| Age | Commit message (Collapse) | Author |
|---|
|
* Fix route deletion errors when interface is missing. Clarify variable names.
|
|
T5817: Fix for show openvpn server (backport #2619)
|
|
appropiate commands to populate such groups using source and destination address of the packet.
|
|
In some cases we can get error:
```
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module>
data = get_status(args.mode, intf)
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status
client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface)
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address
tunnel_ip = lst[0].split(',')[0]
IndexError: list index out of range
```
(cherry picked from commit 58683a2444877bb989929625ad40a7d76259075d)
|
|
image-tools: T5983: fix regression in prune_vyos_versions
|
|
|
|
|
|
|
|
|
|
|
|
We can get an orphaned interface traffic-policy when the traffic-policy
name is removed from the interface, but the node `trffic-policy`
is still attached to the interface
For exmaple we have orphaned node traffic-policy on an interface:
```
set interfaces bonding bond0 vif 995 traffic-policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete traffic-policy from all interfaces if traffic-policy does not exist
|
|
We can get orphaned interface policy when the policy name was
removed from the interface but the node `policy` still attached
to the interface
For exmaple we have orphaned node policy on interface:
```
set interfaces bonding bond0 vif 995 policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete policy from all interfaces if policy does not exist
|
|
system-option: T5979: Add configurable kernel boot options
|
|
since it's not supported.
|
|
|
|
|
|
bfd: T5967: add minimum-ttl option
|
|
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254>
* set protocols bfd profile <name> minimum-ttl <1-254>
|
|
The default `bandwidth` and `ceiling` should calculate values
based on <tag> bandwidth but currently it gets the value from
qos.base `/sys/class/net/{self._interface}/speed`
```
set qos policy shaper SHAPER bandwidth '20mbit'
set qos policy shaper SHAPER default bandwidth '95%'
set qos policy shaper SHAPER default ceiling '100%'
```
It causes wrong calculations for class `default` i.e
950Mbit for bandwidth (expected 95% of bandwidth, 19Mbit)
1Gbit for ceil (expected 100% of bandwidth, 20Mbit)
Gets incorrect values
```
r4# tc class show dev eth1
class htb 1:1 root rate 20Mbit ceil 20Mbit burst 1600b cburst 1600b
class htb 1:a parent 1:1 leaf 8053: prio 0 rate 200Kbit ceil 200Kbit burst 1Mb cburst 1600b
class htb 1:b parent 1:1 leaf 8054: prio 7 rate 950Mbit ceil 1Gbit burst 15200b cburst 1375b
```
Fix this
|
|
ethernet: T5978: hw-tc-offload does not actually get enabled on the NIC
|
|
Typo (missaligned -/_) in the code causes hw-tc-offload to never be enabled in
the underlaying hardware via ethtool.
|
|
dhcp: T5787: Allow disabled duplicates on static-mapping
|
|
A code path was missing to check if only priority is available in the result of
"ip --json -4 rule show", in the case of l3mdev it's a dedicated key!
|
|
There is no need to add and remove this table during runtime - it can lurk
in the standard firewall init code.
|
|
|
|
This prevents the following error when configuring the first VRF:
sysctl: cannot stat /proc/sys/net/vrf/strict_mode: No such file or directory
|
|
op-mode: T5969: list multicast group membership
|
|
ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces left
|
|
T5957: fix removal of interface in firewall rules.
|
|
cpo@LR1.wue3:~$ show ip multicast group interface eth0.201
Interface Family Address
----------- -------- ---------
eth0.201 inet 224.0.0.6
eth0.201 inet 224.0.0.5
eth0.201 inet 224.0.0.1
cpo@LR1.wue3:~$ show ipv6 multicast group interface eth0
Interface Family Address
----------- -------- -----------------
eth0 inet6 ff02::1:ff00:0
eth0 inet6 ff02::1:ffbf:c56d
eth0 inet6 ff05::2
eth0 inet6 ff01::2
eth0 inet6 ff02::2
eth0 inet6 ff02::1
eth0 inet6 ff01::1
|
|
|
|
sflow: T5968: add VRF support
|
|
Add support to run hsflowd in a dedicated (e.g. management) VRF.
Command will be "set system sflow vrf <name>" like with any other service
|
|
Since, we don't have op-mode operation for 'dns dynamic' anymore, we need
to add a top level property to avoid empty `templates-op/update/node.def`.
|
|
Update op-mode for dynamic dns to standardize on `vyos.opmode`. All
methods of `op_mode/dns_dynamic.py` are now available in standardized
`op_mode/dns.py`.
Move op-mode command `update dns dynamic` to `reset dns dynamic` to
reflect that it is not an update but a reset of the dynamic dns service.
Also, make the help texts more consistent for all op-mode commands for
`dns dynamic` and `dns forwarding`.
|
|
|
|
|
|
|
|
Modify the dynamic dns configuration 'address' subpath for better
clarity on how the address is obtained.
Additionally, remove `web-options` and fold those options under the
path `address web`.
|
|
dns: T5959: Streamline dns forwarding service
|
|
For example, port 5353 is reserved for multicast DNS, this means tests
will fail if the host running the tests is also running a mDNS server.
|
|
Streamline configuration and operation of dns forwarding service in
following ways:
- Remove `dns_forwarding_reset.py` as its functionality is now covered
by `dns.py`
- Adjust function names in `dns.py` to disambiguate between DNS
forwarding and dynamic DNS
- Remove `dns_forwarding_restart.sh` as its functionality is inlined in
`dns-forwarding.xml`
- Templatize systemd override for `pdns-recursor.service` and move the
generated override files in /run. This ensures that the override files
are always generated afresh after boot
- Simplify the systemd override file by removing the redundant overrides
- Relocate configuration path for pdns-recursor to `/run/pdns-recursor`
and utilize the `RuntimeDirectory` default that pdns-recursor expects
- We do not need to use custom `--socket-dir` path anymore, the default
path (viz., `/run/pdns-recursor` is fine)
|
|
|
|
left
This extends commit 7ba47f027 ("ethernet: T4638: deleting parent interface does
not delete underlying VIFs") with a smoketests ensure no VIFs are left behind.
|
|
ntp: T5692: add support to configure leap second behavior
|
|
T5958: QoS add basic implementation of policy shaper-hfsc
|
|
* set service ntp leap-second [ignore|smear|system|timezone]
Where timezone is the new and old default resulting in adding "leapsectz right/UTC"
to chrony.conf. The most prominent new option is "smear" which will add
leapsecmode slew
maxslewrate 1000
smoothtime 400 0.001 leaponly
to chrony.
See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for
additional information
|
|
T5961: Fix QoS policy shaper class match vif
|
|
If we have QoS policy shaper class match `vif` (VLAN) we have to
use `basic match "meta(vlan mask 0xfff eq xxx)` instead of
`action policy`
Actual incorrect TC filter:
tc filter add dev eth1 parent 1: protocol all prio 1 action police rate 100000000 burst 15k flowid 1:64
The correct TC filter after fix:
tc filter add dev eth1 parent 1: protocol all prio 1 basic match "meta(vlan mask 0xfff eq 100)" flowid 1:64
|
|
T5964: add missing imports for is_wwan_connected()
|
