| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-07-29 | Merge pull request #3823 from srividya0208/T6571 | Daniil Baturin | |
| OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphers | |||
| 2024-07-28 | ipsec: T6148: Fixed reset command by adding init after terminating (#3763) | aapostoliuk | |
| Strongswan does not initiate session after termination via vici. Added an CHILD SAs initialization on the initiator side of the tunnel. | |||
| 2024-07-28 | firewall: T4694: Adding rt ipsec exists/missing match to firewall configs ↵ | talmakion | |
| (#3616) * Change ipsec match-ipsec/none to match-ipsec-in and match-none-in for fw rules * Add ipsec match-ipsec-out and match-none-out * Change all the points where the match-ipsec.xml.i include was used before, making sure the new includes (match-ipsec-in/out.xml.i) are used appropriately. There were a handful of spots where match-ipsec.xml.i had snuck back in for output hooked chains already (the common-rule-* includes) * Add the -out generators to rendered templates * Heavy modification to firewall config validators: * I needed to check for ipsec-in matches no matter how deeply nested under an output-hook chain(via jump-target) - this always generates an error. * Ended up retrofitting the jump-targets validator from root chains and for named custom chains. It checks for recursive loops and improper IPsec matches. * Added "test_ipsec_metadata_match" and "test_cyclic_jump_validation" smoketests | |||
| 2024-07-25 | OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphers | srividya0208 | |
| 2024-07-25 | Merge pull request #3857 from c-po/vrf-interface-part-2 | Christian Breunig | |
| interface: T6592: remove interface from conntrack ct_iface_map on deletion | |||
| 2024-07-24 | smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on ↵ | Christian Breunig | |
| deletion Now that interfaces are deleted from ct_iface_map during deletion it's time to also add a smoketest ensuring there is no entry in the ct_iface_map once an interface was deleted from the CLI. | |||
| 2024-07-24 | op_mode: T6593: Release DHCP interface does not work | Nataliia Solomko | |
| 2024-07-23 | interface: T6592: remove interface from conntrack ct_iface_map on deletion | Christian Breunig | |
| We always have had stale interface entries in the ct_iface_map of nftables/ conntrack for any interface that once belonged to a VRF. This commit will always clean the nftables interface map when the interface is deleted from the system. | |||
| 2024-07-22 | Merge pull request #3833 from c-po/wifi-fix | Christian Breunig | |
| wireless: T6597: improve hostapd startup and corresponding smoketests | |||
| 2024-07-20 | interfaces: T6592: moving an interface between VRF instances failed | Christian Breunig | |
| To reproduce: set vrf name mgmt table '150' set vrf name no-mgmt table '151' set interfaces ethernet eth2 vrf 'mgmt' commit set interfaces ethernet eth2 vrf no-mgmt commit This resulted in an error while interacting with nftables: [Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 } The reason is that the old mapping entry still exists and was not removed. This commit adds a new utility function get_vrf_tableid() and compares the current and new VRF table IDs assigned to an interface. If the IDs do not match, the nftables ct_iface_map entry is removed before the new entry is added. | |||
| 2024-07-19 | utils: T5195: fix timeout comment | Christian Breunig | |
| 2024-07-17 | op-mode: T6586: add a distinct exception for unconfigured objects | Daniil Baturin | |
| as opposed to entire subsystems | |||
| 2024-07-14 | configdep: T6559: use single dependency list with reset under configd | John Estabrook | |
| 2024-07-14 | configdep: T6559: drop global redundancy removal to fix error reporting | John Estabrook | |
| 2024-07-08 | vxlan: T6505: Support VXLAN VLAN-VNI range mapping in CLI (#3756) | Nataliia S | |
| 2024-07-04 | migration: T6007: add missing check for None in utility function | John Estabrook | |
| An empty component version string will trigger a full migration, however, the case of component_version is None was missed in a utility function. Fix comment formatting. | |||
| 2024-07-03 | locking: T6544: Added locking util | zsdc | |
| Sometimes we need a reliable way to lock an execution until some other operation is not done. This commit introduces locking util, which can be used as a common lock, even between different processes. Usage example: ``` from vyos.utils.locking import Lock lock = Lock('my_lock_id') lock.acquire(timeout=10) print(f'Lock acquired: {lock.is_locked}') lock.release() ``` | |||
| 2024-07-04 | T6546: unused import check permission update and fix | Vijayakumar A | |
| 2024-07-03 | op-mode: T6498: add machine-readable tech support report script | Daniil Baturin | |
| 2024-06-28 | utils: T6530: add a helper for easily calling iproute2 commands | Daniil Baturin | |
| 2024-06-26 | migration: T6007: fix cosmetic issue of extra newline | John Estabrook | |
| 2024-06-26 | migration: T6007: drop restrictive perms, already set on config.boot | John Estabrook | |
| 2024-06-26 | migration: T6007: remove obsoleted | John Estabrook | |
| 2024-06-26 | migration: T6007: add util add_system_version to replace *_system_footer | John Estabrook | |
| 2024-06-26 | migration: T6007: update load_config.py | John Estabrook | |
| 2024-06-26 | migration: T6007: write configtree operations to log | John Estabrook | |
| 2024-06-26 | migration: T6007: update migration class | John Estabrook | |
| 2024-06-26 | migration: T6007: add version object for config file and system | John Estabrook | |
| 2024-06-26 | migration: T6007: add exception in base for use by migration files | John Estabrook | |
| 2024-06-26 | migration: T6007: use load_as_module_source for files without extension | John Estabrook | |
| 2024-06-26 | migration: T6447: fix missing check before reset to checkpoint | John Estabrook | |
| 2024-06-26 | migration: T6447: add traceback on error | John Estabrook | |
| 2024-06-26 | vyos.utils.dict: T5195: fix syntax warning | John Estabrook | |
| 2024-06-26 | interfaces: T6519: harden config migration if ethernet interface is missing | Christian Breunig | |
| During a corner case where the configuration is migrated to a different system with fewer ethernet interfaces, migration will fail during an image upgrade. vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an exception that kills the migrator | |||
| 2024-06-24 | Merge pull request #3718 from dmbaturin/T6514-system-storage-raw | Daniil Baturin | |
| op-mode: T6514: rework the "show system storage" code to handle live CD systems correctly | |||
| 2024-06-24 | op-mode: T6514: rework the "show system storage" code | Daniil Baturin | |
| to handle live CD systems correctly and allow reusing the functions from other scripts | |||
| 2024-06-24 | Merge pull request #3701 from jestabro/configd-drop-env-sudo | Christian Breunig | |
| configd: T6504: send sudo_user on session init and set env variable | |||
| 2024-06-24 | Merge pull request #3683 from dmbaturin/T6501-lsmod-on-steroids | John Estabrook | |
| op mode: T6501: add "run show kernel modules" | |||
| 2024-06-23 | vyos.utils: T6504: add interactive op-/configure mode support for ↵ | Christian Breunig | |
| get_current_user() | |||
| 2024-06-21 | Merge pull request #3684 from dmbaturin/T6498-uptime-helpers | John Estabrook | |
| op mode: T6498: move uptime helpers to vyos.utils.system | |||
| 2024-06-21 | op mode: T6498: move uptime helpers to vyos.utils.system | Daniil Baturin | |
| to be able to call them from the new tech-support script | |||
| 2024-06-20 | Merge pull request #3654 from talmakion/bugfix/T5514 | John Estabrook | |
| op-mode: T5514: Allow safe reboots to config defaults when config.boot is deleted | |||
| 2024-06-19 | macsec: T5447: fix error message syntax - there is no tx and rx key, only key | Christian Breunig | |
| 2024-06-19 | op mode: T6501: add "run show kernel modules" | Daniil Baturin | |
| 2024-06-19 | op-mode: T5514: Allow safe reboots to config defaults when config.boot is ↵ | Andrew Topp | |
| deleted * Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances * Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot | |||
| 2024-06-15 | T6489: add abstraction vyos.utils.configfs to work natively with the config ↵ | Christian Breunig | |
| filesystem | |||
| 2024-06-15 | T6489: add abstraction vyos.utils.auth.get_current_user() | Christian Breunig | |
| 2024-06-15 | T6489: add vyos_configdir to the dictionary of default directories | Christian Breunig | |
| 2024-06-10 | op-mode: T6471: add optimized get_config_dict | John Estabrook | |
| 2024-06-10 | vyos.utils: T5195: import vyos.cpu to this package | Christian Breunig | |
| The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu | |||
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) |
| summaryrefslogtreecommitdiff |