summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-03-15bonding: T4301: Fixed arp-monitor optionzsdc
In verify function for arp-monitor option was used by mistake an extra conversion for incoming data before comparing items. This commit removed these unnecessary conversions and makes the option operable.
2022-03-14Merge pull request #1247 from nicolas-fort/T4286Christian Poessinger
Firewall: T4286: Correct ipv6-range validator
2022-03-13bgp: T4290: Add verify source-interface for none ip neighborViacheslav Hletenko
When we use neighbor as interface we must not use option 'source-interface' for example: neighbor eth0 source-interface eth0 Such option can be used for IP/IPv6 neighbors
2022-03-12Firewall: T4286: Correct ipv6-range validatorNicolas Fort
2022-03-12Merge branch 'T2493-nexthop-unchanged' of https://github.com/plett/vyos-1x ↵Christian Poessinger
into current * 'T2493-nexthop-unchanged' of https://github.com/plett/vyos-1x: policy: T2493 ip-next-hop unchanged & peer-address
2022-03-12Merge pull request #1241 from zdc/T4250-sagittaChristian Poessinger
logrotate: T4250: Fixed logrotate config generation
2022-03-12Merge pull request #1246 from sever-sever/T4265Christian Poessinger
bgp: T4265: Add op-mode for bgp flowspec routes
2022-03-11bgp: T4265: Add op-mode for bgp flowspec routesViacheslav Hletenko
2022-03-11Merge pull request #1245 from dberlin/patch-1Christian Poessinger
[Ethtool] T4297: Update drivers supporting speed/flow/duplex
2022-03-11[Ethtool] T4297: Update drivers supporting speed/flow/duplexDaniel Berlin
The iavf, ice, and i40e drivers do not support speed, flow, or duplex control using ethtool. As a result, interface configuration changes fail to commit when using those drivers. This patch fixes that by correctly marking those drivers as not supporting those controls.
2022-03-10Revert "component_version: T4291: consolidate read/write functions"John Estabrook
This reverts commit 534f677d36285863decb2cdff179687b4fd690cb. Revert while investigating failure in vyos-configtest.
2022-03-10Revert "save-config: T4292: rewrite vyatta-save-config.pl to Python"John Estabrook
This reverts commit c4d389488970c8510200cac96a67182e9333b891. Revert while investigating failure in vyos-configtest.
2022-03-10Revert "load-config: T4295: use config_tree instead of legacy loadFile"John Estabrook
This reverts commit 2a4b45ba7fa4dabf7e592f499cfb06a7ae38cdea. Revert while investigating failure in vyos-configtest.
2022-03-09policy: T2493 ip-next-hop unchanged & peer-addressPaul Lettington
Also add ipv6-next-hop peer-address
2022-03-09load-config: T4295: use config_tree instead of legacy loadFileJohn Estabrook
2022-03-08save-config: T4292: rewrite vyatta-save-config.pl to PythonJohn Estabrook
2022-03-08component_version: T4291: consolidate read/write functionsJohn Estabrook
2022-03-07Merge pull request #1240 from srividya0208/T4275Christian Poessinger
ipsec prefix: T4275: Fix for prefix val_help of remote-access and s2s vpn
2022-03-07logrotate: T4250: Fixed logrotate config generationzsdc
* Removed `/var/log/auth.log` and `/var/log/messages` from `/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled items what leads to service error. * Removed generation config file for `/var/log/messages` from `system-syslog.py` - this should be done from `syslom logs` now. * Generate each logfile from `system syslog file` to a dedicated logrotate config file. * Fixed logrotate config file names in `/etc/rsyslog.d/vyos-rsyslog.conf`. * Added default logrotate settins for `/var/log/messages`
2022-03-07ipsec prefix: T4275: Fix for prefix val_help of remote-access and s2s vpnsrividya0208
It accepts network as the input value but the completion help is showing ip address, continuation of previous commit
2022-03-06smoketest: config: add "recent" firewall rule to dialup-routerChristian Poessinger
2022-03-05flow-accounting: T4277: delete Debian common configsChristian Poessinger
2022-03-05conntrackd: T4259: fix daemon configuration pathChristian Poessinger
2022-03-05conntrackd: T4259: prevent startup of multiple daemon instancesChristian Poessinger
2022-03-04op-mode: lldp: T3999: bugfix cap' referenced before assignmentChristian Poessinger
2022-03-04interface: T4203: bugfix Q-in-Q interface parsingChristian Poessinger
Commit 0e23fc10 ("interface: T4203: switch to new recursive node_changed() implementation") switched to a new implementation to retrieve nested changes under a CLI node. Unfortunately the new API was not called - instead the old one was used.
2022-03-03static: T4283: support "reject" routes - emit an ICMP unreachable when matchedChristian Poessinger
2022-03-03static: T4283: create re-usable XML interface definitions for blackholeChristian Poessinger
2022-03-03static: T4283: fix help string for route/route6Christian Poessinger
2022-03-03interface: T4203: switch to new recursive node_changed() implementationChristian Poessinger
2022-03-03Merge pull request #1239 from jestabro/recursive-diffJohn Estabrook
configdiff: T4260: add support for diff_tree class
2022-03-02configdiff: T4260: add support for diff_tree classJohn Estabrook
Add support for the configtree diff algorithm. A new function ConfigDiff().is_node_changed(path) -> bool is added to recursively detect changes in the tree below the node at path; existing functions take the keyword argument 'recursive: bool' to apply the algorithm in place of the existing, non-recursive, comparison.
2022-03-01Merge pull request #1238 from jestabro/delete-treeJohn Estabrook
T4235: changes to interface of diff_tree class
2022-03-01flow-accounting: T4277: support sending flow-data via VRF interfaceChristian Poessinger
It should be possible to send the gathered data via a VRF bound interface to the collector. This is somehow related to T3981 but it's the opposite side of the netflow process. set system flow-accounting vrf <name>
2022-02-28Merge pull request #1237 from srividya0208/T4275Christian Poessinger
ipsec prefix: T4275: Incorrect val_help for local/remote prefix in site-to-site ipsec vpn
2022-02-28configtree: T4235: distinguish sub(-tract) tree from delete treeJohn Estabrook
The DiffTree class maintains both the 'sub'(-tract) configtree, containing all paths in the LHS of the comparison that are not in the RHS, and the 'delete' configtree: the delete tree is the minimal subtree containing only the first node of a path not present in the RHS. It is the delete tree that is needed to produce 'delete' commands for config mode, whereas the 'sub' tree contains full information, needed for recursively detecting changes to a node.
2022-02-28configtree: T4235: allow empty argumentsJohn Estabrook
2022-02-28configtree: T4235: simplification of diff_tree classJohn Estabrook
The return value of diff_tree is now a single config_tree, with initial children of names: ["add", "delete", "inter"] containing the config sub-trees of added paths; deleted paths; and intersection, respectively. The simplifies dumping to json, and checking existence of paths, hence, of node changes.
2022-02-28configtree: T4235: add utility get_subtreeJohn Estabrook
2022-02-28ipsec prefix: T4275: Incorrect val_help for local/remote prefixsrividya0208
It accepts network as the input value but the completion help is showing ip address
2022-02-28open-connect: T4274: extend RADIUS authentication timeoutRageLtMan
RADIUS authentication can be handled by a variety of mechanisms, including proxy for 2FA systems requiring user interaction with a separate device, token acquisition, or other time-consuming action. Given the delays required for certain 2FA implementations, a thirty second timeout can range from onerous to untenable. Accomodate the 2FA time requirements by extending the hard-coded RADIUS time limit from 30 seconds to 240. Co-authored-by: RageLtMan <rageltman [at] sempervictus>
2022-02-28ssh: T4273: bugfix cipher and key-exchange multi nodesChristian Poessinger
After hardning the regex validator to be preceeded with ^ and ending with $ it was no longer possible to have a comma separated list as SSH ciphers. The migrations cript is altered to migrate the previous comma separated list to individual multi node entries - cipher and key-exchange always had been multinodes - so this just re-arranges some values and does not break CLI compatibility
2022-02-26lldp: T4272: minor bugfix in Jinja2 template for locationChristian Poessinger
2022-02-26smoketest: lldp: add testcaseChristian Poessinger
(cherry picked from commit 2fd5eea801bb524c12217c26d98c44a819b2086e)
2022-02-26lldp: T4272: migrate to get_config_dict()Christian Poessinger
2022-02-25nat: T1083: use defaultValue from XML when handling translationsChristian Poessinger
2022-02-25smoketest: zone-policy: use setUpClass() over setUp()Christian Poessinger
2022-02-25zone-policy: T2199: bugfix defaultValue usageChristian Poessinger
Instead of hardcoding the default behavior inside the Jinaj2 template, all defaults are required to be specified inside teh XML definition. This is required to automatically render the appropriate CLI tab completion commands.
2022-02-25vpn: ipsec: T3093: add missing defaultValue entriesChristian Poessinger
2022-02-25monitoring: T3872: re-use "port" building block from port-number.xml.iChristian Poessinger