Merge pull request #2952 from c-po/vrf

vrf: T5973: module is now statically compiled into the kernel
vyos · Feb 7, 2024 · 98c6434 · 98c6434
2 parents b545031 + 117fbcd
commit 98c6434
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 16 deletions.
diff --git a/smoketest/scripts/cli/test_vrf.py b/smoketest/scripts/cli/test_vrf.py
@@ -53,14 +53,17 @@ def setUpClass(cls):
         # call base-classes classmethod
         super(VRFTest, cls).setUpClass()
 
+    def setUp(self):
+        # VRF strict_most ist always enabled
+        tmp = read_file('/proc/sys/net/vrf/strict_mode')
+        self.assertEqual(tmp, '1')
+
     def tearDown(self):
         # delete all VRFs
         self.cli_delete(base_path)
         self.cli_commit()
         for vrf in vrfs:
             self.assertNotIn(vrf, interfaces())
-        # If there is no VRF defined, strict_mode should be off
-        self.assertEqual(sysctl_read('net.vrf.strict_mode'), '0')
 
     def test_vrf_vni_and_table_id(self):
         base_table = '1000'

diff --git a/src/conf_mode/vrf.py b/src/conf_mode/vrf.py
@@ -27,7 +27,6 @@
 from vyos.template import render
 from vyos.template import render_to_string
 from vyos.utils.dict import dict_search
-from vyos.utils.kernel import check_kmod
 from vyos.utils.network import get_interface_config
 from vyos.utils.network import get_vrf_members
 from vyos.utils.network import interface_exists
@@ -223,18 +222,6 @@ def apply(vrf):
             # Delete the VRF Kernel interface
             call(f'ip link delete dev {tmp}')
 
-    # Enable/Disable VRF strict mode
-    # When net.vrf.strict_mode=0 (default) it is possible to associate multiple
-    # VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a
-    # table can be associated to a single VRF device.
-    #
-    # A VRF table can be used by the VyOS CLI only once (ensured by verify()),
-    # this simply adds an additional Kernel safety net
-    strict_mode = '0'
-    # Set to 1 if any VRF is defined
-    if 'name' in vrf: strict_mode = '1'
-    sysctl_write('net.vrf.strict_mode', strict_mode)
-
     if 'name' in vrf:
         # Linux routing uses rules to find tables - routing targets are then
         # looked up in those tables. If the lookup got a matching route, the
@@ -323,7 +310,6 @@ def apply(vrf):
 
 if __name__ == '__main__':
     try:
-        check_kmod(k_mod)
         c = get_config()
         verify(c)
         generate(c)

diff --git a/src/etc/sysctl.d/30-vyos-router.conf b/src/etc/sysctl.d/30-vyos-router.conf
@@ -108,3 +108,5 @@ net.ipv4.tcp_congestion_control=bbr
 # Disable IPv6 Segment Routing packets by default
 net.ipv6.conf.all.seg6_enabled = 0
 net.ipv6.conf.default.seg6_enabled = 0
+
+net.vrf.strict_mode = 1