summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2021-08-31ethernet: T3514: bail out early on invalid adapter speed/duplex settingChristian Poessinger
Ethernet adapters have a discrete set of available speed and duplex settings. Instead of passing every value down to ethtool and let it decide, we can do this early in the VyOS verify() function for ethernet interfaces. (cherry picked from commit 91892e431349ca0edb5e3e3023e4f340ab9b777f)
2021-08-31ssh: T3789: add custom validator for base64 encoded CLI dataChristian Poessinger
SSH keys used for remote login are supplied as base64 encoded data on the CLI. The key is not validated, thus an invalid copy/pasted key will render the login useless. This commit adds a custom and re-usable validator which check if the data is properly base64 encoded. (cherry picked from commit 00efce716912680354d47a2dca9769cd8c5c89ae)
2021-08-30tunnel: T3786: Add checks for source any and not keyViacheslav
(cherry picked from commit 5c29377fa91595088118419275f6d05b1fbfbd1d)
2021-08-30ethernet: T3787: remove deprecated UDP fragmentation offloading optionChristian Poessinger
Deprecated in the Linux Kernel by commit 08a00fea6de277df12ccfadc21 ("net: Remove references to NETIF_F_UFO from ethtool.").
2021-08-30ethernet: T3619: fix VyOS 1.2 -> 1.3 performance degradationChristian Poessinger
An analysis of the code base from VyOS 1.2 -> 1.3 -> 1.4 revealed the following "root-cause" VyOS 1.2 uses the "old" node.def file format for: * Generic Segmentation Offloading * Generic Receive Offloading So if any of the above settings is available on the configuration CLI, the node.def file will be executed - this is how it works. By default, this CLI option is not enabled in VyOS 1.2 - but the Linux Kernel enables offloading "under the hood" by default for GRO, GSO... which will boost the performance for users magically. With the rewrite in VyOS 1.3 of all the interface related code T1579, and especially T1637 this was moved to a new approach. There is now only one handler script which is called whenever a user changes something under the interfaces ethernet tree. The Full CLI configuration is assembled by get_interface_dict() - a wrapper for get_config_dict() which abstracts and works for all of our interface types - single source design. The problem now comes into play when the gathered configuration is actually written to the hardware, as there is no GSO, GRO or foo-offloading setting defined - we behave as instructed and disable the offloading. So the real bug originates from VyOS 1.2 and the old Vyatta codebase, but the recent XML Python rewrites brought that one up to light. Solution: A configuration migration script will be provided starting with VyOS 1.3 which will read in the CLI configuration of the ethernet interfaces and if not enabled, will query the adapter if offloading is supported at all, and if so, will enable the CLI nodes. One might say that this will "blow" the CLI configuration but it only represents the truth - which was masked in VyOS 1.2.
2021-08-26Merge pull request #978 from c-po/t3776-frr-restartChristian Poessinger
FRR: op-mode: T3776: rename "restart frr <daemon>" to "restart <daemon>"
2021-08-25isis: T3779: backport entire 1.4 (current) featuresetChristian Poessinger
As IS-IS is a new feature and the CLI configuration changed from 1.3 -> 1.4 (required by T3417) it makes sense to synchronize the CLI configuration for both versions. This means backporting the CLI from 1.4 -> 1.3 to not confuse the userbase already with a brand new feature. As 1.3.0-epa1 is on the way and should not contain any CLI changes afterwards, this is the perfect time.
2021-08-25frr: T3217: Abbility to save routing configsChristian Poessinger
(cherry picked from commit d9d923ea4e0bbe0cc154dc2fbdd626585b5d7449)
2021-08-25T3773: delete the original "show system integrity" commandDaniil Baturin
(cherry picked from commit 059307f924c604eb2bdeab19a2db8ce6d8e09f90)
2021-08-25op-mode: frr: T1514: add possibility to restart isis daemonChristian Poessinger
2021-08-22bridge: T3137: backport vlan features from 1.4 currentChristian Poessinger
2021-08-18isis: T3417: last byte of IS-IS network entity title must always be 0Christian Poessinger
(cherry picked from commit 19b16986515dcb58955e153025b24dc012faa574)
2021-08-15wireguard: T3756: fix generated qr code headerBoris Manojlovic
(cherry picked from commit d3ae6304a3eabcddba36452e9519ca7b56bb38af)
2021-08-14openvpn: T3738: Disable authentication option for server modeViacheslav
(cherry picked from commit 655876f4c22c0f4ea839a81f4af09d6016e19197)
2021-08-14op-mode: ipsec: T3745: "show vpn ipse sa" improve sortingChristian Poessinger
(cherry picked from commit 1229665d353a070e14ee9cceafbfdb107d669745)
2021-08-12login: T3746: inform users about pending rebootsChristian Poessinger
(cherry picked from commit 7e52a7079afb522d1456833023ad58fa8b05e880)
2021-08-12T3697: check config.exists rather than exists_effectiveDaniil Baturin
2021-08-12dns: T3744: fixed dns fwd statistics formattingFileGo
(cherry picked from commit 0f7833483c0fe4982747bbbace45a83fae793257)
2021-08-09dhcp-server: T2432: Run dhcpd in group vyattacfg to allow recreate lease filesDmitriyEshenko
2021-08-09T3695: reword the ocserv fail message.Daniil Baturin
2021-08-09openconnect: T3695: Add systemd service checker on commitDmitriyEshenko
2021-08-08ping: T3634: Fixing do not fragment to PingCheeze_It
In this commit we fix the do not fragment capability for ping commands. Sorry for messing it up earlier :( (cherry picked from commit d012c732a8902d4848e29f37fcede66a060e3c7f)
2021-08-05bgp: T548: Migrate maximum-paths to afi ipv4 maximum-pathsViacheslav
2021-08-03isis: T1316: rename Jinja2 template to match other FRR daemonsChristian Poessinger
(cherry picked from commit d77a2f56ea7e76158c07f5829397be4555473e3d)
2021-08-02Merge branch 'equuleus' of https://github.com/vyos/vyos-1x into equuleusDaniil Baturin
2021-08-02T3697: explicitly wait for the charon process to respond to strokesDaniil Baturin
2021-08-01ping: T3707: add UnicodeError exception when invalid IP address is passedChristian Poessinger
(cherry picked from commit 0d1ad777daf25ef415bf45032d41b587baf20781)
2021-07-27T3697: wait for charon to get started before trying to restart it.Daniil Baturin
2021-07-25vrf: T31: add missind import for cmd()Christian Poessinger
2021-07-25vrf: T31: ignore iproute2 errorsChristian Poessinger
Re-issuing the same iproute2 commands can lead to errors, simply ignore them and not raise a Python exception. (cherry-picked from commit 9920f7340d60b51d32bad9dbd24a907718f72837)
2021-07-25ifconfig: T2653: obey conding styleChristian Poessinger
(cherry-picked from commit 08614557b679c59495b3bf629f763f9a4cc0ed25)
2021-07-25ifconfig: backport ifconfig framework from 1.4 to support new tunnel optionsChristian Poessinger
It is easier to backport the entire vyos.ifconfig library from 1.4 instead of backporting single pieces which are required to add new feature to the tunnel interface section. In addition that both libraries are now back in sync it will become much easier to backport any other new feature introduced in VyOS 1.4!
2021-07-24openvpn: T65: Fix auth-user-pass authentication onlyYun Zheng Hu
2021-07-24T3697: fix a conditional.Daniil Baturin
2021-07-24Merge branch 'equuleus' of https://github.com/vyos/vyos-1x into equuleusDaniil Baturin
2021-07-24T3697: hopefully complete fix for checking whether IPsec should start.Daniil Baturin
2021-07-24Merge pull request #941 from yunzheng/T3682Christian Poessinger
vyos-1x-vmware: T3682: remove dhclient from ether-resume.py
2021-07-23T3697: return an empty dict when IPsec isn't fully configuredDaniil Baturin
to avoid trying to wait for a daemon that shouldn't even be running.
2021-07-23vyos-1x-vmware: T3682: remove dhclient from ether-resume.pyYun Zheng Hu
dhclient is already handled by netplug so it's removed to avoid double renewing of dhcp leases.
2021-07-23login: T3699: verify system username does not conflict with Linux base usersChristian Poessinger
2021-07-22T3697: check if strongswan should be running before attempting to restart it.Daniil Baturin
2021-07-17vxlan: T3683: bugfix on MTU calculation for IPv6 underlayChristian Poessinger
(cherry picked from commit eb8cd3af91bac01a3f7f99b362c8105d69bb3c55)
2021-07-13T3663: use inotify-based watching for the IPsec process restart.Daniil Baturin
2021-07-11vrf: T3637: bind-to-all didn't work properlyDate Huang
because of typo change from `bind_to_all` to `bind-to-all` refer: interface-definitions/vrf.xml.in (cherry picked from commit 8a78c790c1239eef533c7bbe12911aaeec4dc90f)
2021-07-02conntrack-sync: T3535: Rewrite conf and op modes to XML python styleViacheslav
2021-06-25openvpn: T3641: remove deprecated iproute optionChristian Poessinger
Executing iproute2 commands as unprivileged member of the openvpn group is now handled via a sudoers file. (cherry picked from commit 9c8facc69c09163b74bc428f1dbf8be030766758)
2021-06-25openvpn: T1704: drop deprecated disable-ncp optionChristian Poessinger
(cherry picked from commit 6b7b19c93f90839549dd668116c4da2f38cfdc66) VyOS 1.3 will ship OpenVPN 2.5.1 and thus it is the perfect timing to still remove this option before introducing it in a new LTS release.
2021-06-18ping: T3634: Adding do not fragment to Ping (#885)Cheeze-It
In this commit we add the do not fragment capability for ping commands. Co-authored-by: Cheeze_It <none@none.com> (cherry picked from commit c9dbc42bab13d70d22ca55794e4b89cac53adc86)
2021-06-13wwan: T3620: auto detect IP protocol based on requested addressesChristian Poessinger
2021-06-13wwan: T3622: add support for APN authenticationChristian Poessinger
Some APNs require a username/password. Add CLI nodes (matching the PPPoE syntax) for client authentication. One APN would be the IPv4/IPv6 APN from Deutsche Telekom (Germany) APN Name: Telekom Internet IPv6 APN: internet.v6.telekom Benutzername: telekom Passwort: tm