summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-13T5928: Change firewall priority to 319Viacheslav Hletenko
Change the firewall priority to 319, after interface ethernet configuration For example if we use VLANs and the vlan interface must be created before we can use it in the firewall/flowtable The current priority ``` 199 firewall 300 interfaces/dummy 300 interfaces/loopback 300 interfaces/virtual-ethernet 310 interfaces/bridge 310 interfaces/input 318 interfaces/ethernet ... ``` (cherry picked from commit f1dcd2d23f89251b0a96c61f8186002cb0d50d18)
2024-02-13Merge pull request #3001 from vyos/mergify/bp/sagitta/pr-2987Daniil Baturin
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support (backport #2987)
2024-02-13bgp: T6032: add EVPN MAC-VRF Site-of-Origin supportChristian Breunig
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2 domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originated from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs set protocols bgp address-family l2vpn-evpn mac-vrf soo (cherry picked from commit f308df322bd62024e29dd458642cb6bcac8a5ad6)
2024-02-12Merge pull request #2996 from vyos/mergify/bp/sagitta/pr-2993Christian Breunig
ipsec: T5981: Strip '@' from migrated peer PKI name (backport #2993)
2024-02-12ipsec: T5981: Strip '@' from migrated peer namesarthurdev
(cherry picked from commit 8238f8cdae3ae14bd8bd95158c218c45285df478)
2024-02-12Merge pull request #2995 from vyos/mergify/bp/sagitta/pr-2994Christian Breunig
init: T2044: fix "binary operator expected" when two or more RPKI caches are defined (backport #2994)
2024-02-12init: T2044: fix "binary operator expected" when two or more RPKI caches are ↵Christian Breunig
defined Fix commit 9b8e11e07 ("init: T2044: only start rpki if cache is configured") which showed a disturbing error on tty0 after boot that a "binary operator expected" when checking for RPKI caches when multiple results got returned. (cherry picked from commit a5ac522f8c675ee2b2c2f4f08be7c41943632e94)
2024-02-12Merge pull request #2992 from vyos/mergify/bp/sagitta/pr-2991Daniil Baturin
T6019: fix smoketest after upgrading nftables and libnftnl packages. (backport #2991)
2024-02-12T6019: fix smoketest after upgrading nftables and libnftnl packages.Nicolas Fort
(cherry picked from commit f3205d6dd1ea04adecbd8c857c80015ed53f2140)
2024-02-12Merge pull request #2990 from vyos/mergify/bp/sagitta/pr-2980Christian Breunig
srv6: T5849: add segment support to "protocols static route6" (backport #2980)
2024-02-12Merge pull request #2989 from vyos/mergify/bp/sagitta/pr-2986Christian Breunig
bgp: T6010: support setting multiple values for neighbor path-attribute (backport #2986)
2024-02-11srv6: T5849: add segment support to "protocols static route6"Christian Breunig
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z' * set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z' (cherry picked from commit b84f7de453f3951945298d95a8a27345ba7d28c3)
2024-02-11bgp: T6010: support setting multiple values for neighbor path-attributeChristian Breunig
(cherry picked from commit a22e0ee09ff4750de004090f1f55ee75a12dc821)
2024-02-10Merge pull request #2985 from vyos/mergify/bp/sagitta/pr-2983Daniil Baturin
rpki: T6004: add missing startup priority (backport #2983)
2024-02-10Merge pull request #2984 from vyos/mergify/bp/sagitta/pr-2982Daniil Baturin
xml: T5738: improve PKI building blocks for CLI (backport #2982)
2024-02-10rpki: T6004: add missing startup priorityChristian Breunig
(cherry picked from commit 4c2acb970c62478cf1139fcf66b0de341d46f7fc)
2024-02-10xml: T5738: improve PKI building blocks for CLIChristian Breunig
(cherry picked from commit d4278cde2b153e163fe41e1bc461891397336bc3)
2024-02-09Merge pull request #2979 from vyos/mergify/bp/sagitta/pr-2978Christian Breunig
T6028: Fix QoS policy shaper wrong class_id_max and default_minor_id (backport #2978)
2024-02-09T6028: Fix QoS policy shaper wrong class_id_max and default_minor_idViacheslav Hletenko
The `class_id_max` is wrong due to `tmp.sort` of Strings If we have class 5 and class 10 we get sorted max value 5, expected 10 ``` >>> tmp = ['5', '10'] >>> tmp.sort() >>> tmp ['10', '5'] >>> >>> hex(5+1) '0x6' >>> >>> hex(10+1) '0xb' >>> ``` This way we get wrong default maximum class value: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6 ``` Expect: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b ``` Fix this converting Strings to Integers and get max value. (cherry picked from commit 2e8fa45c7f0663549edd118622b3381e7c428b2e)
2024-02-09Merge pull request #2977 from vyos/mergify/bp/sagitta/pr-2967Christian Breunig
T5703: Fix reapply QoS for connection-oriented interfaces (backport #2967)
2024-02-09T5703: Fix reapply QoS for connection-oriented interfacesViacheslav Hletenko
After `disconnect` and `connect` connection-oriented interfaces like PPPoE, QoS policy has to be reapplied (cherry picked from commit ffc6dc28780f4d3e8c548f3709c7f3d17babda68)
2024-02-09Merge pull request #2974 from vyos/mergify/bp/sagitta/pr-2643Daniil Baturin
T5828: fix grub installation on arm64-efi machines (backport #2643)
2024-02-09Merge pull request #2976 from vyos/mergify/bp/sagitta/pr-2975Christian Breunig
https: T5902: fix migration of virtual-host port (backport #2975)
2024-02-09https: T5902: fix migration of virtual-host portChristian Breunig
CLI source node is port and not listen-port. (cherry picked from commit 63d53a17274349fd68defdbf9f7ce16be63fc9b1)
2024-02-09Merge pull request #2973 from vyos/mergify/bp/sagitta/pr-2950Christian Breunig
T5960: Rewritten authentication node in PPTP to a single view (backport #2950)
2024-02-09T5828: fix grub installation on arm64-efi machinesMathew McBride
Since the migration of GRUB handling to vyos-1x, the grub install sequence has hardcoded references to x86. Change the GRUB sequence so it can work on arm64 as well. (cherry picked from commit 37bd574c4e1f49b03f985c4293513ff7107ae82f)
2024-02-09T5960: Rewritten authentication node in PPTP to a single viewaapostoliuk
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication. (cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
2024-02-09Merge pull request #2972 from vyos/mergify/bp/sagitta/pr-2955Christian Breunig
rpki: T6023: add support for CLI knobs expire-interval and retry-interval (backport #2955)
2024-02-08rpki: T6023: add support for CLI knobs expire-interval and retry-intervalChristian Breunig
(cherry picked from commit 17894f6f5d97df7d3ac1cf37ce0e1a96b8fa8e8b)
2024-02-08Merge pull request #2970 from vyos/mergify/bp/sagitta/pr-2968Christian Breunig
T5685: Keepalived VRRP prefix is not necessary for the virtual address (backport #2968)
2024-02-08Merge pull request #2971 from vyos/mergify/bp/sagitta/pr-2969Christian Breunig
T6026: QoS hide attempts to delete qdisc from devices (backport #2969)
2024-02-08T6026: QoS hide attempts to delete qdisc from devicesViacheslav Hletenko
Hide unexpected output by attempts of deleting `qdisc` from interfaces [ qos ] Error: Cannot find specified qdisc on specified device. Error: Cannot delete qdisc with handle of zero. (cherry picked from commit 6dcb68ba5553ac94eb3a9da4a915999500b00ab2)
2024-02-08T5685: Keepalived VRRP prefix is not necessary for the virtual addressNataliia Solomko
(cherry picked from commit 1cb52f758cec78b9ac19f47448064b8e9e722b67)
2024-02-08Merge pull request #2964 from vyos/mergify/bp/sagitta/pr-2952Daniil Baturin
vrf: T5973: module is now statically compiled into the kernel (backport #2952)
2024-02-08Merge pull request #2963 from vyos/mergify/bp/sagitta/pr-2957Daniil Baturin
bgp: T6024: add additional missing FRR features (backport #2957)
2024-02-07Merge pull request #2962 from vyos/mergify/bp/sagitta/pr-2959Viacheslav Hletenko
init: T2044: only start rpki if cache is configured (backport #2959)
2024-02-07init: T2044: only start rpki if cache is configuredChristian Breunig
This extends commit 9199c87cf ("init: T2044: always start/stop rpki during system boot") to check the bootup configuration if an RPKI cache is defined. Only start RPKI if this is the case. (cherry picked from commit 9b8e11e078c42e3ae86ebfa45fec57336f25a0af)
2024-02-07vrf: T5973: module is now statically compiled into the kernelChristian Breunig
Always enable VRF strict_mode (cherry picked from commit 117fbcd6237b59f54f2c1c66986a8ce073808c84)
2024-02-07bgp: T6024: add additional missing FRR featuresChristian Breunig
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null> * set protocols bgp parameters allow-martian-nexthop * set protocols bgp parameters no-hard-administrative-reset" (cherry picked from commit fff6004d46c5b939800fc3e61fe2102224625c0d)
2024-02-07Merge pull request #2961 from vyos/mergify/bp/sagitta/pr-2960Christian Breunig
xml: T302: replace references to Quagga with FRRouting (backport #2960)
2024-02-07Merge pull request #2958 from vyos/mergify/bp/sagitta/pr-2944Christian Breunig
vpn: T3843: l2tp configuration not cleared after delete (backport #2944)
2024-02-07xml: T302: replace references to Quagga with FRRoutingChristian Breunig
(cherry picked from commit 1c882769cc0627cfc1ebf5ab7c338c6c474456da)
2024-02-07vpn: T3843: l2tp configuration not cleared after deletekhramshinr
vpn: T5926: IPSEC does not apply after l2tp configuration was changed added dependency between l2tp and ipsec conf added test for apply config to swanctl (cherry picked from commit e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5)
2024-02-07Merge pull request #2956 from vyos/mergify/bp/sagitta/pr-2953Christian Breunig
T6021: Fix QoS shaper r2q calculation (backport #2953)
2024-02-07T6021: Fix QoS shaper r2q calculationViacheslav Hletenko
The current calculation `r2q` is wrong as it uses `Floor division` but expecting `division` This way `math.ceil` calculate wrong value as we expect round a number upward to its nearest integer For example for speed 710 mbits expected value `444` but we get `443` ``` from math import ceil MAXQUANTUM = 200000 speed = 710000000 speed_bps = int(speed) // 8 >>> speed_bps // MAXQUANTUM 443 >>> speed_bps / MAXQUANTUM 443.75 >>> >>> >>> ceil(speed_bps // MAXQUANTUM) 443 >>> ceil(speed_bps / MAXQUANTUM) 444 >>> ``` (cherry picked from commit ce1035e1e8642bf740e2a21693a72fe2127b8f72)
2024-02-06Merge pull request #2948 from vyos/mergify/bp/sagitta/pr-2941Christian Breunig
image-tools: T6016: wait for umount in cleanup function (backport #2941)
2024-02-06Merge pull request #2947 from vyos/mergify/bp/sagitta/pr-2946Christian Breunig
T5921: Fix OpenConnect verify for local users (backport #2946)
2024-02-06image-tools: T6016: wait for umount in cleanup functionJohn Estabrook
(cherry picked from commit d80530c48a78dfeb55293494a257f6234b0ef76d)
2024-02-06T5921: Fix OpenConnect verify for local usersViacheslav Hletenko
Fix verify error for the VPN OpenConnect configuration with local authentication and without any user File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 94, in verify if not ocserv["authentication"]["local_users"]: KeyError: 'local_users' (cherry picked from commit 71644dfed63f6248525db3c3bc9493c059707a2a)
2024-02-06Merge pull request #2942 from srividya0208/debug-ipsecViacheslav Hletenko
op-mode:T6015:Fix for charon file generated by ipsec debug script