check if the bond mac address is correctly inherited from it's
first slave. There's a case where that might not be happening:
$ ip link show swp1 | grep ether
link/ether 08:00:27:04:d8:01 brd ff:ff:ff:ff:ff:ff
$ ip link show swp2 | grep ether
link/ether 08:00:27:04:d8:02 brd ff:ff:ff:ff:ff:ff
$ ip link add dev bond0 type bond
$ ip link set dev swp1 master bond0
$ ip link set dev swp2 master bond0
$ ip link show bond0 | grep ether
link/ether 08:00:27:04:d8:01 brd ff:ff:ff:ff:ff:ff
$ ip link add dev bond1 type bond
$ ip link set dev swp1 master bond1
$ ip link show swp1 | grep ether
link/ether 08:00:27:04:d8:01 brd ff:ff:ff:ff:ff:ff
$ ip link show swp2 | grep ether
link/ether 08:00:27:04:d8:01 brd ff:ff:ff:ff:ff:ff
$ ip link show bond0 | grep ether
link/ether 08:00:27:04:d8:01 brd ff:ff:ff:ff:ff:ff
$ ip link show bond1 | grep ether
link/ether 08:00:27:04:d8:01 brd ff:ff:ff:ff:ff:ff
$
ifupdown2 will automatically correct and fix this unexpected behavior
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
From Mike Manning:
In the case of vlan filtering on bridges, the bridge may also have the
corresponding vlan devices as upper devices. Currently the link state
of vlan devices is transferred from the lower device. So this is up if
the bridge is in admin up state and there is at least one bridge port
that is up, regardless of the vlan that the port is a member of.
The link state of the vlan device may need to track only the state of
the subset of ports that are also members of the corresponding vlan,
rather than that of all ports.
Add a flag to specify a vlan bridge binding mode, by which the link
state is no longer automatically transferred from the lower device,
but is instead determined by the bridge ports that are members of the
vlan.
----
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
nlmanager: ipnetwork: fix 'IPv4Address' object has no attribute 'split' exception
nlpacket: use IP[v4|6]Address object when network mask is not provided or needed
nlpacket: AttributeIPAddress: fix decode handler for Routes
During the python2 to 3 migration there was some refactoring
Seems like some code specific to Route-decoding was removed
This patch is fixing the issue by re-adding this code and
tweaking it a little bit (to make it nice and clean :))
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
During the python2 to 3 migration there was some refactoring
Seems like some code specific to Route-decoding was removed
This patch is fixing the issue by re-adding this code and
tweaking it a little bit (to make it nice and clean :))
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
* master-next:
Add XFRM to IFLA_INFO_KIND and reverse change to iproute2 class.
This patch fixes the XFRM addon for ifupdown2 version 2. The nlpacket for XFRM had a bug, I also changed iproute2 to add the XFRM interface to the local cache after creation. Since XFRM has no IFLA_LINKINFO I made the argument optional. Otherwise no further operation will be done like adding an IP.
The nlpacket for XFRM had a bug, I also changed iproute2 to add
the XFRM interface to the local cache after creation.
Since XFRM has no IFLA_LINKINFO I made the argument optional.
Otherwise no further operation will be done like adding an IP.
I also removed an unecessary variable in the addon.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech,de>
As mentioned in a previous commit:
python3 ipaddress behave differently from python2-ipaddr, this is
a serious problem for us since it breaks most of the ip addresses
code.
>>> import ipaddress
>>> ipaddress.ip_network("10.10.10.242/10", False)
IPv4Network('10.0.0.0/10')
This is a problem for us, so we need to use a custom IPNetwork object.
Our custom IPNetwork object uses ipaddress.IPAddress under the hood
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
IPNetwork doesn't exists anymore and is replaced by ip_network. IPv?Network (4 and 6)
objects take an optional argument "strict" that defaults to True. If strict is set
and the ip address has the host bit set it will raise an exception. This is bad
for ifupdown2, so we need to replace all calls to IPNetwork and IPv?Network with
function who will set strict to False. That way we can limit the number of changes
for this patch.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
It is available since Kernel 4.19 and has two parmeters:
1. XFRM ID to map to an SA/SAs
2. Underlying Interface if you want to take advantage of IPSec Hardware Offload
Otherwise it is treated as a normal interface and not like a tunnel (VTI).
I added two attributes to the interface to configure it and otherwise use it as a normal interface.
One example is:
auto ipsec1
iface ipsec1 inet
xfrm-physdev lo
xfrmid 1
Now we support the following config:
auto swp1
iface swp1
vrrp 3 50.0.1.1/24
vrrp 3 2001:50:0:1::1/64
vrrp 3 2001:50:0:42::1/64
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
This patch mostly adds support for IFLA_INET6_ADDR_GEN_MODE
nlmanager doesn't support multiple kernel version all the
other attributes like IFLA_INET6_CONF are based on DEVCONF_MAX
from _UAPI_IPV6_H.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
this commit adds some explanation/comments in the decode function of the
AttributeMACAddress class. Some comments are moved around and placed
in the right location.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
This commits fixes AttributeMACAddress for GREv6.
Error message: info: netlink: link dump failed: Length of MACAddress attribute not supported: 20
Reproducible by adding a GREv6 Tunnel:
auto gre1
iface gre1 inet tunnel
mode ip6gre
local 2001:1000:1000:1000::123
endpoint 2001:1000:1000:2000::123
address 192.168.123.1/29
In netlink The IFLA_ADDRESS and IFLA_BROADCAST attributes for all interfaces has been a
6-byte MAC address. But the GRE interface uses a 4-byte IP address and GREv6 uses a 16-byte IPv6 address for this
attribute. This patch allows for decoding a 16-byte value as an IP address.
this has been upstreamed recently in linux kernel, with
IFLA_BRPORT_NEIGH_SUPPRESS, with 32 as netlink value.
https://www.spinics.net/lists/linux-ethernet-bridging/msg06910.html
Cumulus is using a temp 152 number in his own kernel.
This is needed for bgp evpn and anycast gateway.
auto vmbr3
iface vmbr3
bridge_ports vxlan3
bridge_stp off
bridge_fd 0
auto vxlan3
iface vxlan3 inet manual
vxlan-id 3
vxlan-local-tunnelip 10.59.100.231
bridge-learning off
bridge-arp-nd-suppress on
info: reading '/sys/class/net/vmbr3/bridge/stp_state'
debug: vmbr3: evaluating port expr '['vxlan3']'
debug: _cache_get(['vxlan3', 'hwaddress']) : ['hwaddress']
debug: reading '/sys/class/net/vxlan3/address'
info: writing '1' to file /proc/sys/net/ipv6/conf/vxlan3/disable_ipv6
info: executing /bin/ip -force -batch - [link set dev vxlan3 master vmbr3
addr flush dev vxlan3
]
info: vmbr3: applying bridge port configuration: ['vxlan3']
info: vmbr3: vxlan3: set bridge-learning off
debug: (cache None)
info: vmbr3: vxlan3: set bridge-arp-nd-suppress on
debug: (cache None)
info: vmbr3: vxlan3: vxlan learning and bridge learning out of sync: set False
info: vxlan3: netlink: ip link set dev vxlan3: bridge slave attributes
debug: vxlan3: ifla_info_data {7: False}
debug: vxlan3: ifla_info_slave_data {8: False, 152: True}
This is a major update coming all at once from master-next branch
master-next branch was started with --orphan option which is basically a new
branch without history.
The major changes are:
- repackaging
- cleanup the directory tree
- rewritte setup.py to allow install from deb file or pypi (pip install)
- add a Makefile to make things (like building a deb) easier
- review all debian files
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
