summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-06-10op-mode: T6471: add optimized get_config_dictJohn Estabrook
2024-06-11T6469: remove j2 lint workflow (#3626)Vijayakumar A
2024-06-10Merge pull request #3621 from sever-sever/T6442Christian Breunig
T6442: CGNAT add log for address allocation
2024-06-10Merge pull request #3606 from c-po/utils-cpu-T5195Christian Breunig
vyos.utils: T5195: import vyos.cpu to this package
2024-06-10Merge pull request #3615 from vyos/T6467-add-workflow-sagittaDaniil Baturin
T6467: add PR checks workflows for sagitta branch
2024-06-10T6442: CGNAT add log for address allocationViacheslav Hletenko
Add the configuration command to log current CGNAT allocation set nat cgnat log-allocation
2024-06-10Merge pull request #3614 from nvollmar/T6219Christian Breunig
T6219: Add support for container sysctl parameter
2024-06-10T6219: align with system sysctl and limit parameters to supportedNicolas Vollmar
2024-06-10container: T6219: Add support for container sysctl / kernel parametersBen Pilgrim
2024-06-10vyos.utils: T5195: import vyos.cpu to this packageChristian Breunig
The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu
2024-06-10Merge pull request #3610 from c-po/ipsec-profile-T6424Christian Breunig
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation
2024-06-10Merge pull request #3612 from c-po/haproxy-pki-T6463Christian Breunig
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)
2024-06-10Merge pull request #3613 from c-po/sstpc-T6464Christian Breunig
pki: T6464: sstpc interface not reloaded when updating SSL certificate(s)
2024-06-10Merge pull request #3607 from c-po/firewall-unused-importChristian Breunig
firewall: T3900: T6394: remove unused import
2024-06-10T6467: add PR checks workflows for sagittaVijayakumar A
2024-06-10T6467: add PR checks workflows for sagittaVijayakumar A
2024-06-10T6467: add PR checks workflows for sagittaVijayakumar A
2024-06-09op-mode: T6424: ipsec: filter out duplicate CA certificates in Apple IOS profileChristian Breunig
2024-06-09op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile.
2024-06-09pki: T6464: sstpc interface not reloaded when updating SSL certificate(s)Christian Breunig
The SSTPC client was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies.
2024-06-09pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)Christian Breunig
The haproxy reverse proxy was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies.
2024-06-09T6449: added pr update trigger (#3596)Vijayakumar A
2024-06-09firewall: T3900: T6394: remove unused importChristian Breunig
With commit 770edf016838 ("T3900: T6394: extend functionalities in firewall; move netfilter sysctl timeout parameters defined in conntrack to firewall global-opton section.") the import of the glob module is no longer required. Found my running: make unused-imports
2024-06-09Merge pull request #3598 from Embezzle/T6454Christian Breunig
reverse-proxy: T6454: Set default value of http for haproxy mode
2024-06-07Merge pull request #3592 from zdc/T6453-circinusDaniil Baturin
grub: T6453: Fixed GRUB variables parsing
2024-06-07reverse-proxy: T6454: Set default value of http for haproxy modeAlex W
2024-06-06grub: T6453: Fixed GRUB variables parsingzsdc
To parse variables with `=` a variable name should be limited by alphanumerical characters only.
2024-06-06Merge pull request #3589 from natali-rs1985/T6423-currentJohn Estabrook
xml: T6423: enforce priority on nodes having an owner
2024-06-06xml: T6423: enforce priority on nodes having an ownerNataliia Solomko
2024-06-06T6412: CGNAT fix allocation calcluation for verify (#3585)Viacheslav Hletenko
Fix external address/port allocation for CGN. It fixes some cases where external address/ports can be allocated again to another user.
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-06Merge pull request #3573 from talmakion/bugfix/T6401-2Daniil Baturin
vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need it
2024-06-06Merge pull request #3587 from jestabro/config-default-system-versionDaniil Baturin
migration: T6006: add system component version to config.boot.default by separating activation from migration
2024-06-05migration: T6006: add activation script dir and helper functionJohn Estabrook
2024-06-05migration: T6447: add module compose_configJohn Estabrook
2024-06-05migration: T6006: update config.boot.default and move to vyos-1xJohn Estabrook
2024-06-05Merge pull request #3584 from dmbaturin/T6446-display-support-urlDaniil Baturin
show version: T6446: display the support URL for LTS builds
2024-06-05Merge pull request #3571 from fett0/T6429Daniil Baturin
isis: T6429: fix isis metric-style configuration missing
2024-06-05Merge pull request #3560 from c-po/action-testChristian Breunig
GitHub: add action to build package on PR
2024-06-05show version: T6446: display the support URL for LTS buildsDaniil Baturin
2024-06-04Merge pull request #3582 from talmakion/bugfix/T6431Daniil Baturin
T6431: op-mode command "monitor traceroute" missing recursive symlink
2024-06-04ISIS: T6332: add smoketest optionfett0
2024-06-04T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵Nicolas Fort
timeout parameters defined in conntrack to firewall global-opton section.
2024-06-04T6431: op-mode command monitor traceroute missing recursive symlinkAndrew Topp
Likely this was copied from mtr in the past but the symlink wasn't added to the Makefile. I've also swapped the completion help text around to match the commands.
2024-06-03Merge pull request #3572 from talmakion/bugfix/T6403Daniil Baturin
nat64: T6403: validate source prefix for RFC compliance
2024-06-03Merge pull request #3579 from h5t4/currentDaniil Baturin
bfd: T6440: BFD peer length typo
2024-06-03bfd: T6440: BFD peer length typoHannes Tamme
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574)Alex W
2024-06-01vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need itAndrew Topp
`bridge vni show dev vxlanX` will exit with an error if no VNI filters are installed, but the getter is used even when we haven't installed any. This fix avoids fetching a list of VNI filters unless we know we've created some.
2024-06-01nat64: T6403: validate source prefix for RFC complianceAndrew Topp
Simplest fix is to comply with RFC6052. The code change is just masking out the relevant bits and ensuring they're zeroed.