* New: performance improvement: replace glob.glob with os.listdir
* New: bridge: Do not create untagged vlans on "external" vxlan ports
* New: Attribute: "disable-ipv6" to control ipv6 on an interface
* New: Policy: "default_loopback_scope" control loopback ip scope
* Fix: keep link down after mac change if 'link-down yes' is specified
* Fix: addressvirtual: stale mac detection is missing vrr without ip
* Fix: bond: warn if sub interface is detected on bond slave
* Fix: bridge: update bridge-fd valid range to 2-255
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
vxlan interfaces with the external flag get the vni for a frame based on
its vlan tag. If a frame is marked as untagged, the vxlan interface drops
the frame because there's no way to transmit a vxlan frame without a vni.
ifupdown2 configures the bridge pvid as an untagged vlan on single vxlan
interfaces. (Note that bridge-pvid is inherited from bridge to port and it
has a default value of 1.) This leads to the traffic being dropped for
traffic on that vlan. Avoid that problem by not configuring any vlans as
untagged on single vxlan interfaces.
using glob.glob is way to costly, use os.listdir to increase
performances.
Test with timeit show the following for 10k loop:
time_glob executed in 39.16788899600215 seconds
time_listdir executed in 5.625843115005409 seconds
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
The stale mac verification code was only working for the following syntax:
address-virtual MAC IP
and not
address-virtual MAC
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
The loopback addresses on VRF devices is added with scope global.
The scope must be host to prevent the kernel using the address on external routing/addresses.
Since this change is CL specific we need to control this behavior via policy.
We will re-evaluate later if we make this the default behavior for upstream as well.
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
Scripts in /etc/network/ are executed using `exec_command` which
captures stdout by default, and thus waits for stdout end-of-file via
`Popen.communicate()`. However, this can cause hangs if the network
script executes a long-running command in the background. Can be
reproduced by putting the following (executable) script in
/etc/network/if-up.d/:
#!/bin/sh
sleep 5&
This script will cause `ifreload -a` to wait for 5 seconds per network
interface.
To avoid waiting, do not capture stdout when executing /etc/network/
scripts. This also improves compatibility with ifupdown, which runs
the above script in the background.
Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
In af8d5db22b10909ff06032f1a2acc2f745d1f65b, the transformation of
`vnis` (list) to `vnisd` (dictionary) left a reference to `vnis` which
is now undefined. We just remove the line as the conversion from range
to ints is done earlier in the function.
Signed-off-by: Vincent Bernat <vincent@bernat.ch>
if a script in /etc/network/ifup.d/ is segfaulting,
on config loading (ifup -a), ifupdown2 is stopping
ifup -a
"
info: executing2 /etc/network/if-up.d/postfix
debug: lo: up : running script /etc/network/if-up.d/resolved
info: executing2 /etc/network/if-up.d/resolved
error: name 'traceback' is not defined
debug: saving state ..
info: exit status 1
"
with this fix:
debug: lo: up : running script /etc/network/if-up.d/resolved
info: executing2 /etc/network/if-up.d/resolved
File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 325, in run_iface_list
cls.run_iface_graph(ifupdownobj, ifacename, ops, parent,
File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 315, in run_iface_graph
cls.run_iface_list_ops(ifupdownobj, ifaceobjs, ops)
File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 188, in run_iface_list_ops
cls.run_iface_op(ifupdownobj, ifaceobj, op,
File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 150, in run_iface_op
ifupdownobj.log_error('%s: %s %s' % (ifacename, op, str(e)))
File "/usr/share/ifupdown2/ifupdown/ifupdownmain.py", line 226, in log_error
raise Exception(str)
error: lo : lo: up cmd '/etc/network/if-up.d/resolved' failed: returned -11
debug: vmbr0: found dependents ['bond0']
debug: bond0: found dependents ['enp65s0d1', 'enp65s0']
info: enp65s0d1: running ops ...
...
...
some nic like mellanox connectx don't work well with
vlan aware bridge && rx-vlan-filter.
(They are limited in number of vlans in hardware filtering,
and break with big number of vlans like bridge-vids 2-4096)
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
This commit fix the following by making an understandable error msg:
* the 'allow eth0' would make a IndexError shown to the user.
* the 'allow-' would be valid and use an empty classname.
ifquery excluded the last digit of interfaces range given.
ex: eth[1-2] would give only eth1 instead of eth1 + eth2.
This commit fix this behavior by increasing the range in
expand_iface_range.
* Fix: Sonarqube issues
* Fix: ifquery hangs indefinitely on ^C
* Fix: Skipping admin down on deleted vlans
* Fix: Merge existing MTU into new netlink object
* Fix: scheduler: env variable not properly set for user commands (fixes#218)
* Fix: ifquery-check: vlan-protocol for dotted interfaces
* Fix: Down ops on vrf-slave should set the slave admin down
* New: Allow bond creation without slaves
* New: Add `--set-ring` option to ethtool
* New: Openvswitch : add support for fakebridge
* New: add support for systemd logging (--systemd)
* New: Process hwaddress before processing ip addresses
* New: Set protodown off on bond slave before bond is deleted
* New: Make sure bond speed and slaves (swps) speed are matching
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
