summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-03-31Merge pull request #1920 from jestabro/https-allow-clientViacheslav Hletenko
http-api: T5126: allow restricting client IP address
2023-03-31http-api: T5126: allow restricting client IP addressJohn Estabrook
2023-03-31Merge pull request #1922 from nicolas-fort/T5128Christian Breunig
T5128: Policy Route: allow wildcard on interface
2023-03-31Merge pull request #1927 from sever-sever/T5125Christian Breunig
T5125: Add op-mode for sFlow based on hsflowd
2023-03-31T5125: Add op-mode for sFlow based on hsflowdViacheslav Hletenko
Add op-mode for sFlow based on hsflowd "show sflow" Add machine readable format '--raw' and formatted output
2023-03-31T5128: Add contraint for firewall interface. Also update smoketest to ↵Nicolas Fort
include at least one wildcarded interface
2023-03-31T5128: Policy Route: allow wildcard on interfaceNicolas Fort
2023-03-31Merge pull request #1925 from sever-sever/T4173-smoketestViacheslav Hletenko
T4173: Fix smoketest for load-balancing wan
2023-03-31Merge pull request #1924 from fett0/T5131Christian Breunig
T5131: fix op-mode show isis segment-routing prefix-sids
2023-03-30 T5131: fix op-mode show isis segment-routing prefix-sidsfett0
2023-03-30Merge pull request #1923 from jestabro/fix-templateChristian Breunig
interfaces: T5130: remove show_interfaces.py reference and script
2023-03-30interfaces: T5130: remove obsoleted show_interfaces.pyJohn Estabrook
2023-03-30interfaces: T5130: show/interfaces/node.def defined in vyos-1xJohn Estabrook
2023-03-30T4173: Fix smoketest for load-balancing wanViacheslav Hletenko
Counter jump WANLOADBALANCE was deleted in the commit https://github.com/vyos/vyos-1x/commit/27ca5b9d6d699e201f88ffff41b0a651166b65eb I guess it was done to pass the smoketest even if it broke the load-balance wan feature Fix it
2023-03-29Merge pull request #1900 from jestabro/diff-testChristian Breunig
configdiff: T5089: add unit test of config_diff
2023-03-29ntp: T3008: start daemon with extended privileges but then drop to _chronyChristian Breunig
2023-03-29configdiff: T5089: add unit testJohn Estabrook
2023-03-29configdiff: T5089: add optional arg ordered_values for unit testsJohn Estabrook
2023-03-29configdiff: T5089: add union of configtrees for unit testJohn Estabrook
2023-03-29configtree: T5089: sorting of nodes is now implemented on parsing configJohn Estabrook
2023-03-29Merge pull request #1918 from sever-sever/T5110Christian Breunig
T5110: Fix op-mode FRR vtysh_pam account validation
2023-03-29T5110: Fix op-mode FRR vtysh_pam account validationViacheslav Hletenko
With FRR 8.5 there is exists file /etc/pam.d/frr With this file by default we have cosmtetic error for any op-mode command $ show ip bgp vtysh_pam: Failed in account validation: Success(0)No BGP prefixes displayed, 0 exist Fix it
2023-03-29T5115: bump version dns-forwarding 3 -> 4Christian Breunig
2023-03-29Merge pull request #1915 from indrajitr/pdns-port-round2Christian Breunig
dns: T5115: Support custom port for name servers for forwarding zones
2023-03-29Merge pull request #1916 from jestabro/clear-countersChristian Breunig
interfaces: T4885: add 'clear interfaces counters' to op-mode
2023-03-29Merge pull request #1917 from indrajitr/chrony-cleanupChristian Breunig
ntp: T5118: Remove vestigial ntp completion script
2023-03-29frr: T5045: remove LimitNOFILESoftChristian Breunig
Commit cb872efb ("frr: T5045: lift LimitNOFILE 1024 -> 4096") added both LimitNOFILE and LimitNOFILESoft parameters for FRR, as "systemctl cat frr.service" showed both versions. During daemon startup systemd complains: Unknown key name 'LimitNOFILESoft' in section 'Service', ignoring. So the key got removed again.
2023-03-28ntp: T5118: Remove vestigial ntp completion scriptIndrajit Raychaudhuri
This isn't used anymore after migration from ntpd to chrony as part of T3008.
2023-03-28container: T5047: restart only containers that changedChristian Breunig
By default VyOS used to restart all containers it managed. This makes no sense as it will be service disrupting. Instead only restart the containers that had changes on the CLI beeing made.
2023-03-28container: T2216: explicitly select CNI network backendChristian Breunig
As podman is going to use netavark as new default we must explicitly select the old driver until we have migrated to netavark.
2023-03-28interfaces: T4885: add op-mode-defs for clear interfaces countersJohn Estabrook
2023-03-28interfaces: T4885: add clear/reset_counters to op-mode scriptJohn Estabrook
2023-03-28interfaces: T4885: fix Perl to Python rewrite of clear/reset_countersJohn Estabrook
2023-03-28dns: T5115: Support custom port for name servers for forwarding zones.Indrajit Raychaudhuri
This would allow using custom ports in name server operating on non- default port for forwarding zones. This is a follow-up to T5113 for sake of completeness and having consistent treatment of all name servers configured in PowerDNS recursor. Additionally, migrate `service dns forwarding domain example.com server` to `service dns forwarding domain foo3.com name-server` for consistency and reusability.
2023-03-27bgp: T5114: support configuring TCP keepalive messagesChristian Breunig
2023-03-27bgp: T5114: add "neighbor path-attribute discard"Christian Breunig
2023-03-27bgp: T5114: add peer-group "port" CLI commandChristian Breunig
2023-03-27openvpn: T5051: fix hyphen/underscore error in use of typing.LiteralJohn Estabrook
2023-03-27Merge pull request #1906 from jestabro/codegenViacheslav Hletenko
graphql: T5106: extend generation of API client requests to configsession and composite requests
2023-03-27Merge pull request #1914 from indrajitr/pdns-portChristian Breunig
dns: T5113: Support custom port for name-server forwarders
2023-03-27Merge pull request #1911 from jestabro/countersChristian Breunig
op-mode: T5097: show interfaces should reflect cleared counters
2023-03-27dns: T5113: Support custom port for name-server forwardersIndrajit Raychaudhuri
Smoketest update for T5113 with optional port for name-server forwarders.
2023-03-27dns: T5113: Support custom port for name-server forwardersIndrajit Raychaudhuri
Support custom port for name-server forwarders that would allow using custom ports in name server forwarders to enable forwarding to alternative name servers (unbound, stubby, dnscrypt-proxy etc.) operating on non-default port. This would also allow using DNS Over TLS in PowerDNS Recursor 4.6 onwards (pdns doesn't support certificate check for validity yet) by enabling 'dot-to-port-853'. This is set by default if compiled in with DoT support. See: https://doc.powerdns.com/recursor/settings.html#dot-to-port-853 This also partially implements T921, T2195 (DoT without certificate check). Implementation details: - In 'dns/forwarding' configuration, 'name-server' now allows optional 'port' (defaults to 53). - Instead of modifying 'name-server-ipv4-ipv6.xml.i' to add optional 'port', a new file 'name-server-ipv4-ipv6-port.xml.i' has been used to avoid impacting other places where it is reused because not all of them honor ports (mostly VPN related). - The `host:port` entries to be used by PowerDNS recursor config are normalized eagerly at the point of loading VyOS `Config` instead of doing them lazily while rendering the Jinja2 template to keep the implementation less intrusive. The alternative would entail making quite a bit of change in how 'vyos-hostsd' processes 'static' 'name_servers' entries or persists their runtime states.
2023-03-25Merge pull request #1913 from indrajitr/chrony-ntsChristian Breunig
ntp: T5112: Enable support for NTS (Network Time Security) in chrony
2023-03-25ntp: T5112: Enable support for NTS (Network Time Security) in chronyIndrajit Raychaudhuri
This is basic configuration to enable NTS support in chrony.
2023-03-24xml: T5109: use common include file for alpha-numeric, hyphen and underscore ↵Christian Breunig
regex
2023-03-23op-mode: T5097: show interfaces should reflect cleared countersJohn Estabrook
'show interfaces counters' correctly displays counter stats after a call to 'clear interfaces counters', however, 'show interfaces detail' does not. Add missing update to counter stats.
2023-03-23Merge pull request #1901 from sever-sever/T5099Christian Breunig
T5099: IPoE-server add option next-pool for named ip pools
2023-03-23Merge pull request #1908 from sever-sever/T5086-kernChristian Breunig
T5086: Add smoketest DROP_MONITOR kernel option
2023-03-23Merge pull request #1909 from sever-sever/T5108Christian Breunig
T5108: Add option rate-limit for l2tp pptp sstp ipoe raw format