summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-01Merge pull request #2924 from vyos/mergify/bp/sagitta/pr-2756Christian Breunig
T4839: firewall: Add dynamic address group in firewall configuration (backport #2756)
2024-02-01Merge pull request #2922 from vyos/mergify/bp/sagitta/pr-2854Christian Breunig
dns: T5959: Streamline dns forwarding service (backport #2854)
2024-02-01T4839: firewall: Add dynamic address group in firewall configuration, and ↵Nicolas Fort
appropiate commands to populate such groups using source and destination address of the packet. (cherry picked from commit 6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122)
2024-02-01Merge pull request #2916 from vyos/mergify/bp/sagitta/pr-2832Christian Breunig
T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp (backport #2832)
2024-02-01dns: T5959: Avoid using reserved ports for testingIndrajit Raychaudhuri
For example, port 5353 is reserved for multicast DNS, this means tests will fail if the host running the tests is also running a mDNS server. (cherry picked from commit 22c8bea36da0a546abcc528dc12a97cd6a0c3b10)
2024-02-01dns: T5959: Streamline dns forwarding serviceIndrajit Raychaudhuri
Streamline configuration and operation of dns forwarding service in following ways: - Remove `dns_forwarding_reset.py` as its functionality is now covered by `dns.py` - Adjust function names in `dns.py` to disambiguate between DNS forwarding and dynamic DNS - Remove `dns_forwarding_restart.sh` as its functionality is inlined in `dns-forwarding.xml` - Templatize systemd override for `pdns-recursor.service` and move the generated override files in /run. This ensures that the override files are always generated afresh after boot - Simplify the systemd override file by removing the redundant overrides - Relocate configuration path for pdns-recursor to `/run/pdns-recursor` and utilize the `RuntimeDirectory` default that pdns-recursor expects - We do not need to use custom `--socket-dir` path anymore, the default path (viz., `/run/pdns-recursor` is fine) (cherry picked from commit 1c1fb5fb4bd7c0d205b28caf90357ad56423464f)
2024-02-01dns: T4578: Remove unnecessary dns forwarding statistics scriptIndrajit Raychaudhuri
(cherry picked from commit 119efb6d8d353482d598287f49e22aa68a22e960)
2024-02-01Merge pull request #2919 from vyos/mergify/bp/sagitta/pr-2883Christian Breunig
T5974: Fix QoS shape bandwidth and ceil calculation for default (backport #2883)
2024-02-01Merge pull request #2915 from vyos/mergify/bp/sagitta/pr-2914Christian Breunig
bgp: T5930: Denied using rt vpn 'export/import' with 'both' together (backport #2914)
2024-02-01Merge pull request #2917 from vyos/mergify/bp/sagitta/pr-2890Christian Breunig
T5941: Migration policy delete orphaned interface policy (backport #2890)
2024-02-01Merge pull request #2918 from vyos/mergify/bp/sagitta/pr-2892Christian Breunig
T5941: Migration QoS delete orphaned interface traffic-policy (backport #2892)
2024-02-01T5974: Fix QoS shape bandwidth and ceil calculation for defaultViacheslav Hletenko
The default `bandwidth` and `ceiling` should calculate values based on <tag> bandwidth but currently it gets the value from qos.base `/sys/class/net/{self._interface}/speed` ``` set qos policy shaper SHAPER bandwidth '20mbit' set qos policy shaper SHAPER default bandwidth '95%' set qos policy shaper SHAPER default ceiling '100%' ``` It causes wrong calculations for class `default` i.e 950Mbit for bandwidth (expected 95% of bandwidth, 19Mbit) 1Gbit for ceil (expected 100% of bandwidth, 20Mbit) Gets incorrect values ``` r4# tc class show dev eth1 class htb 1:1 root rate 20Mbit ceil 20Mbit burst 1600b cburst 1600b class htb 1:a parent 1:1 leaf 8053: prio 0 rate 200Kbit ceil 200Kbit burst 1Mb cburst 1600b class htb 1:b parent 1:1 leaf 8054: prio 7 rate 950Mbit ceil 1Gbit burst 15200b cburst 1375b ``` Fix this (cherry picked from commit 6ddfe6328e1cbdde1b70763b39e3a87f8374755a)
2024-02-01T5941: Migration QoS delete orphaned interface traffic-policyViacheslav Hletenko
We can get an orphaned interface traffic-policy when the traffic-policy name is removed from the interface, but the node `trffic-policy` is still attached to the interface For exmaple we have orphaned node traffic-policy on an interface: ``` set interfaces bonding bond0 vif 995 traffic-policy ``` This causes of incorrect migration and we do not see VLANs on the bonding interface after update. Delete traffic-policy from all interfaces if traffic-policy does not exist (cherry picked from commit ca43e517408168ad1f12a3e5bc6f2d97f510faee)
2024-02-01T5941: Migration policy delete orphaned interface policyViacheslav Hletenko
We can get orphaned interface policy when the policy name was removed from the interface but the node `policy` still attached to the interface For exmaple we have orphaned node policy on interface: ``` set interfaces bonding bond0 vif 995 policy ``` This causes of incorrect migration and we do not see VLANs on the bonding interface after update. Delete policy from all interfaces if policy does not exist (cherry picked from commit 53670e1fb201cf1d27b01b4bc796ff097f82552d)
2024-02-01T5865: Moved ipv6 pools to named ipv6 pools in accel-pppaapostoliuk
Moved ipv6 pools to named ipv6 pools in accel-ppp services (cherry picked from commit d187803c31175e471397dd4f77040ab56d2e1073)
2024-02-01GitHub: update PR request laballer to v5.0.0 tagChristian Breunig
(cherry picked from commit 32183aa0f0f9c51126d21693db0eafa256419b31)
2024-02-01bgp: T5930: Denied using rt vpn 'export/import' with 'both' togetheraapostoliuk
Denied using command 'route-target vpn export/import' with 'both' together in bgp configuration. (cherry picked from commit 32a13411f47beffcbe4b49a869c99cb42374d729)
2024-02-01Merge pull request #2913 from vyos/mergify/bp/sagitta/pr-2887Christian Breunig
T5977: firewall: remove ipsec options in output chain rule definition… (backport #2887)
2024-02-01T5977: firewall: remove ipsec options in output chain rule definitions, ↵Nicolas Fort
since it's not supported. (cherry picked from commit 9d490ecf616eb9d019beee37a3802705c4109d9d)
2024-01-31Merge pull request #2912 from vyos/mergify/bp/sagitta/pr-2910Viacheslav Hletenko
T5254: Deleted extra file git (backport #2910)
2024-01-31T5254: Deleted extra file gitaapostoliuk
Deleted extra file git. (cherry picked from commit 5602f9fda633c58c6c986e5e649696e982d4d245)
2024-01-31Merge pull request #2909 from vyos/mergify/bp/sagitta/pr-2908Christian Breunig
reverse-proxy: T5999: Allow root for exact match in backend rule URL (backport #2908)
2024-01-31reverse-proxy: T5999: Allow root for exact match in backend rule URLcleopold73
(cherry picked from commit f2c6cb62521bf13a51225462e8d39ee184645de1)
2024-01-30Merge pull request #2907 from vyos/mergify/bp/sagitta/pr-2906Christian Breunig
rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix' (backport #2906)
2024-01-30rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix'Jonathan Voss
(cherry picked from commit c23775d29fd3bebbfd6ae9483fd12f2fb643c9a2)
2024-01-30Merge pull request #2888 from vyos/mergify/bp/sagitta/pr-2886John Estabrook
system-option: T5979: Add configurable kernel boot options (backport #2886)
2024-01-30Merge pull request #2905 from vyos/mergify/bp/sagitta/pr-2877Christian Breunig
vrf: T5973: multiple bugfixes and improvements (backport #2877)
2024-01-30vrf: T5973: fix has_rule() to check for l3mdev ruleChristian Breunig
A code path was missing to check if only priority is available in the result of "ip --json -4 rule show", in the case of l3mdev it's a dedicated key! (cherry picked from commit a009143a62caca207fdffffcf0b490c747a87025)
2024-01-30vrf: T5973: move initial conntrack firewall table to startupChristian Breunig
There is no need to add and remove this table during runtime - it can lurk in the standard firewall init code. (cherry picked from commit 89f0d347bfe5e468355817a617dc71823a58c284)
2024-01-30vrf: T5973: ensure Kernel module is loadedChristian Breunig
This prevents the following error when configuring the first VRF: sysctl: cannot stat /proc/sys/net/vrf/strict_mode: No such file or directory (cherry picked from commit a821b8c603999665ce8a77acb0e44a743811992a)
2024-01-30Merge pull request #2904 from vyos/mergify/bp/sagitta/pr-2902Viacheslav Hletenko
https: T6000: fix error in migration of path https certbot (backport #2902)
2024-01-30https: T6000: fix error in migration of path https certbotJohn Estabrook
(cherry picked from commit f057075409b024a18ea8a39b5e128fcde988c00e)
2024-01-29Merge pull request #2900 from vyos/mergify/bp/sagitta/pr-2899John Estabrook
remote: T5994: fix typo in check_storage for Ftp class (backport #2899)
2024-01-29Merge pull request #2901 from vyos/mergify/bp/sagitta/pr-2898John Estabrook
image-tools: T5988: validate image name in add_image (backport #2898)
2024-01-29image-tools: T5988: validate image name in add_imageJohn Estabrook
Add missing name validation in add_image, and fix typo in error msg string. (cherry picked from commit 0a66ba35d12f0451a88ed7cc3e3ae2ae90e38d6e)
2024-01-29remote: T5994: fix typo in check_storage for Ftp classJohn Estabrook
(cherry picked from commit 858ccb20b3e0c326fc7b7f791bd6798cf15b6b46)
2024-01-25Merge pull request #2896 from vyos/mergify/bp/sagitta/pr-2893John Estabrook
image-tools: T5983: fix regression in prune_vyos_versions (backport #2893)
2024-01-25image-tools: T5983: fix regression in prune_vyos_versionsJohn Estabrook
(cherry picked from commit d603b1e3b2d0edb5a996b687236c12b50ad60259)
2024-01-25Merge pull request #2895 from vyos/mergify/bp/sagitta/pr-2619Viacheslav Hletenko
T5817: Fix for show openvpn server (backport #2619)
2024-01-25T5817: Fix for show openvpn serverViacheslav Hletenko
In some cases we can get error: ``` Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module> data = get_status(args.mode, intf) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address tunnel_ip = lst[0].split(',')[0] IndexError: list index out of range ``` (cherry picked from commit 58683a2444877bb989929625ad40a7d76259075d)
2024-01-23T5979: add configurable kernel boot option 'disable-mitigations'Christian Breunig
(cherry picked from commit 256346a66cc3bb20e93c68245ebca2f68f42e7b5)
2024-01-23image-tools: T5980: add support for configurable kernel boot optionsJohn Estabrook
(cherry picked from commit 1b1569d5b88a20994fc65fd529f8103db371bf3f)
2024-01-23Merge pull request #2885 from vyos/mergify/bp/sagitta/pr-2884Christian Breunig
bfd: T5967: add minimum-ttl option (backport #2884)
2024-01-23bfd: T5967: add minimum-ttl optionChristian Breunig
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254> * set protocols bfd profile <name> minimum-ttl <1-254> (cherry picked from commit 1f07dcbddfcfdbb9079936ec479c5633934dd547)
2024-01-23Merge pull request #2882 from vyos/mergify/bp/sagitta/pr-2881Viacheslav Hletenko
ethernet: T5978: hw-tc-offload does not actually get enabled on the NIC (backport #2881)
2024-01-23ethernet: T5978: hw-tc-offload does not actually get enabled on the NICChristian Breunig
Typo (missaligned -/_) in the code causes hw-tc-offload to never be enabled in the underlaying hardware via ethtool. (cherry picked from commit bfb7e4f2b3743ae3c9a132daf4e2109e90d27f26)
2024-01-22Merge pull request #2880 from sarthurdev/T5787_disabledbpChristian Breunig
dhcp: T5787: Allow disabled duplicates on static-mapping (backport)
2024-01-22dhcp: T5787: Allow disabled duplicates on static-mapping (backport)sarthurdev
2024-01-22Merge pull request #2878 from c-po/sagitta-only-fixesChristian Breunig
op-mode: T5975: add missing 2FA OTP commands and other op-mode permission fixes
2024-01-22op-mode: T5975: add missing 2FA OTP commandsChristian Breunig