Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vrf: T5973: module is now statically compiled into the kernel #2952

Merged
merged 1 commit into from Feb 7, 2024
Merged

vrf: T5973: module is now statically compiled into the kernel #2952

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 5 additions & 2 deletions smoketest/scripts/cli/test_vrf.py
View file
Open in desktop
Expand Up @@ -53,14 +53,17 @@ def setUpClass(cls):
# call base-classes classmethod
super(VRFTest, cls).setUpClass()

def setUp(self):
# VRF strict_most ist always enabled
tmp = read_file('/proc/sys/net/vrf/strict_mode')
self.assertEqual(tmp, '1')

def tearDown(self):
# delete all VRFs
self.cli_delete(base_path)
self.cli_commit()
for vrf in vrfs:
self.assertNotIn(vrf, interfaces())
# If there is no VRF defined, strict_mode should be off
self.assertEqual(sysctl_read('net.vrf.strict_mode'), '0')

def test_vrf_vni_and_table_id(self):
base_table = '1000'
Expand Down
14 changes: 0 additions & 14 deletions src/conf_mode/vrf.py
View file
Open in desktop
Expand Up @@ -27,7 +27,6 @@
from vyos.template import render
from vyos.template import render_to_string
from vyos.utils.dict import dict_search
from vyos.utils.kernel import check_kmod
from vyos.utils.network import get_interface_config
from vyos.utils.network import get_vrf_members
from vyos.utils.network import interface_exists
Expand Down Expand Up @@ -223,18 +222,6 @@ def apply(vrf):
# Delete the VRF Kernel interface
call(f'ip link delete dev {tmp}')

# Enable/Disable VRF strict mode
# When net.vrf.strict_mode=0 (default) it is possible to associate multiple
# VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a
# table can be associated to a single VRF device.
#
# A VRF table can be used by the VyOS CLI only once (ensured by verify()),
# this simply adds an additional Kernel safety net
strict_mode = '0'
# Set to 1 if any VRF is defined
if 'name' in vrf: strict_mode = '1'
sysctl_write('net.vrf.strict_mode', strict_mode)

if 'name' in vrf:
# Linux routing uses rules to find tables - routing targets are then
# looked up in those tables. If the lookup got a matching route, the
Expand Down Expand Up @@ -323,7 +310,6 @@ def apply(vrf):

if __name__ == '__main__':
try:
check_kmod(k_mod)
c = get_config()
verify(c)
generate(c)
Expand Down
2 changes: 2 additions & 0 deletions src/etc/sysctl.d/30-vyos-router.conf
View file
Open in desktop
Expand Up @@ -108,3 +108,5 @@ net.ipv4.tcp_congestion_control=bbr
# Disable IPv6 Segment Routing packets by default
net.ipv6.conf.all.seg6_enabled = 0
net.ipv6.conf.default.seg6_enabled = 0

net.vrf.strict_mode = 1
c-po marked this conversation as resolved.
Show resolved Hide resolved