summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-09-02tunnel: T3788: Add check keys for ipip and sitViacheslav
Keys are not allowed with ipip and sit tunnels (cherry picked from commit 7e84566dedfdc532ffe05b404005daa6f21df567)
2021-09-02configd: T3694: always set script.argvBrandon Stepler
Several scripts imported by vyos-configd (including src/conf_mode/protocols_static.py) rely on argv for operating on VRFs. Always setting script.argv in src/services/vyos-configd ensures those scripts will operate on the default VRF when called with no arguments. Otherwise, a stale argv might cause those scripts to operate on the last modified VRF instead of the default VRF. (cherry picked from commit 3341c591ad1190f39ff3ffd475eddf5d95aef763)
2021-09-02Makefile: remove vpn/ipsec/node.def file as it's emptyChristian Poessinger
Commit 8d47a10b ("nipsec: T3093: Delete temporarily generated code") removed the new IPSec implementation, but it also dropped a required file from the Makefile. The node.def file is already shipped in vyatta-cfg-vpn and thus must be removed.
2021-09-02Merge pull request #990 from sever-sever/T3093Christian Poessinger
nipsec: T3093: Delete temporarily generated code
2021-09-02nipsec: T3093: Delete temporarily generated codeViacheslav
This code was generated before to rewrite IPSec to XML style And this was rewriten/fixed and used in the next 1.4 releases So we realy don't need it in 1.3 as we use old nodes for it.
2021-09-02login: T3792: bugfix for usernames containing a hyphenChristian Poessinger
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius: T3192: migrate to get_config_dict()") the user-name was not excluded from mangling (no_tag_node_value_mangle=True). This resulted in a username "vyos-user" from CLI to be actually created as "vyos_user" on the system. This commit also adds respective Smoketests to prevent this in the future. (cherry picked from commit 658de9ea0fbe91e593f9cf0a8c434791282af100)
2021-09-02Merge pull request #989 from DmitriyEshenko/1x-equuleus-02092021-03Christian Poessinger
sstp-server: T2661: Delete CA certificate redundancy check
2021-09-02op-mode: T1376: speed up tab-completion for DHCP pool listingChristian Poessinger
Commit 9f20bee81c ("T1376: improve show_dhcp and show_dhcpv6") added the tab completion helper to list the availbale IP pools to query. This was done by calling a python script which then called cli-shell-api which resulted in a penalty by the Python interpreter startup. This can be solved by directly using the cli-shell-api wrapper available as <path> in op-mode - as also seen for DHCPv6. (cherry picked from commit b1ff7baaf3c52c8c364955632fcece2da7033b10)
2021-09-02sstp-server: T2661: Delete CA certificate redundancy checkDmitriyEshenko
2021-09-01Merge pull request #987 from DmitriyEshenko/fix01092021-01Christian Poessinger
pptp-server: T3790: Change ippool priority and define gw-ip-address
2021-09-01login: T1948: add missing ssh-public key name regexChristian Poessinger
(cherry picked from commit 514da738173696c70440c959b9d7ec9afd77fbae)
2021-09-01login: T1948: fix username regex - add missing start ^ and end $Christian Poessinger
(cherry picked from commit bbe0deda9bfcfd4116c44b42156a628de8400b48)
2021-09-01pptp-server: T3790: Change ippool priority and define gw-ip-addressDmitriyEshenko
2021-08-31vyos.ethtool: T3163: ring-buffer values should be stored as stringChristian Poessinger
Commit 29082959 ("ethernet: T3163: only change ring-buffer settings if required") added a delta-check code for the ring buffer values, unfortunately this was never properly evaluated as str() and int() got compared resulting always in an unequal result. (cherry picked from commit 6c280b1ca52c8f2a80bbaea52aa3e09060af04b3)
2021-08-31vyos.ethtool: T3163: purify code to read and change flow-control settingsChristian Poessinger
It makes no sense to have a parser for the ethtool values in ethtool.py and ethernet.py - one instance ios more then enough! (cherry picked from commit 0229645c8248decb5664056df8aa5cd5dff41802)
2021-08-31op-mode: "show interfaces ethernet eth0 physical" should display ring-buffersChristian Poessinger
(cherry picked from commit 8834c22dc3f5758c1d2364579acc428cfc0fe650)
2021-08-31ethernet: T3163: only change ring-buffer settings if requiredChristian Poessinger
Only update the RX/TX ring-buffer settings if they are different from the ones currently programmed to the hardware. There is no need to write the same value to the hardware again - this could cause traffic disruption on some NICs. (cherry picked from commit 29082959e0efc02462fba8560d6726096e8743e9)
2021-08-31vyos.ethtool: T3163: purify code to read current speed and duplex settingsChristian Poessinger
It makes no sense to have a parser for the ethtool value sin ethtool.py and ethernet.py - one instance ios more then enough! (cherry picked from commit 6f5fb5c503b5df96d0686002355da3633b1fc597)
2021-08-31ethernet: T2241: check if interface supports changing speed/duplex settingsChristian Poessinger
Not all interface drivers have the ability to change the speed and duplex settings. Known drivers with this limitation are vmxnet3, virtio_net and xen_netfront. If this driver is detected, an error will be presented to the user. (cherry picked from commit cc742d48579e4f76e5d3230d87e22f71f76f9301)
2021-08-31ethernet: T3514: bail out early on invalid adapter speed/duplex settingChristian Poessinger
Ethernet adapters have a discrete set of available speed and duplex settings. Instead of passing every value down to ethtool and let it decide, we can do this early in the VyOS verify() function for ethernet interfaces. (cherry picked from commit 91892e431349ca0edb5e3e3023e4f340ab9b777f)
2021-08-31vyos.ethtool: T3163: use long option names when calling the ethtool binrayChristian Poessinger
This makes understanding the code easier what is "really" called without opening the man page. (cherry picked from commit a086dc2c429aea9614ac7a9c735c6475c2d6da59)
2021-08-31ssh: T3789: add custom validator for base64 encoded CLI dataChristian Poessinger
SSH keys used for remote login are supplied as base64 encoded data on the CLI. The key is not validated, thus an invalid copy/pasted key will render the login useless. This commit adds a custom and re-usable validator which check if the data is properly base64 encoded. (cherry picked from commit 00efce716912680354d47a2dca9769cd8c5c89ae)
2021-08-31Merge pull request #985 from sever-sever/T3782-equChristian Poessinger
interface: T3782: Fix unexpected delete qdisc rule
2021-08-31interface: T3782: Fix unexpected delete qdisc ruleViacheslav
Some tc qdisc rules are generated by old perl code It prevent to unexpected override this code by python.
2021-08-30tunnel: T3786: Add checks for source any and not keyViacheslav
(cherry picked from commit 5c29377fa91595088118419275f6d05b1fbfbd1d)
2021-08-30ethernet: T3787: remove deprecated UDP fragmentation offloading optionChristian Poessinger
Deprecated in the Linux Kernel by commit 08a00fea6de277df12ccfadc21 ("net: Remove references to NETIF_F_UFO from ethtool.").
2021-08-30ethernet: T3619: fix VyOS 1.2 -> 1.3 performance degradationChristian Poessinger
An analysis of the code base from VyOS 1.2 -> 1.3 -> 1.4 revealed the following "root-cause" VyOS 1.2 uses the "old" node.def file format for: * Generic Segmentation Offloading * Generic Receive Offloading So if any of the above settings is available on the configuration CLI, the node.def file will be executed - this is how it works. By default, this CLI option is not enabled in VyOS 1.2 - but the Linux Kernel enables offloading "under the hood" by default for GRO, GSO... which will boost the performance for users magically. With the rewrite in VyOS 1.3 of all the interface related code T1579, and especially T1637 this was moved to a new approach. There is now only one handler script which is called whenever a user changes something under the interfaces ethernet tree. The Full CLI configuration is assembled by get_interface_dict() - a wrapper for get_config_dict() which abstracts and works for all of our interface types - single source design. The problem now comes into play when the gathered configuration is actually written to the hardware, as there is no GSO, GRO or foo-offloading setting defined - we behave as instructed and disable the offloading. So the real bug originates from VyOS 1.2 and the old Vyatta codebase, but the recent XML Python rewrites brought that one up to light. Solution: A configuration migration script will be provided starting with VyOS 1.3 which will read in the CLI configuration of the ethernet interfaces and if not enabled, will query the adapter if offloading is supported at all, and if so, will enable the CLI nodes. One might say that this will "blow" the CLI configuration but it only represents the truth - which was masked in VyOS 1.2.
2021-08-30vyos.ifconfig: T3619: only inform user about real offload change for invalid ↵Christian Poessinger
option Commit 31169fa8 ("vyos.ifconfig: T3619: only set offloading options if supported by NIC") added a warning for the user if an offload option was about to change that was not possible at all (harware limit). Unfortunately the warning was even displayed if nothing was done at all. This got corrected. (cherry picked from commit ce784a9fcb7199f87949f17777b7b736227c85b3)
2021-08-30vyos.ethtool: T3163: remove test and debug method get_rx_vlan_offload()Christian Poessinger
(cherry picked from commit 50364a4b7a9de85fe59a6a4fb611bafb64c9f7f0)
2021-08-30vyos.ethtool: T3163: add check_speed_duplex() methodChristian Poessinger
Add a new method which supports checking if the desired speed and duplex setting is actually supported by the underlaying network interface card. >>> from vyos.ethtool import Ethtool >>> tmp = Ethtool('eth0') >>> tmp.check_speed_duplex('100', 'full') False >>> tmp.check_speed_duplex('1000', 'full') True (cherry picked from commit 147f655a69cd9526cd23f51ab18027cb5abc95b2)
2021-08-30vyos.ethtool: T3163: prefix class internal data structures with _Christian Poessinger
(cherry picked from commit 324aa9598c7d90efc917a00447380f985553b657)
2021-08-30vyos.ethtool: T3163: drop obsoleted is_fixed_lro() methodChristian Poessinger
Commit d22f97af ("vyos.ethtool: T3163: rename unused methods for offload validation") reworked the entire class on how data should be presented to the user, but forgot to drop the is_fixed_lro() method. (cherry picked from commit eac8915413cedce089234fdbef57ad25da208eec)
2021-08-30config: T2941: ignore unicode characters, e.g., in description fieldJohn Estabrook
(cherry picked from commit 80ee5233aa8245ded09d04f2618a580d5dcc6b46)
2021-08-29xml: add missing "u32:" value declarator on integer rangesChristian Poessinger
(cherry picked from commit 794f193d11c8c1b5fed78f4e40280480446ab593)
2021-08-29Merge pull request #981 from sever-sever/T3777Christian Poessinger
interfaces: T3777: Does not delete empty eui64 address
2021-08-29interfaces: T3777: Does not delete empty eui64 addressViacheslav
Check eui64_old value before deleting It can be empty or not ipv6 address.
2021-08-28vyos.ifconfig: T3619: only set offloading options if supported by NICChristian Poessinger
In the past we always told ethtool to change the offloading settings, even if this was not supported by the underlaying driver. This commit will only change the offloading options if they differ from the current state of the NIC and only if it's supported by the NIC. If the NIC does not support setting the offloading options, a message will be displayed for the user: vyos@vyos# set interfaces ethernet eth2 offload gro vyos@vyos# commit [ interfaces ethernet eth2 ] Adapter does not support changing large-receive-offload settings! (cherry picked from commit 31169fa8a763e36f6276632139da46b1aca3a7af)
2021-08-28vyos.ethtool: T3163: rename unused methods for offload validationChristian Poessinger
(cherry picked from commit d22f97af23abb5c12f8ea79c50fdda7ee0a3832d)
2021-08-27smoketest: nat: T3781: temporary disable testcaseChristian Poessinger
2021-08-26nat: T3781: do not ship the nftables implementation - fallback to vyatta-natChristian Poessinger
Migrate back to old iptables NAT implementation as we can not use nft which requires Kernel 5.10 for proper prefix translation support. Kernel 5.10 unfortunately breaks with Intel QAT :(
2021-08-26Merge pull request #978 from c-po/t3776-frr-restartChristian Poessinger
FRR: op-mode: T3776: rename "restart frr <daemon>" to "restart <daemon>"
2021-08-26smoketest: config: add example configs from current branchChristian Poessinger
This commit adds configurations usable for "make testc" that are known to be good on VyOS 1.2 installations - thus they must work on 1.3.
2021-08-26smoketest: config: drop empty newline at EOF for "isis-small" testChristian Poessinger
(cherry picked from commit dbe406c8b0d174f7ef3f80d189521cddd6cca5ef)
2021-08-25smoketest: config: add tunnel-broker configurationChristian Poessinger
2021-08-25isis: T3779: backport entire 1.4 (current) featuresetChristian Poessinger
As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4 (required by T3417) it makes sense to synchronize the CLI configuration for both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse the userbase already with a brand new feature. As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards, this is the perfect time.
2021-08-25vyos.configverify: add common verify_common_route_maps() functionChristian Poessinger
Partial backport of commit 421fa38445a, this is required to backport the complete IS-IS functionality from current.
2021-08-25frr: T3217: Abbility to save routing configsChristian Poessinger
(cherry picked from commit d9d923ea4e0bbe0cc154dc2fbdd626585b5d7449)
2021-08-25T3773: delete the original "show system integrity" commandDaniil Baturin
(cherry picked from commit 059307f924c604eb2bdeab19a2db8ce6d8e09f90)
2021-08-25op-mode: frr: T1514: add possibility to restart isis daemonChristian Poessinger
2021-08-25op-mode: T3776: drop "frr" level from "restart frr ospfd|bgpd|staticd" commandsChristian Poessinger
The current command to restart any of the FRR processes is: vyos@vyos:~$ restart frr Possible completions: <Enter> Execute the current command bfdd Restart Bidirectional Forwarding Detection daemon bgpd Restart Border Gateway Protocol daemon ospf6d Restart OSPFv3 daemon ospfd Restart OSPFv2 daemon ripd Restart Routing Information Protocol daemon ripngd Restart RIPng daemon staticd Restart Static Route daemon zebra Restart IP routing manager daemon From a real-life example: Two engineers needed 5 minutes to figure it is under "restart frr" - that is why this commit drops the artificial "frr" level on the op-mode commands to restart routing protocol daemons. It's less intuitive to have "restart frr ospfd" or "restart frr bgpd" compared to "restart ospf" and "restart bgp" - we have the same for "restart ssh" or "restart snmp" and not "restart openssh sshd". This commit also drops the d (daemon) suffix of the op-mode comamands so the commands align with the VyOS CLI, else there would be a miss-understanding from ospf6d to ospfv3.