Skip to content

ChangeLog

2.0.2 - 2025-09-28

Fixes:

  • cshaper: fix regression in config parsing
  • tc: fix exceptions on filter updating and removing with pyroute2 0.9+
  • python: add requires for python 3.10+ (closes #126)

Changes:

  • docs: update nix section
  • nix: fix luks dependency hell
  • nix: sync docs package with downstream nixpkgs

This release fixes the broken tc handling when pyroute2 0.9+ is used. It also fixes a regression breaking cshaper since ifstate 2.0.

2.0.1 - 2025-09-15

Fixes:

  • routing: fix not applying null routes or null rules if routing is configured
  • netns: fix missing netns cleanup if namespaces is null

Changes:

  • docs: various updates and nixos examples
  • nix: add doc package
  • nix: sync with downstream nixpkgs

2.0.0 - 2025-08-08

Breaking Changes:

  • config: change default config filename from config.yml to ifstate.yaml
  • schema: move cshaper, defaults and ignores into dedicated dict
  • schema: always clear various interface settings by default (addresses, fdb, neighbours, tc, link.master)
  • schema: move sysctl into root
  • schema: refactor iface identification using a dedicated identify option
  • schema: refactor interfaces list to dictionary by name
  • schema: refactor wireguard peers from list to dictionary by public_key
  • setup.py: move data files include schema into libifstate namespace

Changes:

  • config: do not fail if jsonschema python dep is missing
  • docs: move documentation in-tree, replace jekyll by mkdocs-material
  • hooks: add support for spawning services on interface configuration (DHCP client, PPP dialup, WPA supplicant, …)
  • link: allow other common mac address formats (closes #57)
  • logging: allow --verbose to be used twice for two levels of verbosity
  • nix: provide packaging (#109)
  • schema: allow null ifalias values (related #75)
  • sysctl: add MPTCP settings support
  • sysctl: enable net.ipv6.conf.all.optimistic_dad by default (closes #74)
  • wireguard: dump settings and peers on show(all), secrets are hidden by default

⚠️ This major upgrade contains multiple breaking changes! ⚠️

Please take special care when upgrading from ifstate 1.x - old configuration files will not work and break the host's network configuration! You need to adopt old configurations and deploy them using the new configuration file name!

There was a regression in pyroute2==0.9.3 that made ifstate crash. Pyroute2 0.9.4 contains a fix for this issue.

1.13.8 - 2025-08-18

Changes:

  • cli: do not make pyroute2 verbose when the -v arg is only passed once
  • docs: migrate to mkdocs-material
  • logging: print warnings in quiet mode

Fixes:

  • link: fix exception when master or link values points to missing links
  • netns: fix exception when non-existing netns were referenced
  • routing: fix ignore routes get applied when oif could not be looked up
  • routing: fix missing import for parsing routing rules with src value
  • wireguard: fix peers always get reconfigured
  • wireguard: fix exception when iface could not be queried (i.e. check action)

1.13.7 - 2025-07-08

Fixes:

  • netns: fix ignoring netns by name was not implemented (closes #104)
  • netns: fix link recreation if (bind|link)_netns refers to the same netns (closes #65)
  • routing: fix ignores of routes and rules not working for all attr (closes #103)
  • vrrp: fix incomplete declaration of regex string (SyntaxWarning)

1.13.6 - 2025-05-01

Fixes:

  • vrrp: fix process leak per namespace on state updates (closes #89)

1.13.5 - 2025-04-20

Fixes:

  • netns: fix exception when using pyroute2 0.9.1+ (closes #83)
  • wireguard: fix catching a TypeError exception inside wgnlpy (closes #84)

1.13.4 - 2025-03-27

Fixes:

  • sysctl: fix stopping sysctl processing after the first change (closes #82)

1.13.3 - 2025-02-03

Changes:

  • link: silence ENODEV due to removed netns
  • link: simplify netns checks
  • netns: drop use of findmnt
  • vrrp: ignore informational state updates

Fixes:

  • link: fix perpetual recreation of veth interfaces (pull request by @magic_rb)
  • link: do not crash if veth peer is not found
  • netns: fix missing link registry update after interface netns change
  • schema: ip6gretap link to accept ipv6 addresses (cherry-pick from #80) (pull request by @shoki)

1.13.2 - 2025-01-05

Changes:

  • fdb: add missing fdb ignores implementation
  • link: add missing vlan protocol mappings for bridges (closes #72)

Fixes:

  • fdb: fix checking and changing of entries (closes #71)
  • link: fix unset of the ifalias attribute (closes #75)

1.13.1 - 2024-11-08

Changes:

  • link: add missing vrf_table property for vrf links
  • routing: add RTA_VIA support for show_routes (related to #69)

Fixes:

  • vxlan: vxlan_local must not contain ipv6 addresses, add missing vxlan_local6 (closes #67)
  • routing: fix order of routes for RTA_GATEWAY and RTA_VIA (fixes #50, fixes #70)
  • routing: fix route next-hops from other AF than the destination (RTA_GATEWAY vs. RTA_VIA; fixes #69)

It was already allowed in the schema to configure routing next-hops from another address family than the destination address family. This results in an OSError exception terminating ifstate unexpected. This leads to an incomplete network configuration. The same exception happened on vxlan links when vxlan_local was set to an IPv6 address.

1.13.0 - 2024-10-20

Changes:

  • schema: add missing UDP port configuration for VxLAN tunnels
  • vrrp: add support for keepalived's stop state

Fixes:

  • link: fix exception handling in get_link wrapper
  • routing: add /usr/share/iproute2 for routing table map lookups (Debian)
  • routing: configure connected routes before static routes (#50)
  • vrrp: refactor vrrp-fifo, replacing mp.Process with subprocess.Popen implementation (#58 #59 #60)

This release contains a refactor of the vrrp-fifo implementation used to run ifstate from keepalived. The previous implementation seems to trigger race conditions in the pyroute2 backend sockets when using complex setups with multiple netns. It is highly recommended to upgrade if you use the vrrp-fifo action.

1.12.0 - 2024-09-12

Changes:

  • link: add missing support for Distributed Switch Architecture (DSA) interfaces (#47)
  • link: add missing bind_netns support for sit tunnels (#56)

Fixes:

  • addresses: replace even ignored ip addresses with wrong prefix lengths (#53)
  • addresses: fix ip address renew handling for DAD and pfx len issues
  • link: handle ifaces gracefully if IFLA_LINKINFO or IFLA_INFO_DATA is not a dict (#47)
  • link: fix fatal exception if link_netns references a unknown netns (#54)
  • logging: disable syslog handler if /dev/log is not a unix domain socket
  • netns: handle unknown netns for binds gracefully (#54)
  • routing: ensure that table string lookups always returns strings (#48)

1.11.9 - 2024-05-09

Fixes:

  • addresses: reassign ipv6 addresses when IFA_F_DADFAILED flag is set (closes #42)
  • link: add most missing vxlan attributes (closes #43)
  • routing: improve handling for routes with broken dev setting (closes #40)
  • routing: fix exception when removing ip rules (closes #39)
  • schema: interfaces needs to have link settings (closes #41)
  • schema: require a kind setting in interfaces.link

1.11.8 - 2024-03-19

Changes:

  • netns: fail when run from inside a netns if namespaces to be configured

Fixes:

  • link: drop master_netns option as it is not supported by the linux kernel
  • link: fix netns related temporary link name generation
  • link: fix racy netlink exceptions in IPRoute.get_links() for missing links
  • wireguard: handle endpoint lookup errors gracefully

1.11.7 - 2024-02-10

Fixes:

  • netns: fix vrrp race condition due to concurrent netlink socket access
  • wireguard: fix vrrp race condition due to concurrent netlink socket access

1.11.6 - 2024-01-09

Fixes:

  • link: set master before applying brport settings (regression from fixing #35)

1.11.5 - 2024-01-06

Changes:

  • vrrp: reduce logging severity for skipped interfaces in vrrp actions to debug

Fixes:

  • link: make veth links netns aware (fixes #34) (reported by @magic_rb)
  • link: fix creating virtual links with master attribute (closes #35)
  • link: fix false positive error when removing veth links (closes #36)
  • vrrp-fifo: fix exception in worker process if WireGuard is used (closes #37)

1.11.4 - 2023-12-18

Changes:

  • show: do not dump lo interfaces
  • tc: add missing defaults cleanup option for tc settings (closes #32)
  • vrrp-fifo: improve handling of multiple instances/groups, apply config on reload

Fixes:

  • link: add missing copy of vrrp options to cshaper ifb devices (closes #31)
  • tc: fix false positive exceptions when cleaning qdiscs (closes #33)
  • netns: fix process forks for every NetNS on every vrrp-fifo state change

1.11.3 - 2023-12-06

Changes:

  • routing: add support for new iproute2 6.5+ rt_* files directory (/usr/lib/iproute2)

Fixes:

  • cli: fix broken show commands

1.11.2 - 2023-11-25

Changes:

  • vrrp-fifo: track pids and send SIGHUP for reloading vrrp-fifo runners during apply

Fixes:

  • do not use /run/ifstate as a state directory since it may collide with the state file of ifupdown*
  • vrrp-fifo: fix using outdated LinkRegistry breaking most vrrp setups

This release fixes yet another regression (ifstate 1.9.0+) breaking the vrrp-fifo implementation for interfaces not existing on start-up of the vrrp-fifo action.

1.11.1 - 2023-11-24

Changes:

  • logging: add logging.exception to some exception handlers

Fixes:

  • vrrp-fifo: fix TypeError exceptions on state changes breaking vrrp
  • routing: fix vrrp routing setup for netns (regression by 6feb5ba)

This release fixes a regression (ifstate 1.9.0+) breaking the vrrp-fifo implementation due to an internal exception.

1.11.0 - 2023-11-19

Changes:

  • ethtool: allow default settings for ethtool
  • link: allow unsetting the master attribute
  • link: improve attr state debug logging
  • routing: add vrrp conditions for routing item

Fixes:

  • ethtool: fix broken speed and duplex advertise
  • ethtool: fix 'change' settings not working at all
  • link: fix logging a change for orphan physical links which are already down

1.10.1 - 2023-11-13

Changes:

  • netns: port set_netnsid from pyroute2 to make netns handling work on pyroute <=0.79

Fixes:

  • netns: fix showing new netns namespaces as unchanged
  • netns: fix "missing lo" errors due to missing inventory of new created netns namespaces
  • schema: xfrm interfaces requires the xfrm_if_id attribute, xfrm_link is optional

1.10.0 - 2023-11-01

Changes:

  • fdb: allow to configure bridge fdb permanent and noarp (static) entries
  • link: allow binding of virtual tunnel interfaces into another netns (routerkit/ifstate#28)
  • link: configure lo interface by default in all namespaces (routerkit/ifstate#24)
  • link: sort links in stage by netns and name but handle lo always first
  • sysctl: add mpls settings support

Fixes:

  • cli: fix NameError exception for show action
  • vxlan: the vxlan_link attribute is not required

This version adds support to manage bridge fdb entries. This allows, among other things, to build distributed bridges using vxlan tunneling with unicast underlays and static flooding.

1.9.0 - 2023-09-14

Changes:

  • defaults: add default interface settings (addresses, link, neighbours)
  • netns: add networking namespace support
  • link: add link registry and track link dependencies

Fixes:

  • link: false positive warnings about settings that could not be changed (routerkit/ifstate#24)
  • xdp: ctype exception if a bpf program refered from xpd is missing

This version adds netns super capabilities. A dependency resolver optimizes the order in which interfaces are configured, circular dependencies are now correctly detected.

1.8.5 - 2023-07-01

Changes:

  • vrrp: add SIGHUP handler for config reloading (vrrp-fifo)
  • vrrp: set process title to ease reloading by SIGHUP (vrrp-fifo)

Fixes:

  • link: recreate virtual interfaces if settings could not be changed (routerkit/ifstate#17, routerkit/ifstate#23)

Before this release it was possible that some link settings were not changed unnoticed (if the kernel did not throw a netlink error). A known setting is the vlan_id for vlan links which cannot be changed after link creation nor throws any netlink error. This condition is now detected and the interface is recreated using the correct settings.

1.8.4 - 2023-06-08

Fixes:

  • logging: drop defaults from logging formatter to be python 3.9 compatible (routerkit/ifstate#21)

1.8.3 - 2023-04-12

Fixes:

  • link: fix broken interface recreation (routerkit/ifstate#13)
  • link: fix unusable tun/tap implementation (routerkit/ifstate#14)
  • link: do not change link states in check mode (routerkit/ifstate#16)
  • link: fix handling of multiple interface with same mac address (routerkit/ifstate#18)
  • logging: fix using always lastResort logger (routerkit/ifstate#20)
  • vrrp: fix broken fifo instance handling due to extra priority values (routerkit/ifstate#15)

Changes:

  • logging: add syslog logging while running detached (i.e. vrrp script)

1.8.2 - 2023-02-17

Changes:

  • link: add missing device group support

Fixes:

  • link: fix TypeError exception when a physical link is missing (routerkit/ifstate#8)
  • routing: handle unresolvable rt lookups gracefully

This release fixes a bug that could cause a host to not get a working network configuration at boot time.

When a physical link is missing ifstate prints a warning about it. Due to a TypeError exception (routerkit/ifstate#8) ifstate did crash in the link configuration phase. This breaks all ip configuration if any referenced physical link was missing.

1.8.1 - 2023-01-30

Changes:

  • bpf: add missing map pinning
  • bpf: cleanup unused libbpf1 bindings
  • bpf: improve error handling
  • sysctl: apply settings before interface state is set to up
  • xdp: improve error handling

Fixes:

  • bpf: do not reload unchanged bpf programs due to broken error condition
  • bpf: fix bpffs mount detection
  • link: drop IFLA_ALT_IFNAME conflict on IFLA_IFNAME on rename or create
  • logging: don't crash if stderr is closed1 (routerkit/ifstate#5)
  • sysctl: fix setting for renamed interfaces2
  • sysctl: handle procfs errors gracefully3 (routerkit/ifstate#6)
  • xdp: fix broken detection of current attached xdp

This release fixes critical bugs that could cause a host to not get a working network configuration at boot time.

Remarks: 1) This could break the complete network setup if a host is booted with a broken console= kernel parameter. 2) The sysctl settings were applied using the wrong interface name. Combined with 3. it breaks the network setup during boot if the sysctl setting was used on a interface which needs to be renamed. 3) Do not crash if a procfs file cannot be opened.

1.8.0 - 2022-11-17

Changes:

  • brport: add settings to show commands
  • bpf: add shared bpf programs support
  • shell: add tab completion
  • xdp: pin maps for loaded objects

Fixes:

  • xdp: fix error handling on libbpf.bpf_object__open_file
  • xdp: fix loading of pinned programs

1.7.0 - 2022-11-13

Changes:

  • bport: add support for bridge port settings
  • logger: silence skipped steps unless being verbose
  • shell: add a interactive python shell

Fixes:

  • link: fix exception on link recreation
  • link: several minor bugfixes

1.6.1 - 2021-11-05

Changes:

  • xdp: allow to specify attach mode
  • xdp: check libbpf symbols before enabling feature

Fixes:

  • schema: fix xdp pinned format pattern
  • xdp: fix exception if libbpf.so.1 is not available

1.6.0 - 2021-11-03

Changes:

  • xdp: add experimental eXpress Data Path (XDP) support
  • link: add txqlen link setting

Fixes:

  • schema: fix link kind descriptions

1.5.8 - 2021-11-14

Changes:

  • neighbours: add static ip neighbour configuration

Fixes:

  • schema: revert to json schema Draft 7 due to regressions
  • schema: fix usage of ipv4 & ipv6 format
  • packaging: make setup.py work with pyroute2<0.6, pyroute2>=0.6 and pyroute2.minimal

1.5.7 - 2021-10-31

Changes:

  • cshaper: add simple tc-cake based shaping

Fixes:

  • addresses: add missing exception handling
  • pyroute2: workaround NetlinkError regression (pyroute2 #845 #847)

1.5.6 - 2021-09-25

Changes:

  • link: add attribute value mappings for bond and vlan interfaces
  • schema: add link name validation

Fixes:

  • link: fix exception while 'show' for master/link to other netns
  • schema: simplify and make it work on jschon validator
  • schema: fix shortened path output on validation errors

1.5.5 - 2021-08-25

Fixes:

  • ethtool: fix module import for pyroute2 0.6+
  • show: fix missing attributes
  • tc: fix internal exception during apply

1.5.4 - 2021-08-01

Fixes:

  • link: recreate virtual interfaces if updating fails
  • wireguard: deep compare a peer's set of allowedips

1.5.3 - 2021-07-05

Fixes:

  • schema: fix broken geneve links

1.5.2 - 2021-06-05

Changes:

  • routing: make route matching verbose in verbose mode

Fixes:

  • routing: fix ipv6 routes get removed accidentally since the kernel uses a default priority of 1024 vs. 0 on ipv4 routes

1.5.1 - 2021-03-15

Fixes:

  • check: fix broken check command (TypeError exception)

1.5.0 - 2021-03-23

Changes:

  • vrrp: add support for failover link setups, design to work with keepalived's notify script or fifo interface
  • ignore: add proto keepalived(18) to builtin lists

Fixes:

  • addresses: replacing primary ipv4 addr was broken due to add-before-del
  • link: make businfo available in iface settings check
  • link: make businfo lower case
  • link: supress exceptions on unsupported permaddr or businfo
  • wireguard: fix broken apply iface settings

1.4.0 - 2021-01-09

Changes:

  • support bus_info link identification [ethtool -i]

1.3.2 - 2020-12-20

Fixes:

  • wireguard: fix name of persistent_keepalive_interval
  • link: add permaddr to kernel iface settings before for compare

1.3.1 - 2020-12-07

Fixes:

  • several bugs in show command:
  • show missing master device
  • ignore non-scalar link attributes
  • fix kind None for some physical devices

1.3.0 - 2020-09-28

Changes:

  • support prefered src address on routes
  • support preference on routes
  • support mtu setting on links
  • support permanent address link identification [ethtool -P]
  • improve show command output, drop unset values
  • apply builtin filters on show command
  • add the showall command to view builtin settings

Fixes:

  • fix broken show command

1.2.1 - 2020-09-25

Changes:

  • add schema support for ifalias

Fixes:

  • fix link lookup by mac address

1.2.0 - 2020-09-18

Changes:

  • ignore: move defaults to builtin keys to make them extendable by the config
  • update project & schema url to new domain (ifstate.net)
  • improve tc implementation, support ingress qdisc

Fixes:

  • handle empty configs more gracefully
  • add quirks to make veth links work

1.1.0 - 2020-09-04

Changes:

  • link: add ifb support
  • tc: add experimental support
  • tc qdisc
  • tc filter
  • wireguard: catch exception if wireguard netlink support is missing

1.0.0 - 2020-08-24

Changes:

  • ignore dynamic ip addresses by default and make it configurable
  • logging: make it async to prevent lockup while running ifstatecli from remote connections
  • netlink: handle exceptions more gracefully (EEXIST)
  • parser: handle pyyaml exceptions more gracefully
  • parser: improve !include tag
  • schema: add missing additionalProperties constraints
  • schema: add missing master link property (for dummy and wireguard links)
  • schema: add --soft-schema CLI parameter

0.9.0 - 2020-08-17

Changes:

  • ignore keepalive's vrrp interfaces by default
  • make routing ignores more flexible allowing to filter for any properties
  • jsonschema: do not allow addtional properties on more settings
  • handle missing physical links more gracefully
  • ethtool: fallback to predefined executable if it is not found in $PATH
  • rules: make table id only required for to_tbl action
  • multiple bugfixes

0.8.1 - 2020-07-26

Changes:

  • Add missing dummy interface type to schema.
  • Fix WireGuard peer endpoint setting handling.

0.8.0 - 2020-07-26

Changes:

  • ifstatecli: Add !include tag to read secrets from external files.
  • Add WireGuard configuration support.

0.7.3 - 2020-07-24

Changes:

  • Fix broken ethtool pause schema.
  • Make link dependencies work.
  • Change interface state in a final dedicated step.
  • Minor bugfixes.

0.7.2 - 2020-07-16

Changes:

  • Add ethtool support.
  • Minor cleanups.

0.7.1 - 2020-07-12

Changes:

  • Add sysctl support.
  • Add more exception handling for pyroute2 calls (NetLinkErrors).
  • Minor bugfixes.

0.7.0 - 2020-07-04

Changes:

  • Ignore kernel routes flagged RTM_F_CLONED.
  • Ignore IPv6 multicast route prefix (required for VRF).
  • Merge ignore configuration for unset keys with default values.
  • Handle interface name collisions more gracefully.
  • Implement routing rule support.

0.6.3 - 2020-06-20

Changes:

  • Add interface index translations for some interface types:
  • GRE
  • IP6GRE
  • VXLAN
  • XFRM
  • Delay route interface lookup to fix exception for routes on new interfaces.

0.6.2 - 2020-06-16

Changes:

  • Bugfix: support master attribute as interface name (add lookup).
  • Improve route comparision: ignore unconfigured kernel route settings.
  • Update schema to support integer values for various fields.

0.6.1 (first public release) - 2020-06-09

Changes:

  • Add schema support (json-schema).
  • Ignore dynamic docker bridges by default (^br-[\da-f]{12}).