using glob.glob is way to costly, use os.listdir to increase
performances.
Test with timeit show the following for 10k loop:
time_glob executed in 39.16788899600215 seconds
time_listdir executed in 5.625843115005409 seconds
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
The stale mac verification code was only working for the following syntax:
address-virtual MAC IP
and not
address-virtual MAC
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
The loopback addresses on VRF devices is added with scope global.
The scope must be host to prevent the kernel using the address on external routing/addresses.
Since this change is CL specific we need to control this behavior via policy.
We will re-evaluate later if we make this the default behavior for upstream as well.
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
Scripts in /etc/network/ are executed using `exec_command` which
captures stdout by default, and thus waits for stdout end-of-file via
`Popen.communicate()`. However, this can cause hangs if the network
script executes a long-running command in the background. Can be
reproduced by putting the following (executable) script in
/etc/network/if-up.d/:
#!/bin/sh
sleep 5&
This script will cause `ifreload -a` to wait for 5 seconds per network
interface.
To avoid waiting, do not capture stdout when executing /etc/network/
scripts. This also improves compatibility with ifupdown, which runs
the above script in the background.
Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
In af8d5db22b10909ff06032f1a2acc2f745d1f65b, the transformation of
`vnis` (list) to `vnisd` (dictionary) left a reference to `vnis` which
is now undefined. We just remove the line as the conversion from range
to ints is done earlier in the function.
Signed-off-by: Vincent Bernat <vincent@bernat.ch>
if a script in /etc/network/ifup.d/ is segfaulting,
on config loading (ifup -a), ifupdown2 is stopping
ifup -a
"
info: executing2 /etc/network/if-up.d/postfix
debug: lo: up : running script /etc/network/if-up.d/resolved
info: executing2 /etc/network/if-up.d/resolved
error: name 'traceback' is not defined
debug: saving state ..
info: exit status 1
"
with this fix:
debug: lo: up : running script /etc/network/if-up.d/resolved
info: executing2 /etc/network/if-up.d/resolved
File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 325, in run_iface_list
cls.run_iface_graph(ifupdownobj, ifacename, ops, parent,
File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 315, in run_iface_graph
cls.run_iface_list_ops(ifupdownobj, ifaceobjs, ops)
File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 188, in run_iface_list_ops
cls.run_iface_op(ifupdownobj, ifaceobj, op,
File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 150, in run_iface_op
ifupdownobj.log_error('%s: %s %s' % (ifacename, op, str(e)))
File "/usr/share/ifupdown2/ifupdown/ifupdownmain.py", line 226, in log_error
raise Exception(str)
error: lo : lo: up cmd '/etc/network/if-up.d/resolved' failed: returned -11
debug: vmbr0: found dependents ['bond0']
debug: bond0: found dependents ['enp65s0d1', 'enp65s0']
info: enp65s0d1: running ops ...
...
...
some nic like mellanox connectx don't work well with
vlan aware bridge && rx-vlan-filter.
(They are limited in number of vlans in hardware filtering,
and break with big number of vlans like bridge-vids 2-4096)
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
This commit fix the following by making an understandable error msg:
* the 'allow eth0' would make a IndexError shown to the user.
* the 'allow-' would be valid and use an empty classname.
ifquery excluded the last digit of interfaces range given.
ex: eth[1-2] would give only eth1 instead of eth1 + eth2.
This commit fix this behavior by increasing the range in
expand_iface_range.
* Fix: Sonarqube issues
* Fix: ifquery hangs indefinitely on ^C
* Fix: Skipping admin down on deleted vlans
* Fix: Merge existing MTU into new netlink object
* Fix: scheduler: env variable not properly set for user commands (fixes#218)
* Fix: ifquery-check: vlan-protocol for dotted interfaces
* Fix: Down ops on vrf-slave should set the slave admin down
* New: Allow bond creation without slaves
* New: Add `--set-ring` option to ethtool
* New: Openvswitch : add support for fakebridge
* New: add support for systemd logging (--systemd)
* New: Process hwaddress before processing ip addresses
* New: Set protodown off on bond slave before bond is deleted
* New: Make sure bond speed and slaves (swps) speed are matching
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
Rename method "addr_metric_support" to prevent any misunderstanding/clash
with field "ADDR_METRIC_SUPPORT" defined on line 80
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
