* master-next:
Add XFRM to IFLA_INFO_KIND and reverse change to iproute2 class.
This patch fixes the XFRM addon for ifupdown2 version 2. The nlpacket for XFRM had a bug, I also changed iproute2 to add the XFRM interface to the local cache after creation. Since XFRM has no IFLA_LINKINFO I made the argument optional. Otherwise no further operation will be done like adding an IP.
The nlpacket for XFRM had a bug, I also changed iproute2 to add
the XFRM interface to the local cache after creation.
Since XFRM has no IFLA_LINKINFO I made the argument optional.
Otherwise no further operation will be done like adding an IP.
I also removed an unecessary variable in the addon.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech,de>
As mentioned in a previous commit:
python3 ipaddress behave differently from python2-ipaddr, this is
a serious problem for us since it breaks most of the ip addresses
code.
>>> import ipaddress
>>> ipaddress.ip_network("10.10.10.242/10", False)
IPv4Network('10.0.0.0/10')
This is a problem for us, so we need to use a custom IPNetwork object.
Our custom IPNetwork object uses ipaddress.IPAddress under the hood
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
IPNetwork doesn't exists anymore and is replaced by ip_network. IPv?Network (4 and 6)
objects take an optional argument "strict" that defaults to True. If strict is set
and the ip address has the host bit set it will raise an exception. This is bad
for ifupdown2, so we need to replace all calls to IPNetwork and IPv?Network with
function who will set strict to False. That way we can limit the number of changes
for this patch.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
It is available since Kernel 4.19 and has two parmeters:
1. XFRM ID to map to an SA/SAs
2. Underlying Interface if you want to take advantage of IPSec Hardware Offload
Otherwise it is treated as a normal interface and not like a tunnel (VTI).
I added two attributes to the interface to configure it and otherwise use it as a normal interface.
One example is:
auto ipsec1
iface ipsec1 inet
xfrm-physdev lo
xfrmid 1
Now we support the following config:
auto swp1
iface swp1
vrrp 3 50.0.1.1/24
vrrp 3 2001:50:0:1::1/64
vrrp 3 2001:50:0:42::1/64
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
New vxlan-ttl attribute: specifies the TTL value to use in outgoing
packets. Valid values: range 1..255 or auto (0)
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
This patch mostly adds support for IFLA_INET6_ADDR_GEN_MODE
nlmanager doesn't support multiple kernel version all the
other attributes like IFLA_INET6_CONF are based on DEVCONF_MAX
from _UAPI_IPV6_H.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
this commit adds some explanation/comments in the decode function of the
AttributeMACAddress class. Some comments are moved around and placed
in the right location.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
This commits fixes AttributeMACAddress for GREv6.
Error message: info: netlink: link dump failed: Length of MACAddress attribute not supported: 20
Reproducible by adding a GREv6 Tunnel:
auto gre1
iface gre1 inet tunnel
mode ip6gre
local 2001:1000:1000:1000::123
endpoint 2001:1000:1000:2000::123
address 192.168.123.1/29
In netlink The IFLA_ADDRESS and IFLA_BROADCAST attributes for all interfaces has been a
6-byte MAC address. But the GRE interface uses a 4-byte IP address and GREv6 uses a 16-byte IPv6 address for this
attribute. This patch allows for decoding a 16-byte value as an IP address.
backporting the following commit to master-next:
commit eb92e5efff776602081b8bbd2cc74462293c4b79
Author: Maximilian Wilhelm <max@rfc2324.org>
Date: Thu Oct 6 19:22:06 2016 +0200
Add support for setting phys-dev for VXLAN interfaces.
Add interface configuration option »vxlan-physdev« to set »dev« attribute
of VXLAN interfaces and a check for the running configuration.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
This backport also:
- adds support for ifquery --running
- uses the netlink cache
- includes some pep8 fixes
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Co-authored-by: Julien Fortin <julien@cumulusnetworks.com>
Co-authored-by: Maximilian Wilhelm <max@rfc2324.org>
this has been upstreamed recently in linux kernel, with
IFLA_BRPORT_NEIGH_SUPPRESS, with 32 as netlink value.
https://www.spinics.net/lists/linux-ethernet-bridging/msg06910.html
Cumulus is using a temp 152 number in his own kernel.
This is needed for bgp evpn and anycast gateway.
auto vmbr3
iface vmbr3
bridge_ports vxlan3
bridge_stp off
bridge_fd 0
auto vxlan3
iface vxlan3 inet manual
vxlan-id 3
vxlan-local-tunnelip 10.59.100.231
bridge-learning off
bridge-arp-nd-suppress on
info: reading '/sys/class/net/vmbr3/bridge/stp_state'
debug: vmbr3: evaluating port expr '['vxlan3']'
debug: _cache_get(['vxlan3', 'hwaddress']) : ['hwaddress']
debug: reading '/sys/class/net/vxlan3/address'
info: writing '1' to file /proc/sys/net/ipv6/conf/vxlan3/disable_ipv6
info: executing /bin/ip -force -batch - [link set dev vxlan3 master vmbr3
addr flush dev vxlan3
]
info: vmbr3: applying bridge port configuration: ['vxlan3']
info: vmbr3: vxlan3: set bridge-learning off
debug: (cache None)
info: vmbr3: vxlan3: set bridge-arp-nd-suppress on
debug: (cache None)
info: vmbr3: vxlan3: vxlan learning and bridge learning out of sync: set False
info: vxlan3: netlink: ip link set dev vxlan3: bridge slave attributes
debug: vxlan3: ifla_info_data {7: False}
debug: vxlan3: ifla_info_slave_data {8: False, 152: True}
This is a major update coming all at once from master-next branch
master-next branch was started with --orphan option which is basically a new
branch without history.
The major changes are:
- repackaging
- cleanup the directory tree
- rewritte setup.py to allow install from deb file or pypi (pip install)
- add a Makefile to make things (like building a deb) easier
- review all debian files
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
