Age | Commit message (Collapse) | Author |
|
Keys are not allowed with ipip and sit tunnels
(cherry picked from commit 7e84566dedfdc532ffe05b404005daa6f21df567)
|
|
Several scripts imported by vyos-configd (including
src/conf_mode/protocols_static.py) rely on argv for operating on VRFs.
Always setting script.argv in src/services/vyos-configd ensures those
scripts will operate on the default VRF when called with no arguments.
Otherwise, a stale argv might cause those scripts to operate on the last
modified VRF instead of the default VRF.
(cherry picked from commit 3341c591ad1190f39ff3ffd475eddf5d95aef763)
|
|
Commit 8d47a10b ("nipsec: T3093: Delete temporarily generated code") removed
the new IPSec implementation, but it also dropped a required file from the
Makefile.
The node.def file is already shipped in vyatta-cfg-vpn and thus must be removed.
|
|
nipsec: T3093: Delete temporarily generated code
|
|
This code was generated before to rewrite IPSec to XML style
And this was rewriten/fixed and used in the next 1.4 releases
So we realy don't need it in 1.3 as we use old nodes for it.
|
|
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius:
T3192: migrate to get_config_dict()") the user-name was not excluded
from mangling (no_tag_node_value_mangle=True).
This resulted in a username "vyos-user" from CLI to be actually created as
"vyos_user" on the system.
This commit also adds respective Smoketests to prevent this in the future.
(cherry picked from commit 658de9ea0fbe91e593f9cf0a8c434791282af100)
|
|
sstp-server: T2661: Delete CA certificate redundancy check
|
|
Commit 9f20bee81c ("T1376: improve show_dhcp and show_dhcpv6") added the tab
completion helper to list the availbale IP pools to query. This was done by
calling a python script which then called cli-shell-api which resulted in a
penalty by the Python interpreter startup.
This can be solved by directly using the cli-shell-api wrapper available
as <path> in op-mode - as also seen for DHCPv6.
(cherry picked from commit b1ff7baaf3c52c8c364955632fcece2da7033b10)
|
|
|
|
pptp-server: T3790: Change ippool priority and define gw-ip-address
|
|
(cherry picked from commit 514da738173696c70440c959b9d7ec9afd77fbae)
|
|
(cherry picked from commit bbe0deda9bfcfd4116c44b42156a628de8400b48)
|
|
|
|
Commit 29082959 ("ethernet: T3163: only change ring-buffer settings if
required") added a delta-check code for the ring buffer values, unfortunately
this was never properly evaluated as str() and int() got compared resulting
always in an unequal result.
(cherry picked from commit 6c280b1ca52c8f2a80bbaea52aa3e09060af04b3)
|
|
It makes no sense to have a parser for the ethtool values in ethtool.py
and ethernet.py - one instance ios more then enough!
(cherry picked from commit 0229645c8248decb5664056df8aa5cd5dff41802)
|
|
(cherry picked from commit 8834c22dc3f5758c1d2364579acc428cfc0fe650)
|
|
Only update the RX/TX ring-buffer settings if they are different from the ones
currently programmed to the hardware. There is no need to write the same value
to the hardware again - this could cause traffic disruption on some NICs.
(cherry picked from commit 29082959e0efc02462fba8560d6726096e8743e9)
|
|
It makes no sense to have a parser for the ethtool value sin ethtool.py
and ethernet.py - one instance ios more then enough!
(cherry picked from commit 6f5fb5c503b5df96d0686002355da3633b1fc597)
|
|
Not all interface drivers have the ability to change the speed and duplex
settings. Known drivers with this limitation are vmxnet3, virtio_net and
xen_netfront. If this driver is detected, an error will be presented to the
user.
(cherry picked from commit cc742d48579e4f76e5d3230d87e22f71f76f9301)
|
|
Ethernet adapters have a discrete set of available speed and duplex settings.
Instead of passing every value down to ethtool and let it decide, we can do
this early in the VyOS verify() function for ethernet interfaces.
(cherry picked from commit 91892e431349ca0edb5e3e3023e4f340ab9b777f)
|
|
This makes understanding the code easier what is "really" called without
opening the man page.
(cherry picked from commit a086dc2c429aea9614ac7a9c735c6475c2d6da59)
|
|
SSH keys used for remote login are supplied as base64 encoded data on the CLI.
The key is not validated, thus an invalid copy/pasted key will render the login
useless. This commit adds a custom and re-usable validator which check if the
data is properly base64 encoded.
(cherry picked from commit 00efce716912680354d47a2dca9769cd8c5c89ae)
|
|
interface: T3782: Fix unexpected delete qdisc rule
|
|
Some tc qdisc rules are generated by old perl code
It prevent to unexpected override this code by python.
|
|
(cherry picked from commit 5c29377fa91595088118419275f6d05b1fbfbd1d)
|
|
Deprecated in the Linux Kernel by commit 08a00fea6de277df12ccfadc21 ("net:
Remove references to NETIF_F_UFO from ethtool.").
|
|
An analysis of the code base from VyOS 1.2 -> 1.3 -> 1.4 revealed the following
"root-cause"
VyOS 1.2 uses the "old" node.def file format for:
* Generic Segmentation Offloading
* Generic Receive Offloading
So if any of the above settings is available on the configuration CLI, the
node.def file will be executed - this is how it works.
By default, this CLI option is not enabled in VyOS 1.2 - but the Linux Kernel
enables offloading "under the hood" by default for GRO, GSO... which will boost
the performance for users magically.
With the rewrite in VyOS 1.3 of all the interface related code T1579, and
especially T1637 this was moved to a new approach. There is now only one handler
script which is called whenever a user changes something under the interfaces
ethernet tree. The Full CLI configuration is assembled by get_interface_dict() -
a wrapper for get_config_dict() which abstracts and works for all of our
interface types - single source design.
The problem now comes into play when the gathered configuration is actually
written to the hardware, as there is no GSO, GRO or foo-offloading setting
defined - we behave as instructed and disable the offloading.
So the real bug originates from VyOS 1.2 and the old Vyatta codebase, but the
recent XML Python rewrites brought that one up to light.
Solution:
A configuration migration script will be provided starting with VyOS 1.3 which
will read in the CLI configuration of the ethernet interfaces and if not
enabled, will query the adapter if offloading is supported at all, and if so,
will enable the CLI nodes.
One might say that this will "blow" the CLI configuration but it only represents
the truth - which was masked in VyOS 1.2.
|
|
option
Commit 31169fa8 ("vyos.ifconfig: T3619: only set offloading options if
supported by NIC") added a warning for the user if an offload option was about
to change that was not possible at all (harware limit).
Unfortunately the warning was even displayed if nothing was done at all. This
got corrected.
(cherry picked from commit ce784a9fcb7199f87949f17777b7b736227c85b3)
|
|
(cherry picked from commit 50364a4b7a9de85fe59a6a4fb611bafb64c9f7f0)
|
|
Add a new method which supports checking if the desired speed and duplex
setting is actually supported by the underlaying network interface card.
>>> from vyos.ethtool import Ethtool
>>> tmp = Ethtool('eth0')
>>> tmp.check_speed_duplex('100', 'full')
False
>>> tmp.check_speed_duplex('1000', 'full')
True
(cherry picked from commit 147f655a69cd9526cd23f51ab18027cb5abc95b2)
|
|
(cherry picked from commit 324aa9598c7d90efc917a00447380f985553b657)
|
|
Commit d22f97af ("vyos.ethtool: T3163: rename unused methods for offload
validation") reworked the entire class on how data should be presented to the
user, but forgot to drop the is_fixed_lro() method.
(cherry picked from commit eac8915413cedce089234fdbef57ad25da208eec)
|
|
(cherry picked from commit 80ee5233aa8245ded09d04f2618a580d5dcc6b46)
|
|
(cherry picked from commit 794f193d11c8c1b5fed78f4e40280480446ab593)
|
|
interfaces: T3777: Does not delete empty eui64 address
|
|
Check eui64_old value before deleting
It can be empty or not ipv6 address.
|
|
In the past we always told ethtool to change the offloading settings, even if
this was not supported by the underlaying driver.
This commit will only change the offloading options if they differ from the
current state of the NIC and only if it's supported by the NIC. If the NIC does
not support setting the offloading options, a message will be displayed
for the user:
vyos@vyos# set interfaces ethernet eth2 offload gro
vyos@vyos# commit
[ interfaces ethernet eth2 ]
Adapter does not support changing large-receive-offload settings!
(cherry picked from commit 31169fa8a763e36f6276632139da46b1aca3a7af)
|
|
(cherry picked from commit d22f97af23abb5c12f8ea79c50fdda7ee0a3832d)
|
|
|
|
Migrate back to old iptables NAT implementation as we can not use nft which
requires Kernel 5.10 for proper prefix translation support. Kernel 5.10
unfortunately breaks with Intel QAT :(
|
|
FRR: op-mode: T3776: rename "restart frr <daemon>" to "restart <daemon>"
|
|
This commit adds configurations usable for "make testc" that are known to be
good on VyOS 1.2 installations - thus they must work on 1.3.
|
|
(cherry picked from commit dbe406c8b0d174f7ef3f80d189521cddd6cca5ef)
|
|
|
|
As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4
(required by T3417) it makes sense to synchronize the CLI configuration for
both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse
the userbase already with a brand new feature.
As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards,
this is the perfect time.
|
|
Partial backport of commit 421fa38445a, this is required to backport the
complete IS-IS functionality from current.
|
|
(cherry picked from commit d9d923ea4e0bbe0cc154dc2fbdd626585b5d7449)
|
|
(cherry picked from commit 059307f924c604eb2bdeab19a2db8ce6d8e09f90)
|
|
|
|
The current command to restart any of the FRR processes is:
vyos@vyos:~$ restart frr
Possible completions:
<Enter> Execute the current command
bfdd Restart Bidirectional Forwarding Detection daemon
bgpd Restart Border Gateway Protocol daemon
ospf6d Restart OSPFv3 daemon
ospfd Restart OSPFv2 daemon
ripd Restart Routing Information Protocol daemon
ripngd Restart RIPng daemon
staticd Restart Static Route daemon
zebra Restart IP routing manager daemon
From a real-life example: Two engineers needed 5 minutes to figure it is under
"restart frr" - that is why this commit drops the artificial "frr" level on the
op-mode commands to restart routing protocol daemons.
It's less intuitive to have "restart frr ospfd" or "restart frr bgpd" compared
to "restart ospf" and "restart bgp" - we have the same for "restart ssh" or
"restart snmp" and not "restart openssh sshd".
This commit also drops the d (daemon) suffix of the op-mode comamands so the
commands align with the VyOS CLI, else there would be a miss-understanding from
ospf6d to ospfv3.
|