summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-13T5064: Firewall fix RegEx for for domain-groupViacheslav Hletenko
Improve RegEx for firewall domain-groups. This domain group looks good, but the current RegEx validation fils: ``` set firewall group domain-group a_aa ``` (cherry picked from commit b67049edab41e8714aec087b81d589fdb03a350b)
2024-02-13Merge pull request #3001 from vyos/mergify/bp/sagitta/pr-2987Daniil Baturin
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support (backport #2987)
2024-02-13bgp: T6032: add EVPN MAC-VRF Site-of-Origin supportChristian Breunig
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2 domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originated from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs set protocols bgp address-family l2vpn-evpn mac-vrf soo (cherry picked from commit f308df322bd62024e29dd458642cb6bcac8a5ad6)
2024-02-12Merge pull request #2996 from vyos/mergify/bp/sagitta/pr-2993Christian Breunig
ipsec: T5981: Strip '@' from migrated peer PKI name (backport #2993)
2024-02-12ipsec: T5981: Strip '@' from migrated peer namesarthurdev
(cherry picked from commit 8238f8cdae3ae14bd8bd95158c218c45285df478)
2024-02-12Merge pull request #2995 from vyos/mergify/bp/sagitta/pr-2994Christian Breunig
init: T2044: fix "binary operator expected" when two or more RPKI caches are defined (backport #2994)
2024-02-12init: T2044: fix "binary operator expected" when two or more RPKI caches are ↵Christian Breunig
defined Fix commit 9b8e11e07 ("init: T2044: only start rpki if cache is configured") which showed a disturbing error on tty0 after boot that a "binary operator expected" when checking for RPKI caches when multiple results got returned. (cherry picked from commit a5ac522f8c675ee2b2c2f4f08be7c41943632e94)
2024-02-12Merge pull request #2992 from vyos/mergify/bp/sagitta/pr-2991Daniil Baturin
T6019: fix smoketest after upgrading nftables and libnftnl packages. (backport #2991)
2024-02-12T6019: fix smoketest after upgrading nftables and libnftnl packages.Nicolas Fort
(cherry picked from commit f3205d6dd1ea04adecbd8c857c80015ed53f2140)
2024-02-12Merge pull request #2990 from vyos/mergify/bp/sagitta/pr-2980Christian Breunig
srv6: T5849: add segment support to "protocols static route6" (backport #2980)
2024-02-12Merge pull request #2989 from vyos/mergify/bp/sagitta/pr-2986Christian Breunig
bgp: T6010: support setting multiple values for neighbor path-attribute (backport #2986)
2024-02-11srv6: T5849: add segment support to "protocols static route6"Christian Breunig
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z' * set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z' (cherry picked from commit b84f7de453f3951945298d95a8a27345ba7d28c3)
2024-02-11bgp: T6010: support setting multiple values for neighbor path-attributeChristian Breunig
(cherry picked from commit a22e0ee09ff4750de004090f1f55ee75a12dc821)
2024-02-10Merge pull request #2985 from vyos/mergify/bp/sagitta/pr-2983Daniil Baturin
rpki: T6004: add missing startup priority (backport #2983)
2024-02-10Merge pull request #2984 from vyos/mergify/bp/sagitta/pr-2982Daniil Baturin
xml: T5738: improve PKI building blocks for CLI (backport #2982)
2024-02-10rpki: T6004: add missing startup priorityChristian Breunig
(cherry picked from commit 4c2acb970c62478cf1139fcf66b0de341d46f7fc)
2024-02-10xml: T5738: improve PKI building blocks for CLIChristian Breunig
(cherry picked from commit d4278cde2b153e163fe41e1bc461891397336bc3)
2024-02-09Merge pull request #2979 from vyos/mergify/bp/sagitta/pr-2978Christian Breunig
T6028: Fix QoS policy shaper wrong class_id_max and default_minor_id (backport #2978)
2024-02-09T6028: Fix QoS policy shaper wrong class_id_max and default_minor_idViacheslav Hletenko
The `class_id_max` is wrong due to `tmp.sort` of Strings If we have class 5 and class 10 we get sorted max value 5, expected 10 ``` >>> tmp = ['5', '10'] >>> tmp.sort() >>> tmp ['10', '5'] >>> >>> hex(5+1) '0x6' >>> >>> hex(10+1) '0xb' >>> ``` This way we get wrong default maximum class value: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6 ``` Expect: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b ``` Fix this converting Strings to Integers and get max value. (cherry picked from commit 2e8fa45c7f0663549edd118622b3381e7c428b2e)
2024-02-09Merge pull request #2977 from vyos/mergify/bp/sagitta/pr-2967Christian Breunig
T5703: Fix reapply QoS for connection-oriented interfaces (backport #2967)
2024-02-09T5703: Fix reapply QoS for connection-oriented interfacesViacheslav Hletenko
After `disconnect` and `connect` connection-oriented interfaces like PPPoE, QoS policy has to be reapplied (cherry picked from commit ffc6dc28780f4d3e8c548f3709c7f3d17babda68)
2024-02-09Merge pull request #2974 from vyos/mergify/bp/sagitta/pr-2643Daniil Baturin
T5828: fix grub installation on arm64-efi machines (backport #2643)
2024-02-09Merge pull request #2976 from vyos/mergify/bp/sagitta/pr-2975Christian Breunig
https: T5902: fix migration of virtual-host port (backport #2975)
2024-02-09https: T5902: fix migration of virtual-host portChristian Breunig
CLI source node is port and not listen-port. (cherry picked from commit 63d53a17274349fd68defdbf9f7ce16be63fc9b1)
2024-02-09Merge pull request #2973 from vyos/mergify/bp/sagitta/pr-2950Christian Breunig
T5960: Rewritten authentication node in PPTP to a single view (backport #2950)
2024-02-09T5828: fix grub installation on arm64-efi machinesMathew McBride
Since the migration of GRUB handling to vyos-1x, the grub install sequence has hardcoded references to x86. Change the GRUB sequence so it can work on arm64 as well. (cherry picked from commit 37bd574c4e1f49b03f985c4293513ff7107ae82f)
2024-02-09T5960: Rewritten authentication node in PPTP to a single viewaapostoliuk
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication. (cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
2024-02-09Merge pull request #2972 from vyos/mergify/bp/sagitta/pr-2955Christian Breunig
rpki: T6023: add support for CLI knobs expire-interval and retry-interval (backport #2955)
2024-02-08rpki: T6023: add support for CLI knobs expire-interval and retry-intervalChristian Breunig
(cherry picked from commit 17894f6f5d97df7d3ac1cf37ce0e1a96b8fa8e8b)
2024-02-08Merge pull request #2970 from vyos/mergify/bp/sagitta/pr-2968Christian Breunig
T5685: Keepalived VRRP prefix is not necessary for the virtual address (backport #2968)
2024-02-08Merge pull request #2971 from vyos/mergify/bp/sagitta/pr-2969Christian Breunig
T6026: QoS hide attempts to delete qdisc from devices (backport #2969)
2024-02-08T6026: QoS hide attempts to delete qdisc from devicesViacheslav Hletenko
Hide unexpected output by attempts of deleting `qdisc` from interfaces [ qos ] Error: Cannot find specified qdisc on specified device. Error: Cannot delete qdisc with handle of zero. (cherry picked from commit 6dcb68ba5553ac94eb3a9da4a915999500b00ab2)
2024-02-08T5685: Keepalived VRRP prefix is not necessary for the virtual addressNataliia Solomko
(cherry picked from commit 1cb52f758cec78b9ac19f47448064b8e9e722b67)
2024-02-08Merge pull request #2964 from vyos/mergify/bp/sagitta/pr-2952Daniil Baturin
vrf: T5973: module is now statically compiled into the kernel (backport #2952)
2024-02-08Merge pull request #2963 from vyos/mergify/bp/sagitta/pr-2957Daniil Baturin
bgp: T6024: add additional missing FRR features (backport #2957)
2024-02-07Merge pull request #2962 from vyos/mergify/bp/sagitta/pr-2959Viacheslav Hletenko
init: T2044: only start rpki if cache is configured (backport #2959)
2024-02-07init: T2044: only start rpki if cache is configuredChristian Breunig
This extends commit 9199c87cf ("init: T2044: always start/stop rpki during system boot") to check the bootup configuration if an RPKI cache is defined. Only start RPKI if this is the case. (cherry picked from commit 9b8e11e078c42e3ae86ebfa45fec57336f25a0af)
2024-02-07vrf: T5973: module is now statically compiled into the kernelChristian Breunig
Always enable VRF strict_mode (cherry picked from commit 117fbcd6237b59f54f2c1c66986a8ce073808c84)
2024-02-07bgp: T6024: add additional missing FRR featuresChristian Breunig
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null> * set protocols bgp parameters allow-martian-nexthop * set protocols bgp parameters no-hard-administrative-reset" (cherry picked from commit fff6004d46c5b939800fc3e61fe2102224625c0d)
2024-02-07Merge pull request #2961 from vyos/mergify/bp/sagitta/pr-2960Christian Breunig
xml: T302: replace references to Quagga with FRRouting (backport #2960)
2024-02-07Merge pull request #2958 from vyos/mergify/bp/sagitta/pr-2944Christian Breunig
vpn: T3843: l2tp configuration not cleared after delete (backport #2944)
2024-02-07xml: T302: replace references to Quagga with FRRoutingChristian Breunig
(cherry picked from commit 1c882769cc0627cfc1ebf5ab7c338c6c474456da)
2024-02-07vpn: T3843: l2tp configuration not cleared after deletekhramshinr
vpn: T5926: IPSEC does not apply after l2tp configuration was changed added dependency between l2tp and ipsec conf added test for apply config to swanctl (cherry picked from commit e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5)
2024-02-07Merge pull request #2956 from vyos/mergify/bp/sagitta/pr-2953Christian Breunig
T6021: Fix QoS shaper r2q calculation (backport #2953)
2024-02-07T6021: Fix QoS shaper r2q calculationViacheslav Hletenko
The current calculation `r2q` is wrong as it uses `Floor division` but expecting `division` This way `math.ceil` calculate wrong value as we expect round a number upward to its nearest integer For example for speed 710 mbits expected value `444` but we get `443` ``` from math import ceil MAXQUANTUM = 200000 speed = 710000000 speed_bps = int(speed) // 8 >>> speed_bps // MAXQUANTUM 443 >>> speed_bps / MAXQUANTUM 443.75 >>> >>> >>> ceil(speed_bps // MAXQUANTUM) 443 >>> ceil(speed_bps / MAXQUANTUM) 444 >>> ``` (cherry picked from commit ce1035e1e8642bf740e2a21693a72fe2127b8f72)
2024-02-06Merge pull request #2948 from vyos/mergify/bp/sagitta/pr-2941Christian Breunig
image-tools: T6016: wait for umount in cleanup function (backport #2941)
2024-02-06Merge pull request #2947 from vyos/mergify/bp/sagitta/pr-2946Christian Breunig
T5921: Fix OpenConnect verify for local users (backport #2946)
2024-02-06image-tools: T6016: wait for umount in cleanup functionJohn Estabrook
(cherry picked from commit d80530c48a78dfeb55293494a257f6234b0ef76d)
2024-02-06T5921: Fix OpenConnect verify for local usersViacheslav Hletenko
Fix verify error for the VPN OpenConnect configuration with local authentication and without any user File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 94, in verify if not ocserv["authentication"]["local_users"]: KeyError: 'local_users' (cherry picked from commit 71644dfed63f6248525db3c3bc9493c059707a2a)
2024-02-06Merge pull request #2942 from srividya0208/debug-ipsecViacheslav Hletenko
op-mode:T6015:Fix for charon file generated by ipsec debug script