summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-05-30T6420: updated contributor doc linkVijayakumar A
2024-05-30Merge pull request #3545 from vyos/mergify/bp/sagitta/pr-3532Christian Breunig
NAT: T6371: fix NAT op mode when list of ports/ranges configured (backport #3532)
2024-05-29nat: T6371: fix op mode display of configured ports when comma separated ↵Ginko
list of ports/ranges exists Before: Issuing the op mode command "show nat source rules" will throw an exception if the user has configured NAT rules using a list of ports as a comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was no handling for the "!" rule and so '!53' would display as '53'. With this PR: Introduced iteration to capture all configured ports and append to the appropriate string for display to the user as well as handling of '!' if present in user's configuration. (cherry picked from commit b7595ee9d328778105c70e3d4399ac45f555b304)
2024-05-29Merge pull request #3544 from vyos/mergify/bp/sagitta/pr-3541Christian Breunig
openvpn: T6374: only check TLS role for s2s if TLS is configured (backport #3541)
2024-05-29openvpn: T6374: only check TLS role for s2s if TLS is configuredDaniil Baturin
(cherry picked from commit f4069582273e1ee9916dea7de1e6ec176db81bc6)
2024-05-29Merge pull request #3538 from vyos/mergify/bp/sagitta/pr-3537Daniil Baturin
ISIS: T6332: Fix isis not working only ipv6 (backport #3537)
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
(cherry picked from commit 03fd368ed263ca28c9b1b5e29f486217784d15ef)
2024-05-28Merge pull request #3536 from vyos/mergify/bp/sagitta/pr-3528Christian Breunig
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS (backport #3528)
2024-05-28openvpn: T6374: ensure that TLS role is configured for site-to-site with TLSDaniil Baturin
(cherry picked from commit 380e998b10341b6dd42bb94d00a9d7a462ada27a)
2024-05-28Merge pull request #3535 from vyos/mergify/bp/sagitta/pr-3530Christian Breunig
T6406: Container CPU limits (backport #3530)
2024-05-28T6406: rename cpus to cpuNicolas Vollmar
(cherry picked from commit 74910564f82e2837cd7eb35ea21f07601e5f8f0d)
2024-05-28T6406: add container cpu limit optionNicolas Vollmar
(cherry picked from commit 81dea053e7178b8fea836a85aacde2a38ffb9e09)
2024-05-28T6406: check for required kernel configNicolas Vollmar
(cherry picked from commit 5146cb23fff56e5a84db8c84120b836ceeae47f2)
2024-05-27smoketest: T6199: remove redundant code when unpacking Kernel GZ configChristian Breunig
(cherry picked from commit 6bcb201a0e7ee9fea5874b963bd3e727ecec578f)
2024-05-27Merge pull request #3527 from vyos/mergify/bp/sagitta/pr-3522Daniil Baturin
smoketest: T6395: check for VFIO options to be present (backport #3522)
2024-05-27smoketest: T6395: check for VFIO options to be presentChristian Breunig
(cherry picked from commit f7b0bc68b7950a6c6e68b9e6708ef8a4b7b9b423)
2024-05-27Merge pull request #3525 from c-po/dhcpv6-T3493-constraintGroupDaniil Baturin
dhcpv6-server: T3493: add constraintGroup for prefix-delegation start/stop address
2024-05-27Merge pull request #3526 from vyos/mergify/bp/sagitta/pr-3523Daniil Baturin
reverse-proxy: T6402: Fix invalid checks in validation script (backport #3523)
2024-05-27reverse-proxy: T6402: Fix invalid checks in validation scriptAlex W
(cherry picked from commit d4d70929a81b2ee1f66a9412a3545911b3874a62)
2024-05-27dhcpv6-server: T3493: add constraintGroup for prefix-delegation start/stop ↵Christian Breunig
address In addition for testing that the supplied IPv6 address ends with ::, we also verify that it's a proper IPv6 address, just in case.
2024-05-26Merge pull request #3520 from vyos/mergify/bp/sagitta/pr-3518Christian Breunig
op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificates (backport #3518)
2024-05-26Merge pull request #3521 from vyos/mergify/bp/sagitta/pr-3517Christian Breunig
op-mode: T6377: must call pki.py helper as root to work with ACME certificates (backport #3517)
2024-05-26op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificatesChristian Breunig
This fixes (for and ACME generated certificate) vyos@vyos:~$ show pki certificate vyos fingerprint sha512 Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module> show_certificate_fingerprint(args.certificate, args.fingerprint) File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint print(get_certificate_fingerprint(cert, hash)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint fp = cert.fingerprint(hash_algorithm) ^^^^^^^^^^^^^^^^ AttributeError: 'bool' object has no attribute 'fingerprint' After the fix: vyos@vyos# run show pki certificate vyos fingerprint sha256 10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2 (cherry picked from commit b6ee07c7efbb818787deba20116f4289853fb5c9)
2024-05-26op-mode: T6377: must call pki.py helper as root to work with ACME certificatesChristian Breunig
This fixes the error: vyos@vyos:~$ show pki certificate Traceback (most recent call last): File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file raise e File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file with open(fname, 'r') as f: ^^^^^^^^^^^^^^^^ PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem' (cherry picked from commit 65fba1cd27af67c543e120effc12882bd0191f03)
2024-05-26Merge pull request #3519 from c-po/dhcpv6-T3493Christian Breunig
T3493: dhcpv6-server does not have prefix range validation
2024-05-26dhcpv6-server: T3493: add proper validation for prefix-delegation start/stop ↵Christian Breunig
address ISC DHCP server expects a string: "prefix6 2001:db8:290:: 2001:db8:29f:: /64;" where the IPv6 prefix/range must be :: terminaated with a delegated prefix length at the end. This commit changes the validator that the IPv6 address defined on the CLI must always end with ::. In addition a verify() step is added to check that the stop address is greater than start address.
2024-05-26Revert "dhcpv6-server: T3493: adds prefix range validation"Christian Breunig
This reverts the prefix start/stop address must be inside network part from commit 4cde0b8ce778d269d3fe1d4f33ba5b2caf424181.
2024-05-26smoketest: support dynamic enable of smoketest debuggingChristian Breunig
$ touch /tmp/vyos.smoketest.debug will enable dynamic debugging of the smoketests - showing the appropriate CLI commands on stdout (cherry picked from commit 0cb4294fdfe5ae0e0e8fd06436f38b67f16413a2)
2024-05-25T6399: added reusable workflows codeowners file to sagitta (#3515)Vijayakumar A
2024-05-24load-balancing haproxy: T6391: fix typo in timeout help (#3513) (#3514)mergify[bot]
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de> (cherry picked from commit 609563d6acfeafbed46b1ac5e6bd497ce097e3bc) Co-authored-by: Gregor Michels <gregor.michels@web.de>
2024-05-24Merge pull request #3512 from vyos/mergify/bp/sagitta/pr-3487Daniil Baturin
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses (backport #3487)
2024-05-23reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responsesAlex W
(cherry picked from commit e1450096b4c667a4c33a3fcd8f67ebf6a39d441d)
2024-05-23Merge pull request #3511 from vyos/mergify/bp/sagitta/pr-3507Daniil Baturin
nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0 (backport #3507)
2024-05-23nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵Christian Breunig
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454 (cherry picked from commit 7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070)
2024-05-23Merge pull request #3509 from vyos/mergify/bp/sagitta/pr-3505Christian Breunig
nat66: T6365: remove warnings for negated interface selections by name (backport #3505)
2024-05-23nat66: T6365: remove warnings for negated interface selections by nameChristian Breunig
(cherry picked from commit 59781ff365a5e1b15ef6c4c2481f3d3815548b9d)
2024-05-23Merge pull request #3504 from vyos/mergify/bp/sagitta/pr-3482Daniil Baturin
nat: T6365: remove warnings for negated interface selections by name (backport #3482)
2024-05-22Merge pull request #3506 from vyos/mergify/bp/sagitta/pr-3502Christian Breunig
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no (backport #3502)
2024-05-22vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_noDaniil Baturin
and return False if the user interrupts the prompt with Ctrl-C (cherry picked from commit 5a5dda14fd3d472680568f1792e9fbdb030f3995)
2024-05-22nat: T6365: use interface_exists() over netifaces.interfaces()Christian Breunig
(cherry picked from commit 645c43ba60d29ca676a4323ccc5ca16c6bd8127a)
2024-05-22nat: T6365: use string startswith() over [0] index accessChristian Breunig
(cherry picked from commit 3870247517741ce23e2fcee8aaa1d194f0ad621b)
2024-05-22nat: T6365: remove warnings for negated interface selections by nameRyazanov Alexander Mihailovich
(cherry picked from commit 03eae30b27433055ddc10f09fc134b83e9bd6cec)
2024-05-22Merge pull request #3503 from vyos/mergify/bp/sagitta/pr-3501John Estabrook
rollback-soft: T6384: tell the user to compare or commit (backport #3501)
2024-05-22rollback-soft: T6384: tell the user to compare or commitDaniil Baturin
after applying the diff (cherry picked from commit 7bba95c8052af5b0cc5908cb9e740caa01b44161)
2024-05-22Merge pull request #3499 from Giggum/sagittaChristian Breunig
dhcpv6-server: T3493: adds prefix range validation and fixes typos in…
2024-05-22Merge pull request #3495 from vyos/mergify/bp/sagitta/pr-3493Christian Breunig
T6375: Fix/Update NAT logging (backport #3493)
2024-05-22Merge pull request #3496 from vyos/mergify/bp/sagitta/pr-3494Christian Breunig
T6373: QoS Policy Limiter - classes for marked traffic do not work (backport #3494)
2024-05-21dhcpv6-server: T3493: adds prefix range validation and fixes typos in select ↵Giggum
ConfigError messages
2024-05-21T6373: QoS Policy Limiter - classes for marked traffic do not workkhramshinr
(cherry picked from commit e50b7afc9d5b727d04933116ccf364a2b9a48c30)
2024-05-21T6375: Fix/Update NAT loggingl0crian1
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum> (cherry picked from commit 5cb9b84bd9ce909460d8da7f039d9371143ede6c)