summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-12-30Merge pull request #1726 from vfreex/vxlan-fix-rebuildChristian Poessinger
T4897: vxlan: Fix setting `source-address` and `source-interface`
2022-12-30T4897: Fix virtual interface rebuild checksYuxiang Zhu
`leaf_node_changed` returns `[]` (empty list) after a leaf node is added. e.g. Setting `source-interface` doesn't work on an existing vxlan interface. Steps to reproduce: - Add a vxlan interface without `source-address` or `source-interface` options set: ``` set interfaces vxlan vxlan999 vni 999 set interfaces vxlan vxlan999 remote 192.168.100.100 commit ``` - Then set `source-address` or `source-interface`: ``` set interfaces vxlan vxlan999 source-interface eth0 commit ``` Actual result: Source address or source-interface are not set: ``` ip -d link show dev vxlan999 76: vxlan999: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/ether 56:08:ba:4d:4e:a8 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535 vxlan id 999 remote 192.168.100.100 srcport 0 0 dstport 8472 tos inherit ttl 16 ageing 300 udpcsum noudp6zerocsumtx noudp6zerocsumrx addrgenmode none numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 ``` Expected result: ``` 77: vxlan999: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/ether 9e:05:d9:58:1a:af brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535 vxlan id 999 remote 192.168.100.100 dev eth0 srcport 0 0 dstport 8472 tos inherit ttl 16 ageing 300 udpcsum noudp6zerocsumtx noudp6zerocsumrx addrgenmode none numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 ``` All invocations of leaf_node_changed() should be migrated to is_node_changes() if you are only interested in if something changed and don‘t care what exactly changed (content).
2022-12-30pseudo-ethernet: T4391: use is_node_changed() over error prone ↵Christian Poessinger
leaf_node_changed() We only need to use leaf_node_changed() if we are interested in the detailed change to a CLI node (what was the previous content). If we are only interested in if a node changed "at all" is_node_changed() should be used.
2022-12-30tunnel: T4391: use is_node_changed() over error prone leaf_node_changed()Christian Poessinger
We only need to use leaf_node_changed() if we are interested in the detailed change to a CLI node (what was the previous content). If we are only interested in if a node changed "at all" is_node_changed() should be used.
2022-12-30geneve: T4366: use is_node_changed() over error prone leaf_node_changed()Christian Poessinger
We only need to use leaf_node_changed() if we are interested in the detailed change to a CLI node (what was the previous content). If we are only interested in if a node changed "at all" is_node_changed() should be used.
2022-12-30Merge pull request #1727 from vfreex/dummy-mtuChristian Poessinger
T4898: Add mtu config option for dummy interfaces
2022-12-29T4898: Add mtu config option for dummy interfacesYuxiang Zhu
I use dummy interfaces in a VRF as source-interfaces for VXLAN in order to force VXLAN send underlay UDP traffic through the VRF where the dummy interface resides. However dummy interface has no mtu option so it always gets an MTU of 1500. This will cause an error when the mtu of dummy is not large enough for the VXLAN traffic. Adding this option in the config template will solve this.
2022-12-27strongSwan: T4593: add charon-systemd runtime dependencyChristian Poessinger
2022-12-27strongSwan: upgrade scripts to work with package version 5.9.8Christian Poessinger
2022-12-25container: T2216: use defaultValue XML definition to define port protocolChristian Poessinger
Instead of hardcoding the default protocol as TCP in the Python script we shall use the XML based defaultValue approach instead. This also automatically exports the default to the CLI completion helper.
2022-12-25container: T2216: add verify() for port definitionChristian Poessinger
If port is specified on the CLI so must be source and destination under the port node.
2022-12-24container: T4870: remove manual user interaction during storage migrationChristian Poessinger
Commit 60c80df4 ("container: T4870: bump package version 0 -> 1 for filesystem change") introduced a fundamental change in the container storage driver that required a manual migration step from the user to not loose any data. This commit removes the manual user interaction and temporary exports the container images and re-imports them after the filesystem got changed. The only things that get lost are orphaned container images no longer referenced by the CLI - thats an adequate trade-off as those images can always be re-added to the system.
2022-12-24container: T4870: update to overlay2 driverChristian Poessinger
overlay2 is the preferred storage driver for all currently supported Linux distributions, and requires no extra configuration.
2022-12-23Merge pull request #1724 from sarthurdev/fw_macChristian Poessinger
firewall: T2199: Add mac-address match to destination side
2022-12-23firewall: T2199: Fix typo in `rule-log-level.xml.i` headersarthurdev
2022-12-23firewall: T2199: Add mac-address match to `destination` sidesarthurdev
2022-12-23container: T4870: bump package version 0 -> 1 for filesystem changeChristian Poessinger
move from vfs to overlay driver The following pre iage upgrade script must be executed to have containers after the reboot: for pod in $(cli-shell-api listActiveNodes container name); do systemctl stop vyos-container-${pod//\'}.service done sed -i 's/vfs/overlay/g' /etc/containers/storage.conf /usr/share/vyos/templates/container/storage.conf.j2 rm -rf /usr/lib/live/mount/persistence/container/storage/libpod for pod in $(cli-shell-api listActiveNodes container name); do image=$(cli-shell-api returnActiveValue container name ${pod//\'} image) podman image pull $image systemctl start vyos-container-${pod//\'}.service done for dir in vfs vfs-containers vfs-images vfs-layers; do rm -rf /usr/lib/live/mount/persistence/container/storage/$dir done
2022-12-23Merge pull request #1702 from TGNThump/patch-1Christian Poessinger
container: T4870: Update podman to use overlay storage driver
2022-12-23ipsec: T4594: drop old show_ipsec_sa.py in favor of new implementation in ↵Christian Poessinger
ipsec.py
2022-12-23containers: T4585: remove redundant sudo calls in op-mode scriptChristian Poessinger
2022-12-23ipsec: T2816: do not explicitly call intepreter for python scriptChristian Poessinger
Our python scripts use the shebang logic to set an intepreter - we should rely on this and not use an external interpreter in front of the helper.
2022-12-23wireguard: T3642: drop deprecated CLI commandsChristian Poessinger
2022-12-23pki: T4847: extend dependency on sstpc client interfaceChristian Poessinger
2022-12-23dhcp: T4758: implement missing functionality from old script to new op-mode ↵Christian Poessinger
script Sorting DHCP pools and filtering for state can now be done using the new op-mode mode scripts in DHCP. This allows us to drop the old helpers show_dhcp.py and show_dhcpv6.py.
2022-12-23nat: T4545: implement missing functionality from old script to new op-mode ↵Christian Poessinger
script Remaining functionality to filter NAT translations for a given address got implemented to nat.py - with this cahnge we can drop the old files show_nat*.py
2022-12-23Merge pull request #1723 from aapostoliuk/T4890-sagittaChristian Poessinger
T4890: Fixed op_mode show conntrack table ipv4
2022-12-23T4890: Fixed op_mode show conntrack table ipv4aapostoliuk
Fixed op_mode show conntrack table ipv4 Created check on empty column "mark"
2022-12-22Merge pull request #1720 from jestabro/op-mode-interfacesJohn Estabrook
T4866: rewrite show_interfaces.py show* functions to standardized op-mode
2022-12-21interfaces: T4866: add interfaces.py to op-mode-standardized listJohn Estabrook
2022-12-21interfaces: T4866: call interfaces.py in op-mode-definitionsJohn Estabrook
2022-12-21interfaces: T4866: add standardized op-mode interfaces.pyJohn Estabrook
2022-12-20smoketest: radvd: T4809: add test case for RA source addressChristian Poessinger
2022-12-20op-mode: radvd: T4809: add CLI commands for log displayChristian Poessinger
- show log router-advert - monitor log router-advert
2022-12-20radvd: T4809: fix AdvRASrcAddress missing semicolonChristian Poessinger
Commit 13071a4a ("T4809: radvd: Allow the use of AdvRASrcAddress") added a new feature to set the RA source-address. Unfortunately it missed a semicolon.
2022-12-19graphql: T4887: interpret all boolean options as nullableJohn Estabrook
2022-12-19Merge pull request #1718 from nicolas-fort/T4886_conn_markChristian Poessinger
T4886: Firewall and route policy: Add connection-mark feature to vyos.
2022-12-19Merge pull request #1719 from sever-sever/T4879Christian Poessinger
T4879: IPsec migration script remote-id for peer name eq address
2022-12-19T4879: IPsec migration script remote-id for peer name eq addressViacheslav Hletenko
Migration for "remote-id" where peer is IPv4 or IPv6 address was missed It was only migration if peer starts with "@" It cause that you must manualy set 'remote-id' to get it working correctly replace 'vpn ipsec site-to-site peer 192.0.2.2' => 'vpn ipsec site-to-site peer peer_192-0-2-2 authentication remote-id 192.0.2.2'
2022-12-19dhcp: T4832: fix TypeError in smoketestChristian Poessinger
Commit cca7ec3e ("T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)") extended the smoketests but used int over str when calilng the CLI wrapper. This led to: TypeError: sequence item 7: expected str instance, int found
2022-12-19T4886: Firewall and route policy: Add connection-mark feature to vyos.Nicolas Fort
2022-12-17sstp: T4384: disable compression and creacke exclusive lock fileChristian Poessinger
2022-12-17sstp: T4384: remote server is mandatory in client modeChristian Poessinger
2022-12-17Merge pull request #1669 from vfreex/dhcp-v6-only-option-1.4Christian Poessinger
T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
2022-12-17Merge pull request #1715 from c-po/currentChristian Poessinger
op-mode: T707: remove dedicated calls to sudo in vpn_ipsec
2022-12-17op-mode: T707: remove dedicated calls to sudo in vpn_ipsecChristian Poessinger
As the script itself (vpn_ipsec.py) is already invoked using sudo, there is no further need to also call sudo inside the script again.
2022-12-17Merge pull request #1714 from c-po/currentChristian Poessinger
op-mode: T707: explicitly use sudo when working with RAID devices
2022-12-17op-mode: T707: explicitly use sudo when working with RAID devicesChristian Poessinger
2022-12-17Merge pull request #1713 from c-po/currentChristian Poessinger
op-mode: T4767: drop sudo calls when working with QAT/acceleration subsystem
2022-12-17op-mode: T4767: drop sudo calls when working with QAT/acceleration subsystemChristian Poessinger
As the API daemon has the proper permissions and also the CLI op-mode calls the script already with "sudo", there is no need to call "sudo" inside this script, again.
2022-12-17GitHub: use private access token for review assignmentChristian Poessinger