Page MenuHomeVyOS Platform

tunnel: interface no longer supports specifying encaplimit none - or migrator is missing
Closed, ResolvedPublicBUG

Description

Originally posted here:
https://forum.vyos.io/t/encaplimit-equuleus-ipip6/6763

Hello !
On the crux version the creation of an ipip6 tunnel allows an ipv6 parameter encaplimit to none but on equuleus encaplimit only take integer numbers.
My ISP returns errors (and refuses to respond) when a packet contains an encaplimit in the header. Do you know if it is possible to set a value to encaplimit so that it no longer appears in packets sent by vyOS? A possibility of not sending encaplimit?

VyOS 1.2 (crux) supports specifying none as option to encaplimit https://github.com/vyos/vyatta-cfg-system/blob/crux/templates/interfaces/tunnel/node.tag/parameters/ipv6/encaplimit/node.def, but this is no longer available after the tunnel rewrite to XML and Python.

On VyOS 1.2.7, setting encaplimit to none results in:

10: tun10@NONE: <NOARP,UP,LOWER_UP> mtu 1452 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/tunnel6 ::1 brd ::2 promiscuity 0 minmtu 68 maxmtu 65407
    ip6tnl ipip6 remote ::2 local ::1 hoplimit 64 encaplimit none tclass 0x00 flowlabel 0x00000 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

encaplimit 0:

10: tun10@NONE: <NOARP,UP,LOWER_UP> mtu 1452 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/tunnel6 ::1 brd ::2 promiscuity 0 minmtu 68 maxmtu 65407
    ip6tnl ipip6 remote ::2 local ::1 hoplimit 64 encaplimit 0 tclass 0x00 flowlabel 0x00000 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

encaplimit 255:

10: tun10@NONE: <NOARP,UP,LOWER_UP> mtu 1452 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/tunnel6 ::1 brd ::2 promiscuity 0 minmtu 68 maxmtu 65407
    ip6tnl ipip6 remote ::2 local ::1 hoplimit 64 encaplimit 255 tclass 0x00 flowlabel 0x00000 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

Details

Difficulty level
Easy (less than an hour)
Version
1.3.0-rc1
Why the issue appeared?
Implementation mistake
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

When I create dedicated validator and modify manually file /opt/vyatta/share/vyatta-cfg/templates/interfaces/tunnel/node.tag/parameters/ipv6/encaplimit/node.def it work :)

Python file validator (tested) and xml.in file (not tested) :

/interface-definitions/interfaces-tunnel.xml.in

<leafNode name="encaplimit">
  <properties>
    <help>Encaplimit field</help>
    <valueHelp>
      <format>0-255 or none</format>
      <description>Encaplimit (default: 4)</description>
    </valueHelp>
    <constraint>
      <validator name="allowed-encaplimit"/>
    </constraint>
    <constraintErrorMessage>key must be none or between 0-255</constraintErrorMessage>
  </properties>
  <defaultValue>4</defaultValue>
</leafNode>

/src/validators/allowed-encaplimit

#! /usr/bin/python3

import sys
import re

if __name__ == '__main__':
     if sys.argv[1].isdigit():
         if int(sys.argv[1]) not in range(0, 256):
             sys.exit(1)
     elif not sys.argv[1]=="none":
         sys.exit(1)
     sys.exit(0)

Yeah, that would work. We still try to keep the number of custom validators to a minimum.
The XML file is changed now for 1.4 (and soon 1.3).

Please not, when setting encaplimit, you will get the following error message:

vyos@vyos# set interfaces tunnel tun10 parameters ipv6 encaplimit none

  'none' is not a valid integer number

This is related to T2759 and its a missplaced error message - the functionality is working. It will be fixed hopefully soon.

c-po triaged this task as High priority.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
c-po changed Why the issue appeared? from Will be filled on close to Implementation mistake.
c-po changed Is it a breaking change? from Behavior change to Perfectly compatible.

Tomorrows 1.3 beta image and 1.4 rolling will have the fix included.

thank you very much ! Very responsive 😄

SrividyaA set Issue type to Bug (incorrect behavior).Aug 31 2021, 2:48 PM