VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=current-merge-commit-handling 2024-08-09T14:03:21+00:00 2024-08-09T14:03:21+00:00 Nicolas Fort nicolasfort1988@gmail.com 2024-08-09T14:03:21+00:00 urn:sha1:ff58f3e5f30d3775487a6a3b561863aa37d11d43 2024-08-08T16:26:35+00:00 John Estabrook jestabro@vyos.io 2024-08-08T16:24:00+00:00 urn:sha1:ed63c9d1896a218715e13e1799fc059f4561f75e 2024-08-07T13:28:56+00:00 John Estabrook jestabro@vyos.io 2024-08-07T01:21:12+00:00 urn:sha1:6543f444c42ff45e8115366256643186bf1dd567 The CStore in_session check is a false positive outside of a config session if a specific environment variable is set with an existing referent in unionfs. To allow extensions when running under configd and avoid confusion, enforce in_session returns False. 2024-08-04T07:52:57+00:00 Andrew Topp andrewt@telekinetica.net 2024-08-04T07:52:57+00:00 urn:sha1:60b0614296874c144665417130d4881461114db0 * Only matching flags and fields used by modern RFC2890 "extended GRE" - this is backwards-compatible, but does not match all possible flags. * There are no nftables helpers for the GRE key field, which is critical to match individual tunnel sessions (more detail in the forum post) * nft expression syntax is not flexible enough for multiple field matches in a single rule and the key offset changes depending on flags. * Thus, clumsy compromise in requiring an explicit match on the "checksum" flag if a key is present, so we know where key will be. In most cases, nobody uses the checksum, but assuming it to be off or automatically adding a "not checksum" match unless told otherwise would be confusing * The automatic "flags key" check when specifying a key doesn't have similar validation, I added it first and it makes sense. I would still like to find a workaround to the "checksum" offset problem. * If we could add 2 rules from 1 config definition, we could match both cases with appropriate offsets, but this would break existing FW generation logic, logging, etc. * Added a "test_gre_match" smoketest 2024-08-01T16:25:31+00:00 Nicolas Fort nicolasfort1988@gmail.com 2024-07-24T14:08:19+00:00 urn:sha1:20551379e8e2b4b6e342b39ea67738876e559bbf 2024-08-01T11:08:36+00:00 Christian Breunig christian@breunig.cc 2024-08-01T11:08:36+00:00 urn:sha1:962ead698e191ff413aaa1585270dfed48100547 T5873: ipsec remote access VPN: support VTI interfaces. 2024-07-30T13:51:47+00:00 Christian Breunig christian@breunig.cc 2024-07-30T13:51:47+00:00 urn:sha1:33f2fd5028108d905864f3bd12e740a53b23c5c9 system: op-mode: T3334: allow delayed getty restart when configuring serial ports 2024-07-30T13:50:45+00:00 Christian Breunig christian@breunig.cc 2024-07-30T13:50:45+00:00 urn:sha1:b3b31153963cc4338e8229f9f94b339682dd73a0 Make it more obvious for the user aber the severity of his action. 2024-07-30T13:50:38+00:00 Andrew Topp andrewt@telekinetica.net 2024-07-08T13:58:25+00:00 urn:sha1:bc9049ebd76576d727fa87b10b96d1616950237c * Created op-mode command "restart serial console" * Relocated service control to vyos.utils.serial helpers, used by conf- and op-mode serial console handling * Checking for logged-in serial sessions that may be affected by getty reconfig * Warning the user when changes are committed and serial sessions are active, otherwise restart services as normal. No prompts issued during commit, all config gen/commit steps still occur except for the service restarts (everything remains consistent) * To apply committed changes, user will need to run "restart serial console" to complete the process or reboot the whole router * Added additional flags and target filtering for generic use of helpers. 2024-07-30T06:07:29+00:00 Christian Breunig christian@breunig.cc 2024-07-30T06:07:29+00:00 urn:sha1:9b99a01653e3315b1abc9ef98824ca71bd283047 Commit 452068ce78 ("interfaces: T6592: moving an interface between VRF instances failed") added a similar but more detailed implementation of get_vrf_table_id() that was added in commit adeac78ed of this PR. Move to the common available implementation.