summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2024-09-11T6703: Adds option to configure AMD pstate driverNicolas Vollmar
2024-09-11T6294: Service dns forwarding add the ability to configure ZonetoCachekhramshinr
2024-09-11Merge pull request #4023 from nvollmar/T6679Christian Breunig
T6679: add group option for nat66
2024-09-11container: T6701: add support to disable container network DNS supportDave Vogel
Add ability to set the container network with a disable-dns setting to disable the DNS plugin that is on be default. set container network <network> no-name-server
2024-09-10Merge pull request #4038 from natali-rs1985/T6181-currentDaniil Baturin
op_mode: T6181: A feature for checking ports
2024-09-10op-mode: T6694: Move some op-mode commands in the "execute" familyNataliia Solomko
'force netns' — move to 'execute shell netns'. 'force vrf'— move to 'execute shell vrf'. 'force owping' — move to 'execute owping'. 'force twping' — move to 'execute twping'. 'monitor bandwidth-test' — move to 'execute bandwidth-test`. 'telnet' — move to 'execute telnet'
2024-09-10op_mode: T6181: A feature for checking portsNataliia Solomko
2024-09-06container: T6702: re-add missing UNIX API socketChristian Breunig
During podman upgrade and a build from the original source the UNIX socket definition for systemd got lost in translation. This commit re-adds the UNIX socket which is started on boot to interact with Podman. Example: curl --unix-socket /run/podman/podman.sock -H 'content-type: application/json' \ -sf http://localhost/containers/json
2024-09-04openfabric: T6652: Add support for OpenFabric protocolNataliia Solomko
OpenFabric is a routing protocol providing link-state routing with efficient flooding for topologies like spine-leaf networks. FRR implements OpenFabric in a daemon called fabricd
2024-09-02T6679: add destination groupsNicolas Vollmar
2024-08-25configd: T6671: track scripts proposed and scripts calledJohn Estabrook
2024-08-24dhclient: T6667: Added workaround for communication with FRRzsdc
To increase the chance for dhclient to configure routes in FRR, added a workaround. Now 10 attempts are performed with 1 second delay and only after this dhclient gives up.
2024-08-22T6561: Add vrf aware for show ntpViacheslav Hletenko
2024-08-21T6672: Fix system option ssh-client source-interfaceViacheslav Hletenko
Fix for system option ssh-client source-interface For the `verify_source_interface` the key `ifname` if required
2024-08-20Merge pull request #3975 from lucasec/t6183Christian Breunig
T6183: interfaces openvpn: suppport specifying IP protocol version
2024-08-20Merge pull request #3977 from natali-rs1985/T5743-currentChristian Breunig
T5743: HTTPS API ability to import PKI certificates
2024-08-18op_mode: T3961: Generate PKI expect 2 character country codeNataliia Solomko
2024-08-16Merge pull request #3987 from natali-rs1985/T6649-currentDaniil Baturin
ipoe_server: T6649: Accel-ppp separate vlan-mon from listen interfaces
2024-08-15T6649: Accel-ppp separate vlan-mon from listen interfacesNataliia Solomko
2024-08-14op_mode: T6651: Add a top level op mode word "execute"Nataliia Solomko
2024-08-13T6183: interfaces openvpn: suppport specifying IP protocol versionLucas Christian
2024-08-13T5743: HTTPS API ability to import PKI certificatesNataliia Solomko
2024-08-12suricata: T6624: Fix for service suricata address-groups cannot be used in ↵Nataliia Solomko
each other
2024-08-12T6648: dhcpv6-server: align stateless DHCPv6 options with statefulLucas Christian
2024-08-12configd: T6633: inject missing env vars for configfs utilityJohn Estabrook
2024-08-12configverify: T6642: verify_interface_exists requires config_dict argJohn Estabrook
The function verify_interface_exists requires a reference to the ambient config_dict rather than creating an instance. As access is required to the 'interfaces' path, provide as attribute of class ConfigDict, so as not to confuse path searches of script-specific config_dict instances.
2024-08-08qos: T6638: require interface state existence in verify conditionalJohn Estabrook
2024-08-07configd: T6640: enforce in_session returns False under configdJohn Estabrook
The CStore in_session check is a false positive outside of a config session if a specific environment variable is set with an existing referent in unionfs. To allow extensions when running under configd and avoid confusion, enforce in_session returns False.
2024-08-05sysctl: T3204: restore sysctl setttings overwritten by tunedChristian Breunig
2024-08-05Merge branch 'current' into feature/T4694/gre-match-fieldsChristian Breunig
2024-08-05Merge pull request #3920 from fett0/T6555Christian Breunig
OPENVPN: T6555: add server-bridge options in mode server
2024-08-05Merge pull request #3939 from c-po/unused-importsChristian Breunig
T5873: T6619: remove unused imports
2024-08-04firewall: T4694: Adding GRE flags & fields matches to firewall rulesAndrew Topp
* Only matching flags and fields used by modern RFC2890 "extended GRE" - this is backwards-compatible, but does not match all possible flags. * There are no nftables helpers for the GRE key field, which is critical to match individual tunnel sessions (more detail in the forum post) * nft expression syntax is not flexible enough for multiple field matches in a single rule and the key offset changes depending on flags. * Thus, clumsy compromise in requiring an explicit match on the "checksum" flag if a key is present, so we know where key will be. In most cases, nobody uses the checksum, but assuming it to be off or automatically adding a "not checksum" match unless told otherwise would be confusing * The automatic "flags key" check when specifying a key doesn't have similar validation, I added it first and it makes sense. I would still like to find a workaround to the "checksum" offset problem. * If we could add 2 rules from 1 config definition, we could match both cases with appropriate offsets, but this would break existing FW generation logic, logging, etc. * Added a "test_gre_match" smoketest
2024-08-04Merge pull request #3901 from nicolas-fort/T4072-extend-bridge-fwallChristian Breunig
T4072: firewall extend bridge firewall
2024-08-04ipsec: T5873: remove unused importsChristian Breunig
2024-08-04multicast: T6619: remove unused importsChristian Breunig
2024-08-02Merge pull request #3933 from jestabro/add-missing-standard-funcDaniil Baturin
T6632: add missing standard functions to config scripts
2024-08-02Merge pull request #3932 from jestabro/check-kmod-under-configdDaniil Baturin
T6629: call check_kmod within a standard config function
2024-08-02T6619: Remove the remaining uses of per-protocol FRR configs (#3916)Roman Khramshin
2024-08-02T6486: generate OpenVPN use data-ciphers instead of ncp-ciphers (#3930)Viacheslav Hletenko
In the PR https://github.com/vyos/vyos-1x/pull/3823 the ncp-ciphers were replaced with `data-ciphers` fix template for "generate openvpn client-config"
2024-08-02OPENVPN: T6555: fix name to bridgefett0
2024-08-02T6632: add missing standard functions to config scriptsJohn Estabrook
2024-08-02OPENVPN: T6555: fix name to bridgefett0
2024-08-02T6629: call check_kmod within a standard config functionJohn Estabrook
Move the remaining calls to check_kmod within a standard function, with placement determined by the needs of the config script.
2024-08-02Merge pull request #3927 from jestabro/nat64-check-kmodDaniil Baturin
nat64: T6627: call check_kmod within standard config function
2024-08-02nat64: T6627: call check_kmod within standard config functionJohn Estabrook
Functions called from config scripts outside of the standard functions get_config/verify/generate/apply will not be called when run under configd. Move as appropriate for the general config script structure and the specific script requirements.
2024-08-02T4072: change same helpers in xml definitions; add notrack action for ↵Nicolas Fort
prerouting chain; re introduce <set vrf> in policy; change global options for passing traffic to IPvX firewall; update smoketest
2024-08-01Merge pull request #3923 from c-po/console-T3334Christian Breunig
console: T3334: remove unused directories imported from vyos.defaults
2024-08-01T6570: firewall: add global-option to configure sysctl parameter for ↵Nicolas Fort
enabling/disabling sending traffic from bridge layer to ipvX layer
2024-08-01T4072: firewall: improve error handling when firewall configuration is ↵Nicolas Fort
wrong. Use nft -c option to check temporary file, and use output provided by nftables to parse the error if possible, or print it as it is if it's an unknown error