VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=mergify%2Fbp%2Fcircinus%2Fpr-3763 2024-07-30T12:21:51+00:00 2024-07-30T12:21:51+00:00 aapostoliuk 108394744+aapostoliuk@users.noreply.github.com 2024-07-28T12:54:08+00:00 urn:sha1:9be079ac855b20622240c0e577c7f5db9d075798 Strongswan does not initiate session after termination via vici. Added an CHILD SAs initialization on the initiator side of the tunnel. (cherry picked from commit 8838b29180ccc26d2aca0c22c9c8ca5e274825b2) 2024-07-26T09:36:35+00:00 Nataliia S 81954790+natali-rs1985@users.noreply.github.com 2024-07-08T15:51:40+00:00 urn:sha1:ce5460f0380a60eb07f70dfed29d1b011636448a (cherry picked from commit 115e99630a317cab62c6f99e0461f6ce2c1edaf3) 2024-07-24T23:52:14+00:00 Christian Breunig christian@breunig.cc 2024-07-24T09:19:16+00:00 urn:sha1:28fedd4e76bbea2b174159ee7b67ddda5e952ab5 Now that interfaces are deleted from ct_iface_map during deletion it's time to also add a smoketest ensuring there is no entry in the ct_iface_map once an interface was deleted from the CLI. (cherry picked from commit 1c42ee9d16dd49fff2cbde652bf24a38f364526c) 2024-07-24T23:52:13+00:00 Christian Breunig christian@breunig.cc 2024-07-23T17:03:07+00:00 urn:sha1:92740091d793114504feeacc210360220cae9e08 We always have had stale interface entries in the ct_iface_map of nftables/ conntrack for any interface that once belonged to a VRF. This commit will always clean the nftables interface map when the interface is deleted from the system. (cherry picked from commit 17c12bde5c6f314311e7524842fd1ddc254009b4) 2024-07-24T08:52:53+00:00 Nataliia Solomko natalirs1985@gmail.com 2024-07-24T08:11:33+00:00 urn:sha1:6a1fe37abb441203c02315a5930060bbaeb4a49e (cherry picked from commit 92461c35c7ef131940c885aca894a2d8b3c89592) 2024-07-22T19:57:10+00:00 Christian Breunig christian@breunig.cc 2024-07-19T11:48:47+00:00 urn:sha1:3512c7081beb8befa8d4b33f6be01c2c9c7e9be8 (cherry picked from commit 11b273108d78ab1588be3c077f40b2ac876369a4) 2024-07-20T14:21:20+00:00 Christian Breunig christian@breunig.cc 2024-07-20T08:35:44+00:00 urn:sha1:1b3350788ceeace52e2d693a18d92d82464220c0 To reproduce: set vrf name mgmt table '150' set vrf name no-mgmt table '151' set interfaces ethernet eth2 vrf 'mgmt' commit set interfaces ethernet eth2 vrf no-mgmt commit This resulted in an error while interacting with nftables: [Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 } The reason is that the old mapping entry still exists and was not removed. This commit adds a new utility function get_vrf_tableid() and compares the current and new VRF table IDs assigned to an interface. If the IDs do not match, the nftables ct_iface_map entry is removed before the new entry is added. (cherry picked from commit 452068ce78581bb6fba2df4dba197e95b9aeb33d) 2024-07-17T13:04:08+00:00 John Estabrook jestabro@vyos.io 2024-07-14T21:31:58+00:00 urn:sha1:70dbc0109282576875e20503a36c99da1073f3b4 (cherry picked from commit 52d08b1ec5b2943744daac7123e35fd415f85db2) 2024-07-17T13:04:07+00:00 John Estabrook jestabro@vyos.io 2024-07-14T21:29:18+00:00 urn:sha1:71f4d7c721d4b9ebfd005e8429f1d6f5c907a5ff (cherry picked from commit 7249d10f1fbb3f90a4bdbcd0223926d0380ddd3a) 2024-06-26T14:35:54+00:00 Christian Breunig christian@breunig.cc 2024-06-26T13:35:10+00:00 urn:sha1:ec6bfeadbcfd838b43f49c6996430b8370caecc4 During a corner case where the configuration is migrated to a different system with fewer ethernet interfaces, migration will fail during an image upgrade. vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an exception that kills the migrator (cherry picked from commit e47d4fd385631236da6882233b09f6364cbb077b)