mirror_ifupdown2

mirror of https://git.proxmox.com/git/mirror_ifupdown2 synced 2025-08-24 18:54:40 +00:00

Author	SHA1	Message	Date
Julien Fortin	a0ff28e527	sonarlink: remove unused variable Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2023-05-04 13:21:55 +02:00
Julien Fortin	421e9573b5	SONAR: fix iface.py: Import only needed names or import the module and then use its members. Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2023-05-04 13:21:55 +02:00
Julien Fortin	7c8627f876	SONAR: Specify an exception class to catch or reraise the exception Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2023-05-04 13:21:55 +02:00
Julien Fortin	46be384512	addons: bridge: skip bridge mac check and force mac-set on bridge creation Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2022-05-27 14:33:56 +02:00
Julien Fortin	6861404b8e	addons: bridge: fix bridge/vxlan learning sync mechanism Old code was a bit messy and all over the place. This resulted in a loophole breaking sync between bridge-learning and vxlan-learning. This patch simplifies the existing code and fixes the bug. Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2022-05-27 14:30:35 +02:00
Julien Fortin	ab287bc42c	addons: bridge: fix sync between bridge-learning and vxlan-learning if not specified by the user vxlan brport learning is controlled by the bridge_vxlan_port_learning policy (on by default). 4.4 introduced vxlan-learning off via policy. The syncing code between bridge-learning and vxlan-learning was incomplete and was written at the time when we didn't have a default vxlan-learning policy. This patch fixes the sync-ing gap and makes sure vxlan-learning is sync'd with bridge-learning which wasn't always the case before. for every vxlan brport BRPORT_LEARNING is turned on Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2022-05-27 14:29:56 +02:00
Julien Fortin	0ca32fb5f7	log_error/log_warn: fix stack and format traceback since we added the debug_handler we are not setting any level on the root logger, the level is set for each individual handler log_error and log_warning were using traceback.print_stack and print_exc which and also only checked the rooter logger's level via getEffectiveLevel Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2022-05-27 12:33:39 +02:00
Julien Fortin	9348b2a9e3	addons: bridge: vni's portmcrouter shouldn't reset to default if policy is set Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2022-05-26 12:13:53 +02:00
Julien Fortin	2fdc881411	addons: bridge: prevent multiple vxlans to be added to the same VLAN Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2022-05-26 12:11:29 +02:00
Julien Fortin	c198e7ba05	addons: bridge: l2 vni evpn: don't warn for static vxlans Due to missing checks, ifupdown2 may display the following warning for static vxlan configs. "warning: possible mis-configuration detected: l2-vni configured with bridge-learning ON while EVPN is also configured - these two parameters conflict with each other." Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2022-05-26 12:09:19 +02:00
Julien Fortin	1c4c1f5783	addons: bridge: syntax-check: user defined vni per svi limit error: vx-1002: misconfiguration detected: maximum vni allowed per bridge (bridge) svi (1000) is limited to 1 (policy: 'bridge_vni_per_svi_limit') Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2022-05-26 12:08:10 +02:00
Julien Fortin	36ac58231f	addons: bridge: bridge-portmcrouter: reset to default 1 (automatic) if config is removed Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2022-05-26 12:06:53 +02:00
Julien Fortin	b2b8a2e6f4	addons: bridge: bridge-hashmax: upper limit of validrange to 65536 Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2022-05-26 12:06:53 +02:00
Julien Fortin	10d57d9aaa	addons: bridge: allow vlan sub interface in vlan-aware bridge (fixes #92 ) New bridge policy: allow-vlan-sub-interface-in-vlan-aware-bridge (default True) Signed-off-by: Alexandre Derumier <aderumier@odiso.com> Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2022-05-24 22:50:52 +02:00
Julien Fortin	7d14f4d4e9	Merge pull request #170 from Jasperswaagman/master Add none as valid value for bridge-ports on a bridge interface	2021-11-10 18:12:17 +01:00
Julien Fortin	9a6a305084	cleanups - upstream sync Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-07-02 18:20:42 +02:00
Julien Fortin	859b8643b6	nlcache: link_set_address: override cache after mac address change is aacked after a successful mac change we should override our cache so that we don't keep stale values in cache (in case the cache is queried before the kernel notification arrives) Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-07-02 15:24:00 +02:00
Julien Fortin	e79cf84297	addons: bridge-vlan-vni-map: add vlan reserved check Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-07-01 17:59:39 +02:00
Julien Fortin	ec5fde2532	addons: bridge: bridge-vlan-vni-map: add more details log error when finding duplicated vnis Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-07-01 17:58:34 +02:00
Julien Fortin	af3034111f	addons: bridge: bridge-vlan-vni-map: fix consecutive vni ids mapped to incorrect range vids Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-07-01 17:57:59 +02:00
Julien Fortin	13ecedd2f7	addons: bridge: add batching commands for vids add/del Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-07-01 17:56:11 +02:00
Julien Fortin	2ac257faed	addons: bridge: fix bridge-vlan-vni-map range processing Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-07-01 17:55:03 +02:00
Julien Fortin	905003dd25	addons: bridge: bridge-vlan-vni-map: fix delta calculation between old and new config Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-07-01 17:54:32 +02:00
Julien Fortin	06926b1979	addons: bridge: bridge-vlan-vni-map: remove stale entry from running config Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-07-01 17:53:27 +02:00
Julien Fortin	19b0c19bdf	addons: bridge: don't add old_ifaceobjs to internal MVAB list Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-07-01 17:48:28 +02:00
Julien Fortin	995c38e29a	addons: bridge: bridge_vlan_aware_list is now a set() in the case of ifreload bridge.py:get_dependent is entered twice, once for the old ifaceobjs and once for the new ones. Thus adding bridges twice to the list. Having a set will prevent this issue. Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-07-01 17:45:59 +02:00
Roopa Prabhu	7f0310a7a5	bridge: support values of auto, auto+, auto- for vni in bridge-vlan-vni-map <vlan>=<vni> <vlan>=auto /* sets vni = vlan / <vlan>=auto+2 / sets vni = vlan+2 / <vlan>=auto-2 / sets vni = vlan-2 */ example: $ifquery vxlan1 auto vxlan1 iface vxlan1 vxlan-local-tunnelip 27.0.0.30 bridge-vlan-vni-map 1000-1009=auto+2 2000-2020=auto-2 mstpctl-portbpdufilter yes mstpctl-bpduguard yes $ifup -v vxlan1 ... info: executing /sbin/bridge -force -batch - [vlan add vid 1000-1009 dev vxlan1 vlan add dev vxlan1 vid 1000-1009 tunnel_info id 1002-1011 vlan add vid 2000-2020 dev vxlan1 vlan add dev vxlan1 vid 2000-2020 tunnel_info id 1998-2018] ... changes include: - supporting the new syntax - moved vlan vni map handling into a utility function to be used by bridge tunnel_info and vxlan vnifilter Reviewed by: slaffer, david marshal, qzil, julien Signed-off-by: Roopa Prabhu <roopa@nvidia.com> Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 23:36:46 +02:00
Roopa Prabhu	84c47c4ff0	addons: vxlan: add support for vni filter on single vxlan device - create single vxlan device with vnifilter flag - install vni filter with vnis from bridge-vxlan-vni-map - vni filter can only be applied when the vxlan interface is in down state - toggling of vni filter is unsupported (maybe in the future) - vni filter on a single vxlan or collect metadata/external device is a new kernel feature yet to be upstreamed - move vlan/vni id math helpers to utils.py Reviewed-by: Julien Fortin <jfortin@nvidia.com> Signed-off-by: Roopa Prabhu <roopa@nvidia.com> Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 23:27:45 +02:00
Julien Fortin	8515db2733	addons: bridge: bridge-vlan-vni-map: use vlan and vni ranges within iproute2 cmds Instead of exploding vlans and vnis ranges we can simply pass those ranges to iproute2 which will reduce the load on ifupdown2 side and scale better Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 18:16:07 +02:00
Julien Fortin	8b99615b83	addons: bridge: add multi bridge support when bridge_set_static_mac_from_port=yes The policy bridge_set_static_mac_from_port was added to ifupdown2 back when we didn't support a mix of traditional and vlan-aware bridges. The code wasn't revisited after such config was allowed on the system. how to repro: - set bridge_set_static_mac_from_port=yes in module_globals of: /var/lib/ifupdown2/policy.d/bridge.json auto br1 iface br1 bridge-vlan-aware no bridge-stp off bridge-ports swp1 auto bridge iface bridge bridge-ports swp7 bridge-vids 10 bridge-vlan-aware yes auto vlan10 iface vlan10 address 192.168.0.20/32 vlan-id 10 vlan-raw-device bridge br1 and bridge will share the same mac address (swp1's mac). Signed-off-by: Julien Fortin <julien@cumulusnetworks.com> Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 18:11:25 +02:00
Julien Fortin	31bddf7647	addons: bridge: bridge-vlan-vni-map: fix display error vnis=vlans instead of vlans=vnis Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 18:06:02 +02:00
Julien Fortin	d42c5f307e	addons: bridge: ifquery-running support for bridge-vlan-vni-map Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 18:05:23 +02:00
Julien Fortin	b2751c6f57	addons: bridge-vlan-vni-map: support multiple vni mapping per entry Signed-off-by: Julien Fortin <julien@cumulusnetworks.com> Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 18:04:24 +02:00
Julien Fortin	f422ae7c6c	addons: bridge: bridge-vlan-vni-map: fix: not enough arguments for format string Signed-off-by: Julien Fortin <julien@cumulusnetworks.com> Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 17:58:32 +02:00
Julien Fortin	f54468e32b	addons: bridge: check if bridge mac is already inherited from a port Signed-off-by: Julien Fortin <julien@cumulusnetworks.com> Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 17:50:20 +02:00
Julien Fortin	ecb7cc1365	addons: bridge: bridge-arp-nd-suppress should show up on ifquery --with-default if policy is set Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 17:38:01 +02:00
Julien Fortin	4b16a99797	clag: bridge l3vni: move bridge vxlan l3vni code to parent class + refactoring Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 17:36:11 +02:00
Julien Fortin	68d0005516	bridge.py: remove extra empty line in header Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 17:05:56 +02:00
Julien Fortin	32ef3071ec	addons: bridge: fix bridge arp vni vlan syntax-check Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 16:55:54 +02:00
Julien Fortin	3e5e36410e	addons: bridge: v2: arp suppression enabled when no vlan is configured the previous patch didn't cover implicit vlan, format bridge.VLANID Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 16:54:50 +02:00
Julien Fortin	645fcb73e2	addons: bridge: skip bridge arp vni vlan for single vxlan device Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 16:54:38 +02:00
Julien Fortin	a037ffc5f0	addons: bridge: detect and warn when arp suppression is enabled and there is no vlan configured Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 16:52:45 +02:00
Julien Fortin	6a1110e3ed	addons: bridge: detect VXLAN mis-config VNI "bridge-learning=on" and print log message Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 16:52:00 +02:00
Julien Fortin	20649b09c6	addons: bridge: enable ipv6 on SVD brport Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 16:50:51 +02:00
Julien Fortin	59ab29fbd1	addons: vxlan: inherit clagd-vxlan-anycast-ip from lo for clag vxlans (introduces old_ifaceobjs to get_dependent_ifacenames) When clagd anycast ip configuration changes on an existing setup, we have two issues: - populate_dependency_info is run twice (in the ifreload case), first on the new ifaceobjs, then on the old ifaceobjs. Thus hitting vxlan.get_dependent_ifacenames twice where vxlan._clagd_vxlan_anycast_ip is set (the first time properly, then reset to it's old value). The fix: add a "old_ifaceobjs" flag to avoid resetting vxlan._clagd_vxlan_anycast_ip - when clagd anycast ip changes, clagd also updates the vxlan's ip but there's a chance that the ifupdown2 cache won't get the netlink notification in time before UP ops are running on the vxlans, running on a stale cache is no bueno. The fix: add additional checks to see if we should trust the cache of not. Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-06-30 16:29:40 +02:00
Julien Fortin	47877f263d	addons: bridge: fix error: write() argument must be str, not int make sure to convert the mtu received via policy file back to string before using it in the bridge module. Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-05-18 17:19:25 +02:00
Julien Fortin	d38e9b1273	addons: bridge: bridge-access checks are not necessary for single vxlan devices Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-05-18 17:19:25 +02:00
Julien Fortin	f54c45deb9	addons: bridge: fix bridge-vlan-vni-map example in modinfo Ticket: #2623398 Reviewed By: PR#94 Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-05-18 17:19:25 +02:00
Julien Fortin	01f27c6789	addons: bridge: skip bridge-bridgeprio if mstpctl-treeprio is configured on the bridge Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>	2021-05-18 17:19:25 +02:00
Julien Fortin	5f4ab65948	lib: Addon: add new Bridge class with member "bridge_vlan_aware_list" we need to keep track of how many vlan-aware bridge we have in the user configuration without having to loop over all ifaceobjs again. So we store their name as they go through get_dependent_ifacenames Signed-off-by: Julien Fortin <jfortin@nvidia.com>	2021-05-18 17:19:25 +02:00

1 2

100 Commits