summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-10-18smoketest: openvpn: add initial client testChristian Poessinger
2020-10-18smoketest: sstp: remove unused variableChristian Poessinger
2020-10-18ifconfig: T2985: remove no longer available vyos.ifconfig.stp includeChristian Poessinger
almost every interface can be part of a bridge thus the code for changing STP cost is best part of the Interface() base class itself. Commit b5ef10cf ("ifconfig: T2985: support on demand bridge creation") implemented this change but the STP file was not removed on the test devices causing tests to pass.
2020-10-17Merge branch 'bridge' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'bridge' of github.com:c-po/vyos-1x: smoketest: add IPv6 option tests to BasicInterfaceTest ifconfig: T2985: support on demand bridge creation geneve: T1799: add IPv6 CLI options op-mode: add "show arp" command
2020-10-17smoketest: add IPv6 option tests to BasicInterfaceTestChristian Poessinger
2020-10-17ifconfig: T2985: support on demand bridge creationChristian Poessinger
The current implementation for bridge based interfaces has an issue which is caused by priority inheritance. We always assumed that the bridge interface will be created last, but this may not be true in all cases, where some interfaces will be created "on demand" - e.g. OpenVPN or late (VXLAN, GENEVE). As we already have a bunch of verify steps in place we should not see a bridge interface leak to the underlaying infrastructure code. This means, whenever an interface will be member of a bridge, and the bridge does yet not exist, we will create it in advance in the interface context, as the bridge code will be run in the same commit but maybe sooner or later. This will also be the solution for T2924.
2020-10-17geneve: T1799: add IPv6 CLI optionsChristian Poessinger
2020-10-17op-mode: add "show arp" commandChristian Poessinger
2020-10-17Merge pull request #576 from sever-sever/T752Christian Poessinger
sysctl-forwarding: T752: Add disable forwarding for ipv4
2020-10-17sysctl-forwarding: T752: Add disable forwarding for ipv4sever-sever
2020-10-17Merge pull request #573 from sever-sever/T2938Christian Poessinger
conf-mode: T2938: Add format octet-counted for syslog
2020-10-17syslog: T2938: Add format octet-counted for syslog conf-modesever-sever
2020-10-17Merge pull request #575 from DmitriyEshenko/ipoe-fix-issue01Christian Poessinger
ipoe-server: T2978: Add required proxy-arp by default
2020-10-16ipoe-server: T2978: Add required proxy-arp by defaultDmitriyEshenko
2020-10-16Merge pull request #574 from Cheeze-It/currentChristian Poessinger
T2981, Adding MPLS LDP Neighbor Reset functionality
2020-10-16T2981, Adding MPLS LDP Neighbor Reset functionalityCheeze_It
Configuration was actually made by Viacheslav. I just added it in here, and tested it. It does test. Viacheslav tested it as well. I cannot take credit for this, even though he's giving me PR. Thanks goes to him.
2020-10-16Merge pull request #572 from sever-sever/T2965Christian Poessinger
op-mode: T2965: Add CLI protocols bfd peers
2020-10-16op-mode: T2965: Add CLI protocols bfd peerssever-sever
2020-10-16Merge pull request #571 from sever-sever/T915_holdtime_explicitChristian Poessinger
conf-mode: T915: Add mpls ldp explicit and holdtime commands
2020-10-15conf-mode: T915: Add mpls ldp explicit and holdtime commandssever-sever
2020-10-13Merge pull request #566 from DmitriyEshenko/incr-pppoe-shaperChristian Poessinger
pppoe-server: T2972: Increase rate limit validator
2020-10-13pppoe-server: T2976: fix local-users default value retrieval from XMLChristian Poessinger
We must use XML node style (hyphen over underscore).
2020-10-13pppoe-server: T2972: Increase rate limit validatorDmitriyEshenko
2020-10-12smoketest: tftp-server: listen on dummy interface address rather then loopbackChristian Poessinger
2020-10-11tftp-server: T2974: migrate to get_config_dict()Christian Poessinger
2020-10-11broadcast-relay: T2712: enable render trim_blocksChristian Poessinger
2020-10-11smoketest: tftp-server: add initial testcasesChristian Poessinger
2020-10-11tftp-server: T2973: bugfix IPv6 listen address/port combinationChristian Poessinger
The mandatory colon for separating the IPv6 address and port was missing.
2020-10-11nat: T2198: use proper validators for dnat translation addressChristian Poessinger
2020-10-11smoketest: nat: extend snat and add dnat test casesChristian Poessinger
2020-10-11smoketest: nat: concentrate validation logic checksChristian Poessinger
2020-10-09QAT: T2968: add support for Intel Atom C2000 processorChristian Poessinger
2020-10-09login: T2492: remove empty plaintext-password nodeChristian Poessinger
2020-10-08configd: T2931: workaround for suspected zmq bugJohn Estabrook
2020-10-07Merge pull request #563 from lucasec/dns-source-addressChristian Poessinger
pdns_recursor: T2964: Expose query-local-address to dns config.
2020-10-06pdns_recursor: T2964: Expose query-local-address to dns config.Lucas Christian
In certain split DNS configurations, there is a need for more fine-grained control over the local address DNS forwarding uses to issue queries. The current pdns_recursor configuration allows the recursor to send queries from any available address on the interface the OS selects for the query, with no option to limit queries to a particular address or set of addresses. This commit exposes the `query-local-address` option in `recursor.conf` to users via the `service` `dns` `forwarding` `source-address` config node. If the parameter is unspecified, the default value of 0.0.0.0 (any IPv4 address) and :: (any IPv6 address) are used to match current behavior. Users who want more control can specify one or more IPv4 and IPv6 addresses to issue queries from. Per pdns_recursor docs, the recursor will load balance queries between any available addresses in the pools. Since IPv4 and IPv6 are different pools, note that specifying only one type of address will disable issuing queries for the other address family.
2020-10-06openconnect: T2036: reuse accel-name-server.xml.iChristian Poessinger
2020-10-06Merge pull request #565 from sever-sever/T2782Christian Poessinger
conf-mode: T2782: Restart rsyslog after changing timezone
2020-10-06conf-mode: T2782: Restart rsyslog after changing timezonesever-sever
2020-10-06xml: tftp-server: include/reuse port-number.xml.iChristian Poessinger
2020-10-06xml: include: add common helper file for listen-addressChristian Poessinger
2020-10-06Merge pull request #564 from lucasec/doc-updateDaniil Baturin
Update search domain error message to match new validation logic
2020-10-05Update search domain error message to match new validation logic.Lucas Christian
(also converted file to unix line endings)
2020-10-05wireless: T2963: remove default wpa mode key if passphares or RADIUS is unsetChristian Poessinger
Required to not trigger the "Misssing WPA key or RADIUS server" exception due to the new default value added in commit 2a0428bf ("wireless: T2963: set default 'both' on 'security wpa mode'").
2020-10-05wireless: T2963: set default "both" on "security wpa mode"Christian Poessinger
2020-10-05validate: ipv6: mtu: T2427: wireless interface MTU is not configurableChristian Poessinger
Commit 5db3d631 ("ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interface") checked the "mtu" key for it's value and the test only passed if mtu was larger then the required 1280 bytes when IPv6 address have been configured on the link. wireless (WiFi) interfaces have no MTU node - thus this always resulted in a Python KeyError.
2020-10-05dhcp(v6)-server: T2961: use fqdn validator wnd move to include snippedChristian Poessinger
Migrate the domain-search node (which occurs three times) to an includable snippet. Also re-use the fqdn validator to keep the regex patterns to as few locations as possible.
2020-10-05Merge pull request #562 from lucasec/dhcpv6-statelessChristian Poessinger
dhcpv6: T2961: support stateless dhcpv6 clients
2020-10-05nat: T2951: use proper comments for source/destination loggingChristian Poessinger
For both source and destination NAT always the LOG name contained DST - which is definately false. This has been corrected to use SRC and DST on the appropriate rules.
2020-10-04dhcpv6: T2961: support stateless dhcpv6 clientsLucas Christian
This commit adds support for configuring the DHCPv6 server to serve "stateless" DHCPv6 clients (those that send an information-request message and do not request an address). The change introduces a `common-options` node at the `shared-network-name` level, which allows specifying options applicable to clients regardless of subnet assigned (or in the case of stateless clients, when no subnet is assigned). Parameters specified at the subnet level take precedence over those set at the shared-network level. Presently, only parameters that are meaningful to stateless clients have been exposed under `common-options`, as there is no precedent of exposing parameters at multiple levels under the current DHCPv4 or DHCPv6 configuration syntax. If desired, additional parameters could certainly be added with relative ease.