New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature #10392: GRE: Tunnels cannot have IPv6 and IPv4 addresses … #4308
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rather than have any kind of fallback detection, the configuration should be upgraded directly to the new style. See the other functions in /etc/inc/upgrade_config.inc
and so on.
Why make the user manually pick IPv4/IPv6? If they fill in just the v4 info, then it's v4. If they fill in just the v6 info, it's v6. If they fill in both, it's both. Input validation should allow one or the other to be empty (but not both).
…tion migration on upgrade.
Hi jim-p, I removed the selection box and added a possible upgrade code to upgrade_config.php. I tested the new code (except for the upgrade_config.php-part since I don't know how) on 2.4.5. There is one small issue, though: if using IPv4 and IPv6 at the same time, the newly added IPv6 gateway shows the buttons to delete and to edit it - something the IPv4 gateway does not. It doesn not seem to me as if this is related to my changes but I wanted to mention it. Thanks |
One more thing: You need to increase the value of To test that, you can start the PHP shell ( |
…) vs !== bug, fixed upgrade code. Increased config to 20.3.
$input_errors[] = sprintf(gettext("A GRE tunnel with the same IPv4 tunnel network is already defined.")); | ||
break; | ||
} | ||
if (($gre['if'] == $_POST['if']) && ($gre['tunnel-remote-addr6'] == $_POST['tunnel-remote-addr6'])) { | ||
$input_errors[] = sprintf(gettext("A GRE tunnel with the same IPv6 tunnel network is already defined.")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The original code outputs gre['remote-network']
which is not defined. Since the user put in the network themselves anyway (and should therefore know it without the error message telling them), I decided to just output which of the two possibly entered networks (v4/v6) already exists.
Thanks for the detailled feedback. I revised the complete wording on the GRE edit page and it should (hopefully) be more consistent now. I also used the opportunity to improve a few minor things such as limiting the IP-input fields to v4 and v6, respectively. The link1-variable still confuses me a bit but I changed it as proposed. |
works as expected, converting old-style GRE interfaces to new is OK
It's better to set IPv6 subnet field inactive and add note, something like: ))->setHelp('The subnet is used for determining the IPv6 network needs to be 128 as enforced by kernel.')->setAttribute('disabled', true); tested on two 2.5.0.a.20200512.2320 |
The subnet is used for the route, though. |
…at the same time. This PR tries to change that.
This commit (only) patches the GRE part. GIF interfaces have to be patched separately; and while that patch should mostly consist of directly applying this commit to the gif-file/functions as well, I have no way of testing it.
Patch was tested on 2.4.4-RELEASE-p3. Since I did not come across any issues when merging this back onto master, I expect this to work on the latest master as well.
First commit to the pfSense project ever, so I'm neither sure if the "fallback mode for older configurations" is the right way to do it not if the code fulfils the quality standard in all points.