summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-03-23bgp: T6106: Valid commit error for route-reflector-client option defined in ↵khramshinr
peer-group handle vtysh bgp error (cherry picked from commit 6fa72591972618f02ac1c66c084a99e006ce18f3)
2024-03-23Merge pull request #3174 from vyos/mergify/bp/sagitta/pr-3173Christian Breunig
vyos.configverify: T6131: verify_interface_exists() checks CLI interfaces, too (backport #3173)
2024-03-23vyos.configverify: T6131: verify_interface_exists() checks CLI interfaces, tooChristian Breunig
Extend the way how we determine if interfaces exist in VyOS. In the past we only validated if the interface in question really exists at the OS level. This has some drawbacks as services (like OSPF or OSPFv3) can also handle interfaces dynamically which appear or leaf the OS. This commit not only checks for OS interfaces but also if the interface in question was configured at the CLI level, this is proof enough to pass the check. If it does not exist at the CLI level, we continue searching it it's maybe a Kernel interface - useful for container networks. In addition we can now not only raise() an error but simply show a warning if an interface does not exist. (cherry picked from commit f7250ecf1d119f14d72f99ee379deaaae0790f0e)
2024-03-22Merge pull request #3170 from vyos/mergify/bp/sagitta/pr-3169Viacheslav Hletenko
isis: T6160: NameError: name 'process' is not defined (backport #3169)
2024-03-22isis: T6160: NameError: name 'process' is not definedChristian Breunig
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain" node identifying the IS-IS process name). Drop all references to "process" variable. Specifying: set protocols isis interface eth1 set protocols isis net '49.0001.1921.6825.5255.00' set protocols isis redistribute ipv4 bgp Triggered an exception Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module> verify(c) File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify f'"protocols isis {process} redistribute {afi} {proto}"!') ^^^^^^^ NameError: name 'process' is not defined (cherry picked from commit 78212414e085d6261a32015553eb3e407f77792f)
2024-03-22Merge pull request #3166 from vyos/mergify/bp/sagitta/pr-3153Christian Breunig
policy: T6130: Revert commit 960cace (backport #3153)
2024-03-22policy: T6130: Revert commit 960caceaapostoliuk
This reverts commit 960cace189d7ace2bea0968646b1348b415e0363. All community rules syntax was changed. T5357 is invalid bug report. VyOS cannot use new configuration syntax in the previous versions. (cherry picked from commit 72378c67ef1eee01a06e2f9a194a0870c6a7fdd2)
2024-03-21vti: T6085: interface is always down and only enabled by IPSec daemonChristian Breunig
When a VTI interface is just created, it is in ADMIN UP state by default, even if an IPSec peer is not connected. After the peer is disconnected the interface goes to DOWN state as expected. This breaks routing logic - for example, static routes through VTI interfaces will be active even if a peer is not connected. This changes to logic so ADMIN UP/DOWN state can only be changed by the vti-up-down helper script. Error was introduced during the Perl -> Python migration and move to the generic vyos.ifconfig abstraction during the 1.4 development cycle. (cherry picked from commit 9eb018c4935235d292d7c693ac15da5761be064a)
2024-03-21dhcp: T5164: op cmd: "show dhcp server leases state" with available options ↵khramshinr
does not show any result
2024-03-21Merge pull request #3160 from vyos/mergify/bp/sagitta/pr-3159Christian Breunig
conntrack: T6147: Enable conntrack when firewall state-policy is defined (backport #3159)
2024-03-21Merge pull request #3161 from vyos/mergify/bp/sagitta/pr-3158Christian Breunig
bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filtering (backport #3158)
2024-03-21bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filteringChristian Breunig
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType value of 0x88A8 is required. Reusing CLI command from VIF-S (QinQ) interfaces: set interfaces bridge br0 protocol 802.1ad (cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
2024-03-21conntrack: T6147: Enable conntrack when firewall state-policy is definedsarthurdev
* Move global state-policy smoketest to it's own test, verify conntrack (cherry picked from commit 62bda3b082a79c2f31483dba5bfeb19464f6dbe2)
2024-03-20Merge pull request #3156 from vyos/mergify/bp/sagitta/pr-3155Christian Breunig
T6143: Increase configurable timeout range for service config-sync (backport #3155)
2024-03-20T6143: Increase configuratble timeout range for service config-syncViacheslav Hletenko
The maximum timeout for the `service config-sync` is 300 seconds (Connection API timeout). It could not be enough for the real massive configurations. Increase the maximum value to 3600 ``` set service config-sync secondary address 192.0.2.1 set service config-sync secondary timeout 3600 ``` (cherry picked from commit 4a90e00a886397d9f4202b78cc8995ed93d40014)
2024-03-20Merge pull request #3154 from vyos/mergify/bp/sagitta/pr-3131Viacheslav Hletenko
qos: T1871: add MTU option when configure limiter traffic-policy (backport #3131)
2024-03-20qos: T1871: add MTU option when configure limiter traffic-policykhramshinr
add mtu to default and specified class update smoke test (cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
2024-03-19Merge pull request #3152 from vyos/mergify/bp/sagitta/pr-3150Daniil Baturin
T6138: Fix op-mode show conntrack table with flowtable offloads (backport #3150)
2024-03-19Merge pull request #3149 from vyos/mergify/bp/sagitta/pr-3146Daniil Baturin
T6136: add error checks when using dynamic firewall groups (backport #3146)
2024-03-19T6138: Fix op-mode show conntrack table with flowtable offloadsViacheslav Hletenko
The op-mode command `show conntrack table ipv4` fails if gets a conntrack entrie with `flowtable` offload. Those entries do not have key `timeout` ``` File "/usr/libexec/vyos/op_mode/conntrack.py", line 115, in get_formatted_output timeout = meta['timeout'] ~~~~^^^^^^^^^^^ ``` Use the timeout `n/a` for those offload conntrack entries (cherry picked from commit a75be3b6814dd39711c157c29405ee6bd83993f5)
2024-03-19Merge pull request #3148 from vyos/mergify/bp/sagitta/pr-3145Viacheslav Hletenko
T6127: Fixed show log firewall for rule with offload (backport #3145)
2024-03-19Merge pull request #3147 from vyos/mergify/bp/sagitta/pr-3143Viacheslav Hletenko
op-mode: T6133: add support to manually trigger commit-archive update (backport #3143)
2024-03-18T6136: add error checks when using dynamic firewall groupsNicolas Fort
(cherry picked from commit e2df1f4929774792c1d4bfb78c2dfa5bdf7f0825)
2024-03-18show log: T6127 - Fixed egrep regex for IPv6l0crian1
(cherry picked from commit d1fb9eddd9017ffbcd9e0d43209700649da2cc57)
2024-03-18show log: T6127 - Fixed egrep regexl0crian1
(cherry picked from commit 326db209ab5c907ddb93f29b484c423c68f1ee36)
2024-03-18show log: T6127 - Fixed egrep regexl0crian1
(cherry picked from commit 1f3df2d63561ea9c6dd64d1d9292920274964ca3)
2024-03-18op-mode: T6133: add support to manually trigger commit-archive updateChristian Breunig
Automatic update of the remote commit-archive could fail under certian circumstances, add an op-mode command to manually trigger the update: cpo@LR1.wue3# run force commit-archive Archiving config... git+https://git.FOOO.de/cpo/vyos-config-backup [edit] (cherry picked from commit 09de453194e9f8e7aa5dcb2e5c8de5a89e82708d)
2024-03-18Merge pull request #3144 from vyos/mergify/bp/sagitta/pr-3132Daniil Baturin
T6121: Extend service config-sync to new sections (backport #3132)
2024-03-18T6121: Extend service config-sync to new sectionsViacheslav Hletenko
Extend `service config-sync` with new sections: - LeafNodes: pki, policy, vpn, vrf (syncs the whole sections) - Nodes: interfaces, protocols, service (syncs subsections) In this cae the Node allows to uses the next level section i.e subsection For example any of the subsection of the node `interfaces`: - set service config-sync section interfaces pseudo-ethernet - set service config-sync section interfaces virtual-ethernet Example of the config: ``` set service config-sync mode 'load' set service config-sync secondary address '192.0.2.1' set service config-sync secondary key 'xxx' set service config-sync section firewall set service config-sync section interfaces pseudo-ethernet set service config-sync section interfaces virtual-ethernet set service config-sync section nat set service config-sync section nat66 set service config-sync section protocols static set service config-sync section pki set service config-sync section vrf ``` (cherry picked from commit 25b611f504521181f85cb4460bfdfd702c377b5e)
2024-03-17Merge pull request #3142 from vyos/mergify/bp/sagitta/pr-3139Christian Breunig
policy: T6129: add route-map option "as-path exclude all" (backport #3139)
2024-03-17Merge pull request #3141 from vyos/mergify/bp/sagitta/pr-3140Christian Breunig
T6133: append domain-name to commit-archive if defined (backport #3140)
2024-03-17policy: T6129: add route-map option "as-path exclude all"Christian Breunig
Remove all AS numbers from the AS_PATH of the BGP path's NLRI. set policy route-map <name> rule <rule> set as-path exclude all (cherry picked from commit 16395c902ff79fcb34019a6d499467488ed45849)
2024-03-17T6133: append domain-name to commit-archive if definedChristian Breunig
(cherry picked from commit 4291a1a423c3cbbae9e4142575b36d6fbe1c126f)
2024-03-16Merge pull request #3138 from vyos/mergify/bp/sagitta/pr-3137Daniil Baturin
T6090: policy: fix migration script (backport #3137)
2024-03-16T6090: fix policy route migration script. Ensure that tcp flags migration ↵Nicolas Fort
occurs also if only <policy route> is defined. (cherry picked from commit 1048f49e403d7ce3df379bbf48e7fcc60a74e67b)
2024-03-15Merge pull request #3136 from vyos/mergify/bp/sagitta/pr-3135Christian Breunig
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s (backport #3135)
2024-03-15Merge pull request #3134 from vyos/mergify/bp/sagitta/pr-3133Christian Breunig
xml: T3642: improve PKI CLI help string (backport #3133)
2024-03-14xml: T160: improve NAT64 help stringChristian Breunig
(cherry picked from commit 7ca0ad91744044f74690179eaec4160d9c4fee65)
2024-03-14xml: T2518: improve NAT66/NPTv6 help stringChristian Breunig
(cherry picked from commit 63de63f43aaa720993faf06ba2789789d87d63c6)
2024-03-14xml: T3642: improve PKI CLI help stringChristian Breunig
(cherry picked from commit d6226d60dce4a46c9fa63adbf85f2df86c7bd1b1)
2024-03-13Merge pull request #3129 from vyos/mergify/bp/sagitta/pr-3125Daniil Baturin
radvd: T6118: add nat64prefix support RFC8781 (backport #3125)
2024-03-13Merge pull request #3128 from vyos/mergify/bp/sagitta/pr-3093Christian Breunig
T2447: add configurable kernel boot option 'disable-power-saving' (backport #3093)
2024-03-13radvd: T6118: add nat64prefix support RFC8781Christian Breunig
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime must not be smaller than the "interface interval max" definition which defaults to 600. set service router-advert interface eth1 nat64prefix 64:ff9b::/96 (cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
2024-03-13Merge pull request #3127 from vyos/mergify/bp/sagitta/pr-3126Daniil Baturin
grub: T4548: Fixed GRUB configuration files order (backport #3126)
2024-03-13T2447: add configurable kernel boot option 'disable-power-saving'Christian Breunig
Lower available CPU C states to a minimum if this option set. This will set Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1". (cherry picked from commit 3a3e0dff4ff1f80835eca6b2362d792e3ecacc8e)
2024-03-13grub: T4548: Fixed configuration files orderzsdc
To iterate files on ext* file systems GRUB reads their inodes one by one, ignoring names. This breaks our configuration logic that relies on proper loading order. This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB configuration files are created. It recreates files, changing their inodes in a way where inodes order matches alphabetical order. (cherry picked from commit f74923202311e853b677e52cd83bae2be9605c26)
2024-03-12Merge pull request #3124 from vyos/mergify/bp/sagitta/pr-3123Christian Breunig
conntrack: T5080: Fix rule order for applied conntrack modules (backport #3123)
2024-03-12conntrack: T5080: Fix rule order for applied conntrack modulessarthurdev
(cherry picked from commit 1fbda31623054ee944d063f738e4d1d4170341ef)
2024-03-12Merge pull request #3122 from HollyGurza/T6020-sagitta1.4.0-epa2Daniil Baturin
vrrp: T6020: vrrp health-check script not applied correctly in keepal…
2024-03-12vrrp: T6020: vrrp health-check script not applied correctly in keepalived.confkhramshinr
Added health-check to sync-group in CLI Don't use instance health-check when instance in sync group member Disallow wrong healtch-check configurations New smoke test