Age | Commit message (Collapse) | Author |
|
When a VTI interface is just created, it is in ADMIN UP state by default, even
if an IPSec peer is not connected. After the peer is disconnected the interface
goes to DOWN state as expected.
This breaks routing logic - for example, static routes through VTI interfaces
will be active even if a peer is not connected.
This changes to logic so ADMIN UP/DOWN state can only be changed by the
vti-up-down helper script.
Error was introduced during the Perl -> Python migration and move to the generic
vyos.ifconfig abstraction during the 1.4 development cycle.
|
|
peer-group
handle vtysh bgp error
|
|
qos: T1871: add MTU option when configure limiter traffic-policy
|
|
T5996: selectively escape and restore single backslashes in config
|
|
add mtu to default and specified class
update smoke test
|
|
|
|
To iterate files on ext* file systems GRUB reads their inodes one by one,
ignoring names. This breaks our configuration logic that relies on proper
loading order.
This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB
configuration files are created. It recreates files, changing their inodes in a
way where inodes order matches alphabetical order.
|
|
dhcp: T6102: Fix clear DHCP lease op-mode
|
|
|
|
config: T4919: Add support for encrypted config with TPM
|
|
|
|
* Add `clear dhcpv6-server lease`
* Standardize using vyos.opmode
|
|
|
|
|
|
qos: T5646: Skip add filter for qos policy limiter class without match
|
|
vyos.ethtool: T6083: use JSON input data #2
|
|
is a network.
|
|
settings
|
|
Feature detection is used to see if certain offload settings are available on
the given NIC.
|
|
vyos.ethtool: T6083: use JSON input data for ring-buffer methods
|
|
|
|
|
|
|
|
configdep: T5839: remove trivially redundant config dependency calls
|
|
vyos.ethtool: T6070: fix EEE reading the incorrect status line
|
|
|
|
|
|
required
|
|
EEE enabled status is on the 2nd line of ethtool output and not the 3rd. Subsequently, reading the 3rd line was causing an out-of-bounds access for the bnx2x driver as well.
|
|
for leases
|
|
|
|
|
|
T6029: Rewritten Accel-PPP services to an identical feature set
|
|
Removed dhcp-interface option (l2tp)
Added wins-server (sstp)
Added description (ipoe, pppoe, sstp, pptp)
Added exteded-script (l2tp, sstp, pptp)
Added shaper (ipoe, pptp, sstp, l2tp)
Added limits (ipoe, pptp, sstp, l2tp)
Added snmp ( ipoe, pptp,sstp, l2tp)
Refactoring and reformated code.
|
|
dhcpv6-server: T5992: Fix op-mode DHCP lease output + updates
|
|
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
|
|
Due to Kea's lease file cleanup, the CSV file content is inconsistent. This commit makes changes to use the Kea control socket to fetch current lease information.
|
|
connected interfaces
Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
|
|
set pki openssh rpki private key ...
set pki openssh rpki public key ...
set pki openssh rpki public type 'ssh-rsa'
|
|
The `class_id_max` is wrong due to `tmp.sort` of Strings
If we have class 5 and class 10 we get sorted max value 5, expected 10
```
>>> tmp = ['5', '10']
>>> tmp.sort()
>>> tmp
['10', '5']
>>>
>>> hex(5+1)
'0x6'
>>>
>>> hex(10+1)
'0xb'
>>>
```
This way we get wrong default maximum class value:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6
```
Expect:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b
```
Fix this converting Strings to Integers and get max value.
|
|
T5960: Rewritten authentication node in PPTP to a single view
|
|
op-mode: T4038: Python rewrite of image tools
|
|
init: T2044: only start rpki if cache is configured
|
|
This extends commit 9199c87cf ("init: T2044: always start/stop rpki during
system boot") to check the bootup configuration if an RPKI cache is defined.
Only start RPKI if this is the case.
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
|
|
The current calculation `r2q` is wrong as it uses `Floor division`
but expecting `division`
This way `math.ceil` calculate wrong value as we expect
round a number upward to its nearest integer
For example for speed 710 mbits expected value `444` but we get `443`
```
from math import ceil
MAXQUANTUM = 200000
speed = 710000000
speed_bps = int(speed) // 8
>>> speed_bps // MAXQUANTUM
443
>>> speed_bps / MAXQUANTUM
443.75
>>>
>>>
>>> ceil(speed_bps // MAXQUANTUM)
443
>>> ceil(speed_bps / MAXQUANTUM)
444
>>>
```
|
|
|
|
Commit b152b5202 ("configdict: T5894: add get_config_dict() flag with_pki")
added the generic PKI flag but if there was no PKI subsystem available
in the configuration, no pki dict key ever manifested in the resulting
dictionary requested by the caller.
This is different to the old behavior (which each caller implementing the call
itself) where there always was a pki key present - even if it was empty.
This triggered a bug in the IPSec script
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 600, in <module>
verify(ipsec)
File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 372, in verify
verify_pki_rsa(ipsec['pki'], rsa)
~~~~~^^^^^^^
KeyError: 'pki'
As it wanted to verify keys, but there was no pki dictionary key available.
This commit restores the previous behavior.
|
|
qos: T5848: Add triple-isolate option to CAKE policy config
|
|
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD
|