6 files changed, 77 insertions, 15 deletions

diff --git a/src/conf_mode/interfaces_ethernet.py b/src/conf_mode/interfaces_ethernet.py
index 41efdb03c..6da7e6a69 100755
--- a/src/conf_mode/interfaces_ethernet.py
+++ b/src/conf_mode/interfaces_ethernet.py
@@ -152,6 +152,19 @@ def get_config(config=None):
     base = ['interfaces', 'ethernet']
     ifname, ethernet = get_interface_dict(conf, base, with_pki=True)
 
+    # T5862 - default MTU is not acceptable in some environments
+    # There are cloud environments available where the maximum supported
+    # ethernet MTU is e.g. 1450 bytes, thus we clamp this to the adapters
+    # maximum MTU value or 1500 bytes - whatever is lower
+    if 'mtu' not in ethernet:
+        try:
+            ethernet['mtu'] = '1500'
+            max_mtu = EthernetIf(ifname).get_max_mtu()
+            if max_mtu < int(ethernet['mtu']):
+                ethernet['mtu'] = str(max_mtu)
+        except:
+            pass
+
     if 'is_bond_member' in ethernet:
         update_bond_options(conf, ethernet)
 
diff --git a/src/conf_mode/service_dhcp-server.py b/src/conf_mode/service_dhcp-server.py
index 3b9198ed0..e89448e2d 100755
--- a/src/conf_mode/service_dhcp-server.py
+++ b/src/conf_mode/service_dhcp-server.py
@@ -16,6 +16,7 @@
 
 import os
 
+from glob import glob
 from ipaddress import ip_address
 from ipaddress import ip_network
 from netaddr import IPRange
@@ -28,6 +29,7 @@ from vyos.template import render
 from vyos.utils.dict import dict_search
 from vyos.utils.dict import dict_search_args
 from vyos.utils.file import chmod_775
+from vyos.utils.file import chown
 from vyos.utils.file import makedir
 from vyos.utils.file import write_file
 from vyos.utils.process import call
@@ -42,6 +44,7 @@ ctrl_config_file = '/run/kea/kea-ctrl-agent.conf'
 ctrl_socket = '/run/kea/dhcp4-ctrl-socket'
 config_file = '/run/kea/kea-dhcp4.conf'
 lease_file = '/config/dhcp/dhcp4-leases.csv'
+lease_file_glob = '/config/dhcp/dhcp4-leases*'
 systemd_override = r'/run/systemd/system/kea-ctrl-agent.service.d/10-override.conf'
 user_group = '_kea'
 
@@ -354,6 +357,10 @@ def generate(dhcp):
         makedir(lease_dir, group='vyattacfg')
         chmod_775(lease_dir)
 
+    # Ensure correct permissions on lease files + backups
+    for file in glob(lease_file_glob):
+        chown(file, user=user_group, group='vyattacfg')
+
     # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way
     if not os.path.exists(lease_file):
         write_file(lease_file, '', user=user_group, group=user_group, mode=0o644)
diff --git a/src/conf_mode/service_dhcpv6-server.py b/src/conf_mode/service_dhcpv6-server.py
index add83eb0d..c7333dd3a 100755
--- a/src/conf_mode/service_dhcpv6-server.py
+++ b/src/conf_mode/service_dhcpv6-server.py
@@ -16,6 +16,7 @@
 
 import os
 
+from glob import glob
 from ipaddress import ip_address
 from ipaddress import ip_network
 from sys import exit
@@ -24,6 +25,7 @@ from vyos.config import Config
 from vyos.template import render
 from vyos.utils.process import call
 from vyos.utils.file import chmod_775
+from vyos.utils.file import chown
 from vyos.utils.file import makedir
 from vyos.utils.file import write_file
 from vyos.utils.dict import dict_search
@@ -35,6 +37,7 @@ airbag.enable()
 config_file = '/run/kea/kea-dhcp6.conf'
 ctrl_socket = '/run/kea/dhcp6-ctrl-socket'
 lease_file = '/config/dhcp/dhcp6-leases.csv'
+lease_file_glob = '/config/dhcp/dhcp6-leases*'
 user_group = '_kea'
 
 def get_config(config=None):
@@ -224,6 +227,10 @@ def generate(dhcpv6):
         makedir(lease_dir, group='vyattacfg')
         chmod_775(lease_dir)
 
+    # Ensure correct permissions on lease files + backups
+    for file in glob(lease_file_glob):
+        chown(file, user=user_group, group='vyattacfg')
+
     # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way
     if not os.path.exists(lease_file):
         write_file(lease_file, '', user=user_group, group=user_group, mode=0o644)
diff --git a/src/conf_mode/system_login.py b/src/conf_mode/system_login.py
index 49306c894..20121f170 100755
--- a/src/conf_mode/system_login.py
+++ b/src/conf_mode/system_login.py
@@ -336,27 +336,31 @@ def apply(login):
             command += f' --groups frr,frrvty,vyattacfg,sudo,adm,dip,disk,_kea {user}'
             try:
                 cmd(command)
-                # we should not rely on the value stored in
-                # user_config['home_directory'], as a crazy user will choose
-                # username root or any other system user which will fail.
+                # we should not rely on the value stored in user_config['home_directory'], as a
+                # crazy user will choose username root or any other system user which will fail.
                 #
                 # XXX: Should we deny using root at all?
                 home_dir = getpwnam(user).pw_dir
-                # T5875: ensure UID is properly set on home directory if user is re-added
-                # the home directory will always exist, as it's created above by --create-home,
-                # retrieve current owner of home directory and adjust it on demand
-                dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name
-                if dir_owner != user:
-                     chown(home_dir, user=user, recursive=True)
-
+                # always re-render SSH keys with appropriate permissions
                 render(f'{home_dir}/.ssh/authorized_keys', 'login/authorized_keys.j2',
                        user_config, permission=0o600,
                        formater=lambda _: _.replace("&quot;", '"'),
                        user=user, group='users')
-
             except Exception as e:
                 raise ConfigError(f'Adding user "{user}" raised exception: "{e}"')
 
+            # T5875: ensure UID is properly set on home directory if user is re-added
+            # the home directory will always exist, as it's created above by --create-home,
+            # retrieve current owner of home directory and adjust on demand
+            dir_owner = None
+            try:
+                dir_owner = getpwuid(os.stat(home_dir).st_uid).pw_name
+            except:
+                pass
+
+            if dir_owner != user:
+                    chown(home_dir, user=user, recursive=True)
+
             # Generate 2FA/MFA One-Time-Pad configuration
             if dict_search('authentication.otp.key', user_config):
                 enable_otp = True
diff --git a/src/op_mode/conntrack.py b/src/op_mode/conntrack.py
index 5687b9b00..c379c3e60 100755
--- a/src/op_mode/conntrack.py
+++ b/src/op_mode/conntrack.py
@@ -62,7 +62,7 @@ def _get_raw_data(family):
 
 def _get_raw_statistics():
     entries = []
-    data = cmd('sudo conntrack -S')
+    data = cmd('sudo conntrack --stats')
     data = data.replace('  \t', '').split('\n')
     for entry in data:
         entries.append(entry.split())
@@ -70,8 +70,25 @@ def _get_raw_statistics():
 
 
 def get_formatted_statistics(entries):
-    headers = ["CPU", "Found", "Invalid", "Insert", "Insert fail", "Drop", "Early drop", "Errors", "Search restart"]
-    output = tabulate(entries, headers, numalign="left")
+    headers = [
+        "CPU",
+        "Found",
+        "Invalid",
+        "Insert",
+        "Insert fail",
+        "Drop",
+        "Early drop",
+        "Errors",
+        "Search restart",
+        "",
+        "",
+    ]
+    # Process each entry to extract and format the values after '='
+    processed_entries = [
+        [value.split('=')[-1] for value in entry]
+        for entry in entries
+    ]
+    output = tabulate(processed_entries, headers, numalign="left")
     return output
 
 
diff --git a/src/op_mode/image_installer.py b/src/op_mode/image_installer.py
index 446c47cec..9f6949fb3 100755
--- a/src/op_mode/image_installer.py
+++ b/src/op_mode/image_installer.py
@@ -56,6 +56,8 @@ MSG_INFO_INSTALL_DISK_CONFIRM: str = 'Installation will delete all data on the d
 MSG_INFO_INSTALL_RAID_CONFIRM: str = 'Installation will delete all data on both drives. Continue?'
 MSG_INFO_INSTALL_PARTITONING: str = 'Creating partition table...'
 MSG_INPUT_CONFIG_FOUND: str = 'An active configuration was found. Would you like to copy it to the new image?'
+MSG_INPUT_CONFIG_CHOICE: str = 'The following config files are available for boot:'
+MSG_INPUT_CONFIG_CHOOSE: str = 'Which file would you like as boot config?'
 MSG_INPUT_IMAGE_NAME: str = 'What would you like to name this image?'
 MSG_INPUT_IMAGE_DEFAULT: str = 'Would you like to set the new image as the default one for boot?'
 MSG_INPUT_PASSWORD: str = 'Please enter a password for the "vyos" user'
@@ -702,6 +704,10 @@ def install_image() -> None:
                                   valid_responses=['K', 'S', 'U'])
     console_dict: dict[str, str] = {'K': 'tty', 'S': 'ttyS', 'U': 'ttyUSB'}
 
+    config_boot_list = ['/opt/vyatta/etc/config/config.boot',
+                        '/opt/vyatta/etc/config.boot.default']
+    default_config = config_boot_list[0]
+
     disks: dict[str, int] = find_disks()
 
     install_target: Union[disk.DiskDetails, raid.RaidDetails, None] = None
@@ -710,6 +716,14 @@ def install_image() -> None:
         if install_target is None:
             install_target = ask_single_disk(disks)
 
+        # if previous install was selected in search_previous_installation,
+        # directory /mnt/config was prepared for copy below; if not, prompt:
+        if not Path('/mnt/config').exists():
+            default_config: str = select_entry(config_boot_list,
+                                               MSG_INPUT_CONFIG_CHOICE,
+                                               MSG_INPUT_CONFIG_CHOOSE,
+                                               default_entry=1) # select_entry indexes from 1
+
         # create directories for installation media
         prepare_tmp_disr()
 
@@ -731,7 +745,7 @@ def install_image() -> None:
         chown(target_config_dir, group='vyattacfg')
         chmod_2775(target_config_dir)
         # copy config
-        copy('/opt/vyatta/etc/config/config.boot', target_config_dir)
+        copy(default_config, f'{target_config_dir}/config.boot')
         configure_authentication(f'{target_config_dir}/config.boot',
                                  user_password)
         Path(f'{target_config_dir}/.vyatta_config').touch()