Age | Commit message (Collapse) | Author |
|
vxlan: T5671: change port to IANA assigned default port (backport #2386)
|
|
|
|
bonding: T5254: Fixed changing ethernet when it is a bond member (backport #2277)
|
|
If ethernet interface is a bond memeber:
1. Allow for changing only specific parameters which are specified
in EthernetIf.get_bond_member_allowed_options function.
2. Added inheritable parameters from bond interface to ethernet
interface which are scpecified
in BondIf.get_inherit_bond_options.
Users can change inheritable options under ethernet interface
but in commit it will be copied from bond interface.
3. All other parameters are denied for changing.
Added migration script. It deletes all denied parameters under
ethernet interface if it is a bond member.
(cherry picked from commit aa0282ceb379df1ab3cc93e4bd019134d37f0d89)
|
|
(cherry picked from commit 719a3622f35a0596ffd8a0bd28c071fdaf930153)
|
|
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that
predates the IANA assignment. As Most other vendors use the IANA assigned port,
follow this guideline and use the new default port 4789.
Existing configuration not defining an explicit port number will be migrated
to the old default port number of 8472, keeping existing configurations work!
(cherry picked from commit 6db8d3ded19f652b99231be0d705d76b598ac72a)
# Conflicts:
# interface-definitions/include/version/interfaces-version.xml.i
|
|
T5667: BGP label-unicast enable ecmp (backport #2385)
|
|
T5541: firewall: re-add zone-based firewall.
|
|
T5642: op-cmd: correction of generated file name (backport #2384)
|
|
(cherry picked from commit e7cdf855ddce7dfe45af8b4b75eeee9de09f2451)
|
|
|
|
(cherry picked from commit cd54195d070e49aa084c325b83a71621a4011c97)
|
|
T4913: migrate wireless scripts to new op-mode style (backport #2373)
|
|
bridge: T5670: add missing constraint on "member interface" node (backport #2378)
|
|
We have had a mix of both string and list arguments to conf.exists(),
stremaline this to only make use of list calls.
(cherry picked from commit 3f17de7c32621353b51f782ca889a83cad7a6cfd)
|
|
One could specify a bridge member of VXLAN1 interface, but it is not possible
to create a VXLAN interface with the name of VXLAN1 - prohibited by VXLAN
interface name validator.
Add missing interface-name validator code
(cherry picked from commit 45dc149e4e3c0c294deac6fd541bb027d2280ea1)
|
|
cluster: T2897: add a migration script for converting cluster to VRRP (backport #2377)
|
|
(cherry picked from commit 4c4c2b1f8a58398798f20c252bde80461320d330)
|
|
pmacct: T5232: Fixed socket parameters for trigger-packets (backport #2374)
|
|
(cherry picked from commit ed29faeea1354dc2bec544c63e55c1c666e0d900)
|
|
This fixes sending packets to uacctd using a socket.
(cherry picked from commit 7a0af0d00bae9179c89155e4b2e6ce94abb29c05)
|
|
configdep: T5662: fix incorrect inspect.stack index of calling script (backport #2371)
|
|
(cherry picked from commit eff58d8b8842e0bac9fe123cebf93801a92f05d3)
|
|
op-mode: T5642: 'generate tech-support archive' moved to vyos-1x (backport #2367)
|
|
'generate tech-support archive' moved to vyos-1x.
Output of 'show tech-support report' command is added to archive.
The default location of the archive is moved to '/tmp'.
The script is rewritten to Python.
(cherry picked from commit 65911b17340a7894aba973113d83ab43964bbf99)
|
|
T5165: Implement policy local-route source and destination port (backport #2342)
|
|
remote: T5650: Resize-aware progressbar implementation (backport #2359)
|
|
(cherry picked from commit 799d24eba18d6710219b7380cbafb954b9eec5ce)
|
|
pmacct: T5232: Fixed pmacct service control via systemctl (backport #2361)
|
|
pmacct daemons have one very important specific - they handle control signals in
the same loop as packets. And packets waiting is blocking operation.
Because of this, when systemctl sends SIGTERM to uacctd, this signal has no
effect until uacct receives at least one packet via nflog. In some cases, this
leads to a 90-second timeout, sending SIGKILL, and improperly finished tasks.
As a result, a working folder is not cleaned properly.
This commit contains several changes to fix service issues:
- add a new nftables table for pmacct with a single rule to get the ability to
send a packet to nflog and unlock uacctd
- remove PID file options from the uacctd and a systemd service file. Systemd
can detect proper PID, and PIDfile is created by uacctd too late, which leads
to extra errors in systemd logs
- KillMode changed to mixed. Without this, SIGTERM is sent to all plugins and
the core process exits with status 1 because it loses connection to plugins too
early. As a result, we have errors in logs, and the systemd service is in a
failed state.
- added logging to uacctd
- systemctl service modified to send packets to specific address during a service
stop which unlocks uacctd and allows systemctl to finish its work properly
(cherry picked from commit e364e9813b6833f6b108e7177ef7ea2d9e7bac33)
|
|
T5489: Change default qdisc from 'fq' to 'fq_codel' (backport #2349)
|
|
xml: T5649: catch errors from schema validation before generating cache (backport #2358)
|
|
(cherry picked from commit 126a67ade9cd045e0ff60b0b9eb9b5680e8a29d0)
|
|
http-api: T2612: correct the response message and add reload for api self-configuration (backport #2352)
|
|
Add `policy local-route` source and destination port
set policy local-route rule 23 destination port '222'
set policy local-route rule 23 protocol 'tcp'
set policy local-route rule 23 set table '123'
set policy local-route rule 23 source port '8888'
% ip rule show prio 23
23: from all ipproto tcp sport 8888 dport 222 lookup 123
(cherry picked from commit ff43733074675b94ce4ead83fe63870b6cf953c5)
|
|
(cherry picked from commit 93d2ea7d635c7aa5acf3000654393ea48b7c6405)
|
|
(cherry picked from commit 7d597a6dca15cb592230b349ef7ef565f258cf43)
|
|
(cherry picked from commit ac1bd7c2f69e058f54084decbfe6b6d329df6462)
|
|
pppoe: T5630: allow to specify MRU in addition to already configurable MTU (backport #2335)
|
|
(cherry picked from commit e357258e645cf85de0035d4ecfbf99db4dd90f7e)
|
|
Set the MRU (Maximum Receive Unit) value to n. PPPd will ask the peer to send
packets of no more than n bytes. The value of n must be between 128 and 16384,
the default was always 1492 to match PPPoE MTU.
A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256
bytes of data). Note that for the IPv6 protocol, the MRU must be at least 1280.
CLI:
set interfaces pppoe pppoe0 mru 1280
(cherry picked from commit e062a8c11856f213983f5b41f50d4f9dbc0dde0f)
|
|
config: T5631: save copy of config in JSON format on commit (backport #2339)
|
|
(cherry picked from commit 27605426a4ad613f45d36e7db5b1664dc3192981)
|
|
T4320: remove references to obsoleted legacy version files (backport #2338)
|
|
(cherry picked from commit aeb0138c9df73b57489eced152f026c0666d1ee5)
|
|
login: T5521: do not call system-login.py in vyos-router init (backport #2336)
|
|
Calling system-login.py with no mounted VyOS config has the negative effect
that the script will not detect any local useraccounts and thus assumes they
all need to be removed from the password backend.
As soon as the VyOS configuration is mounted and the CLI content is processed,
system-login.py get's invoked and re-creates the before deleted user accounts.
As the account names are sorted in alphabetical order, the name <-> UID mapping
can get mixed up during system reboot.
The intention behind calling system-login.py from vyos-router init was to
reset system services (PAM, NSS) back to sane defaults with the defaults
provided via system-login.py. As PAM is already reset in vyos-router startup
script, /etc/nsswitch.conf was the only candidate left.
This is now accomplished by simply creating a standard NSS configuration file
tailored for local system accounts.
This is the second revision after the first change via commit 64d32329958
("login: T5521: home directory owner changed during reboot") got reverted.
(cherry picked from commit 12069d5653034b46a47430353c3867b3678c196f)
|
|
This reverts commit 074870dad33d80e78128736f9e89bdfa1a0e08fd.
|
|
login: T5521: home directory owner changed during reboot (backport #2331)
|
|
During system startup the system-login.py script is invoked by vyos-router
systemd service. As there is no complete configuration available at this
point in time - and the sole purpose of this call is to reset/re-render
the system NSS/PAM configs back to default - it accidently also deleted the
local useraccounts.
Once the VyOS configuration got mounted, users got recreated in alphabetical
order and thus UIDs flipped and the /home suddenely belonged to a different
account.
This commit prevents any mangling with the local userdatabase during VyOS
bootup phase.
(cherry picked from commit 64d323299586da646ca847e78255ff2cd8464578)
|