summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-10-22Merge pull request #2392 from vyos/mergify/bp/sagitta/pr-2386Christian Breunig
vxlan: T5671: change port to IANA assigned default port (backport #2386)
2023-10-22Merge branch 'sagitta' into mergify/bp/sagitta/pr-2386Christian Breunig
2023-10-22Merge pull request #2393 from vyos/mergify/bp/sagitta/pr-2277Christian Breunig
bonding: T5254: Fixed changing ethernet when it is a bond member (backport #2277)
2023-10-22bonding: T5254: Fixed changing ethernet when it is a bond memberaapostoliuk
If ethernet interface is a bond memeber: 1. Allow for changing only specific parameters which are specified in EthernetIf.get_bond_member_allowed_options function. 2. Added inheritable parameters from bond interface to ethernet interface which are scpecified in BondIf.get_inherit_bond_options. Users can change inheritable options under ethernet interface but in commit it will be copied from bond interface. 3. All other parameters are denied for changing. Added migration script. It deletes all denied parameters under ethernet interface if it is a bond member. (cherry picked from commit aa0282ceb379df1ab3cc93e4bd019134d37f0d89)
2023-10-22vxlan: T5671: warn about changed default port numberChristian Breunig
(cherry picked from commit 719a3622f35a0596ffd8a0bd28c071fdaf930153)
2023-10-22vxlan: T5671: change port to IANA assigned default portChristian Breunig
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that predates the IANA assignment. As Most other vendors use the IANA assigned port, follow this guideline and use the new default port 4789. Existing configuration not defining an explicit port number will be migrated to the old default port number of 8472, keeping existing configurations work! (cherry picked from commit 6db8d3ded19f652b99231be0d705d76b598ac72a) # Conflicts: # interface-definitions/include/version/interfaces-version.xml.i
2023-10-21Merge pull request #2389 from vyos/mergify/bp/sagitta/pr-2385Christian Breunig
T5667: BGP label-unicast enable ecmp (backport #2385)
2023-10-21Merge pull request #2388 from nicolas-fort/T5541-sagittaChristian Breunig
T5541: firewall: re-add zone-based firewall.
2023-10-21Merge pull request #2387 from vyos/mergify/bp/sagitta/pr-2384Christian Breunig
T5642: op-cmd: correction of generated file name (backport #2384)
2023-10-21T5667: BGP label-uniscat enable ecmpfett0
(cherry picked from commit e7cdf855ddce7dfe45af8b4b75eeee9de09f2451)
2023-10-20T5541: firewall: re-add zone-based firewall.Nicolas Fort
2023-10-20T5642: op-cmd: correction of generated file namesrividya0208
(cherry picked from commit cd54195d070e49aa084c325b83a71621a4011c97)
2023-10-20Merge pull request #2376 from vyos/mergify/bp/sagitta/pr-2373Daniil Baturin
T4913: migrate wireless scripts to new op-mode style (backport #2373)
2023-10-19Merge pull request #2383 from vyos/mergify/bp/sagitta/pr-2378Christian Breunig
bridge: T5670: add missing constraint on "member interface" node (backport #2378)
2023-10-19vyos.configdict: T5670: move from str to list when calling conf.exists()Christian Breunig
We have had a mix of both string and list arguments to conf.exists(), stremaline this to only make use of list calls. (cherry picked from commit 3f17de7c32621353b51f782ca889a83cad7a6cfd)
2023-10-19bridge: T5670: add missing constraint on "member interface" nodeChristian Breunig
One could specify a bridge member of VXLAN1 interface, but it is not possible to create a VXLAN interface with the name of VXLAN1 - prohibited by VXLAN interface name validator. Add missing interface-name validator code (cherry picked from commit 45dc149e4e3c0c294deac6fd541bb027d2280ea1)
2023-10-19Merge pull request #2380 from vyos/mergify/bp/sagitta/pr-2377Christian Breunig
cluster: T2897: add a migration script for converting cluster to VRRP (backport #2377)
2023-10-19cluster: T2897: add a migration script for converting cluster to VRRPDaniil Baturin
(cherry picked from commit 4c4c2b1f8a58398798f20c252bde80461320d330)
2023-10-18Merge pull request #2375 from vyos/mergify/bp/sagitta/pr-2374Viacheslav Hletenko
pmacct: T5232: Fixed socket parameters for trigger-packets (backport #2374)
2023-10-18T4913: migrate wireless scripts to new op-mode styleChristian Breunig
(cherry picked from commit ed29faeea1354dc2bec544c63e55c1c666e0d900)
2023-10-18pmacct: T5232: Fixed socket parameters for trigger-packetszsdc
This fixes sending packets to uacctd using a socket. (cherry picked from commit 7a0af0d00bae9179c89155e4b2e6ce94abb29c05)
2023-10-17Merge pull request #2372 from vyos/mergify/bp/sagitta/pr-2371Christian Breunig
configdep: T5662: fix incorrect inspect.stack index of calling script (backport #2371)
2023-10-17configdep: T5662: fix incorrect inspect.stack index of calling scriptJohn Estabrook
(cherry picked from commit eff58d8b8842e0bac9fe123cebf93801a92f05d3)
2023-10-16Merge pull request #2368 from vyos/mergify/bp/sagitta/pr-2367Christian Breunig
op-mode: T5642: 'generate tech-support archive' moved to vyos-1x (backport #2367)
2023-10-16op-mode: T5642: 'generate tech-support archive' moved to vyos-1xaapostoliuk
'generate tech-support archive' moved to vyos-1x. Output of 'show tech-support report' command is added to archive. The default location of the archive is moved to '/tmp'. The script is rewritten to Python. (cherry picked from commit 65911b17340a7894aba973113d83ab43964bbf99)
2023-10-15Merge pull request #2356 from vyos/mergify/bp/sagitta/pr-2342Viacheslav Hletenko
T5165: Implement policy local-route source and destination port (backport #2342)
2023-10-14Merge pull request #2365 from vyos/mergify/bp/sagitta/pr-2359Daniil Baturin
remote: T5650: Resize-aware progressbar implementation (backport #2359)
2023-10-14remote: T5650: Resize-aware progressbar implementationerkin
(cherry picked from commit 799d24eba18d6710219b7380cbafb954b9eec5ce)
2023-10-14Merge pull request #2364 from vyos/mergify/bp/sagitta/pr-2361Christian Breunig
pmacct: T5232: Fixed pmacct service control via systemctl (backport #2361)
2023-10-14pmacct: T5232: Fixed pmacct service control via systemctlzsdc
pmacct daemons have one very important specific - they handle control signals in the same loop as packets. And packets waiting is blocking operation. Because of this, when systemctl sends SIGTERM to uacctd, this signal has no effect until uacct receives at least one packet via nflog. In some cases, this leads to a 90-second timeout, sending SIGKILL, and improperly finished tasks. As a result, a working folder is not cleaned properly. This commit contains several changes to fix service issues: - add a new nftables table for pmacct with a single rule to get the ability to send a packet to nflog and unlock uacctd - remove PID file options from the uacctd and a systemd service file. Systemd can detect proper PID, and PIDfile is created by uacctd too late, which leads to extra errors in systemd logs - KillMode changed to mixed. Without this, SIGTERM is sent to all plugins and the core process exits with status 1 because it loses connection to plugins too early. As a result, we have errors in logs, and the systemd service is in a failed state. - added logging to uacctd - systemctl service modified to send packets to specific address during a service stop which unlocks uacctd and allows systemctl to finish its work properly (cherry picked from commit e364e9813b6833f6b108e7177ef7ea2d9e7bac33)
2023-10-13Merge pull request #2350 from vyos/mergify/bp/sagitta/pr-2349Christian Breunig
T5489: Change default qdisc from 'fq' to 'fq_codel' (backport #2349)
2023-10-12Merge pull request #2360 from vyos/mergify/bp/sagitta/pr-2358John Estabrook
xml: T5649: catch errors from schema validation before generating cache (backport #2358)
2023-10-12xml: T5649: catch errors from schema validation before generating cacheJohn Estabrook
(cherry picked from commit 126a67ade9cd045e0ff60b0b9eb9b5680e8a29d0)
2023-10-11Merge pull request #2354 from vyos/mergify/bp/sagitta/pr-2352John Estabrook
http-api: T2612: correct the response message and add reload for api self-configuration (backport #2352)
2023-10-11T5165: Implement policy local-route source and destination portViacheslav Hletenko
Add `policy local-route` source and destination port set policy local-route rule 23 destination port '222' set policy local-route rule 23 protocol 'tcp' set policy local-route rule 23 set table '123' set policy local-route rule 23 source port '8888' % ip rule show prio 23 23: from all ipproto tcp sport 8888 dport 222 lookup 123 (cherry picked from commit ff43733074675b94ce4ead83fe63870b6cf953c5)
2023-10-10http-api: T2612: reload server within configsession for api self-configJohn Estabrook
(cherry picked from commit 93d2ea7d635c7aa5acf3000654393ea48b7c6405)
2023-10-10http-api: T2612: send response before reconfiguring api serverJohn Estabrook
(cherry picked from commit 7d597a6dca15cb592230b349ef7ef565f258cf43)
2023-10-08Change to BBR as TCP congestion control, or at least make it an config optionApachez
(cherry picked from commit ac1bd7c2f69e058f54084decbfe6b6d329df6462)
2023-10-07Merge pull request #2346 from vyos/mergify/bp/sagitta/pr-2335Christian Breunig
pppoe: T5630: allow to specify MRU in addition to already configurable MTU (backport #2335)
2023-10-07pppoe: T5630: verify MRU is less or equal then MTUChristian Breunig
(cherry picked from commit e357258e645cf85de0035d4ecfbf99db4dd90f7e)
2023-10-07pppoe: T5630: allow to specify MRU in addition to already configurable MTUChristian Breunig
Set the MRU (Maximum Receive Unit) value to n. PPPd will ask the peer to send packets of no more than n bytes. The value of n must be between 128 and 16384, the default was always 1492 to match PPPoE MTU. A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data). Note that for the IPv6 protocol, the MRU must be at least 1280. CLI: set interfaces pppoe pppoe0 mru 1280 (cherry picked from commit e062a8c11856f213983f5b41f50d4f9dbc0dde0f)
2023-10-05Merge pull request #2341 from vyos/mergify/bp/sagitta/pr-2339John Estabrook
config: T5631: save copy of config in JSON format on commit (backport #2339)
2023-10-05config: T5631: save copy of config in JSON format on commitJohn Estabrook
(cherry picked from commit 27605426a4ad613f45d36e7db5b1664dc3192981)
2023-10-05Merge pull request #2340 from vyos/mergify/bp/sagitta/pr-2338John Estabrook
T4320: remove references to obsoleted legacy version files (backport #2338)
2023-10-05T4320: remove references to obsoleted legacy version filesJohn Estabrook
(cherry picked from commit aeb0138c9df73b57489eced152f026c0666d1ee5)
2023-10-05Merge pull request #2337 from vyos/mergify/bp/sagitta/pr-2336Christian Breunig
login: T5521: do not call system-login.py in vyos-router init (backport #2336)
2023-10-04login: T5521: do not call system-login.py in vyos-router initChristian Breunig
Calling system-login.py with no mounted VyOS config has the negative effect that the script will not detect any local useraccounts and thus assumes they all need to be removed from the password backend. As soon as the VyOS configuration is mounted and the CLI content is processed, system-login.py get's invoked and re-creates the before deleted user accounts. As the account names are sorted in alphabetical order, the name <-> UID mapping can get mixed up during system reboot. The intention behind calling system-login.py from vyos-router init was to reset system services (PAM, NSS) back to sane defaults with the defaults provided via system-login.py. As PAM is already reset in vyos-router startup script, /etc/nsswitch.conf was the only candidate left. This is now accomplished by simply creating a standard NSS configuration file tailored for local system accounts. This is the second revision after the first change via commit 64d32329958 ("login: T5521: home directory owner changed during reboot") got reverted. (cherry picked from commit 12069d5653034b46a47430353c3867b3678c196f)
2023-10-04Revert "login: T5521: home directory owner changed during reboot"Christian Breunig
This reverts commit 074870dad33d80e78128736f9e89bdfa1a0e08fd.
2023-10-03Merge pull request #2334 from vyos/mergify/bp/sagitta/pr-2331Christian Breunig
login: T5521: home directory owner changed during reboot (backport #2331)
2023-10-03login: T5521: home directory owner changed during rebootChristian Breunig
During system startup the system-login.py script is invoked by vyos-router systemd service. As there is no complete configuration available at this point in time - and the sole purpose of this call is to reset/re-render the system NSS/PAM configs back to default - it accidently also deleted the local useraccounts. Once the VyOS configuration got mounted, users got recreated in alphabetical order and thus UIDs flipped and the /home suddenely belonged to a different account. This commit prevents any mangling with the local userdatabase during VyOS bootup phase. (cherry picked from commit 64d323299586da646ca847e78255ff2cd8464578)