summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2020-07-11snmp: T2687: precalculate snmpv3 encrypted keysChristian Poessinger
As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.
2020-07-08pppoe: T2585: use cleaner template expressionChristian Poessinger
2020-07-08pppoe: T2585: fix template for on-demand dialingChristian Poessinger
Commit 65fa21f5e ("ifconfig: T2653: move pppoe interface to get_config_dict()") directly takes the configuration keys from the CLI config and thus the keys used for template generation have not been updated appropriately.
2020-07-08pppoe: ipv6: T2693: Fix a bug in dhcp6c for PPPoEJACK
Commit 03fb97 (pppoe: ipv6: T2681: script bugfix after get_config_dict() migration ) After the PPPoE link is reset, dhcp6c cannot be restarted, which may cause the prefix delegation of IPv6 to fail to restart. This submission will restart dhcp6c after the IPv6 of PPPoE is up again
2020-07-07ssh: T2691: bugfix loglevel config migrationChristian Poessinger
When migrating the conf from VyOS 1.2 to 1.3 a configuration error could appear if the user specified "info" as loglevel instead of "INFO". There was no input validation done in 1.2 but this is now enforced in 1.3. In VyOS 1.3 loglevel will be always lowercase on the CLI and when migrating the config this is transformed. Also VyOS 1.2 accpeted any arbitrary loglevel. If an invalid loglevel is found it will be set to info.
2020-07-05pppoe: ipv6: T2681: script bugfix after get_config_dict() migrationChristian Poessinger
Commit 65fa21f5 ("ifconfig: T2653: move pppoe interface to get_config_dict()") did not rename the Jinja2 template vars as required as they are not retrieved directly as dict from the config backend.
2020-07-04ntp: vrf: T2682: support restart on failure indefinitelyChristian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04snmp: vrf: T2682: support restart on failure indefinitely.Christian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04ssh: vrf: T2682: support restart on failure indefinitelyChristian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04ssh: T2682: simplify VRF bindingChristian Poessinger
2020-07-04Merge pull request #487 from DmitriyEshenko/1x-impl-fnmDaniil Baturin
ids: T2659: Implement fastnetmon support
2020-07-03ids: T2659: Implement fastnetmon supportDmitriyEshenko
2020-07-03ntp: T2676: mive to get_config_dict()Christian Poessinger
2020-07-01ifconfig: T2653: move pppoe interface to get_config_dict()Christian Poessinger
2020-06-28wwan: T1988: fix missing MTU assignmentChristian Poessinger
2020-06-27ifconfig: T2653: move wirelessmodem (WWAN) interface to get_config_dict()Christian Poessinger
2020-06-27ifconfig: T2653: move macsec interface to get_config_dict()Christian Poessinger
2020-06-26ssh: T2642: bugfix on multiple listen-address statementsChristian Poessinger
Commit 1d7f88b459d ("ssh: T2635: migrate to get_config_dict()") used a wrong loop iterator on the rendered ListenAddress statement.
2020-06-23ssh: T2635: migrate to get_config_dict()Christian Poessinger
Jinja template contains some workarounds like {% if port is string %}, this depends of the resolution of https://phabricator.vyos.net/T2636
2020-06-22rip: T2547: rewriten implementation in Python and XMLViacheslav Hletenko
2020-06-22Merge pull request #452 from jjakob/T2486-dns-hostsd-fixesDaniil Baturin
T2486: DNS, vyos-hostsd fixes
2020-06-19console-server: T2490: server must listen only on localhostChristian Poessinger
2020-06-18console-server: T2490: rename CLI to console-serverChristian Poessinger
2020-06-18console-server: T2490: log to journaldChristian Poessinger
2020-06-18console-server: T2490: move CLI parsing to get_config_dict()Christian Poessinger
For more examples on the new get_config_dict() approach migrate this implementation as it is not yet in production use. Also this serves as proof of concept code for further migrations.
2020-06-18console-server: T2490: rename CLI to "serial-proxy"Christian Poessinger
2020-06-18console-server: T2490: initial supportChristian Poessinger
2020-06-17router-advert: T2609: add missing verify() for prefix lifetimeChristian Poessinger
radvd[31898]: AdvValidLifeTime must be greater than AdvPreferredLifetime in radvd.conf, line 19 This happens with the following configuration: vyos@vyos# show service router-advert interface eth0.20 { name-server 2001:4860:4860::8888 prefix ::/64 { valid-lifetime 7200 } } A validator is added to solve this issue and radvd will run again.
2020-06-17login: radius: T2299: Implement RADIUS servers priorityDmitriyEshenko
2020-06-16pppoe-server: T2601: Add default CCP values if not defined via CLIDmitriyEshenko
2020-06-15login: radius: T2600: fix wrongly redered pam_radius_auth.confChristian Poessinger
When multiple RADIUS servers have been configured, they have been all rendered onto a single line in the config. This lead to errors in syslog and not all servers beeing reachable.
2020-06-14nat: T2593: fix for SNAT translation port when using masqueradeChristian Poessinger
The "to" qualifier did not get rendered when using source ports in masquerade targets. This case was totally missed out when porting.
2020-06-13snmp: T2321: add VRF supportChristian Poessinger
2020-06-13ntp: T2321: add VRF supportChristian Poessinger
2020-06-12nat: T2571: add special handling for negated source/destination port(s)Christian Poessinger
We specify NFT source/destination ports within a { } group, but if the port range in question is negated, we need to move the != fraction out of { } and infront of that group, else NFT loading will fail big time.
2020-06-12Revert "nat: T2571: fix negated port definitions"Christian Poessinger
This reverts commit 927c054d9236c2c34ca43c1cbfff10fcfd7f5077.
2020-06-12wwan: T2586: fix installing VRF default routeChristian Poessinger
After commit 1c7d7cb ("wwan: T2529: migrate device from ttyUSB to usbXbY.YpZ.Z") the up/down scripts did not properly parse the passed tty for setting up default routes.
2020-06-11dns forwarding: T2486: add templatesJernej Jakob
2020-06-11dns forwarding: T2486: add lua-config-fileJernej Jakob
The file will be generated by vyos-hostsd to add NTAs for zones (domains) from /etc/hosts and forward-zones.
2020-06-11vyos-hostsd: T2583: add templatesJernej Jakob
Move templates out of the daemon and add new templates.
2020-06-11dns forwarding: T1595: remove references to old listen-on optionJernej Jakob
As part of T1595 listen-on was removed and migrated to listen-address, but some references to it stayed in the variable names and validator error message.
2020-06-11nat: T2571: fix negated port definitionsChristian Poessinger
2020-06-11ssh: T2321: add VRF supportChristian Poessinger
2020-06-11Merge branch 'serial-console' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'serial-console' of github.com:c-po/vyos-1x: console: T2569: run VGA console powersave on tty1 console: T2569: replicate console settings to grub.cfg Debian: fix warning about undefined substitution variables console: T2569: only start serial console if device exists console: T2529: migrate from ttyUSB device to new device in /dev/serial/by-bus console: T2570: remove support for Hayes Modems netconsole: T2561: use migrator to delete config nodes console: T2569: initial implementation with XML and Python
2020-06-09pppoe-server: T2575: Add missing gw-ip-addressDmitriyEshenko
2020-06-09sstp: T2575: Add missing gw-ip-addressDmitriyEshenko
2020-06-09console: T2529: migrate from ttyUSB device to new device in /dev/serial/by-busChristian Poessinger
During testing it was discovered that there is a well known problem (we had for ethernet interfaces) also in the serial port world. They will be enumerated and mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially painful on my development APU4 board which also has a Sierra Wireless MC7710 LTE module installed. The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the amount of serial port extenders attached (FT4232H). The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves this by enumerating the devices into /dev/serial/by-id folder with their name and serial number - it's a very good idea but I've found that not all of the FT4232H dongles have a serial number programmed - this leads to the situation that when you plug in two cables with both having serial number 0 - only one device symlink will appear - the previous one is always overwritten by the latter one. Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus directory and group devices by attached USB root port.
2020-06-08l2tp: T2565: Add missing gw-ip-addressDmitriyEshenko
2020-06-07wwan: T2488: remove generation of dedicated logfileChristian Poessinger
... all information are present in journald.
2020-06-07wwan: T2529: migrate device from ttyUSB to usbXbY.YpZ.ZChristian Poessinger
During testing it was discovered that there is a well known problem (we had for ethernet interfaces) also in the serial port world. They will be enumerated and mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially painful on my development APU4 board which also has a Sierra Wireless MC7710 LTE module installed. The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the amount of serial port extenders attached (FT4232H). The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves this by enumerating the devices into /dev/serial/by-id folder with their name and serial number - it's a very good idea but I've found that not all of the FT4232H dongles have a serial number programmed - this leads to the situation that when you plug in two cables with both having serial number 0 - only one device symlink will appear - the previous one is always overwritten by the latter one. Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus directory and group devices by attached USB root port. vyos@vyos:~$ find /dev/serial/by-bus/ -name usb* -exec basename {} \; | sort usb0b1.3p1.0 usb0b1.3p1.2 usb0b1.3p1.3 usb0b2.4p1.0 usb0b2.4p1.1 usb0b2.4p1.2 usb0b2.4p1.3 So we have USB root 0 with bus 1.3 and port 1.0. The enumeration is constant accross reboots.