summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2024-05-16T6351: CGNAT add verification if the pool existsViacheslav Hletenko
Add verification if the external/internal pools are exists before we can use them in the source and translation rules
2024-05-16T6347: CGNAT fix error if pool contain dashes in the nameViacheslav Hletenko
2024-05-16T6335: Add/Update EVPN op commandsl0crian1
Converted completion helpers from python to bash for performance Previous commit: Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac
2024-05-15T6335: Add/Update EVPN op commandsl0crian1
Added the following commands: show evpn show evpn es show evpn es <es-id> show evpn es detail show evpn es-evi show evpn es-evi detail show evpn es-evi vni <num> show evpn vni show evpn vni detail show evpn vni <num> Updated the following commands: show evpn access-vlan show evpn arp-cache show evpn mac show evpn next-hops show evpn rmac
2024-05-15T3900: add support for raw table in firewall.Nicolas Fort
2024-05-15op mode: T6339: display build flavor and comment in "show version"Daniil Baturin
2024-05-14T3420: Remove service upnpViacheslav Hletenko
Remove `service upnp` as it never worked as expected, nft rules do not integrated and custom patches do not seem like a suitable solution for now. Security: UPnP has been historically associated with security risks due to its automatic and potentially unauthenticated nature. UPnP devices might be vulnerable to unauthorized access or exploitation.
2024-05-12Merge pull request #3447 from c-po/evpn-uplink-t6306Daniil Baturin
ethernet: T6306: add support for EVPN MH uplink/core tracking
2024-05-12suricata: T751: Initial support for suricataMaxime THIEBAUT
2024-05-12Merge pull request #3442 from nicolas-fort/T6329Christian Breunig
T6329: firewall: add a patch for op-mode command <show firewall group>
2024-05-12T6329: firewall: use isinstance() in op-mode scriptChristian Breunig
2024-05-11ethernet: T6306: add support for EVPN MH uplink/core trackingChristian Breunig
When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE. A link can be setup for uplink tracking via the following configuration: set interfaces ethernet eth0 evpn uplink
2024-05-10image-tools: T6176: use console_hint as defaultJohn Estabrook
2024-05-10image-tools: T6176: add console hint during image installJohn Estabrook
2024-05-10image-tools: T6184: add op-mode set boot-consoleJohn Estabrook
2024-05-10image-tools: T6327: drop boot console type ttyUSBJohn Estabrook
2024-05-10T6329: firewall: add a patch for op-mode command <show firewall group>Nicolas Fort
2024-05-10Merge pull request #3410 from fett0/T6303Christian Breunig
Bond: T6303: add system mac address on interfaces bond
2024-05-10bond: T6303: system-mac is not allowed to be a multicast MAC addressChristian Breunig
2024-05-08bridge: T6317: add dependency call for wireless interfacesChristian Breunig
2024-05-08bridge: T6317: call dependency when deleting bridge memberChristian Breunig
2024-05-07Merge pull request #3422 from HollyGurza/T6082Christian Breunig
bgp: T6082: Allow the same local-as and remote-as in one peer group
2024-05-07op-mode: T6284: IPoE-server op-mode does not show IPv6 address fieldNataliia Solomko
2024-05-07bgp: T6082: Allow the same local-as and remote-as in one peer groupkhramshinr
2024-05-04op-mode: T6291: add LACP related commandsl0crian1
show interfaces bonding lacp detail show interfaces bonding <bondif> lacp detail show interfaces bonding <bondif> lacp neighbors Co-authored-by: l0crian1 <ryan.claridge13@gmail.com>
2024-05-02qos: T6225: Fix qos random-detect policykhramshinr
Fix default values for random-detect Remove dsmakr qdisc from gred cofig because dsmark was deleted from kernel
2024-05-02Merge pull request #3307 from Giggum/vyos-1x-T4909Christian Breunig
ntp: T4909 rewrite NTP op mode in the new format
2024-05-01pppoe-server: T6234: fix permissions on migration scriptJohn Estabrook
2024-05-01Merge pull request #3392 from c-po/bgp-evpn-T6189Christian Breunig
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF
2024-05-01bgp: T6189: explicitly call vtysh to remove VRF L3VNI configurationChristian Breunig
After e7bb65894 ("vrf: T6189: render FRR L3VNI configuration when creating VRF instance") we need to ensure that the VRF L3VNI configuration is removed in FRR prior to removing the BGP VRF instance. The reason is [1] where FRR only allows VRF BGP instance to be removed when there is NO VNI configured anymore. 1: https://github.com/FRRouting/frr/blob/064c3494527b9e84260410006768ed38e57e1de7/bgpd/bgp_vty.c#L1646-L1650
2024-05-01vrf: T6189: render FRR L3VNI configuration when creating VRF instanceChristian Breunig
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place.
2024-05-01Merge pull request #3364 from natali-rs1985/T6234-currentDaniil Baturin
pppoe-server: T6234: PPPoE-server pado-delay refactoring
2024-05-01Merge pull request #3384 from sever-sever/T6287Daniil Baturin
T6287: Config-sync add the ability to configure API port
2024-05-01T6056: Change static-host-mapping shold not restart snmpdViacheslav Hletenko
We have several config XML definitions that use the same python3 script `system_host-name.py` https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_name-server.xml.in https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_host-name.xml.in https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_static-host-mapping.xml.in https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_domain-name.xml.in https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_domain-search.xml.in Any change in these scripts calls to restart the `service snmpd` The service `snmpd` should be restarted only if `host-name` or `domain-name` was changed. It is a good idea to rewrite it to `get_config_dict` in the future.
2024-05-01Merge pull request #3369 from sarthurdev/T6257Christian Breunig
firewall: T6257: Show member information for dynamic groups in op-mode
2024-05-01T6287: Config-sync add the ability to configure API portViacheslav Hletenko
Add the ability to configure the API port if the API on the secondary server works on a non-default port. The primary node will connect to configured port for config-sync ``` set service config-sync secondary address '192.0.2.11' set service config-sync secondary port '8443' ```
2024-04-30Merge pull request #3368 from sever-sever/T6267Christian Breunig
T6267: Check interface wireless module before apply config
2024-04-30Merge pull request #3371 from Embezzle/T4982Christian Breunig
openconnect: T4982: Support defining minimum TLS version in openconnect VPN
2024-04-30T6267: Check interface wireless module before apply configViacheslav Hletenko
Check if the wireless device/modem exists in the system and the module `ieee802111` was loaded In cases where we do not have wireless devices, it prevents the unexpected traceback ``` set interfaces wireless wlan0 address 192.0.2.5/32 commit Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/interfaces_wireless.py", line 269, in <modu> c = get_config() ^^^^^^^^^^^^ File "/usr/libexec/vyos/conf_mode/interfaces_wireless.py", line 104, in get_cg tmp = find_other_stations(conf, base, wifi['ifname']) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/libexec/vyos/conf_mode/interfaces_wireless.py", line 54, in find_os for phy in os.listdir('/sys/class/ieee80211'): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ FileNotFoundError: [Errno 2] No such file or directory: '/sys/class/ieee80211' ```
2024-04-29openconnect: T4982: Support defining minimum TLS version in openconnect VPNAlex W
2024-04-29T6272: Changed interface existence verification in pppoe/ipoe to Warningaapostoliuk
Throwing Warning message instead of Error if interface which is used in pppoe/ipoe does not exist.
2024-04-28configdep: T6276: do not call dependencies on script errorJohn Estabrook
2024-04-26firewall: T6257: Show member information for dynamic groups in op-modesarthurdev
2024-04-25Merge pull request #3363 from sever-sever/T6263Christian Breunig
T6263: Groups 224.0.0.0/24 are reserved and cannot be joined
2024-04-25Merge pull request #3316 from HollyGurza/T4248Daniil Baturin
qos: T4248: Allow to remove the only rule from the qos class
2024-04-25pppoe-server: T6234: PPPoE-server pado-delay refactoringNataliia Solomko
2024-04-25T6263: Groups 224.0.0.0/24 are reserved and cannot be joinedViacheslav Hletenko
The join addresses within the multicast group 224.0.0.0/24 are reserved and cannot be joined FRR ``` r4(config)# interface eth2 r4(config-if)# ip igmp join 224.0.0.0 224.0.0.10 % Configuration failed. Error type: validation Error description: Groups within 224.0.0.0/24 are reserved and cannot be joined r4(config-if)# ``` Add verify check
2024-04-24T5833: Not all AFIs compatible with VRF add verify checkViacheslav Hletenko
Not all FRR address-families compatibe with VRF ``` r4# conf t r4(config)# router bgp 65001 vrf bgp r4(config-router)# r4(config-router)# address-family ipv4 flowspec Only Unicast/Multicast/EVPN SAFIs supported in non-core instances. r4(config-router)# r4(config-router)# address-family ipv4 labeled-unicast Only Unicast/Multicast/EVPN SAFIs supported in non-core instances. r4(config-router)# r4(config-router)# address-family ipv4 vpn Only Unicast/Multicast/EVPN SAFIs supported in non-core instances. r4(config-router)# ``` Add verify AFI for VRF
2024-04-24Merge pull request #3345 from Embezzle/T6259Daniil Baturin
PKI: T6259: Support RFC822 names in certificate generation
2024-04-23Merge pull request #3354 from sever-sever/T6217Christian Breunig
T6217: Conntrack-sync change the actual name of the script