diff options
| -rw-r--r-- | interface-definitions/include/firewall/common-rule-bridge.xml.i | 7 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/common-rule-inet.xml.i | 7 | ||||
| -rw-r--r-- | interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i | 7 | ||||
| -rw-r--r-- | interface-definitions/interfaces_wireless.xml.in | 8 | ||||
| -rw-r--r-- | interface-definitions/system_option.xml.in | 6 | ||||
| -rw-r--r-- | python/vyos/firewall.py | 4 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_firewall.py | 4 | ||||
| -rwxr-xr-x | src/conf_mode/system_option.py | 2 | ||||
| -rwxr-xr-x | src/init/vyos-router | 4 | ||||
| -rwxr-xr-x | src/services/vyos-http-api-server | 3 |
10 files changed, 25 insertions, 27 deletions
diff --git a/interface-definitions/include/firewall/common-rule-bridge.xml.i b/interface-definitions/include/firewall/common-rule-bridge.xml.i index 6de770c79..dcdd970ac 100644 --- a/interface-definitions/include/firewall/common-rule-bridge.xml.i +++ b/interface-definitions/include/firewall/common-rule-bridge.xml.i @@ -9,12 +9,7 @@ #include <include/firewall/mac-address.xml.i> </children> </node> -<leafNode name="disable"> - <properties> - <help>Option to disable firewall rule</help> - <valueless/> - </properties> -</leafNode> +#include <include/generic-disable-node.xml.i> <leafNode name="jump-target"> <properties> <help>Set jump target. Action jump must be defined to use this setting</help> diff --git a/interface-definitions/include/firewall/common-rule-inet.xml.i b/interface-definitions/include/firewall/common-rule-inet.xml.i index 85189d975..bef1c3da5 100644 --- a/interface-definitions/include/firewall/common-rule-inet.xml.i +++ b/interface-definitions/include/firewall/common-rule-inet.xml.i @@ -7,12 +7,7 @@ #include <include/firewall/connection-mark.xml.i> #include <include/firewall/conntrack-helper.xml.i> #include <include/firewall/nft-queue.xml.i> -<leafNode name="disable"> - <properties> - <help>Option to disable firewall rule</help> - <valueless/> - </properties> -</leafNode> +#include <include/generic-disable-node.xml.i> <node name="fragment"> <properties> <help>IP fragment match</help> diff --git a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i index 0d749aa27..e7468bfba 100644 --- a/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i +++ b/interface-definitions/include/firewall/common-rule-ipv4-raw.xml.i @@ -18,12 +18,7 @@ #include <include/firewall/source-destination-group.xml.i> </children> </node> -<leafNode name="disable"> - <properties> - <help>Option to disable firewall rule</help> - <valueless/> - </properties> -</leafNode> +#include <include/generic-disable-node.xml.i> <node name="fragment"> <properties> <help>IP fragment match</help> diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in index b5da0a556..458f7ebb3 100644 --- a/interface-definitions/interfaces_wireless.xml.in +++ b/interface-definitions/interfaces_wireless.xml.in @@ -455,14 +455,18 @@ <properties> <help>Indicate country in which device is operating</help> <completionHelp> - <list>us eu jp de uk cn es fr ru</list> + <list>00 ad ae af ai al am an ar as at au aw az ba bb bd be bf bg bh bl bm bn bo br bs bt by bz ca cf ch ci cl cn co cr cu cx cy cz de dk dm do dz ec ee eg es et fi fm fr gb gd ge gf gh gl gp gr gt gu gy hk hn hr ht hu id ie il in ir is it jm jo jp ke kh kn kp kr kw ky kz lb lc li lk ls lt lu lv ma mc md me mf mh mk mn mo mp mq mr mt mu mv mw mx my ng ni nl no np nz om pa pe pf pg ph pk pl pm pr pt pw py qa re ro rs ru rw sa se sg si sk sn sr sv sy tc td tg th tn tr tt tw tz ua ug us uy uz vc ve vi vn vu wf ws ye yt za zw</list> </completionHelp> <valueHelp> + <format>00</format> + <description>World regulatory domain</description> + </valueHelp> + <valueHelp> <format>txt</format> <description>ISO/IEC 3166-1 Country Code</description> </valueHelp> <constraint> - <regex>[a-z][a-z]</regex> + <regex>(00|ad|ae|af|ai|al|am|an|ar|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bl|bm|bn|bo|br|bs|bt|by|bz|ca|cf|ch|ci|cl|cn|co|cr|cu|cx|cy|cz|de|dk|dm|do|dz|ec|ee|eg|es|et|fi|fm|fr|gb|gd|ge|gf|gh|gl|gp|gr|gt|gu|gy|hk|hn|hr|ht|hu|id|ie|il|in|ir|is|it|jm|jo|jp|ke|kh|kn|kp|kr|kw|ky|kz|lb|lc|li|lk|ls|lt|lu|lv|ma|mc|md|me|mf|mh|mk|mn|mo|mp|mq|mr|mt|mu|mv|mw|mx|my|ng|ni|nl|no|np|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pr|pt|pw|py|qa|re|ro|rs|ru|rw|sa|se|sg|si|sk|sn|sr|sv|sy|tc|td|tg|th|tn|tr|tt|tw|tz|ua|ug|us|uy|uz|vc|ve|vi|vn|vu|wf|ws|ye|yt|za|zw)</regex> </constraint> <constraintErrorMessage>Invalid ISO/IEC 3166-1 Country Code</constraintErrorMessage> </properties> diff --git a/interface-definitions/system_option.xml.in b/interface-definitions/system_option.xml.in index 602d7d100..fe517d17d 100644 --- a/interface-definitions/system_option.xml.in +++ b/interface-definitions/system_option.xml.in @@ -43,6 +43,12 @@ <valueless/> </properties> </leafNode> + <leafNode name="disable-power-saving"> + <properties> + <help>Disable CPU power saving mechanisms also known as C states</help> + <valueless/> + </properties> + </leafNode> </children> </node> <leafNode name="keyboard-layout"> diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 49e095946..e70b4f0d9 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -136,10 +136,10 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name): if 'connection_status' in rule_conf and rule_conf['connection_status']: status = rule_conf['connection_status'] if status['nat'] == 'destination': - nat_status = '{dnat}' + nat_status = 'dnat' output.append(f'ct status {nat_status}') if status['nat'] == 'source': - nat_status = '{snat}' + nat_status = 'snat' output.append(f'ct status {nat_status}') if 'protocol' in rule_conf and rule_conf['protocol'] != 'all': diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py index be5960bbd..9e8473fa4 100755 --- a/smoketest/scripts/cli/test_firewall.py +++ b/smoketest/scripts/cli/test_firewall.py @@ -629,8 +629,8 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase): nftables_search = [ ['ct state { established, related }', 'accept'], ['ct state invalid', 'reject'], - ['ct state new', 'ct status == dnat', 'accept'], - ['ct state { established, new }', 'ct status == snat', 'accept'], + ['ct state new', 'ct status dnat', 'accept'], + ['ct state { established, new }', 'ct status snat', 'accept'], ['ct state related', 'ct helper { "ftp", "pptp" }', 'accept'], ['drop', f'comment "{name} default-action drop"'], ['jump VYOS_STATE_POLICY'], diff --git a/src/conf_mode/system_option.py b/src/conf_mode/system_option.py index 3b5b67437..7ed451e16 100755 --- a/src/conf_mode/system_option.py +++ b/src/conf_mode/system_option.py @@ -92,6 +92,8 @@ def generate(options): if 'kernel' in options: if 'disable_mitigations' in options['kernel']: cmdline_options.append('mitigations=off') + if 'disable_power_saving' in options['kernel']: + cmdline_options.append('intel_idle.max_cstate=0 processor.max_cstate=1') grub_util.update_kernel_cmdline_options(' '.join(cmdline_options)) return None diff --git a/src/init/vyos-router b/src/init/vyos-router index eac3e7e47..912a9ef3b 100755 --- a/src/init/vyos-router +++ b/src/init/vyos-router @@ -218,8 +218,8 @@ cleanup_post_commit_hooks () { # note that this approach only supports hooks that are "configured", # i.e., it does not support hooks that need to always be present. cpostdir=$(cli-shell-api getPostCommitHookDir) - # exclude commits hooks from vyatta-cfg - excluded="10vyatta-log-commit.pl 99vyos-user-postcommit-hooks" + # exclude commit hooks that need to always be present + excluded="00vyos-sync 10vyatta-log-commit.pl 99vyos-user-postcommit-hooks" if [ -d "$cpostdir" ]; then for f in $cpostdir/*; do if [[ ! $excluded =~ $(basename $f) ]]; then diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server index 40d442e30..a7b14a1a3 100755 --- a/src/services/vyos-http-api-server +++ b/src/services/vyos-http-api-server @@ -459,7 +459,6 @@ def _configure_op(data: Union[ConfigureModel, ConfigureListModel, request: Request, background_tasks: BackgroundTasks): session = app.state.vyos_session env = session.get_session_env() - config = Config(session_env=env) endpoint = request.url.path @@ -474,6 +473,8 @@ def _configure_op(data: Union[ConfigureModel, ConfigureListModel, # so the lock is really global lock.acquire() + config = Config(session_env=env) + status = 200 msg = None error_msg = None |