summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2023-09-06Merge pull request #2199 from sarthurdev/T4309Christian Breunig
conntrack: T4309: T4903: Refactor `system conntrack ignore`, add IPv6 support and firewall groups
2023-09-06Merge pull request #2205 from sever-sever/T5489Christian Breunig
T5489: Add sysctl TCP congestion control by default to BBR
2023-09-06Merge pull request #2206 from sever-sever/T5423Christian Breunig
T5423: Fix for op-mode show vpn ike secrets
2023-09-05Merge pull request #2204 from sever-sever/T5480John Estabrook
T5480: Ability to disable SNMP for keepalived service VRRP
2023-09-05T5533: Fix for vrrp dict key if virtual-server is usedViacheslav Hletenko
When using `virtual-server` alongside Keepalived, there can be situations where the `vrrp` key is completely unused.
2023-09-05save-config: T5551: check if None before write, as is the case at bootJohn Estabrook
2023-09-05Merge branch 'netns' into currentChristian Breunig
* netns: smoketest: T5241: re-work netns assertions and provide common utility helper netns: T5241: simplify network namespace handling netns: T5241: improve get_interface_namespace() robustness netns: T5241: use common interface_exists() helper netns: T5241: provide is_netns_interface utility helper T5241: Support netns for veth and dummy interfaces
2023-09-05netns: T5241: simplify network namespace handlingChristian Breunig
2023-09-05T5423: Fix for op-mode show vpn ike secretsViacheslav Hletenko
We don't use ipsec.secrets anymore Fix op-mode for "show vpn ike secrets". Ability to get "RAW" format
2023-09-05T5489: Add sysctl TCP congestion control by default to BBRViacheslav Hletenko
Add by default sysctl TCP congestion control to BBR. Default value `cubic` is not optimal. net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr
2023-09-05T5480: Ability to disable SNMP for keepalived service VRRPViacheslav Hletenko
By default we enable `--snmp` for keepalived unit service Add ability to disable it set high-availability vrrp disable-snmp
2023-09-05Merge pull request #2184 from sever-sever/T2958Christian Breunig
T2958: Refactor DHCP-server systemd unit and lease
2023-09-05Merge pull request #2188 from nicolas-fort/T5496Christian Breunig
T5496: multiple fixes for op-mode command <show firewall>
2023-09-04T5496: Change src and|or destination wildcard for any, which still makes it ↵Nicolas Fort
easy to read, and we get uniform output for both families, and will look the same when working with inet family in the future. Fix output of geo-ip matchers. Fix output for default-action rules: display N/A for counters in base chains, since they are not available.Change from N/A to N/D for empty groups, and for groups which found no reference in config
2023-09-04T2958: Refactor DHCP-server systemd unit and leaseViacheslav Hletenko
Render isc-dhcp-server systemd unit from configuration
2023-09-04nat: T1877: Fix typo in nat ConfigErrorsarthurdev
2023-09-04conntrack: T4309: T4903: Refactor `system conntrack ignore` rule generation, ↵sarthurdev
add IPv6 support and firewall groups
2023-09-04Merge pull request #2192 from sever-sever/T5533vyos/1.5dev0zdc
T5533: Fix VRRP IPv6 group enters in FAULT state
2023-09-04T5533: Fix VRRP IPv6 group enters in FAULT stateViacheslav Hletenko
Checks if an IPv6 address on a specific network interface is in the tentative state. IPv6 tentative addresses are not fully configured and are undergoing Duplicate Address Detection (DAD) to ensure they are unique on the network. inet6 2001:db8::3/125 scope global tentative It tentative state the group enters in FAULT state. Fix it
2023-09-03Merge branch 'T5241-control-edition' of ↵Christian Breunig
https://github.com/sever-sever/vyos-1x into netns * 'T5241-control-edition' of https://github.com/sever-sever/vyos-1x: T5241: Support netns for veth and dummy interfaces
2023-09-03T5543: IGMP: fix source address handling in static joinsYuxiang Zhu
The following command expects to join source-specific multicast group 239.1.2.3 on interface eth0, where the source address is 192.0.2.1. set protocols igmp interface eth0 join 239.1.2.3 source 192.0.2.1 This command should generate FRR config: interface eth0 ip igmp ip igmp join 239.1.2.3 192.0.2.1 exit However, there is a bug in the Jinja template where `if ifaces[iface].gr_join[group]` is mostly evaluated as `false` because `iface` is a loop variable from another loop.
2023-09-01T5261: Add AWS load-balancing tunnel handlerViacheslav Hletenko
Add AWS load-balancing tunnel handler https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-integrate-linux-instances-with-aws-gateway-load-balancer/ set service aws glb script on-create '/config/scripts/tmp.sh' set service aws glb script on-destroy '/config/scripts/tmp.sh' set service aws glb status format 'simple' set service aws glb status port '8282' set service aws glb threads tunnel '4' set service aws glb threads tunnel-affinity '1-2' set service aws glb threads udp '4' set service aws glb threads udp-affinity '0-3'
2023-09-01Merge pull request #2193 from sever-sever/T5536Christian Breunig
T5536: Fix show dhcp client leases
2023-09-01T2546: re-add "monitor command" op-mode command with a new "diff" option as wellChristian Breunig
2023-09-01T5536: Fix show dhcp client leasesViacheslav Hletenko
Fix helpers was moved to vyos.utils package Fix empty new address from the lease file causes OSError: illegal IP address string passed to inet_pton
2023-08-31Merge pull request #2189 from sever-sever/T5531Christian Breunig
T5531: Containers add label option
2023-08-31Merge pull request #2190 from sarthurdev/T4782Christian Breunig
eapol: T4782: Support multiple CA chains
2023-08-31T5531: Containers add label optionViacheslav Hletenko
Ability to set labels for container set container name c1 allow-host-networks set container name c1 image 'busybox' set container name c1 label mypods value 'My label for containers'
2023-08-30T5496: add fqdn and geo-ip matchers in op-mode command <show firewall statics>Nicolas Fort
2023-08-31eapol: T4782: Support multiple CA chainssarthurdev
2023-08-29T5496: firewall op-mode: add fix for source and destination when not ↵Nicolas Fort
specified (correct ::/0 for ipv6). Also, add columns for inbound and outbound interfaces
2023-08-29T5496: firewall op-mode: add fix for firewall statics. Include groups ↵Nicolas Fort
correct reference in source/destination column
2023-08-29T5496: firewall op-mode: fix show command for group member and referencesNicolas Fort
2023-08-27Merge pull request #2176 from sarthurdev/T5080Christian Breunig
firewall: T5080: Disable conntrack unless required by rules
2023-08-27qos: T5018: Fix dependents only being set for QoS interfacessarthurdev
2023-08-26firewall: T5080: Disable conntrack unless required by rulessarthurdev
2023-08-26Merge pull request #2163 from sarthurdev/firewall_rpfilterChristian Breunig
firewall: T3509: Add support for IPv6 reverse path filtering
2023-08-25T5502: firewall: add validator for interface matcher, and allow only ↵Nicolas Fort
interface-name or interface-group
2023-08-25firewall: T3509: Add support for IPv6 return path filteringsarthurdev
2023-08-25container: T5463: Fix iteration to publish all port nodessarthurdev
2023-08-24Merge pull request #2164 from jestabro/save-configJohn Estabrook
save-config: T4292: rewrite vyatta-save-config.pl to Python
2023-08-24T5506: Add link-local IPv6 address for container interfacesViacheslav Hletenko
Fix for add IPv6 link-local address for container interfaces set container network NET01 prefix '10.0.0.0/24' set container network NET01 prefix '2001:db8:2222::/64' % ip -6 addr show scope link dev pod-NET01 17: pod-NET01: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 inet6 fe80::d89c:dfff:fe1a:8689/64 scope link
2023-08-24system: T5505: fix zebra route-map is not removed from FRRChristian Breunig
Configuring "set system ip protocol ospf|bgp route-map foo" and commit it installs the route-map into FRR. Removing the CLI configuration "delete system ip protocol" does not remove the route-map from FRR - it stays active. This commit adds the fix and appropriate smoketests extenstion.
2023-08-23save-config: T4292: rewrite vyatta-save-config.pl to PythonJohn Estabrook
2023-08-23Merge pull request #2139 from dmbaturin/T5449-mss-probingChristian Breunig
system-ip: T5449: add TCP MSS probing options
2023-08-23Merge pull request #2159 from c-po/t5491-wifiChristian Breunig
wifi: T5491: allow white-/blacklisting station MAC addresses for security
2023-08-23Merge pull request #2162 from nicolas-fort/T5472Christian Breunig
T5472: nat redirect: allow redirection without defining redirected port
2023-08-23Merge pull request #2161 from sever-sever/T5463Christian Breunig
T5463: Container allow publish listen-addresses
2023-08-23vrf: T5428: stop DHCP processes on VRf removalChristian Breunig
This is a workaround for the priority inversion from T5492 ("CLI node priority is not inversed on node deletion"). As this is a corner case bug that's only triggered if an interface is removed from a VRF and also the VRF is removed in one commit, priorities are not honored. Thus we implement this workaround which stop the DHCP(v6) client processes on the VRF associated interfaces to get out the DHCP RELEASE message before interfaces are shut down.
2023-08-23vrf: T5428: move helpers to common vyos.utils.network moduleChristian Breunig
Helper functions can and will be re-use din different code places.