summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-01-30Merge pull request #2907 from vyos/mergify/bp/sagitta/pr-2906Christian Breunig
rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix' (backport #2906)
2024-01-30rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix'Jonathan Voss
(cherry picked from commit c23775d29fd3bebbfd6ae9483fd12f2fb643c9a2)
2024-01-30Merge pull request #2888 from vyos/mergify/bp/sagitta/pr-2886John Estabrook
system-option: T5979: Add configurable kernel boot options (backport #2886)
2024-01-30Merge pull request #2905 from vyos/mergify/bp/sagitta/pr-2877Christian Breunig
vrf: T5973: multiple bugfixes and improvements (backport #2877)
2024-01-30vrf: T5973: fix has_rule() to check for l3mdev ruleChristian Breunig
A code path was missing to check if only priority is available in the result of "ip --json -4 rule show", in the case of l3mdev it's a dedicated key! (cherry picked from commit a009143a62caca207fdffffcf0b490c747a87025)
2024-01-30vrf: T5973: move initial conntrack firewall table to startupChristian Breunig
There is no need to add and remove this table during runtime - it can lurk in the standard firewall init code. (cherry picked from commit 89f0d347bfe5e468355817a617dc71823a58c284)
2024-01-30vrf: T5973: ensure Kernel module is loadedChristian Breunig
This prevents the following error when configuring the first VRF: sysctl: cannot stat /proc/sys/net/vrf/strict_mode: No such file or directory (cherry picked from commit a821b8c603999665ce8a77acb0e44a743811992a)
2024-01-30Merge pull request #2904 from vyos/mergify/bp/sagitta/pr-2902Viacheslav Hletenko
https: T6000: fix error in migration of path https certbot (backport #2902)
2024-01-30https: T6000: fix error in migration of path https certbotJohn Estabrook
(cherry picked from commit f057075409b024a18ea8a39b5e128fcde988c00e)
2024-01-29Merge pull request #2900 from vyos/mergify/bp/sagitta/pr-2899John Estabrook
remote: T5994: fix typo in check_storage for Ftp class (backport #2899)
2024-01-29Merge pull request #2901 from vyos/mergify/bp/sagitta/pr-2898John Estabrook
image-tools: T5988: validate image name in add_image (backport #2898)
2024-01-29image-tools: T5988: validate image name in add_imageJohn Estabrook
Add missing name validation in add_image, and fix typo in error msg string. (cherry picked from commit 0a66ba35d12f0451a88ed7cc3e3ae2ae90e38d6e)
2024-01-29remote: T5994: fix typo in check_storage for Ftp classJohn Estabrook
(cherry picked from commit 858ccb20b3e0c326fc7b7f791bd6798cf15b6b46)
2024-01-25Merge pull request #2896 from vyos/mergify/bp/sagitta/pr-2893John Estabrook
image-tools: T5983: fix regression in prune_vyos_versions (backport #2893)
2024-01-25image-tools: T5983: fix regression in prune_vyos_versionsJohn Estabrook
(cherry picked from commit d603b1e3b2d0edb5a996b687236c12b50ad60259)
2024-01-25Merge pull request #2895 from vyos/mergify/bp/sagitta/pr-2619Viacheslav Hletenko
T5817: Fix for show openvpn server (backport #2619)
2024-01-25T5817: Fix for show openvpn serverViacheslav Hletenko
In some cases we can get error: ``` Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module> data = get_status(args.mode, intf) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address tunnel_ip = lst[0].split(',')[0] IndexError: list index out of range ``` (cherry picked from commit 58683a2444877bb989929625ad40a7d76259075d)
2024-01-23T5979: add configurable kernel boot option 'disable-mitigations'Christian Breunig
(cherry picked from commit 256346a66cc3bb20e93c68245ebca2f68f42e7b5)
2024-01-23image-tools: T5980: add support for configurable kernel boot optionsJohn Estabrook
(cherry picked from commit 1b1569d5b88a20994fc65fd529f8103db371bf3f)
2024-01-23Merge pull request #2885 from vyos/mergify/bp/sagitta/pr-2884Christian Breunig
bfd: T5967: add minimum-ttl option (backport #2884)
2024-01-23bfd: T5967: add minimum-ttl optionChristian Breunig
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254> * set protocols bfd profile <name> minimum-ttl <1-254> (cherry picked from commit 1f07dcbddfcfdbb9079936ec479c5633934dd547)
2024-01-23Merge pull request #2882 from vyos/mergify/bp/sagitta/pr-2881Viacheslav Hletenko
ethernet: T5978: hw-tc-offload does not actually get enabled on the NIC (backport #2881)
2024-01-23ethernet: T5978: hw-tc-offload does not actually get enabled on the NICChristian Breunig
Typo (missaligned -/_) in the code causes hw-tc-offload to never be enabled in the underlaying hardware via ethtool. (cherry picked from commit bfb7e4f2b3743ae3c9a132daf4e2109e90d27f26)
2024-01-22Merge pull request #2880 from sarthurdev/T5787_disabledbpChristian Breunig
dhcp: T5787: Allow disabled duplicates on static-mapping (backport)
2024-01-22dhcp: T5787: Allow disabled duplicates on static-mapping (backport)sarthurdev
2024-01-22Merge pull request #2878 from c-po/sagitta-only-fixesChristian Breunig
op-mode: T5975: add missing 2FA OTP commands and other op-mode permission fixes
2024-01-22op-mode: T5975: add missing 2FA OTP commandsChristian Breunig
2024-01-22op-mode: T5658: fix mtr.py permissionsChristian Breunig
2024-01-22op-mode: T5137: fix show_techsupport_report.py permissionsChristian Breunig
2024-01-22op-mode: T4864: fix zone.py permissionsChristian Breunig
2024-01-22Merge pull request #2875 from vyos/mergify/bp/sagitta/pr-2873Christian Breunig
T5957: fix removal of interface in firewall rules. (backport #2873)
2024-01-22Merge pull request #2876 from vyos/mergify/bp/sagitta/pr-2871Viacheslav Hletenko
op-mode: T5969: list multicast group membership (backport #2871)
2024-01-22op-mode: T5969: list multicast group membershipChristian Breunig
cpo@LR1.wue3:~$ show ip multicast group interface eth0.201 Interface Family Address ----------- -------- --------- eth0.201 inet 224.0.0.6 eth0.201 inet 224.0.0.5 eth0.201 inet 224.0.0.1 cpo@LR1.wue3:~$ show ipv6 multicast group interface eth0 Interface Family Address ----------- -------- ----------------- eth0 inet6 ff02::1:ff00:0 eth0 inet6 ff02::1:ffbf:c56d eth0 inet6 ff05::2 eth0 inet6 ff01::2 eth0 inet6 ff02::2 eth0 inet6 ff02::1 eth0 inet6 ff01::1 (cherry picked from commit 3eea8dbed1bd201373eb8a452239d9565d468b33)
2024-01-22Merge pull request #2872 from vyos/mergify/bp/sagitta/pr-2852Christian Breunig
T5958: QoS add basic implementation of policy shaper-hfsc (backport #2852)
2024-01-22Merge pull request #2874 from vyos/mergify/bp/sagitta/pr-2867Viacheslav Hletenko
ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces left (backport #2867)
2024-01-22ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces ↵Christian Breunig
left This extends commit 7ba47f027 ("ethernet: T4638: deleting parent interface does not delete underlying VIFs") with a smoketests ensure no VIFs are left behind. (cherry picked from commit e390d0080d1a15b18ede49f1f2472ef940145c19)
2024-01-22T5957: fix removal of interface in firewall rules.Nicolas Fort
(cherry picked from commit 0a436e1fce66391311799bc970f05f6f4ba880ad)
2024-01-22T5958: QoS add basic implementation of policy shaper-hfscViacheslav Hletenko
QoS policy shaper-hfsc was not implemented after rewriting the traffic-policy to qos policy. We had CLI but it does not use the correct class. Add a basic implementation of policy shaper-hfsc. Write the class `TrafficShaperHFS` (cherry picked from commit f6b6ee636e34f98d336ee53599666afd1f395d78)
2024-01-22Merge pull request #2870 from vyos/mergify/bp/sagitta/pr-2869Christian Breunig
sflow: T5968: add VRF support (backport #2869)
2024-01-22sflow: T5968: add VRF supportChristian Breunig
Add support to run hsflowd in a dedicated (e.g. management) VRF. Command will be "set system sflow vrf <name>" like with any other service (cherry picked from commit 64473fa6f320375fb3d3de4de9e729f456ee5ae2)
2024-01-22Merge pull request #2856 from c-po/firewall-backportsChristian Breunig
firewall: T5729: T5681: T5217: backport subsystem from current branch
2024-01-22firewall: T5729: T5681: T5217: backport subsystem from current branchChristian Breunig
This is a combined backport for all accumulated changes done to the firewall subsystem on the current branch.
2024-01-21Merge pull request #2866 from vyos/mergify/bp/sagitta/pr-2863Christian Breunig
ntp: T5692: add support to configure leap second behavior (backport #2863)
2024-01-21Merge pull request #2865 from vyos/mergify/bp/sagitta/pr-2862Christian Breunig
T5961: Fix QoS policy shaper class match vif (backport #2862)
2024-01-21ntp: T5692: add support to configure leap second behaviorChristian Breunig
* set service ntp leap-second [ignore|smear|system|timezone] Where timezone is the new and old default resulting in adding "leapsectz right/UTC" to chrony.conf. The most prominent new option is "smear" which will add leapsecmode slew maxslewrate 1000 smoothtime 400 0.001 leaponly to chrony. See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for additional information (cherry picked from commit 7ae064bab0010dff8827a0ed5e1239d2778dc7c1)
2024-01-21T5961: Fix QoS policy shaper class match vifViacheslav Hletenko
If we have QoS policy shaper class match `vif` (VLAN) we have to use `basic match "meta(vlan mask 0xfff eq xxx)` instead of `action policy` Actual incorrect TC filter: tc filter add dev eth1 parent 1: protocol all prio 1 action police rate 100000000 burst 15k flowid 1:64 The correct TC filter after fix: tc filter add dev eth1 parent 1: protocol all prio 1 basic match "meta(vlan mask 0xfff eq 100)" flowid 1:64 (cherry picked from commit bb532f7f65930f8bc42e3bf3ebbcc690bffcfd0a)
2024-01-21Merge pull request #2864 from c-po/dhcp-deprecation-T3316Christian Breunig
dhcp: T3316: add deprecation warning on RAW ISC DHCPD options
2024-01-21dhcp: T3316: add deprecation warning on RAW ISC DHCPD optionsChristian Breunig
The following CLI nodes are deprecated and will be remove in VyOS 1.5 while moving to KEA as DHCP server. * set service dhcp-server global-parameters * set service dhcp-server shared-network-name <name> shared-network-parameters * set service dhcp-server shared-network-name <name> subnet <x.x.x.x/y> subnet-parameters Please open feature requests if any DHCP option is missing and should be added as a proper CLI node to make your life easier.
2024-01-20Merge pull request #2861 from vyos/mergify/bp/sagitta/pr-2855Christian Breunig
T5963: Fix QoS shaper rate calculations and set default 1Gbit (backport #2855)
2024-01-20T5963: Fix QoS shaper rate calculations and set defaul 1GbitViacheslav Hletenko
It is impossible to detect interface speed for some devices for exmaple virtio interfaces: ``` vyos@r4:~$ cat /sys/class/net/eth1/speed -1 ``` It causes wrong negative calcultaions like: - bandwidth: -1000000 - 4% of bandwidth: -40000 tc class replace dev eth1 parent 1: classid 1:1 htb rate -1000000 tc class replace dev eth1 parent 1:1 classid 1:a htb rate -40000 Fix this with checking negative value. Add default interface speed to 1000 Mbit if we cannot detect the interface speed, the current default value 10 Mbit is too low for nowadays (cherry picked from commit a7fe02e989cf7034609cb833c86143660eb609d5)