PR https://github.com/vyos/vyos-1x/pull/2240
set protocols static proxy-arp 192.0.2.1 interface eth0 set protocols static proxy-arp 192.0.2.1 interface eth1 set protocols static proxy-ndp 2001:db8::1 interface eth1
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 10 2023
Sep 10 2023
sarthurdev changed the status of T5568: Install image from live ISO always defaults boot to KVM entry from Open to In progress.
I dont know if its related to this task but I noticed recently that even if I have no IPv6 configured on any interface and have IPv6 disabled for forwarding:
set system ipv6 disable-forwarding
I can in VyOS 1.5-rolling-202309080021 see an additional pim6reg interface!?
vyos@vyos:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq master MGMT state UP group default qlen 1000
...
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq master INTERNET state UP group default qlen 1000
...
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq master INTERNET state UP group default qlen 1000
...
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq master INTERNET state UP group default qlen 1000
...
6: pim6reg@NONE: <NOARP,UP,LOWER_UP> mtu 1452 qdisc noqueue state UNKNOWN group default qlen 1000
link/pimreg
7: INTERNET: <NOARP,MASTER,UP,LOWER_UP> mtu 65575 qdisc noqueue state UP group default qlen 1000
...
8: MGMT: <NOARP,MASTER,UP,LOWER_UP> mtu 65575 qdisc noqueue state UP group default qlen 1000
...Its also visible when running:
monitor bandwidth interface *
table ip raw {
ct helper rpc_tcp {
type "rpc" protocol tcp
l3proto ip
}Oh sorry, I missed that this commit was for LTS 1.3.x series.
GitHub <[email protected]> committed rVYOSONEX87880a552fd1: Merge pull request #2236 from vfreex/fix-nat-problem-with-vrf (authored by c-po).
@Apachez I am running kernel 6.1.49-amd64-vyos and this works fine with my local setup.
The patch is already in linux kernel since at least 4.3 (you can confirm with https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/include/net/netfilter/nf_conntrack_zones.h?h=linux-4.3.y), but it was added to nft command only since Feb 2017: https://git.netfilter.org/nftables/commit/src/ct.c?id=ed66d9966294a3bab6c8611e369861ba57374743
Fix by @sever regarding those failing conntrack smoketest: https://github.com/vyos/vyos-1x/pull/2234
Can we see the output of sudo nft list table ip raw on an affected router?
@vfreex the referenced netfilter patch is from 2015, is that really valid for current version thats included in the Linux 6.1 LTS kernel?
You can test this approach on a running VyOS router using following commands:
I created a PR to fix this issue by using direction parameter of conntrack zones: https://github.com/vyos/vyos-1x/pull/2236
I have a very basic VRF setup and it works fine. It would be much appreciated if someone could test this with more complex VRF setup.
Sorry to bother you @sdev , the latest releases of 1.5-rolling-202309080021 and 1.4-rolling-202309070021 still have this problem.
c-po moved T5555: Fix timezone migrator (system 13-to-14) from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
c-po moved T5545: sflow is not working from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
c-po closed T5557: bgp: Use treat-as-withdraw for tunnel encapsulation attribute CVE-2023-38802 as Unknown Status.
c-po added a comment to T5557: bgp: Use treat-as-withdraw for tunnel encapsulation attribute CVE-2023-38802.
Added backport for FRR 7.5 https://github.com/FRRouting/frr/pull/14381
Viacheslav changed the status of T5564: Both show firewall group and show firewall summary fails from Open to Needs testing.
GitHub <[email protected]> committed rVYOSONEX8baceafce0cd: Merge pull request #2232 from alainlamar/T5567 (authored by c-po).
GitHub <[email protected]> committed rVYOSONEXaf0a4667326b: Merge pull request #2235 from sever-sever/T5564 (authored by c-po).
I guess we should use the current ip neighbor xxx instead of old arp. I hope it does the same.
sudo ip neighbor add proxy 192.0.2.1 dev eth0 sudo ip -6 neigh add proxy aa::1 dev eth0
Show
vyos@r1# sudo ip neighbor show proxy 192.168.122.11 dev eth0 proxy 192.0.2.1 dev eth0 proxy aa::1 dev eth0 proxy [edit] vyos@r1#
Viacheslav closed T5565: Builds as vyos-999-timestamp instead of vyos-1.4-rolling-timestamp as Resolved.
GitHub <[email protected]> committed rVYOSONEX3f4c320cbcd3: Merge pull request #2234 from sever-sever/T4309 (authored by Viacheslav).
GitHub <[email protected]> committed rVYOSONEX25c36d678b90: Merge pull request #2233 from vfreex/fix-mld-smoketests (authored by c-po).
The failed smoketest test_interfaces_ethernet.py can be seen at:
The failed smoketest test_protocols_pim6.py seems to have been taken care of by:
Regarding the failing smoketest test_system_conntrack.py (test_conntrack_ignore):
https://github.com/vyos/vyos-1x/pull/2233 to fix the smoketest.
In T5518#159341, @Apachez wrote:Something is broken in smoketest test_protocols_pim6.py:
https://github.com/vyos/vyos-rolling-nightly-builds/actions/runs/6133954453/job/16646294279
See "Run smoketests" line 28676 and forward.
Something is broken in smoketest test_protocols_pim6.py:
Sep 9 2023
Sep 9 2023
alainlamar changed the status of T5567: vyos-1x: webproxy: maximum-object-size allowed ranges not in sync with Equuleus from Open to In progress.
Still errors in:
GitHub <[email protected]> committed rVYOSONEX312370c9ef5c: Merge pull request #2179 from vfreex/add-mld (authored by c-po).
Related: https://vyos.dev/T5513
Related: https://vyos.dev/T5311
Viacheslav moved T4426: Add arpwatch to the image from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
Viacheslav moved T5489: Change to BBR as TCP congestion control, or at least make it an config option from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav changed the status of T4754: Improvement: system login: show configured 2FA OTP key, a subtask of T4564: Root task for rewriting [op-mode] to vyos.opmode format, from Open to Needs testing.
Viacheslav changed the status of T4754: Improvement: system login: show configured 2FA OTP key from Open to Needs testing.
Viacheslav added a reverting change for rVYOSONEX7a99a59b338f: Create build.yml: rVYOSONEX7ebdaead30f3: Revert "Create build.yml".
GitHub <[email protected]> committed rVYOSONEXc53cde781508: Merge pull request #2231 from sever-sever/sonar-sag (authored by Viacheslav).
GitHub <[email protected]> committed rVYOSONEX795fcb74b646: Merge pull request #2230 from sever-sever/T5562 (authored by c-po).
Viacheslav changed the status of T5554: Disable sudo for PAM RADIUS, a subtask of T3191: PAM RADIUS freezing when accounting does not configured on RADIUS server, from Open to In progress.
PR for 1.3.x https://github.com/vyos/vyos-1x/pull/2225
c-po committed rVYOSONEXed47ac6560d0: container: T5563 Fix environment replaced by label (authored by hlhc).
GitHub <[email protected]> committed rVYOSONEXb2383561158a: Merge pull request #2229 from c-po/sagitta (authored by Viacheslav).
GitHub <[email protected]> committed rVYOSONEXf494325bfde2: Merge pull request #2228 from hlhc/fix/env-replaced-by-label (authored by c-po).
c-po closed T3700: Support VLAN tunnel mapping of VLAN aware bridges, a subtask of T3137: Let VLAN aware bridge approach the behavior of professional equipment, as Resolved.
c-po closed T3700: Support VLAN tunnel mapping of VLAN aware bridges, a subtask of T5415: Upgrade FRR to version 9.0, as Resolved.
set interfaces bridge br0 member interface vxlan0 set interfaces vxlan vxlan0 external set interfaces vxlan vxlan0 source-interface 'dum0' set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010' set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011' set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030' set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031'
For the tests above, which configs are actually being used?
Some observations:
Sep 8 2023
Sep 8 2023
This pr breaks environment variable processing as it resets env_opt to an empty string when startting to process the labels.
unity renamed T5562: Smoketests fail for vyos:current (test_netns.py) from Smoketests fail for vyos:current to Smoketests fail for vyos:current (test_netns.py).
c-po changed the status of T3700: Support VLAN tunnel mapping of VLAN aware bridges, a subtask of T3137: Let VLAN aware bridge approach the behavior of professional equipment, from On hold to In progress.
c-po changed the status of T3700: Support VLAN tunnel mapping of VLAN aware bridges, a subtask of T5415: Upgrade FRR to version 9.0, from On hold to In progress.
c-po changed the status of T3700: Support VLAN tunnel mapping of VLAN aware bridges from On hold to In progress.
GitHub <[email protected]> committed rVYOSONEX2a8a76c40c70: Merge pull request #2224 from sever-sever/T5489-sag (authored by Viacheslav).
GitHub <[email protected]> committed rVYOSONEX540939473421: Merge pull request #2226 from sever-sever/T5423-sag (authored by Viacheslav).
GitHub <[email protected]> committed rVYOSONEX5e47f1aaea44: Merge pull request #2227 from sever-sever/T5554-sag (authored by Viacheslav).
GitHub <[email protected]> committed rVYOSONEXa12559a72831: Merge pull request #2222 from nicolas-fort/T4072-fwall-bridge (authored by c-po).