summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-11-22Merge pull request #1674 from sarthurdev/container_networkChristian Poessinger
container: T4834: Limit network names to 11 characters (15 char max including "cni-" prefix)
2022-11-22container: T4834: Limit network names to 11 characters (15 char max ↵sarthurdev
including "cni-" prefix) * Error: unable to start container "<id>": plugin type="bridge" failed (add): cni plugin bridge failed: failed to create bridge "cni-thisismorethan15chars": could not add "cni-thisismorethan15chars": numerical result out of range
2022-11-21graphql: T4574: add specific error message if token has expiredJohn Estabrook
Catch expiration error and return error-specific message instead of general 'not authenticated'.
2022-11-21graphql: T4574: use Optional in func_sigJohn Estabrook
A misreading of the makefun docs seemed to indicate Optional was not supported; it is.
2022-11-21graphql: T4544: use load_as_module from vyos.utilJohn Estabrook
load_as_module was added to util.py for T4821; prefer over local copy
2022-11-21Merge pull request #1673 from sever-sever/T4823Christian Poessinger
T4823: Fix IPsec transport mode remote TS
2022-11-21T4823: Fix IPsec transport mode remote TSViacheslav Hletenko
Remote TS for transport mode GRE must be remote-address and not peer name
2022-11-21Merge pull request #1671 from jestabro/reset-tunnel-arg-optionalDaniil Baturin
IPsec: T4829: tunnel argument to 'reset_peer' should have type hint Optional
2022-11-20IPsec: T4829: use type hint Optional for arg tunnel in reset_peerJohn Estabrook
2022-11-20IPsec: T4829: add missing import TimeoutExpiredJohn Estabrook
2022-11-20Merge pull request #1657 from sever-sever/T4812Daniil Baturin
T4812: Add op-mode Show vpn ipsec connections
2022-11-20op-mode: dns-forwarding: T4578: drop sudo callsChristian Poessinger
Commit 66288ccfee ("dns-forwarding: T4578: Rewrite show dns forwarding") added the implementation for the new standardized op-mode definitions/implementation. As the API daemon has the proper permissions and also the CLI op-mode calls the script already with "sudo", there is no need to call "sudo" inside this script, again. Also add dns.py to data/op-mode-standardized.json for the GraphQL schema to be generated.
2022-11-20macvlan: pseudo-ethernet: T2104: _create() should place interface in A/D stateChristian Poessinger
2022-11-20Merge pull request #1667 from sever-sever/T4827Christian Poessinger
T4827: Route-map state continue must be with action permit only
2022-11-20T4827: Route-map state continue must be with action permit onlyViacheslav Hletenko
route-map action 'deny' cannot be used for "continue" as FRR does not validate it r14(config)# route-map FOO permit 100 r14(config-route-map)# route-map FOO deny 50 r14(config-route-map)# on-match goto 100 % Configuration failed. Error type: validation r14(config-route-map)#
2022-11-20vrf: T4562: no need to invode "sudo" when retrieving VRf informationChristian Poessinger
2022-11-20T4830: nat66: remove external IPv6 check on bracketize_ipv6()Christian Poessinger
vyos.template.bracketize_ipv6() has a build-in check if the supplied address is of IPv6 AFI. No need to code an external check arround that.
2022-11-19Merge pull request #1666 from nicolas-fort/T4830-nat66Christian Poessinger
T4830: nat66: fix how nat66 rules are written in nftables
2022-11-19T4830: nat66: fix how nat66 rules are written in nftables, so translation ↵Nicolas Fort
works as expected
2022-11-19Merge pull request #1665 from jestabro/op-mode-value-errorChristian Poessinger
IPsec: T4828: raise op-mode error on incorrect value
2022-11-18IPsec: T4828: raise op-mode error on incorrect valueJohn Estabrook
2022-11-18Merge pull request #1664 from sever-sever/T4826Christian Poessinger
T4826: Fix login pubkey key type ed25519-sk ecdsa-sk
2022-11-18T4826: Fix login pubkey key type ed25519-sk ecdsa-skViacheslav Hletenko
Requires full key type name like sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com
2022-11-18Merge pull request #1662 from jestabro/config-script-dependencyDaniil Baturin
firewall: T4821: correct calling of conf_mode script dependencies
2022-11-18Merge pull request #1645 from aapostoliuk/T4793-sagittaChristian Poessinger
T4793: Added warning about disable-route-autoinstall
2022-11-18T4793: Added warning about disable-route-autoinstallaapostoliuk
Added warning message about disable-route-autoinstall when ipsec vti is used.
2022-11-17Merge pull request #1654 from sarthurdev/pbr_refactorChristian Poessinger
policy: T2199: T4605: Migrate policy route interface node
2022-11-17firewall: T4821: correct calling of conf_mode script dependenciesJohn Estabrook
2022-11-17firewall: T4821: add support for adding conf_mode script dependenciesJohn Estabrook
2022-11-17Merge pull request #1660 from aapostoliuk/T4819-sagittaChristian Poessinger
T4819: Allow printing Warning messages in multiple lines with \n
2022-11-16Merge pull request #1661 from roedie/T4794Christian Poessinger
T4794: Fix show show firewall name
2022-11-16T4794: Fix show show firewall nameSander Klein
show firewall name <name> will output an error as explained in https://phabricator.vyos.net/T4794
2022-11-16firewall: T4821: add utility to load script as moduleJohn Estabrook
2022-11-16containers: T2216: support re-install via dpkg of vyos-1x-smoketest packageChristian Poessinger
skopeo does not support overwriting an image - simply remove and readd it.
2022-11-16T4819: Allow printing Warning messages in multiple lines with \naapostoliuk
Allow printing Warning messages and DeprecationWarning in multiple lines with \n
2022-11-16bridge: T4673: remove "sudo" as there is no need to elevate permissionsChristian Poessinger
2022-11-16Revert "Revert "dns: T4799: fix bug with not reloading powerdns config""Christian Poessinger
This reverts commit 44df1cea1ebc3296844c5c35cf053a92cda4b944.
2022-11-16Revert "smoketest: T4652: adjust PowerDNS process name for 4.8 version"Christian Poessinger
This reverts commit 726cdf8bfd27d751737383102fa205f3c082710c.
2022-11-15T4812: Add op-mode Show vpn ipsec connectionsViacheslav Hletenko
Add op-mode CLI "show vpn ipsec connections" Add the ability to show all configured connections/tunnels and their states. Ability to get --raw data
2022-11-15Merge pull request #1658 from vfreex/fix-ns-config2Christian Poessinger
T4815: ip-up/down scripts needs the executable bit
2022-11-15T4815: ip-up/down scripts needs the executable bitYuxiang Zhu
ip-up/down scripts added in https://github.com/vyos/vyos-1x/pull/1656 need the executable bit.
2022-11-14Merge pull request #1653 from jestabro/trace-migrationJohn Estabrook
migration: T4808: add details of configtree operations to migration log
2022-11-14Merge pull request #1655 from fett0/T4813Christian Poessinger
T4813: Add L3vpn over gre option from route-map
2022-11-14Merge pull request #1656 from vfreex/fix-ns-configChristian Poessinger
T4815: Fix various name server config issues
2022-11-14T4815: Fix various name server config issuesYuxiang Zhu
1. When a PPPoE session is connected, `pppd` will update `/etc/resolv.conf` regardless of `system name-server` option unless `no-peer-dns` is set. This is because `pppd` vendors scripts `/etc/ppp/ip-up.d/0000usepeerdns` and `/etc/ppp/ip-down.d/0000usepeerdns`, which updates `/etc/resolv.conf` on PPPoE connection and reverts the change on disconnection. This PR removes those scripts and adds custom scripts to update name server entries through `vyos-hostsd` instead. 2. There is a typo in `/etc/dhcp/dhclient-enter-hooks.d/04-vyos-resolvconf, which misspells variable name `new_dhcp6_name_servers` as `new_dhcpv6_name_servers`. This causes IPv6 name server entries in `vyos-hostsd` not updated when dhclient receives nameservers from DHCPv6. 3. Regular expressions in scripts under `/etc/dhcp/dhclient-enter-hooks.d` and `/etc/dhcp/dhclient-exit-hooks.d/` are not enclosed in `^$`, so those IPv4 related branches (like `BOUND`) could be mistakenly executed when an IPv6 reason (like `BOUND6`) is given.
2022-11-13T4813: add l3vpn over gre option from route-mapfett0
2022-11-13l3VPN : T4182: add l3vpn over gre option from route-mapfett0
2022-11-11policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵sarthurdev
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle
2022-11-11smoketest: T4284: add basic QoS config to be loaded for migrationChristian Poessinger
2022-11-11smoketest: dns: T738: add test for default value of portChristian Poessinger