Age | Commit message (Collapse) | Author |
|
The netns support currently available on the VyOS CLI is only a
proof-of-technology, we have no real support for any service behind it.
In order to not confuse anyone on the LTS branch we decided to remove the
netns option for interfaces until there is a proper usecase and implementation
available.
|
|
(cherry picked from commit a1f4404739e0baf2f378fe7c890174350a59ffc4)
|
|
T6269: policy: ensure correct rule parsing when using, and when not using <set table> option in policy route. (backport #3367)
|
|
qos: T6225: Fix QoS random-detect policy (backport #3400)
|
|
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF (backport #3392)
|
|
T6056: Change static-host-mapping should not restart snmpd (backport #3386)
|
|
Fix default values for random-detect
Remove dsmakr qdisc from gred cofig because dsmark was deleted from kernel
(cherry picked from commit 0b54c1bc411a21833ec573031cf5ad98fe709a2f)
|
|
ntp: T4909 rewrite NTP op mode in the new format (backport #3307)
|
|
We have several config XML definitions that use the same python3
script `system_host-name.py`
https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_name-server.xml.in
https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_host-name.xml.in
https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_static-host-mapping.xml.in
https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_domain-name.xml.in
https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_domain-search.xml.in
Any change in these scripts calls to restart the `service snmpd`
The service `snmpd` should be restarted only if `host-name` or
`domain-name` was changed.
It is a good idea to rewrite it to `get_config_dict` in the future.
(cherry picked from commit 4f1db505791deed533dddf0c2f5bdedd6fba34b8)
|
|
ntp: T4909: Rewrite NTP op mode in new format
Adapts ntp.xml.in to reference new ntp.py file
Add ntp.py
Adds a check to ntp.py to verify if the ntp service is configured
Adds raw mode to ntp.py
For raw output, replaces the original method of parsing the command line output FROM re.split+regex TO csv.reader.
Separates chrony commands into equivalent functions show_tracking, show_sources, source_sourcestats and show_activity
Revises the names of raw dictionary keys variables to be lowercase
Corrects a comment typo and renames function name used for raw mode
(cherry picked from commit d2a82c30695c2f4265dc5ca2165d27d5aa3e2cef)
|
|
<set table> option in policy route.
(cherry picked from commit d518386d74ab09c7e75fdbf7f67e14839180f24b)
|
|
pppoe-server: T6234: PPPoE-server pado-delay refactoring (backport #3364)
|
|
After e7bb65894 ("vrf: T6189: render FRR L3VNI configuration when creating VRF
instance") we need to ensure that the VRF L3VNI configuration is removed in FRR
prior to removing the BGP VRF instance.
The reason is [1] where FRR only allows VRF BGP instance to be removed when
there is NO VNI configured anymore.
1: https://github.com/FRRouting/frr/blob/064c3494527b9e84260410006768ed38e57e1de7/bgpd/bgp_vty.c#L1646-L1650
(cherry picked from commit 7b46172a4aecc714d929aecb8768ab82633de3ba)
|
|
When adding and removing VRF instances on the fly it was noticed that the vni
statement under the VRF instance in FRR vanishes. This was caused by a race
condition which was previously designed to fix another bug.
The wierd design of a Python helper below the VRF tree to only generate the
VNI configuration nodes is now gone and all is rendered in the proper place.
(cherry picked from commit e7bb65894f86372dc0f6e8fd39b1628e0a224c68)
|
|
smoketest: T6199: remove redundant code when unpacking Kernel GZ config (backport #3390)
|
|
(cherry picked from commit 6bcb201a0e7ee9fea5874b963bd3e727ecec578f)
|
|
(cherry picked from commit 107ee099e82397b31fca8cf1ac3860cbf76f0596)
|
|
firewall: T6257: Show member information for dynamic groups in op-mode (backport #3369)
|
|
(cherry picked from commit 456419c7930405b80d322586736734f707affaed)
|
|
haproxy: T6179: fix rule generation (backport #3382)
|
|
(cherry picked from commit 0be0cdb932ca2d7399c026f1f601b56e179cc9c3)
|
|
openconnect: T4982: Support defining minimum TLS version in openconnect VPN (backport #3371)
|
|
T6169: DNS forwarding should allow underscore for srv record (backport #3379)
|
|
T6267: Check interface wireless module before apply config (backport #3368)
|
|
Check if the wireless device/modem exists in the system and the
module `ieee802111` was loaded
In cases where we do not have wireless devices, it prevents the
unexpected traceback
```
set interfaces wireless wlan0 address 192.0.2.5/32
commit
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces_wireless.py", line 269, in <modu>
c = get_config()
^^^^^^^^^^^^
File "/usr/libexec/vyos/conf_mode/interfaces_wireless.py", line 104, in get_cg
tmp = find_other_stations(conf, base, wifi['ifname'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/libexec/vyos/conf_mode/interfaces_wireless.py", line 54, in find_os
for phy in os.listdir('/sys/class/ieee80211'):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/sys/class/ieee80211'
```
(cherry picked from commit 09c302d7e57a0fdb6c51ae8f61d5ad6371a30b67)
|
|
This srv recors looks valid:
```
set service dns forwarding authoritative-domain _tcp.db.mongors1.example.com records srv _mongodb entry 0 hostname 'mongors1.example.com'
```
But FQDN validator cannot validate it correctly, use regex to fix
(cherry picked from commit 3c37b6a44dca552da950b5288a30c7e074d58704)
|
|
T6273: Allowed the use of "-" and "_" in PPPoE access-concentrator name (backport #3374)
|
|
Allowed the use of "-" and "_" in PPPoE access-concentrator name
(cherry picked from commit de38b01710958b7f7dababcff9557e4be98c8450)
|
|
(cherry picked from commit 9ff74d4370f0a5f66c303074796dab8b1ca5c4a5)
|
|
T6272: Changed interface existence verification in pppoe/ipoe to Warning (backport #3375)
|
|
Throwing Warning message instead of Error if interface which is
used in pppoe/ipoe does not exist.
(cherry picked from commit af7277c7d525c22749bc236ad2096bec5c08d998)
|
|
T5660: Remove redundant calls to config dependency scripts
|
|
(cherry picked from commit 9438f1f8394b7c90bb536292882571c88556ce87)
|
|
(cherry picked from commit 70e1df1b5fcb3b1791cca320ed45b71e01e1ffda)
|
|
(cherry picked from commit 5c173c5935eab3a8bd0f169759617c4296a92df7)
|
|
(cherry picked from commit 80077eee89e4f0aa3af5dca1a4b2b5e1665bda6f)
|
|
qos: T4248: Allow to remove the only rule from the qos class (backport #3316)
|
|
T6263: Groups 224.0.0.0/24 are reserved and cannot be joined (backport #3363)
|
|
T6258: Add sysctl base-reachable-time for IPv6 (backport #3361)
|
|
The join addresses within the multicast group 224.0.0.0/24 are
reserved and cannot be joined
FRR
```
r4(config)# interface eth2
r4(config-if)# ip igmp join 224.0.0.0 224.0.0.10
% Configuration failed.
Error type: validation
Error description: Groups within 224.0.0.0/24 are reserved and cannot be joined
r4(config-if)#
```
Add verify check
(cherry picked from commit c8f9acf5d91827b0d1266d3061a5e15a82628323)
|
|
(cherry picked from commit da40bd2b2a826986de128354ea1bfc041ada0016)
|
|
Add abiilty to change `base_reachable_time_ms` option
/proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms
(cherry picked from commit 0bf4b570fe2d239b9fbabd3ae801ad3f04a06bde)
|
|
T5833: Not all AFIs compatible with VRF add verify check (backport #3359)
|
|
Not all FRR address-families compatibe with VRF
```
r4# conf t
r4(config)# router bgp 65001 vrf bgp
r4(config-router)#
r4(config-router)# address-family ipv4 flowspec
Only Unicast/Multicast/EVPN SAFIs supported in non-core instances.
r4(config-router)#
r4(config-router)# address-family ipv4 labeled-unicast
Only Unicast/Multicast/EVPN SAFIs supported in non-core instances.
r4(config-router)#
r4(config-router)# address-family ipv4 vpn
Only Unicast/Multicast/EVPN SAFIs supported in non-core instances.
r4(config-router)#
```
Add verify AFI for VRF
(cherry picked from commit a3713cd64f2f43f321a5138db94bb1a87edbffdd)
|
|
GitHub actions update for sagitta
|
|
T6109: Fix remote logging for sudo commands (backport #3355)
|
|
This fix for bug when `sudo` commands were not send to the remote
syslog server. They stop before the directive that includes all
configurations `$IncludeConfig /etc/rsyslog.d/*.conf`
(cherry picked from commit 7164ad40f5cc47f35c7903626d4d4da048a25113)
|
|
T6255: static-routing: don't render whitespace from static table descriptions (backport #3340)
|
|
(cherry picked from commit 8602c84e1b7c0da4c4c57fc2d034ec18497303fd)
|
|
T6217: Conntrack-sync change the actual name of the script (backport #3354)
|