summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2023-04-04opennhrp: T5135: Rewritten opennhrp script using vyos.ipsecaapostoliuk
Rewritten opennhrp script using vyos.ipsec library
2023-04-03Merge pull request #1932 from sever-sever/T5125Christian Breunig
T5125: Sflow op-mode add event_samples_suppressed option
2023-04-03T5141: Add numbers for dhclient-exit-hooks.d to enforce orderViacheslav Hletenko
Add numbers for all dhclient-exit-hooks.d to enforce script order execution Also, move '99-run-user-hooks' to '98-run-user-hooks' due to vyatta-dhclient-hook bug and exit with 'exit 1' it is described in the https://vyos.dev/T4856, so we should move this hook to the end. Rename 'vyatta-dhclient-hook' to '99-vyatta-dhclient-hook'
2023-04-03T5125: Sflow op-mode add event_samples_suppressed optionViacheslav Hletenko
Add "Packet drops suppressed" option Rename "Samples drop events sent" to "Packet drops sent"
2023-04-02container: T5134: support binding container network to specific VRFChristian Breunig
Container networks now can be bound to a specific VRF instance. set vrf name <foo> table <xxx> set container network <name> vrf <foo>
2023-04-01T5125: Extend op-mode show sflow add new metricViacheslav Hletenko
Add new metric, the number of packet-drop-events sent
2023-04-01container: T4959: bugfix credential validation on registriesChristian Breunig
Commit fe82d86d ("container: T4959: add registry authentication option") looked up the wrong config dict level when validating that both username and password need to be specified when registries are in use.
2023-04-01container: T5082: switch to netavark network stackChristian Breunig
We now support assigning discrete IPv6 addresses to a container.
2023-04-01container: T5047: bugfix TypeError: argument of type 'NoneType' is not iterableChristian Breunig
Commit 52e51ffb ("container: T5047: restart only containers that changed") started to iterate over a NoneType which is invalid. This happened when a network description was changed but no container was due for restart.
2023-04-01Merge pull request #1926 from aapostoliuk/T5093-sagittaChristian Breunig
ipsec: T5093: Fixed 'reset vpn ipsec profile' command
2023-03-31http-api: T5126: allow restricting client IP addressJohn Estabrook
2023-03-31T5125: Add op-mode for sFlow based on hsflowdViacheslav Hletenko
Add op-mode for sFlow based on hsflowd "show sflow" Add machine readable format '--raw' and formatted output
2023-03-30interfaces: T5130: remove obsoleted show_interfaces.pyJohn Estabrook
2023-03-30ipsec: T5093: Fixed 'reset vpn ipsec profile' commandaapostoliuk
Fixed 'reset vpn ipsec profile' command using vici library and new op-mode style. Added ability to use 'reset vpn ipsec profile' command with 'remote-host' option.
2023-03-29configdiff: T5089: add unit testJohn Estabrook
2023-03-29configtree: T5089: sorting of nodes is now implemented on parsing configJohn Estabrook
2023-03-29Merge pull request #1915 from indrajitr/pdns-port-round2Christian Breunig
dns: T5115: Support custom port for name servers for forwarding zones
2023-03-29Merge pull request #1916 from jestabro/clear-countersChristian Breunig
interfaces: T4885: add 'clear interfaces counters' to op-mode
2023-03-29Merge pull request #1917 from indrajitr/chrony-cleanupChristian Breunig
ntp: T5118: Remove vestigial ntp completion script
2023-03-29frr: T5045: remove LimitNOFILESoftChristian Breunig
Commit cb872efb ("frr: T5045: lift LimitNOFILE 1024 -> 4096") added both LimitNOFILE and LimitNOFILESoft parameters for FRR, as "systemctl cat frr.service" showed both versions. During daemon startup systemd complains: Unknown key name 'LimitNOFILESoft' in section 'Service', ignoring. So the key got removed again.
2023-03-28ntp: T5118: Remove vestigial ntp completion scriptIndrajit Raychaudhuri
This isn't used anymore after migration from ntpd to chrony as part of T3008.
2023-03-28container: T5047: restart only containers that changedChristian Breunig
By default VyOS used to restart all containers it managed. This makes no sense as it will be service disrupting. Instead only restart the containers that had changes on the CLI beeing made.
2023-03-28container: T2216: explicitly select CNI network backendChristian Breunig
As podman is going to use netavark as new default we must explicitly select the old driver until we have migrated to netavark.
2023-03-28interfaces: T4885: add clear/reset_counters to op-mode scriptJohn Estabrook
2023-03-28dns: T5115: Support custom port for name servers for forwarding zones.Indrajit Raychaudhuri
This would allow using custom ports in name server operating on non- default port for forwarding zones. This is a follow-up to T5113 for sake of completeness and having consistent treatment of all name servers configured in PowerDNS recursor. Additionally, migrate `service dns forwarding domain example.com server` to `service dns forwarding domain foo3.com name-server` for consistency and reusability.
2023-03-27bgp: T5114: support configuring TCP keepalive messagesChristian Breunig
2023-03-27openvpn: T5051: fix hyphen/underscore error in use of typing.LiteralJohn Estabrook
2023-03-27Merge pull request #1906 from jestabro/codegenViacheslav Hletenko
graphql: T5106: extend generation of API client requests to configsession and composite requests
2023-03-27Merge pull request #1914 from indrajitr/pdns-portChristian Breunig
dns: T5113: Support custom port for name-server forwarders
2023-03-27dns: T5113: Support custom port for name-server forwardersIndrajit Raychaudhuri
Support custom port for name-server forwarders that would allow using custom ports in name server forwarders to enable forwarding to alternative name servers (unbound, stubby, dnscrypt-proxy etc.) operating on non-default port. This would also allow using DNS Over TLS in PowerDNS Recursor 4.6 onwards (pdns doesn't support certificate check for validity yet) by enabling 'dot-to-port-853'. This is set by default if compiled in with DoT support. See: https://doc.powerdns.com/recursor/settings.html#dot-to-port-853 This also partially implements T921, T2195 (DoT without certificate check). Implementation details: - In 'dns/forwarding' configuration, 'name-server' now allows optional 'port' (defaults to 53). - Instead of modifying 'name-server-ipv4-ipv6.xml.i' to add optional 'port', a new file 'name-server-ipv4-ipv6-port.xml.i' has been used to avoid impacting other places where it is reused because not all of them honor ports (mostly VPN related). - The `host:port` entries to be used by PowerDNS recursor config are normalized eagerly at the point of loading VyOS `Config` instead of doing them lazily while rendering the Jinja2 template to keep the implementation less intrusive. The alternative would entail making quite a bit of change in how 'vyos-hostsd' processes 'static' 'name_servers' entries or persists their runtime states.
2023-03-23op-mode: T5097: show interfaces should reflect cleared countersJohn Estabrook
'show interfaces counters' correctly displays counter stats after a call to 'clear interfaces counters', however, 'show interfaces detail' does not. Add missing update to counter stats.
2023-03-23Merge pull request #1901 from sever-sever/T5099Christian Breunig
T5099: IPoE-server add option next-pool for named ip pools
2023-03-23Merge pull request #1909 from sever-sever/T5108Christian Breunig
T5108: Add option rate-limit for l2tp pptp sstp ipoe raw format
2023-03-23T5108: Add option rate-limit for l2tp pptp sstp ipoe raw formatViacheslav Hletenko
There is a missing usefull option 'rate-limit' for L2TP/PPTP/SSTP/IPoE raw output format
2023-03-23ipsec: T2816: Cleanup dhcp hook file if not requiredsarthurdev
2023-03-23op-mode: T5107: raise error instead of calling exitJohn Estabrook
2023-03-22graphql: T5106: generate client ops for composite functionsJohn Estabrook
2023-03-22graphql: T5106: generate client ops for configsession functionsJohn Estabrook
2023-03-22graphql: T5106: add auth_token client opJohn Estabrook
2023-03-22T5105: Fix error message from dhcp-serverNicolas Fort
2023-03-21Merge pull request #1894 from aapostoliuk/T5043-sagittaChristian Breunig
ipsec: T5043: Rewritten and fixed 'reset vpn' commands
2023-03-21ospf: T5102: do not always redistribute babel routesChristian Breunig
2023-03-21T5099: IPoE-server add option next-pool for named ip poolsViacheslav Hletenko
In cases with multiple named IP pools, it is required the option 'next' to be sure that if IP addresses ended in one pool, then they would begin to be allocated from the next named pool. For accel-ppp it requires specific order as pool must be defined before we can use it with the 'next-option' set service ipoe-server client-ip-pool name first-pool subnet '192.0.2.0/25' set service ipoe-server client-ip-pool name first-pool next-pool 'second-pool' set service ipoe-server client-ip-pool name second-pool subnet '203.0.113.0/25' [ip-pool] 203.0.113.0/25,name=second-pool 192.0.2.0/25,name=first-pool,next=second-pool
2023-03-21Merge pull request #1889 from nicolas-fort/T5050-logViacheslav Hletenko
T5050: Firewall: Add log options
2023-03-21T5050: Firewall: Add log optionsNicolas Fort
2023-03-20Merge pull request #1896 from jestabro/raw-list-openvpnDaniil Baturin
openvpn: T5095: raw output should return list instead of dict
2023-03-17T5086: Fix sflow fix default values for serverViacheslav Hletenko
We drop default values 'port' but don't set it again per server Fix it
2023-03-16Merge pull request #1895 from sever-sever/T5091Christian Breunig
T5091: IPoE-server verify RADIUS settings
2023-03-16openvpn: T5095: raw output should return list instead of dictJohn Estabrook
2023-03-16ipsec: T5043: Rewritten and fixed 'reset vpn' commandsaapostoliuk
1. Rewritten CLI of 'reset vpn' commands. 2. Created 'reset vpn ipsec remote-access' commands to reset RA IKEv2 session. 3. Created 'reset vpn ipsec site-to-site all' command to reset all configured IPSec site-to-site peers sessions. 4. Rewritten 'reset vpn l2t|pptp|sstp' commands to new opmode style.