summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-09-20smoketest: use assertNotIn() in base interface testChristian Poessinger
(cherry picked from commit 61aed576582cedc38cafa758651f1446d4ba4d34)
2021-09-20ifconfig: T2104: cleanup IPv6 EUI-64 handling in update()Christian Poessinger
(cherry picked from commit 3f6ae12908f54222f2f79a87bed51f71e2fbac87)
2021-09-20vyos.ifconfig: get_mac_synthetic() must generate a stable "MAC"Christian Poessinger
Commit b7d30137b1 ("vyos.ifconfig: provide generic get_mac_synthetic() method") provided a common helper to generate MAC addresses used by EUI64 addresses for interfaces not having a layer2 interface (WireGuard or ip tunnel). The problem is that every call to the helper always yielded a new MAC address. This becomes problematic when IPv6 link-local addresses are generated and modified on the interface as multiple link-local (fe80::/64) addresses can easily be added to the interface leaving ... a mess. This commit changes the way how the "synthetic" MAC is generated, we generate a UUID which is stable as it is based on the interface name. We take out the last 48 bits of the UUID and form the "MAC" address. (cherry picked from commit 081e23996feb60ad903caf8b0a4587f5dacc69bf)
2021-09-20vyos.util: add is_systemd_service_active() helper functionChristian Poessinger
Required by the vyos.ifconfig library - backported from 1.4 (current)
2021-09-20vyos.ifconfig: T2738: can only read from a file when it existsChristian Poessinger
When IPv6 is disbaled on an interface also the sysfs files related to IPv6 for this interface vanish. We need to check if the file exists before we read it. (cherry picked from commit 672a70613aa6c987bca417f93b587eddccbfd53a)
2021-09-19vyos.ifconfig: T2738: do not remove OS assigned IP addresses from interfaceChristian Poessinger
When using VRRP on any given interface and performing an action against that interface - be it even only changing the alias - will trigger a removal of the VRRP IP address. The issue is caused by: # determine IP addresses which are assigned to the interface and build a # list of addresses which are no longer in the dict so they can be removed cur_addr = self.get_addr() for addr in list_diff(cur_addr, new_addr): When the script calls into the library - we will drop all IP addresses set on the adapter but not available in the config dict. We should only remove the IP addresses marked by the CLI to be deleted! (cherry picked from commit e80d0aebd691f1a707ab534b4d1340fa0b793e01)
2021-09-19vyos.configdict: bugfix: leaf_node_changed() must return empty dict when ↵Christian Poessinger
node is added Commit f476e456 ("vyos.configdict: leaf_node_changed() must return empty dict when node is added") returned [''] as "empty" dict - but this is not empty. >>> if ['']: ... print('foo') ... foo It should rather be: [] (cherry picked from commit e28a80a2b742ea3d9d4bcb8ae66c7a0d51aaaff6)
2021-09-19vyos.ifconfig: T2738: add delta check when changing interface parametersChristian Poessinger
There is no need to alter interface parameters if they have not changed at all. (cherry picked from commit b4c58c5aefaca4fce817b58327b9c7c3e8145d6d)
2021-09-19dhcp-server: T3672: migrate failover name optionChristian Poessinger
Commit 2985035b (dhcp-server: T3672: re-add missing "name" CLI option) unfortunately did not add the name option to the migration script. (cherry picked from commit e83a113360ba18043edcf7f70689c7042dee2b37)
2021-09-19xml: dhcp-server: move building blocks to dhcp subdirectoryChristian Poessinger
(cherry picked from commit 59e5b5eb4c0507f9d3831483152a748b58560bfd)
2021-09-19dhcp-server: T2927: Add empty args if does not possible to determine variablesDmitriyEshenko
(cherry picked from commit 2f8b33a26e63e5b9ac4e697b9312f2238d6241f3)
2021-09-19dhcp-server: T3839: support name-servers and domain config per shared-networkChristian Poessinger
DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1' (cherry picked from commit d411a40a3598c55fae7abd8bc5f1876007aa704b)
2021-09-19dhcpv6-server: xml: add description CLI nodeChristian Poessinger
(cherry picked from commit 90dffcb3c14ec976fecae32d19a979f05a40d9c8)
2021-09-19dhcp-server: xml: use description building blockChristian Poessinger
(cherry picked from commit 564f05614b6e8650185c46b9625f6a0cd9661639)
2021-09-19smoketest: dhcp: T3841: validate ping-check optionChristian Poessinger
(cherry picked from commit 88f71fc6b5b3bd89623c3d5f0af1c7dbd19f0996)
2021-09-19smoketest: dhcp: T3672: adjust to new CLI syntaxChristian Poessinger
(cherry picked from commit a85ff749bb84d562b711171768cdc92498ad7406)
2021-09-19dhcp-server: T3672: bugfix Jinja2 templateChristian Poessinger
The DHCP servers pool {} option can only be used when there follows a range statement. This is invalid for a network with only "static" leases. (cherry picked from commit 6c2c089c26f1652644c9ded7d5cfd8a0497f148e)
2021-09-19dhcp-server: T3841: add option to perform ICMP check before address assignmentChristian Poessinger
(cherry picked from commit 83ea0cb273e29db22062cc133b6eabd4ba2761c7)
2021-09-19dhcp-server: T3672: re-add missing "name" CLI optionChristian Poessinger
This option is mandatory and must be user configurable as it needs to match on both sides. (cherry picked from commit 2985035bcb2f3732e15a41e3c2ee6c6c93a6836e)
2021-09-19dhcp-server: T3672: only one failover peer is supportedChristian Poessinger
(cherry picked from commit a8ccf72c222caad8cd7aaca9bca773be39e87f5c)
2021-09-19dhcp-server: T3838: rename dns-server to name-server nodeChristian Poessinger
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6. (cherry picked from commit e2f9f4f4e8b2e961a58d935d09798ddb4e1e0460)
2021-09-19dhcp-server: T1968: allow multiple static-routes to be configuredChristian Poessinger
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } } (cherry picked from commit a4440bd589db645eb99f343a8163e188a700774c)
2021-09-19dhcpv6: op-mode: xml: error out if DHCPv6 service not configuredChristian Poessinger
Restarting DHCPv6 server should not be possible when service is not configured on the CLI. (cherry picked from commit 224f0b8042f439b8dcc0eb32730da669e8b163af)
2021-09-19dhcpv6: op-mode: xml: fix duplicate help stringsChristian Poessinger
(cherry picked from commit 5d4c75d7fdecc56a8864a3ef76ead3f6121a0cff)
2021-09-19dhcp: op-mode: xml: error out if DHCP service not configuredChristian Poessinger
(cherry picked from commit 83f9d4b8bac6b5d401dfea19d4f9d61b7e638a47)
2021-09-19dhcp: op-mode: xml: fix duplicate help stringChristian Poessinger
(cherry picked from commit 41807725cad3266bf426a9de411bb693b914395e)
2021-09-19T3840: Allow larger DNS forwarding cache sizesLucas Christian
(cherry picked from commit 60f34805d72973e510d1381e4b67a73d0a0952f4)
2021-09-18Merge pull request #1009 from phoenix0984/equuleusChristian Poessinger
OpenConnect: T3837: Fix typo in help property
2021-09-18OpenConnect: Fix typo in help propertyMarcel Gisselmann
2021-09-18validator: T2417: bugfix on Python3 f'ormat stringsChristian Poessinger
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer") introduced Python3 f'ormatted strings but missed the "f" keyword. (cherry picked from commit dda9f655f94968b07043887a03e3bba176eb94d5)
2021-09-15typo: remove unnecessary 'i' from helpJavinator9889
(cherry picked from commit ec9503a9ec487ec7aa3524cb9847357f0631ca25)
2021-09-14dhcpv6-pd: T421: disable wide dhcpv6 client debug messagesChristian Poessinger
(cherry picked from commit 6b48900358ce9b01eaa78e3a086e95a26064f0df)
2021-09-14openvpn: T3822: fix certificate permissionsChristian Poessinger
Commit b8bb9f586 ("T3822: set the OpenVPN key file owner to openvpn:openvpn") changed the permissions only for file present in the "fix_permissions" list. The list did not contain all required certificates - this has been fixed.
2021-09-12Merge pull request #1003 from dmbaturin/T3822Christian Poessinger
T3822: set the OpenVPN key file owner to openvpn:openvpn
2021-09-12T3822: set the OpenVPN key file owner to openvpn:openvpnDaniil Baturin
2021-09-11Fix inconsistent capitalization in the show version outputDaniil Baturin
2021-09-11T3275: conntrack: Add missing conntrack templatesLulu Cathrinus Grimalkin
2021-09-11Merge pull request #1001 from erkin/equuleusDaniil Baturin
T3275: conntrack: Backport XML/Python implementation of conntrack CLI
2021-09-10frr: T1514: refactor restart script and drop duplicated codeChristian Poessinger
(cherry picked from commit d39567c977c84f1c16998947e16d397edbb015be)
2021-09-10T3275: conntrack: Backport XML/Python implementation of conntrack CLIerkin
2021-09-10ethtool: T3802: extend check_speed_duplex() implementation to support 'auto'Christian Poessinger
2021-09-10ethernet: T3802: not all NICs support reading speed/duplex settings in all ↵Christian Poessinger
states Turns out an AX88179 USB 3.0 NIC does not support reading back the speed and duplex settings in every operating state. While the NIC is beeing initialized, reading the speed setting will return: $ cat /sys/class/net/eth6/speed cat: /sys/class/net/eth6/speed: Invalid argument Thus if this happens, we simply tell the system that the current NIC speed matches the requested speed and nothing is changed at this point in time.
2021-09-10ethernet: T3802: use only one implementation for get_driver_name()Christian Poessinger
Move the two implementations to get the driver name of a NIC from ethernet.py and ethtool.py to only ethtool.py.
2021-09-10ethernet: T3802: check if driver supports changing flow-control settingsChristian Poessinger
2021-09-09vyos.configdict: T3814: use no_tag_node_value_mangle in get_interface_dict()Christian Poessinger
This change is required and currently only impacts WireGuards peer configuration, so that the peers name is not mangled. (cherry picked from commit 4d2201eed00ac4780d0196abf53dd9b7cb943a09)
2021-09-09openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
(cherry picked from commit 2647edc30f1e02840cae62fde8b44345d35ac720)
2021-09-09openvpn: T3805: use vyos.util.makedir() to create system directoriesChristian Poessinger
(cherry picked from commit 84e912ab2f583864e637c2df137f62f3d4cbeb14)
2021-09-07scripts: op-mode: T3807: bugfix node.def generatorChristian Poessinger
process_node() processes the XML tree in a fixed order, "node" before "tagNode" before "leafNode". If the generator created a "node.def" file, it can no longer be overwritten - else we would have some stale "node.def" files with an empty help string (T2555). Without the fixed order this would resulted in a case where we get a node and a tagNode with the same name, e.g. "show interfaces ethernet" and "show interfaces ethernet eth0" that the node implementation was not callable from the CLI, rendering this command useless (T3807). This can be fixed by forcing the "node", "tagNode", "leafNode" order by sorting the input XML file automatically (sorting from https://stackoverflow.com/a/46128043) thus adding no additional overhead to the user. (cherry picked from commit 7623e37c918c65418d8dfc521f976bb91f0594c0)
2021-09-07op-mode: xml: improve "show interfaces <type>" help textChristian Poessinger
(cherry picked from commit bd2c79ebb8abbd844f4b0568110c7bcea0d8f4f1)
2021-09-07login: T971 allow quoting in public-keys optionsPaul Lettington
This patch allows the use of `&quot;` in ssh public-key options which unlocks the ability to set the `from` option in a way that sshd will accept to limit what hosts a user can connect from. (cherry picked from commit 6b52387190f8213e7e02060e894c6ddd4fb7cb3d)