
oper edge port yes topology change ack no
We then add the setting for swp1:
auto swp1
iface swp1
mstpctl-portautoedge no
We then do an ifreload -adv and we see two calls. First
info: executing /sbin/mstpctl setportautoedge bridge1 swp1 no
and then a little later
info: executing /sbin/mstpctl setportautoedge bridge1 swp1 yes
addons: bridge: if device exists - check if device is really a bridge
[18:43:47] root:~ # ip link show swp3
5: swp3: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 08:00:27:bc:04:3c brd ff:ff:ff:ff:ff:ff
[18:43:48] root:~ #
[18:43:49] root:~ #
[18:43:50] root:~ # cat /etc/network/interfaces
auto lo
iface lo inet loopback
this commit adds some explanation/comments in the decode function of the
AttributeMACAddress class. Some comments are moved around and placed
in the right location.
Sven Auhagen [Wed, 27 Jun 2018 05:24:21 +0000 (07:24 +0200)]
netlink: nlpacket AttributeMACAddress
This commits fixes AttributeMACAddress for GREv6.
Error message: info: netlink: link dump failed: Length of MACAddress attribute not supported: 20
Reproducible by adding a GREv6 Tunnel:
auto gre1
iface gre1 inet tunnel
mode ip6gre
local 2001:1000:1000:1000::123
endpoint 2001:1000:1000:2000::123
address 192.168.123.1/29
In netlink The IFLA_ADDRESS and IFLA_BROADCAST attributes for all interfaces has been a
6-byte MAC address. But the GRE interface uses a 4-byte IP address and GREv6 uses a 16-byte IPv6 address for this
attribute. This patch allows for decoding a 16-byte value as an IP address.
Julien Fortin [Mon, 25 Jun 2018 14:36:26 +0000 (16:36 +0200)]
addons: addressvirtual: new policy (bool): addressvirtual_with_route_metric (default: yes)
Ifupdown2 is now setting a default metric on macvlan ips. This policy will let
users disable this new default behavior. addressvirtual_with_route_metric is
boolean policy variable.
addressvirtual_with_route_metric: yes|no|on|off|1|0 (default to yes)
addons: tunnel: Add support for GRETAP tunnels. (#34)
This commit adds support to configure and check gretap tunnels. An example
configuration could look like this:
iface tap0 inet tunnel
mode gretap
local 10.132.255.3
endpoint 10.132.255.1
ttl 64
mtu 1400
tunnel-physdev eth0
#
address 10.10.0.1/2
ifup will happily configure the interface (which it does even without this
patch) and ifquery now can successfully validate the configure interface:
cr03.in.ffho.net:~# ifquery -c tap0
iface tap0 inet tunnel [[ OK ]]
tunnel-physdev eth0 [[ OK ]]
endpoint 10.132.255.1 [[ OK ]]
local 10.132.255.3 [[ OK ]]
mode gretap [[ OK ]]
ttl 64 [[ OK ]]
mtu 1400 [[ OK ]]
address 10.10.0.1/24 [[ OK ]]
Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
This commit adds support for configuring GRE/IPIP/SIT tunnel interfaces as know
from previous versions of ifupdown. Currently only configuration checks for GRE
and SIT tunnels are implemented.
A tunnel interface configuration could look like this:
auto gre42
iface gre42 inet tunnel
mode gre
local 198.51.100.1
endpoint 203.0.113.2
#
# optional tunnel attributes
ttl 64
mtu 1400
tunnel-physdev eth0
#
address 192.0.2.42/31
address 2001:db8:d0c:23::42/64
auto he-ipv6
iface he-ipv6 inet tunnel
mode sit
endpoint 203.0.113.6
local 198.51.100.66
#
# optional tunnel attributes
ttl 255
mtu 1466
tunnel-physdev vrf_external
#
address 2001:db8:666::2/64
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Julien Fortin [Mon, 18 Jun 2018 16:44:32 +0000 (18:44 +0200)]
bridge: vlan-aware: add new boolean policy "vlan_aware_bridge_address_support"
closes #58
In linux its possible to assign a vlan-aware bridge an ip address
For some use cases is it useful to restrict users from configuring
ips on bridges VA. This patch will let admins and distributions
decide if it is necessary to warn the user in such case.
The patch introduces a new 'address' policy:
vlan_aware_bridge_address_support: yes|no|on|off|0|1 (default to yes)
[16:46:09] root:~ # cat /var/lib/ifupdown2/policy.d/address.json
{
"address": {
"module_globals": {
"enable_l3_iface_forwarding_checks": "yes"
},
"defaults": {
"mtu": "1500",
"ip-forward": "on",
"ip6-forward": "on"
}
}
}
[16:46:16] root:~ # ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto bridge
iface bridge
bridge-ports swp1
bridge-vlan-aware yes
address 10.10.10.10/32
[16:46:20] root:~ # ifup -a --syntax-check
[16:46:22] root:~ # echo $?
0
[16:46:33] root:~ # nano /var/lib/ifupdown2/policy.d/address.json
[16:46:47] root:~ # cat /var/lib/ifupdown2/policy.d/address.json
{
"address": {
"module_globals": {
"enable_l3_iface_forwarding_checks": "yes",
"vlan_aware_bridge_address_support": "no"
},
"defaults": {
"mtu": "1500",
"ip-forward": "on",
"ip6-forward": "on"
}
}
}
[16:46:48] root:~ # ifup -a --syntax-check
warning: bridge: ignoring ip address. Assigning an IP address is not allowed on bridge vlan aware interfaces
[16:46:51] root:~ # echo $?
1
[16:46:52] root:~ #
Julien Fortin [Thu, 21 Jun 2018 09:36:10 +0000 (11:36 +0200)]
addons: vrf: add support for 'link-down yes' on VRF slaves
$ ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
vrf mgmt
link-down yes
auto mgmt
iface mgmt
vrf-table auto
$ ifup -a -d
...
...
debug: mgmt: pre-up : running module vrf
info: executing /usr/lib/vrf/vrf-helper create mgmt 1001
debug: mgmt: eth0: slave configured with link-down yes
info: mgmt: netlink: ip link set dev mgmt up
...
$ ip link show eth0
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master mgmt state DOWN mode DEFAULT group default qlen 1000
link/ether 08:00:27:80:e2:97 brd ff:ff:ff:ff:ff:ff
projects / mirror_ifupdown2.git / log