summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-03-22Merge pull request #3166 from vyos/mergify/bp/sagitta/pr-3153Christian Breunig
policy: T6130: Revert commit 960cace (backport #3153)
2024-03-22policy: T6130: Revert commit 960caceaapostoliuk
This reverts commit 960cace189d7ace2bea0968646b1348b415e0363. All community rules syntax was changed. T5357 is invalid bug report. VyOS cannot use new configuration syntax in the previous versions. (cherry picked from commit 72378c67ef1eee01a06e2f9a194a0870c6a7fdd2)
2024-03-21Merge pull request #3160 from vyos/mergify/bp/sagitta/pr-3159Christian Breunig
conntrack: T6147: Enable conntrack when firewall state-policy is defined (backport #3159)
2024-03-21Merge pull request #3161 from vyos/mergify/bp/sagitta/pr-3158Christian Breunig
bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filtering (backport #3158)
2024-03-21bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filteringChristian Breunig
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType value of 0x88A8 is required. Reusing CLI command from VIF-S (QinQ) interfaces: set interfaces bridge br0 protocol 802.1ad (cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
2024-03-21conntrack: T6147: Enable conntrack when firewall state-policy is definedsarthurdev
* Move global state-policy smoketest to it's own test, verify conntrack (cherry picked from commit 62bda3b082a79c2f31483dba5bfeb19464f6dbe2)
2024-03-20Merge pull request #3156 from vyos/mergify/bp/sagitta/pr-3155Christian Breunig
T6143: Increase configurable timeout range for service config-sync (backport #3155)
2024-03-20T6143: Increase configuratble timeout range for service config-syncViacheslav Hletenko
The maximum timeout for the `service config-sync` is 300 seconds (Connection API timeout). It could not be enough for the real massive configurations. Increase the maximum value to 3600 ``` set service config-sync secondary address 192.0.2.1 set service config-sync secondary timeout 3600 ``` (cherry picked from commit 4a90e00a886397d9f4202b78cc8995ed93d40014)
2024-03-20Merge pull request #3154 from vyos/mergify/bp/sagitta/pr-3131Viacheslav Hletenko
qos: T1871: add MTU option when configure limiter traffic-policy (backport #3131)
2024-03-20qos: T1871: add MTU option when configure limiter traffic-policykhramshinr
add mtu to default and specified class update smoke test (cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
2024-03-19Merge pull request #3152 from vyos/mergify/bp/sagitta/pr-3150Daniil Baturin
T6138: Fix op-mode show conntrack table with flowtable offloads (backport #3150)
2024-03-19Merge pull request #3149 from vyos/mergify/bp/sagitta/pr-3146Daniil Baturin
T6136: add error checks when using dynamic firewall groups (backport #3146)
2024-03-19T6138: Fix op-mode show conntrack table with flowtable offloadsViacheslav Hletenko
The op-mode command `show conntrack table ipv4` fails if gets a conntrack entrie with `flowtable` offload. Those entries do not have key `timeout` ``` File "/usr/libexec/vyos/op_mode/conntrack.py", line 115, in get_formatted_output timeout = meta['timeout'] ~~~~^^^^^^^^^^^ ``` Use the timeout `n/a` for those offload conntrack entries (cherry picked from commit a75be3b6814dd39711c157c29405ee6bd83993f5)
2024-03-19Merge pull request #3148 from vyos/mergify/bp/sagitta/pr-3145Viacheslav Hletenko
T6127: Fixed show log firewall for rule with offload (backport #3145)
2024-03-19Merge pull request #3147 from vyos/mergify/bp/sagitta/pr-3143Viacheslav Hletenko
op-mode: T6133: add support to manually trigger commit-archive update (backport #3143)
2024-03-18T6136: add error checks when using dynamic firewall groupsNicolas Fort
(cherry picked from commit e2df1f4929774792c1d4bfb78c2dfa5bdf7f0825)
2024-03-18show log: T6127 - Fixed egrep regex for IPv6l0crian1
(cherry picked from commit d1fb9eddd9017ffbcd9e0d43209700649da2cc57)
2024-03-18show log: T6127 - Fixed egrep regexl0crian1
(cherry picked from commit 326db209ab5c907ddb93f29b484c423c68f1ee36)
2024-03-18show log: T6127 - Fixed egrep regexl0crian1
(cherry picked from commit 1f3df2d63561ea9c6dd64d1d9292920274964ca3)
2024-03-18op-mode: T6133: add support to manually trigger commit-archive updateChristian Breunig
Automatic update of the remote commit-archive could fail under certian circumstances, add an op-mode command to manually trigger the update: cpo@LR1.wue3# run force commit-archive Archiving config... git+https://git.FOOO.de/cpo/vyos-config-backup [edit] (cherry picked from commit 09de453194e9f8e7aa5dcb2e5c8de5a89e82708d)
2024-03-18Merge pull request #3144 from vyos/mergify/bp/sagitta/pr-3132Daniil Baturin
T6121: Extend service config-sync to new sections (backport #3132)
2024-03-18T6121: Extend service config-sync to new sectionsViacheslav Hletenko
Extend `service config-sync` with new sections: - LeafNodes: pki, policy, vpn, vrf (syncs the whole sections) - Nodes: interfaces, protocols, service (syncs subsections) In this cae the Node allows to uses the next level section i.e subsection For example any of the subsection of the node `interfaces`: - set service config-sync section interfaces pseudo-ethernet - set service config-sync section interfaces virtual-ethernet Example of the config: ``` set service config-sync mode 'load' set service config-sync secondary address '192.0.2.1' set service config-sync secondary key 'xxx' set service config-sync section firewall set service config-sync section interfaces pseudo-ethernet set service config-sync section interfaces virtual-ethernet set service config-sync section nat set service config-sync section nat66 set service config-sync section protocols static set service config-sync section pki set service config-sync section vrf ``` (cherry picked from commit 25b611f504521181f85cb4460bfdfd702c377b5e)
2024-03-17Merge pull request #3142 from vyos/mergify/bp/sagitta/pr-3139Christian Breunig
policy: T6129: add route-map option "as-path exclude all" (backport #3139)
2024-03-17Merge pull request #3141 from vyos/mergify/bp/sagitta/pr-3140Christian Breunig
T6133: append domain-name to commit-archive if defined (backport #3140)
2024-03-17policy: T6129: add route-map option "as-path exclude all"Christian Breunig
Remove all AS numbers from the AS_PATH of the BGP path's NLRI. set policy route-map <name> rule <rule> set as-path exclude all (cherry picked from commit 16395c902ff79fcb34019a6d499467488ed45849)
2024-03-17T6133: append domain-name to commit-archive if definedChristian Breunig
(cherry picked from commit 4291a1a423c3cbbae9e4142575b36d6fbe1c126f)
2024-03-16Merge pull request #3138 from vyos/mergify/bp/sagitta/pr-3137Daniil Baturin
T6090: policy: fix migration script (backport #3137)
2024-03-16T6090: fix policy route migration script. Ensure that tcp flags migration ↵Nicolas Fort
occurs also if only <policy route> is defined. (cherry picked from commit 1048f49e403d7ce3df379bbf48e7fcc60a74e67b)
2024-03-15Merge pull request #3136 from vyos/mergify/bp/sagitta/pr-3135Christian Breunig
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s (backport #3135)
2024-03-15Merge pull request #3134 from vyos/mergify/bp/sagitta/pr-3133Christian Breunig
xml: T3642: improve PKI CLI help string (backport #3133)
2024-03-14xml: T160: improve NAT64 help stringChristian Breunig
(cherry picked from commit 7ca0ad91744044f74690179eaec4160d9c4fee65)
2024-03-14xml: T2518: improve NAT66/NPTv6 help stringChristian Breunig
(cherry picked from commit 63de63f43aaa720993faf06ba2789789d87d63c6)
2024-03-14xml: T3642: improve PKI CLI help stringChristian Breunig
(cherry picked from commit d6226d60dce4a46c9fa63adbf85f2df86c7bd1b1)
2024-03-13Merge pull request #3129 from vyos/mergify/bp/sagitta/pr-3125Daniil Baturin
radvd: T6118: add nat64prefix support RFC8781 (backport #3125)
2024-03-13Merge pull request #3128 from vyos/mergify/bp/sagitta/pr-3093Christian Breunig
T2447: add configurable kernel boot option 'disable-power-saving' (backport #3093)
2024-03-13radvd: T6118: add nat64prefix support RFC8781Christian Breunig
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime must not be smaller than the "interface interval max" definition which defaults to 600. set service router-advert interface eth1 nat64prefix 64:ff9b::/96 (cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
2024-03-13Merge pull request #3127 from vyos/mergify/bp/sagitta/pr-3126Daniil Baturin
grub: T4548: Fixed GRUB configuration files order (backport #3126)
2024-03-13T2447: add configurable kernel boot option 'disable-power-saving'Christian Breunig
Lower available CPU C states to a minimum if this option set. This will set Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1". (cherry picked from commit 3a3e0dff4ff1f80835eca6b2362d792e3ecacc8e)
2024-03-13grub: T4548: Fixed configuration files orderzsdc
To iterate files on ext* file systems GRUB reads their inodes one by one, ignoring names. This breaks our configuration logic that relies on proper loading order. This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB configuration files are created. It recreates files, changing their inodes in a way where inodes order matches alphabetical order. (cherry picked from commit f74923202311e853b677e52cd83bae2be9605c26)
2024-03-12Merge pull request #3124 from vyos/mergify/bp/sagitta/pr-3123Christian Breunig
conntrack: T5080: Fix rule order for applied conntrack modules (backport #3123)
2024-03-12conntrack: T5080: Fix rule order for applied conntrack modulessarthurdev
(cherry picked from commit 1fbda31623054ee944d063f738e4d1d4170341ef)
2024-03-12Merge pull request #3122 from HollyGurza/T6020-sagitta1.4.0-epa2Daniil Baturin
vrrp: T6020: vrrp health-check script not applied correctly in keepal…
2024-03-12vrrp: T6020: vrrp health-check script not applied correctly in keepalived.confkhramshinr
Added health-check to sync-group in CLI Don't use instance health-check when instance in sync group member Disallow wrong healtch-check configurations New smoke test
2024-03-11Merge pull request #3118 from c-po/T6093-sagittaChristian Breunig
dhcp-client: T6093: extend regex for client class-id's with DOT (backport #3117)
2024-03-10Merge pull request #3119 from vyos/mergify/bp/sagitta/pr-3110John Estabrook
xml: T6098: relax description constraint to allow non-ascii characters (backport #3110)
2024-03-10xml: T6098: relax description constraint to allow non-ascii charactersJohn Estabrook
A restriction to ascii in the constraint disallowed earlier support for unicode bytes. (cherry picked from commit 66b92e1cd4ec948c1e2df4bee9b21da9633f5bd8)
2024-03-10Merge pull request #3116 from vyos/mergify/bp/sagitta/pr-3115John Estabrook
xml: T5738: revert invalid change from lower character limit - 0 length must be allowed (backport #3115)
2024-03-10dhcp-client: T6093: extend regex for client class-id's with DOTLucas
The regex used is not working if the string contains dots. Originally authored by: Lucas <pinheirolucas@pm.me> (cherry picked from commit c8670ae7941a8bac31e2174d4c6426b47272bfcc)
2024-03-10xml: T5738: revert invalid change from lower character limit - 0 length must ↵Christian Breunig
be allowed This reverts a change from commit a72ededa0 ("xml: T5738: lower maximum description to 255 characters") which incresaed the lower limit from 0 to 1. We actually require 0 length value for description nodes as introduced in commit 6eea12512e ("xml: T1579: allow zero length for description"). (cherry picked from commit 724c685cba423758bece827d6d286815933ba912)
2024-03-10Merge pull request #3114 from vyos/mergify/bp/sagitta/pr-3113Daniil Baturin
firewall: T6071: truncate rule description field to 255 characters (backport #3113)