Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 762be96f45bb1d9705e45ff554ad483c9d4e10ff)
|
|
(cherry picked from commit 61342083d7db8c30d015474fae5cb71f480487d8)
|
|
container: T5955: add uid/gid settings (backport #2927)
|
|
(cherry picked from commit faa4c87d93c7808c6a4edd8eddd29049ec8ec3fa)
|
|
(cherry picked from commit 52e9707a43290f5f826766e2c42c5f0db3c9adec)
|
|
T5971: Rewritten ppp options in accel-ppp services (backport #2891)
|
|
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor (backport #2903)
|
|
ddclient: T5966: Adjust dynamic dns config address subpath (manual backport #2860)
|
|
Rewritten 'ppp-options' to the same view in all accel-ppp services.
Adding IPv6 support to PPTP.
(cherry picked from commit d9e57fe65dd538c6ea80637f4f6f23cf11dc583d)
|
|
Since, we don't have op-mode operation for 'dns dynamic' anymore, we need
to add a top level property to avoid empty `templates-op/update/node.def`.
|
|
Update op-mode for dynamic dns to standardize on `vyos.opmode`. All
methods of `op_mode/dns_dynamic.py` are now available in standardized
`op_mode/dns.py`.
Move op-mode command `update dns dynamic` to `reset dns dynamic` to
reflect that it is not an update but a reset of the dynamic dns service.
Also, make the help texts more consistent for all op-mode commands for
`dns dynamic` and `dns forwarding`.
|
|
|
|
|
|
|
|
Modify the dynamic dns configuration 'address' subpath for better
clarity on how the address is obtained.
Additionally, remove `web-options` and fold those options under the
path `address web`.
|
|
T5989 fix: Add ipv4-prefix as a valid option for UPnP ACLs. (backport #2897)
|
|
T4839: firewall: Add dynamic address group in firewall configuration (backport #2756)
|
|
Commit eb76729d6324 ("dns forwarding: T5687: Implement ECS settings for PowerDNS
recursor") added a helper "_set_required_options()" method to reduce duplicate
code when setting up the base interface test.
This refactors the test class to call this code always in setUp() so we have
it written only once.
(cherry picked from commit 112376a4ccb96ceee647a4cba5c4f131597b0ea4)
|
|
Completion help suggests only IPv4 and IPv6 prefixes are supported, thus add a
proper constraint enforcing this.
(cherry picked from commit 049560725b93de49ec2d5a779e391e61d568ceb6)
|
|
Fix option descriptions
(cherry picked from commit c4b6c156549ea03262793c78532c2456e8713b81)
|
|
(cherry picked from commit eb76729d63245e2e8f06f4d6d52d2fd4aab4fb1f)
|
|
dns: T5959: Streamline dns forwarding service (backport #2854)
|
|
(cherry picked from commit 0307801b8928bbaaa20caf5bd10b928bae459490)
|
|
appropiate commands to populate such groups using source and destination address of the packet.
(cherry picked from commit 6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122)
|
|
T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp (backport #2832)
|
|
For example, port 5353 is reserved for multicast DNS, this means tests
will fail if the host running the tests is also running a mDNS server.
(cherry picked from commit 22c8bea36da0a546abcc528dc12a97cd6a0c3b10)
|
|
Streamline configuration and operation of dns forwarding service in
following ways:
- Remove `dns_forwarding_reset.py` as its functionality is now covered
by `dns.py`
- Adjust function names in `dns.py` to disambiguate between DNS
forwarding and dynamic DNS
- Remove `dns_forwarding_restart.sh` as its functionality is inlined in
`dns-forwarding.xml`
- Templatize systemd override for `pdns-recursor.service` and move the
generated override files in /run. This ensures that the override files
are always generated afresh after boot
- Simplify the systemd override file by removing the redundant overrides
- Relocate configuration path for pdns-recursor to `/run/pdns-recursor`
and utilize the `RuntimeDirectory` default that pdns-recursor expects
- We do not need to use custom `--socket-dir` path anymore, the default
path (viz., `/run/pdns-recursor` is fine)
(cherry picked from commit 1c1fb5fb4bd7c0d205b28caf90357ad56423464f)
|
|
(cherry picked from commit 119efb6d8d353482d598287f49e22aa68a22e960)
|
|
T5974: Fix QoS shape bandwidth and ceil calculation for default (backport #2883)
|
|
bgp: T5930: Denied using rt vpn 'export/import' with 'both' together (backport #2914)
|
|
T5941: Migration policy delete orphaned interface policy (backport #2890)
|
|
T5941: Migration QoS delete orphaned interface traffic-policy (backport #2892)
|
|
The default `bandwidth` and `ceiling` should calculate values
based on <tag> bandwidth but currently it gets the value from
qos.base `/sys/class/net/{self._interface}/speed`
```
set qos policy shaper SHAPER bandwidth '20mbit'
set qos policy shaper SHAPER default bandwidth '95%'
set qos policy shaper SHAPER default ceiling '100%'
```
It causes wrong calculations for class `default` i.e
950Mbit for bandwidth (expected 95% of bandwidth, 19Mbit)
1Gbit for ceil (expected 100% of bandwidth, 20Mbit)
Gets incorrect values
```
r4# tc class show dev eth1
class htb 1:1 root rate 20Mbit ceil 20Mbit burst 1600b cburst 1600b
class htb 1:a parent 1:1 leaf 8053: prio 0 rate 200Kbit ceil 200Kbit burst 1Mb cburst 1600b
class htb 1:b parent 1:1 leaf 8054: prio 7 rate 950Mbit ceil 1Gbit burst 15200b cburst 1375b
```
Fix this
(cherry picked from commit 6ddfe6328e1cbdde1b70763b39e3a87f8374755a)
|
|
We can get an orphaned interface traffic-policy when the traffic-policy
name is removed from the interface, but the node `trffic-policy`
is still attached to the interface
For exmaple we have orphaned node traffic-policy on an interface:
```
set interfaces bonding bond0 vif 995 traffic-policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete traffic-policy from all interfaces if traffic-policy does not exist
(cherry picked from commit ca43e517408168ad1f12a3e5bc6f2d97f510faee)
|
|
We can get orphaned interface policy when the policy name was
removed from the interface but the node `policy` still attached
to the interface
For exmaple we have orphaned node policy on interface:
```
set interfaces bonding bond0 vif 995 policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete policy from all interfaces if policy does not exist
(cherry picked from commit 53670e1fb201cf1d27b01b4bc796ff097f82552d)
|
|
Moved ipv6 pools to named ipv6 pools in accel-ppp services
(cherry picked from commit d187803c31175e471397dd4f77040ab56d2e1073)
|
|
(cherry picked from commit 32183aa0f0f9c51126d21693db0eafa256419b31)
|
|
Denied using command 'route-target vpn export/import'
with 'both' together in bgp configuration.
(cherry picked from commit 32a13411f47beffcbe4b49a869c99cb42374d729)
|
|
T5977: firewall: remove ipsec options in output chain rule definition… (backport #2887)
|
|
since it's not supported.
(cherry picked from commit 9d490ecf616eb9d019beee37a3802705c4109d9d)
|
|
T5254: Deleted extra file git (backport #2910)
|
|
Deleted extra file git.
(cherry picked from commit 5602f9fda633c58c6c986e5e649696e982d4d245)
|
|
reverse-proxy: T5999: Allow root for exact match in backend rule URL (backport #2908)
|
|
(cherry picked from commit f2c6cb62521bf13a51225462e8d39ee184645de1)
|
|
rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix' (backport #2906)
|
|
(cherry picked from commit c23775d29fd3bebbfd6ae9483fd12f2fb643c9a2)
|
|
system-option: T5979: Add configurable kernel boot options (backport #2886)
|
|
vrf: T5973: multiple bugfixes and improvements (backport #2877)
|
|
A code path was missing to check if only priority is available in the result of
"ip --json -4 rule show", in the case of l3mdev it's a dedicated key!
(cherry picked from commit a009143a62caca207fdffffcf0b490c747a87025)
|
|
There is no need to add and remove this table during runtime - it can lurk
in the standard firewall init code.
(cherry picked from commit 89f0d347bfe5e468355817a617dc71823a58c284)
|