summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-12-28container: T5829: fix base key "container" re-use in for loopChristian Breunig
(cherry picked from commit 405cc66041d8035500f7b7116301983c48464a9b)
2023-12-28container: T5829: verify container network used supports the given AFIChristian Breunig
(cherry picked from commit e70ca62c474b4e2cc135851a6e5cceee037bf378)
2023-12-25Merge pull request #2690 from vyos/mergify/bp/sagitta/pr-2689Viacheslav Hletenko
ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces (backport #2689)
2023-12-25ethernet: T5566: disable energy efficient ethernet (EEE) for interfacesChristian Breunig
VyOS is a routing (packet pushing) platform, thus supporting EEE which potentially causes issues is not a good idea. Some recent Intel drivers enable EEE by default, thus we will disable this for every NIC supporting EEE. (cherry picked from commit ab30509b25d54dac99294b76ba03fd49c3d2c946)
2023-12-25Merge pull request #2688 from vyos/mergify/bp/sagitta/pr-2687Christian Breunig
snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp" (backport #2687)
2023-12-25snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"Christian Breunig
(cherry picked from commit a9201e77110ce0695e2ba879304aef41b7ac9a0c)
2023-12-25snmp: T5855: add GPL license headerChristian Breunig
(cherry picked from commit 2490f22408ad811ff9f63ec970d0167ecbf4ab59)
2023-12-24Merge pull request #2685 from vyos/mergify/bp/sagitta/pr-2682Daniil Baturin
configdict: T5837: add support to return added nodes when calling node_changed() (backport #2682)
2023-12-24configdict: T5837: add support to return added nodes when calling node_changed()Christian Breunig
In the past, node_changed() suggested it would also return nodes that got added (function comment) but in reality only deleted keys got accounted for. This commit changes the signature and adds an argument expand_nodes to specify the users interest of a node was deleted (default), added (expand_nodes=Diff.ADD) or even both (expand_nodes=Diff.ADD|Diff.DELETE). (cherry picked from commit 4ee4064705ebd1e1a6a59be0c6df3b96755a067e)
2023-12-24T5837: cleanup use of calls to vyos.configdict.node_changed()Christian Breunig
node_changed() will return a list of changed keys under "path". We are not always interested what changed, sometimes we are only interested if something changed at all, that what vyos.configdict.is_node_changed() is for. (cherry picked from commit 5e7a8288d06a6d6beee5e1abd2e06698ab778650)
2023-12-24Merge pull request #2684 from vyos/mergify/bp/sagitta/pr-2683Daniil Baturin
snmp: 5856: fix service removal error (backport #2683)
2023-12-24snmp: 5856: fix service removal errorChristian Breunig
When deleting SNMP from CLI the 'delete' key was not honored in the config dictionary, leading to a false process startup causing the following error: Job for snmpd.service failed because the control process exited with error code. See "systemctl status snmpd.service" and "journalctl -xeu snmpd.service" for details. (cherry picked from commit 20b98e780fda4131eb242921884d4955147ce51a)
2023-12-24Merge pull request #2681 from vyos/mergify/bp/sagitta/pr-2677Viacheslav Hletenko
T160: NAT64 add match firewall mark feature (backport #2677)
2023-12-24T160: NAT64 add match firewall mark featureViacheslav Hletenko
Match mark allows to use firewall marks of packet to use a specific pool Example of instance config /run/jool/instance-100.json ``` ... "pool4": [ { "protocol": "TCP", "prefix": "192.0.2.10", "port range": "1-65535", "mark": 23 }, ... ``` (cherry picked from commit 8e1e79cfa24c155c8d504822fbbd3c20f890fb70)
2023-12-24Merge pull request #2680 from vyos/mergify/bp/sagitta/pr-2679Christian Breunig
xml: T5854: clear empty paths left by embedded override of defaultValue (backport #2679)
2023-12-24veth: T5853: fix typo in constraintErrorMessagezero13th
(cherry picked from commit 89cd75b8dbe5cc145a4423bf10faa76fd6bdcdbf)
2023-12-24xml: T5854: clear empty paths left by embedded override of defaultValueJohn Estabrook
(cherry picked from commit c4f9c936c9fdd32e7f6258c0dfa8c8cf6057998d)
2023-12-21Merge pull request #2675 from c-po/nat66-fix-sagittaDaniil Baturin
nat66: T2898: build fix after ndp-proxy backport
2023-12-21nat66: T2898: build fix after ndp-proxy backportChristian Breunig
2023-12-21Merge pull request #2673 from vyos/mergify/bp/sagitta/pr-2665Christian Breunig
T2898: add ndp-proxy service (backport #2665)
2023-12-21T2898: add ndp-proxy serviceChristian Breunig
VyOS CLI command set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static' Will generate the following NDP proxy configuration $ cat /run/ndppd/ndppd.conf # autogenerated by service_ndp-proxy.py # This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route route-ttl 30000 # This sets up a listener, that will listen for any Neighbor Solicitation # messages, and respond to them according to a set of rules proxy eth0 { # Turn on or off the router flag for Neighbor Advertisements router no # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds) timeout 500 # Control how long a valid or invalid entry remains in the cache (milliseconds) ttl 30000 # This is a rule that the target address is to match against. If no netmask # is provided, /128 is assumed. You may have several rule sections, and the # addresses may or may not overlap. rule 2001:db8::/64 { static } } (cherry picked from commit 4d721a58020971d00ab854c37b68e88359999f9c)
2023-12-21Merge pull request #2674 from vyos/mergify/bp/sagitta/pr-2663Daniil Baturin
srv6: T591: enable SR enabled packet processing on defined interfaces (backport #2663)
2023-12-21srv6: T591: enable SR enabled packet processing on defined interfacesChristian Breunig
The Linux Kernel needs to be told if IPv6 SR enabled packets whether should be processed or not. This is done using /proc/sys/net/conf/<iface>/seg6_* variables: seg6_enabled - BOOL Accept or drop SR-enabled IPv6 packets on this interface. Relevant packets are those with SRH present and DA = local. 0 - disabled (default) not 0 - enabled Or the VyOS CLI command: * set protocols segment-routing interface eth0 srv6 (cherry picked from commit 774cc97eda61eb0b91df820797fb3c705d0073d5)
2023-12-21vrf: T591: define sysctl setting for net.vrf.strict_modeChristian Breunig
Enable/Disable VRF strict mode, when net.vrf.strict_mode=0 (default) it is possible to associate multiple VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a table can be associated to a single VRF device. A VRF table can be used by the VyOS CLI only once (ensured by verify()), this simply adds an additional Kernel safety net, but a requirement for IPv6 segment routing headers. (cherry picked from commit 10701108fecb36f7be7eb7ef5f1e54e63da5fb4e)
2023-12-21Merge pull request #2672 from vyos/mergify/bp/sagitta/pr-2611Christian Breunig
T5804: nat: remove inbound|outbound interface from old configuration when it was set to <any>. (backport #2611)
2023-12-21Merge pull request #2671 from vyos/mergify/bp/sagitta/pr-2670Christian Breunig
dhcp: T5846: Ensure DUID regex range is bound (backport #2670)
2023-12-21T5804: nat: remove inbound|outbound interface from old configuration when it ↵Nicolas Fort
was set to <any>. (cherry picked from commit 5cb95aed965b45a900c6ba97c0bccefed83332b6)
2023-12-21dhcp: T5846: Ensure DUID regex range is boundIndrajit Raychaudhuri
The DUID regex was missing a lower bound, which could cause it not to match when it should. We have to specify the lower bound explicitly as 0 to keep the regex behavior similar to that in Python (in Python, omitting the lower bound is equivalent to specifying 0). (cherry picked from commit 551f06218755076cde588c848c01ce5ca1bf5e6b)
2023-12-21Merge pull request #2669 from vyos/mergify/bp/sagitta/pr-2668Viacheslav Hletenko
frr: T4020: re-enable watchfrr in config as it is always running (backport #2668)
2023-12-21frr: T4020: re-enable watchfrr in config as it is always runningChristian Breunig
(cherry picked from commit 42614633901713e6472b43f95065d215344843b1)
2023-12-21Merge pull request #2666 from vyos/mergify/bp/sagitta/pr-2664Christian Breunig
dhcp: T5846: Refactor and simplify DUID definition (backport #2664)
2023-12-21dhcp: T5846: Fix include pathIndrajit Raychaudhuri
(cherry picked from commit 5768bc2d56cc8aabd8d276a2afc30608c1bc9838)
2023-12-21dhcp: T5846: Refactor and simplify DUID definitionIndrajit Raychaudhuri
Refactor DUID XML definition in conf-mode to be reusable. Additionally, remove explicit call to a separate validator `ipv6-duid` and inline the regex into the XML definition. (cherry picked from commit 51e7832fc5c88f9956b26157a80947bad4495a4e)
2023-12-20Merge pull request #2662 from vyos/mergify/bp/sagitta/pr-2661Daniil Baturin
Allow the HTTPS API server to start without any configured keys when GraphQL JWT auth is configured (backport #2661)
2023-12-20https api: T5844: allow the server to start without API keysDaniil Baturin
and use only PAM auth and JWT (cherry picked from commit 495bf4732439ebd55edfbf6050af8b2064993d86)
2023-12-20https api: T5844: issue a warning about the classic API unavailabilityDaniil Baturin
when no API keys are set (cherry picked from commit 7bad0e115ecc25224a0c3a2720a2697442624229)
2023-12-20Merge pull request #2660 from vyos/mergify/bp/sagitta/pr-2590Christian Breunig
T5798: load-balancing revese-proxy add multiple SSL certificates (backport #2590)
2023-12-20T5798: load-balancing revese-proxy add multiple SSL certificatesViacheslav Hletenko
Add ability to configure multiple SSL certificates for frontend/service set load-balancing reverse-proxy service web mode http set load-balancing reverse-proxy service web port 443 set load-balancing reverse-proxy service web ssl certificate cert1 set load-balancing reverse-proxy service web ssl certificate cert2 (cherry picked from commit fe99c45e05fd5794905145ddca80e6078145c2e8)
2023-12-19Merge pull request #2657 from c-po/backportsDaniil Baturin
smoketest: bgp: T4163: use explicit kill to respawn bgpd process
2023-12-19Merge pull request #2656 from vyos/mergify/bp/sagitta/pr-2637Christian Breunig
T5823: Add recursive_defaults for BGP get_config dictionary (backport #2637)
2023-12-19smoketest: bgp: T4163: use explicit kill to respawn bgpd processChristian Breunig
(cherry picked from commit b873112dd7253b64d323e183758dbabaa0f28b6e)
2023-12-19smoketest: bgp: T4163: add explicit timeout when starting BMPChristian Breunig
(cherry picked from commit 259a3d637081fad9f86a8edb39814d8f0fbf7b95)
2023-12-19T5823: Add recursive_defaults for BGP get_config dictionaryViacheslav Hletenko
Add recursive_defaults values for BGP "get_config" dictionary. (cherry picked from commit 4d5445740a1529691594263af22f2a9d07bbfe70)
2023-12-18Merge pull request #2654 from vyos/mergify/bp/sagitta/pr-2649John Estabrook
image-tools: T5831: show system image reverse ordered by date (backport #2649)
2023-12-18image-tools: T5831: show system image reverse ordered by dateJohn Estabrook
(cherry picked from commit f19b2acb34e77baeae34aa156ea96d0580a61725)
2023-12-18Merge pull request #2653 from vyos/mergify/bp/sagitta/pr-2596Daniil Baturin
T5249: Add rollback-soft feature (backport #2596)
2023-12-18T5249: Add rollback-soft featureViacheslav Hletenko
Add the ability to rollback configs without rebooting ``` sudo /usr/bin/config-mgmt rollback_soft --rev 1 rollback-soft 1 ``` (cherry picked from commit f208e9b9acaec45468295e33b113bbef6c0309a1)
2023-12-18Merge pull request #2652 from vyos/mergify/bp/sagitta/pr-2627Christian Breunig
T4163: Add BGP Monitoring Protocol BMP feature (backport #2627)
2023-12-18T4163: Add BGP Monitoring Protocol BMP featureViacheslav Hletenko
Add BMP feature. BMP (BGP Monitoring Protocol, RFC 7854) is used to send monitoring data from BGP routers to network management entities https://docs.frrouting.org/en/latest/bmp.html Example: set system frr bmp commit run restart bgp set protocols bgp system-as '65001' set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast set protocols bgp neighbor 192.0.2.11 remote-as '65001' set protocols bgp bmp mirror-buffer-limit '256000000' set protocols bgp bmp target foo address '127.0.0.1' set protocols bgp bmp target foo port '5000' set protocols bgp bmp target foo min-retry '1000' set protocols bgp bmp target foo max-retry '2000' set protocols bgp bmp target foo mirror set protocols bgp bmp target foo monitor ipv4-unicast post-policy set protocols bgp bmp target foo monitor ipv4-unicast pre-policy set protocols bgp bmp target foo monitor ipv6-unicast post-policy set protocols bgp bmp target foo monitor ipv6-unicast pre-policy (cherry picked from commit 5523fccf4f7d05444c36c568128e94cd7b08c34f)
2023-12-17Merge pull request #2648 from jestabro/sagitta-image-toolsChristian Breunig
image-tools: T4516: revise system image tools