Age | Commit message (Collapse) | Author |
|
dhcp: T5952: validate duplicate MAC and IP address in static-mappings incl. smoketests
|
|
This extends commit 2c3e4696b3e22 ("T2267: Versioning: Update version tag from
GIT repo") to also include release tags.
(cherry picked from commit 04aa70e3f75169fc592b20acfa6e0b2f37d90a6c)
|
|
T5779: conntrack: Apply fixes to <set system conntrack timeout custom> (backport #2574)
|
|
Backport of the conntrack system from current branch.
(cherry picked from commit fd0bcaf12)
(cherry picked from commit 5acf5aced)
(cherry picked from commit 42ff4d8a7)
(cherry picked from commit 24a1a7059)
|
|
smoketests
(cherry picked from commit 62a8ef29d6238d5b777c3e946c132aca16a813c3)
(cherry picked from commit eb4cac98cb3790eb888d4ea7626781b9afbea8f4)
|
|
ethernet: T4638: deleting parent interface does not delete underlying VIFs (backport #2850)
|
|
xml: T5738: re-use source-address-ipv4-ipv6 building block for config-management (backport #2848)
|
|
(cherry picked from commit 7ba47f027f3a9441125c13a927eb23cee2de041b)
|
|
(cherry picked from commit 100c2393e8732d4faa108889575a25f2a0a397d4)
|
|
ndp-proxy: T5863: add missing priority to honor interface dependencies (backport #2846)
|
|
(cherry picked from commit 40ed1e4f63878a33538370f8c980c2bb73a9fbc4)
|
|
T5953: Changed values of 'close-action' to Strongswan values (backport #2842)
|
|
Changed the value from 'hold' to 'trap' in the 'close-action'
option in the IKE group.
Changed the value from 'restart' to 'start' in the 'close-action'
option in the IKE group.
(cherry picked from commit 8870fabf1b4358618fca7db459515106653214b5)
|
|
image-tools: T5923: update system_console.py for new GRUB file structure (backport #2818)
|
|
Add util function to set serial console speed in accordance with revised
GRUB file structure; in keeping with the intentions of the config_mode
script, adjust the GRUB var 'console_speed' to only modify ttyS0.
(cherry picked from commit 5ceaff2ef970cb9c567ac317bafbffca5b073f4a)
|
|
T4658: Renamed DPD action value from 'hold' to 'trap' (backport #2837)
|
|
Renamed DPD action value from 'hold' to 'trap'
(cherry picked from commit 9f4aee5778eefa0a17d4795430d50e4a046e88b0)
|
|
T5889: Fix migration scripts nat 5-to-6 (backport #2833)
|
|
The current migration drop interface name for NAT where not should
```
nat {
source {
rule 100 {
outbound-interface {
name "eth0"
...
}
}
}
```
After migration we lost interface:
/home/vyos# /opt/vyatta/etc/config-migrate/migrate/nat/5-to-6 tmp.conf
/home/vyos#
/home/vyos# cat tmp.conf | grep "nat {" -A 10
nat {
source {
rule 100 {
outbound-interface {
interface-name ""
...
}
}
}
```
This commit fixes it.
(cherry picked from commit 813237d9766f636394b9ab385bb825fbf83202b3)
|
|
T671: call dmidecode directly in "show hardware dmi" (backport #2201)
|
|
bgp: T5937: fix migration script for IPv6 AFI peer-group (backport #2834)
|
|
Migrate "bgp <ASN> neighbor <NEIGH> address-family ipv6-unicast peer-group"
to "bgp neighbor <NEIGH> peer-group"
(cherry picked from commit 9febed1344e93815dc3a94047daa69967c3af160)
|
|
The old script isn't doing much, in fact, it's much less informative
than actual dmidecode
(cherry picked from commit 7f0a363c9034a3b1600efab7c30bf7ab06381816)
|
|
ospf: T5936: when migrating passive interfaces set_tag() must be set (backport #2829)
|
|
(cherry picked from commit 495c3c3cc646c378746dc458f30da72c85f16dba)
|
|
T4856: Fix IPsec DHCP-client exit hook (backport #2823)
|
|
T5901: Add DHCP base_path dir during first boot (backport #2824)
|
|
We should create dhclient base_path dir `/run/dhclient` during the
first boot.
It fixes cloud-init boot issues
```
/etc/dhcp/dhclient-exit-hooks.d/03-vyos-dhclient-hook: line 33: /run/dhclient/dhclient_eth0.lease: No such file or directory
```
(cherry picked from commit e613983721c48c13c2e6e73e7c4dbdbaa8e9eacf)
|
|
The script acually does not have the variable `secrets_lines` and
secret lines itself does not have the marker `# dhcp:{interface}`
in `to_find`
Needs to rewrite this script in the future if it is required
This commit fixes DHCP-client exit hook:
```
dhclient[6800]: NameError: name 'secrets_lines' is not defined
root[6801]: /etc/dhcp/dhclient-exit-hooks.d/99-ipsec-dhclient-hook returned non-zero exit status 1
```
(cherry picked from commit a9cf7246d4450c8b3e1b749b36c3393b0963404b)
|
|
op-mode: T5944: remove double whitespace in reboot error message (backport #2825)
|
|
(cherry picked from commit 01b7ae796e870be90d4e448100c5e7551d9767ec)
|
|
T5944: Fix reboot in arg (backport #2821)
|
|
Fix the arg for the `reboot in x` command
The current arg is `--reboot_in [Minutes ...]`
The expected arg is `--reboot-in [Minutes ...]`
(cherry picked from commit 3b27d5bc97372c01cb02d4dd0cd3b0b6fa1c3d94)
|
|
bgp: T591: SRv6 improvements (backport #2819)
|
|
set protocols bgp address-family ipv4-unicast nexthop vpn export <ipv4-address|ipv6-address>
set protocols bgp address-family ipv6-unicast nexthop vpn export <ipv4-address|ipv6-address>
(cherry picked from commit 7349927908206fa83a7295d643f56950309efb4f)
|
|
set protocols bgp address-family ipv4-unicast sid vpn export <auto|1-1048575>
set protocols bgp address-family ipv6-unicast sid vpn export <auto|1-1048575>
(cherry picked from commit d7e248ba514108461ca9d5875c0be077c80ceca7)
|
|
T5925: Containers change systemd KillMode (backport #2814)
|
|
By default we use mode `none` for containers
Unit uses KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update the
service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
(cherry picked from commit 4c71c46cbb840167708e75e902de5bfc9e31a03e)
|
|
T5857: Fix op-mode show interfaces wireless info unconf message (backport #2812)
|
|
When a router does not have wireless interfaces the proper
unconfigured message must be exist
(cherry picked from commit c97955b963ecc3da9638717485fe4d2c8599565c)
|
|
image-tools: T5910: explicitly set transmission speed of serial console (backport #2806)
|
|
GRUB defaults to 9600 in case of serial console; explicitly set to
115200.
(cherry picked from commit 70122bef58eaa0084695f89c410992f8d7c1f9f6)
|
|
bgp: T5306: fix verify_remote_as() to support v6only interface with peer-group (backport #2809)
|
|
To test:
set protocols bgp neighbor eth0 interface v6only peer-group 'fabric'
set protocols bgp peer-group fabric address-family ipv4-unicast
set protocols bgp peer-group fabric address-family ipv6-unicast
set protocols bgp peer-group fabric capability extended-nexthop
set protocols bgp peer-group fabric remote-as 'external'
set protocols bgp system-as 64496
(cherry picked from commit 12e81dbb47b942b3d9a7a69189adefb5b176c4ef)
|
|
T5922: firewall: fix intra-zone filtering parsing rules; update firew… (backport #2807)
|
|
smoketest
(cherry picked from commit 5c4c873f9c36459bc7bad73208450ee802440929)
|
|
This reverts commit 61817dbb3f2667bcb0fbd734d70daeb2c4672720.
|
|
firewall: T5814: Retain legacy 'accept' behaviour and re-order migration (backport #2790)
|
|
Pre-1.4 firewall 'accept' action acted as a 'return'. This change ensures the migrated rules meet the expected behaviour.
This commit also re-orders migrated in/out/local jumps ordered by direction instead of interface.
(cherry picked from commit dc542f109460bca6453d1eeba9fe829aea38bb33)
|
|
T5791: T5918: use generic pattern to detect dynamic interfaces for ipsec and dynamic dns (backport #2798)
|