summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-02-28ssh: T4273: bugfix cipher and key-exchange multi nodesChristian Poessinger
After hardning the regex validator to be preceeded with ^ and ending with $ it was no longer possible to have a comma separated list as SSH ciphers. The migrations cript is altered to migrate the previous comma separated list to individual multi node entries - cipher and key-exchange always had been multinodes - so this just re-arranges some values and does not break CLI compatibility (cherry picked from commit 61fa1c95164e4222e79b078b1a796f41397e0ee3)
2022-02-26smoketest: lldp: add testcaseChristian Poessinger
2022-02-25monitoring: T3872: re-use "port" building block from port-number.xml.iChristian Poessinger
(cherry picked from commit 0ec8927476e7d654d52df4c803a6694be0b1e9e2)
2022-02-25wireless: ifconfig: T2653: add missing defaultValue for mgmt-frame-protectionChristian Poessinger
(cherry picked from commit be60d39332b753f5fe35101efe3463eebea2cb9d)
2022-02-25smoketest: webproxy: use setUpClass() over setUp()Christian Poessinger
(cherry picked from commit 15eff1682613ad20f83c46fded866b132a1fb814)
2022-02-25dhcp-relay: T3095: add missing max-size default valueChristian Poessinger
(cherry picked from commit faa63999ca1fe11cc25e8a241e75a451a53ffa26)
2022-02-23smoketest: tunnel: indention fixupChristian Poessinger
(cherry picked from commit 53517de05e9566c35218d1f07cacb1bff98a46d9)
2022-02-23tunnel: T4267: "parameters ip key" on GRE not required for different remotesChristian Poessinger
(cherry picked from commit e64d45717940aa4fb4a072065bdfa04f884d00cc)
2022-02-22vxlan: T4264: interface is destroyed and rebuild on description changeChristian Poessinger
When changing "general" parameters like: - interface IP address - MTU - description the interface is destroyed and recreated ... this should not happen! (cherry picked from commit 2373b232849c847717cbdcfac7390d8376e227ca)
2022-02-22vyos.configdict: T4263: leaf_node_changed() must also honor valueLess CLI nodesChristian Poessinger
If a valueLess node is added or removed from the CLI, a call to leaf_node_changed() will not detect it. If node is valueLess, on change old or new (depending on addition or deletion) will be {} and is treated as None. Add handler for this special case where old or new is an instance of a dictionary but empty. (cherry picked from commit 149f704a172fb14f16d0ba00ef237b972539492f)
2022-02-22Revert "backport: policy: T4151: Add policy ipv6-local-route"Christian Poessinger
This reverts commit e11a7ff1b2817cc8f4b595171fe82a43a209ebc2.
2022-02-22Revert "backport: policy: T4151: Bugfix policy ipv6-local-route"Christian Poessinger
This reverts commit ed7c674da17519e6331a9cef8522c5e49251d505.
2022-02-22Revert "backport: policy: T4151: remove all previous rules on edit"Christian Poessinger
This reverts commit b71a04811bd61e1faf2bc4eaceaaae8bdbf97dc6.
2022-02-22Revert "backport: policy: T4151: bugfix smoketest"Christian Poessinger
This reverts commit ad26e92a5dccb4a7b6777d11781c323af2557db7.
2022-02-22Revert "backport: policy: T4219: add local-route(6) incoming-interface"Christian Poessinger
This reverts commit 72d7152f794cfe48821797d62865024c1843096e.
2022-02-21smoketest: vxlan: T4120: verify support for multiple remote addressesChristian Poessinger
(cherry picked from commit c3661c8d5d7e8f5c1d040cadf134e87f0d77e28e)
2022-02-21vxlan: T4120: code cleanup for multiple remotesChristian Poessinger
(cherry picked from commit 3a605ad020d8d20b08a72cb1284f6e590d1fd7b5)
2022-02-21bridge: remove unreferenced import -> leaf_node_changedChristian Poessinger
(cherry picked from commit 25b2f2a8057260ad0d2c59823618d7c9f0fba707)
2022-02-21vxlan: T4120: rename tunnel-remotes.xml.i -> tunnel-remote-multi.xml.iChristian Poessinger
(cherry picked from commit d418cd36027aef5993122ec62419e8c66fe7a1ed)
2022-02-21vxlan: T4120: add ability to set multiple remotes (PR #1127)Andreas
VXLAN does support using multiple remotes but VyOS does not. Add the ability to set multiple remotes and add their flood lists using "bridge" command. (cherry picked from commit 0ecddff7cffa8900d351d5c15e32420f9d780c0b)
2022-02-20macsec: T4261: add dhcp client supportChristian Poessinger
(cherry picked from commit 529af7898d062b42ac33e15bfdc62c14184e098f)
2022-02-20smoketest: dhcp: T4203: set missing interface options if presentChristian Poessinger
Commit 5d14a04b ("smoketest: dhcp: T4203: move testcase to base class") added global support in the test case framework for DHCP tests. Some interfaces (e.g. MACsec) require additional options to be passed before the test can be launched. In the MACsec case this includes a source interface, or encryption ciphers. (cherry picked from commit 5ae566086c5c190d52b15f64454abcae9c8a1d46)
2022-02-20smoketest: dhcp: T4203: move testcase to base classChristian Poessinger
We do not only provide DHCP functionality to ethernet interfaces, it's a common feature so the testcase should be made available for multiple interface types. (cherry picked from commit 5d14a04b6ffbd592e8257d98d71da5acb1bb45a9)
2022-02-20interface: T4203: prevent DHCP client restart if not necessaryChristian Poessinger
In the past whenever a change happened to any interface and it was configured as a DHCP client, VyOS always had a breif outage as DHCP released the old lease and re-aquired a new one - bad! This commit changes the behavior that DHCP client is only restarted if any one of the possible options one can set for DHCP client under the "dhcp-options" node is altered. (cherry picked from commit 3a1a7c40a13ee9f5561823a79876d88d3f5bf053)
2022-02-19Merge pull request #1219 from hensur/equuleus-ipv6-local-routeChristian Poessinger
backport: T4515: T4219: policy local-route6 and inbound-interface support
2022-02-19smoketest: T4258: dhcp: bugfix failover portsChristian Poessinger
Commit 5fc9ef9e ("DHCP : T4258: Set correct port for dhcp-failover") changed how the failover port is rendered into the ISC DHCPd configuration - adjustment of the smoketests was missed out. (cherry picked from commit 29ba813fb65b8b292105cdae4f8f71fcce6350a1)
2022-02-19dhcp: T4258: set correct port for dhcp-failoverfett0
(cherry picked from commit 5fc9ef9e31eb566a601f8a150c69b183a4331564)
2022-02-17vyos.configverify: T4255: fix unexpected print of dictionary instead of keyChristian Poessinger
(cherry picked from commit 9e626ce7bad2bd846826822a3622fedf2d937e09)
2022-02-17Merge pull request #1221 from sever-sever/T3686-equChristian Poessinger
openvpn: T3686: Fix for check local-address in script and tmpl
2022-02-17Merge pull request #1224 from sever-sever/T1972-equDaniil Baturin
vrrp: T1972: Ability to set IP address on not vrrp interface
2022-02-17wireless: T4240: bugfix interface bridgingChristian Poessinger
VLAN isolation can not be "set" when interface is of type wifi. (cherry picked from commit 1ceaed55a629c92cf42baccdef4106e8d0e4914e)
2022-02-16backport: policy: T4219: add local-route(6) incoming-interfaceHenning Surmeier
2022-02-16vrrp: T1972: Ability to set IP address on not vrrp interfaceViacheslav Hletenko
Ability to set virtual_address on not vrrp-listen interface Add ability don't track primary vrrp interface "exclude-vrrp-interface" Add ability to set tracking (state UP/Down) on desired interfaces For example eth0 is used for vrrp and we want to track another eth1 interface that not belong to any vrrp-group set high-avail vrrp group WAN interface 'eth0' set high-avail vrrp group WAN virtual-address 192.0.2.222/24 interface 'eth2' set high-avail vrrp group WAN track exclude-vrrp-interface set high-avail vrrp group WAN track interface 'eth1'
2022-02-15Merge pull request #1222 from DmitriyEshenko/eq-1x-15022022Christian Poessinger
dhcpv6-server: T3494: Get address from network to correct sorting
2022-02-15dhcpv6-server: T3494: Get address from network to correct sortingDmitriyEshenko
2022-02-15openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template (cherry picked from commit 230ac0a202acd7ae9ad9bccb9e777ee5a0e0b7b7)
2022-02-14backport: policy: T4151: bugfix smoketestHenning Surmeier
.sort() is an inplace operation and return None...
2022-02-14backport: policy: T4151: remove all previous rules on editHenning Surmeier
2022-02-14backport: policy: T4151: Bugfix policy ipv6-local-routeHenning Surmeier
2022-02-14backport: policy: T4151: Add policy ipv6-local-routeHenning Surmeier
Adds support for `ip -6 rule` policy based routing. Also, extends the existing ipv4 implemenation with a `destination` key, which is translated as `ip rule add to x.x.x.x/x` rules. https://phabricator.vyos.net/T4151
2022-02-14tunnel: T4154: import cleanupChristian Poessinger
(cherry picked from commit 122c7a53575f67759f157e02eca776f799658dc1)
2022-02-14tunnel: T4154: verify() no more then one GRE tunnel is used w/o "ip key" per ↵Christian Poessinger
interface It is impossible for the OS kernel to distinguish multiple GRE tunnels when no "gre key" is configured when sourcing tunnels from the same interface. (cherry picked from commit 6f1326d6b68f6dcb83843374c876407ef2922bd1)
2022-02-13vrf: T4191: bugfix for "ip rule" when VRFs are createdChristian Poessinger
We always mangled and worked on the "ip rule" singleton even when nothing needed to be changed. This resulted in a VRF hickup when the same VRF was added and removed multiple times. set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit delete interfaces ethernet eth1 vrf delete vrf commit set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit broke reachability on eth1 - a reboot was required. This change will now only alter the ip rule tables once when VRF instances are created for the first time and will not touch the Kernel "ip rule" representation afterwards. (cherry picked from commit 2cec431e5caf9df85640f707cd6dc3077c17c238)
2022-02-13vyos.util: T4191: add new sysctl() helper functionChristian Poessinger
(cherry picked from commit b40315b3c5051888f499961e63410e14c5d1bad7)
2022-02-13ethernet: T4242: speed/duplex can never be switched back to auto/autoChristian Poessinger
(cherry picked from commit 812d9770619b968b04961aebf3944fde13df491b)
2022-02-13xml: ssh: T4233: sync regex for allow/deny usernames to "system login"Christian Poessinger
(cherry picked from commit d96bab4e6da517f07133667834cd6f8bcfb5160f)
2022-02-11Merge pull request #1218 from sever-sever/T4237Christian Poessinger
conntrack-sync: T4237: Fix checks for listen-address list to str
2022-02-11conntrack-sync: T4237: Fix checks for listen-address list to strViacheslav Hletenko
Verify section conntrack_sync.py funciton 'is_addr_assigned' should checks address as string not as list
2022-02-11smoketest: T3872: Fix token check for monitoring testViacheslav Hletenko
As INFLUX_TOKEN is present in override.conf.tmpl environment we expect variable "$INFLUX_TOKEN" in the telegraf template and config but not value of the token (cherry picked from commit 19f65290529ac642da419ac77003ddaa70d0cc67)
2022-02-09Merge pull request #1212 from sever-sever/T3872-eq-1xChristian Poessinger
monitoring: T3872: Add new feature service monitoring telegraf