summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-01-21dns: T5959: Streamline dns forwarding serviceIndrajit Raychaudhuri
Streamline configuration and operation of dns forwarding service in following ways: - Remove `dns_forwarding_reset.py` as its functionality is now covered by `dns.py` - Adjust function names in `dns.py` to disambiguate between DNS forwarding and dynamic DNS - Remove `dns_forwarding_restart.sh` as its functionality is inlined in `dns-forwarding.xml` - Templatize systemd override for `pdns-recursor.service` and move the generated override files in /run. This ensures that the override files are always generated afresh after boot - Simplify the systemd override file by removing the redundant overrides - Relocate configuration path for pdns-recursor to `/run/pdns-recursor` and utilize the `RuntimeDirectory` default that pdns-recursor expects - We do not need to use custom `--socket-dir` path anymore, the default path (viz., `/run/pdns-recursor` is fine)
2024-01-21dns: T4578: Remove unnecessary dns forwarding statistics scriptIndrajit Raychaudhuri
2024-01-21Merge pull request #2863 from c-po/ntp-T5692Christian Breunig
ntp: T5692: add support to configure leap second behavior
2024-01-21Merge pull request #2852 from sever-sever/T5958Viacheslav Hletenko
T5958: QoS add basic implementation of policy shaper-hfsc
2024-01-21ntp: T5692: add support to configure leap second behaviorChristian Breunig
* set service ntp leap-second [ignore|smear|system|timezone] Where timezone is the new and old default resulting in adding "leapsectz right/UTC" to chrony.conf. The most prominent new option is "smear" which will add leapsecmode slew maxslewrate 1000 smoothtime 400 0.001 leaponly to chrony. See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for additional information
2024-01-20Merge pull request #2862 from sever-sever/T5961Christian Breunig
T5961: Fix QoS policy shaper class match vif
2024-01-20T5961: Fix QoS policy shaper class match vifViacheslav Hletenko
If we have QoS policy shaper class match `vif` (VLAN) we have to use `basic match "meta(vlan mask 0xfff eq xxx)` instead of `action policy` Actual incorrect TC filter: tc filter add dev eth1 parent 1: protocol all prio 1 action police rate 100000000 burst 15k flowid 1:64 The correct TC filter after fix: tc filter add dev eth1 parent 1: protocol all prio 1 basic match "meta(vlan mask 0xfff eq 100)" flowid 1:64
2024-01-19Merge pull request #2858 from yzguy/yzguy/T5964Christian Breunig
T5964: add missing imports for is_wwan_connected()
2024-01-19T5964: add missing imports for is_wwan_connected()Adam Smith
2024-01-19Merge pull request #2855 from sever-sever/T5963Daniil Baturin
T5963: Fix QoS shaper rate calculations and set default 1Gbit
2024-01-19Merge pull request #2857 from sarthurdev/T5948_1Christian Breunig
dhcp: T5948: Strip trailing dot, detect if hostname is FQDN
2024-01-19op-mode: xml: remove executable bit from XML definitionChristian Breunig
2024-01-19dhcp: T5948: Strip trailing dot, detect if hostname is FQDNsarthurdev
2024-01-19Debian: T2267: extend version tag from GIT repoChristian Breunig
This extends commit 2c3e4696b3e22 ("T2267: Versioning: Update version tag from GIT repo") to also include release tags.
2024-01-19T5963: Fix QoS shaper rate calculations and set defaul 1GbitViacheslav Hletenko
It is impossible to detect interface speed for some devices for exmaple virtio interfaces: ``` vyos@r4:~$ cat /sys/class/net/eth1/speed -1 ``` It causes wrong negative calcultaions like: - bandwidth: -1000000 - 4% of bandwidth: -40000 tc class replace dev eth1 parent 1: classid 1:1 htb rate -1000000 tc class replace dev eth1 parent 1:1 classid 1:a htb rate -40000 Fix this with checking negative value. Add default interface speed to 1000 Mbit if we cannot detect the interface speed, the current default value 10 Mbit is too low for nowadays
2024-01-18smoketest: T5779: clear conntrack config on test startupChristian Breunig
2024-01-18T5779: conntrack: bump version numberChristian Breunig
2024-01-18Merge pull request #2839 from josephillips85/currentChristian Breunig
dhcp: T5952: Fix validate duplicate MAC Address on same subnet
2024-01-18dhcp: T5952: validate duplicate DUID in static-mappings incl. smoketestsChristian Breunig
2024-01-18T5958: QoS add basic implementation of policy shaper-hfscViacheslav Hletenko
QoS policy shaper-hfsc was not implemented after rewriting the traffic-policy to qos policy. We had CLI but it does not use the correct class. Add a basic implementation of policy shaper-hfsc. Write the class `TrafficShaperHFS`
2024-01-18Merge pull request #2850 from c-po/ethernet-4638Christian Breunig
ethernet: T4638: deleting parent interface does not delete underlying VIFs
2024-01-18ethernet: T4638: deleting parent interface does not delete underlying VIFsChristian Breunig
2024-01-18Merge pull request #2848 from c-po/T5738-config-managementChristian Breunig
xml: T5738: re-use source-address-ipv4-ipv6 building block for config-management
2024-01-18xml: T5738: re-use source-address-ipv4-ipv6 building block for config-managementChristian Breunig
2024-01-18Merge pull request #2846 from c-po/t863Daniil Baturin
ndp-proxy: T5863: add missing priority to honor interface dependencies
2024-01-18ndp-proxy: T5863: add missing priority to honor interface dependenciesChristian Breunig
2024-01-18dhcp: T5952: Fix validate duplicate MAC Address on same subnetJose Phillips
2024-01-17Merge pull request #2842 from aapostoliuk/T5953-circinusChristian Breunig
T5953: Changed values of 'close-action' to Strongswan values
2024-01-17Merge pull request #2843 from sarthurdev/T5948Christian Breunig
dhcp: T5948: Strip trailing dot from hostnames
2024-01-17dhcp: T5948: Strip trailing dot from hostnamessarthurdev
2024-01-17T5953: Changed values of 'close-action' to Strongswan valuesaapostoliuk
Changed the value from 'hold' to 'trap' in the 'close-action' option in the IKE group. Changed the value from 'restart' to 'start' in the 'close-action' option in the IKE group.
2024-01-17Merge pull request #2832 from aapostoliuk/T5865-circinusChristian Breunig
T5865: Moved ipv6 pools to named ipv6 pools in accel-ppp
2024-01-16dhcp: T5952: Fix validate duplicate MAC Address on same subnetJose Phillips
2024-01-16Merge pull request #2818 from jestabro/serial-console-config-modeDaniil Baturin
image-tools: T5923: update system_console.py for new GRUB file structure
2024-01-16Merge pull request #2837 from aapostoliuk/T4658-circinusChristian Breunig
T4658: Renamed DPD action value from 'hold' to 'trap'
2024-01-16T4658: Renamed DPD action value from 'hold' to 'trap'aapostoliuk
Renamed DPD action value from 'hold' to 'trap'
2024-01-16Merge pull request #2833 from sever-sever/T5889Christian Breunig
T5889: Fix migration scripts nat 5-to-6
2024-01-16Merge pull request #2834 from c-po/bgp-t5937Christian Breunig
bgp: T5937: fix migration script for IPv6 AFI peer-group
2024-01-16bgp: T5937: fix migration script for IPv6 AFI peer-groupChristian Breunig
Migrate "bgp <ASN> neighbor <NEIGH> address-family ipv6-unicast peer-group" to "bgp neighbor <NEIGH> peer-group"
2024-01-16T5889: Fix migration scripts nat 5-to-6Viacheslav Hletenko
The current migration drop interface name for NAT where not should ``` nat { source { rule 100 { outbound-interface { name "eth0" ... } } } ``` After migration we lost interface: /home/vyos# /opt/vyatta/etc/config-migrate/migrate/nat/5-to-6 tmp.conf /home/vyos# /home/vyos# cat tmp.conf | grep "nat {" -A 10 nat { source { rule 100 { outbound-interface { interface-name "" ... } } } ``` This commit fixes it.
2024-01-16T5865: Moved ipv6 pools to named ipv6 pools in accel-pppaapostoliuk
Moved ipv6 pools to named ipv6 pools in accel-ppp services
2024-01-15Merge pull request #2829 from c-po/ospfChristian Breunig
ospf: T5936: when migrating passive interfaces set_tag() must be set
2024-01-15ospf: T5936: when migrating passive interfaces set_tag() must be setChristian Breunig
2024-01-15Merge pull request #2825 from c-po/tmpChristian Breunig
op-mode: T5944: remove double whitespace in reboot error message
2024-01-15op-mode: T5944: remove double whitespace in reboot error messageChristian Breunig
2024-01-15Merge pull request #2823 from sever-sever/T4856Christian Breunig
T4856: Fix IPsec DHCP-client exit hook
2024-01-15Merge pull request #2824 from sever-sever/T5901Christian Breunig
T5901: Add DHCP base_path dir during first boot
2024-01-15T5901: Add DHCP base_path dir during first bootViacheslav Hletenko
We should create dhclient base_path dir `/run/dhclient` during the first boot. It fixes cloud-init boot issues ``` /etc/dhcp/dhclient-exit-hooks.d/03-vyos-dhclient-hook: line 33: /run/dhclient/dhclient_eth0.lease: No such file or directory ```
2024-01-14T4856: Fix IPsec DHCP-client exit hookViacheslav Hletenko
The script acually does not have the variable `secrets_lines` and secret lines itself does not have the marker `# dhcp:{interface}` in `to_find` Needs to rewrite this script in the future if it is required This commit fixes DHCP-client exit hook: ``` dhclient[6800]: NameError: name 'secrets_lines' is not defined root[6801]: /etc/dhcp/dhclient-exit-hooks.d/99-ipsec-dhclient-hook returned non-zero exit status 1 ```
2024-01-14Merge pull request #2821 from sever-sever/T5944John Estabrook
T5944: Fix reboot in arg