| Age | Commit message (Collapse) | Author |
|---|
|
We always have had stale interface entries in the ct_iface_map of nftables/
conntrack for any interface that once belonged to a VRF.
This commit will always clean the nftables interface map when the interface
is deleted from the system.
|
|
T6525: Add default dir for ext-scripts without absolute path
|
|
openvpn: T3834: verify() is not allowed to change anything on the system
|
|
T6594: Add missed pppd_compat module
|
|
vrf: T6592: remove unused import get_interface_config
|
|
Commit e3c71af1466 ("remove secrets file if the tunnel is deleted and fix
opmode commands") added a code path into verify() which removed files on the
system if TOTP was not defined.
This commit moves the code path to the appropriate generate() function.
|
|
wireless: T6597: improve hostapd startup and corresponding smoketests
|
|
T6599: ipsec: support disabling rekey of CHILD_SA, converge and fix defaults
|
|
|
|
Also adds support for life_bytes, life_packets, and DPD for
remote-access connections. Changes behavior of remote-access esp-group
lifetime setting to have parity with site-to-site connections.
|
|
smoketest: T6600: ospf: enable MPLS LDP on dummy interfaces
|
|
Remove unused import (left over) from commit 36f3791e0 ("utils: migrate to new
get_vrf_tableid() helper")
|
|
|
|
interfaces: T6592: moving an interface between VRF instances failed
|
|
GitHub: T6590: normalize LF in rebase label worflow file
|
|
Commit 452068ce7 ("interfaces: T6592: moving an interface between VRF instances
failed") introduced a new helper to retrieve the VRF table ID from the Kernel.
This commit migrates the old code path where the individual fields got queried
to the new helper vyos.utils.network.get_vrf_tableid().
|
|
To reproduce:
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit
This resulted in an error while interacting with nftables:
[Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
The reason is that the old mapping entry still exists and was not removed.
This commit adds a new utility function get_vrf_tableid() and compares the
current and new VRF table IDs assigned to an interface. If the IDs do not
match, the nftables ct_iface_map entry is removed before the new entry is added.
|
|
|
|
This was found during smoketesting as thoase started to repeadingly fail in the last weeks
File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_wireless.py", line 534, in test_wireless_security_station_address
self.assertTrue(process_named_running('hostapd'))
AssertionError: None is not true
Digging into this revealed that this is NOT related to the smoketest coding but
to hostapd/systemd instead. With a configured WIFI interface and calling:
"sudo systemctl reload-or-restart hostapd@wlan1" multiple times in a short
period caused systemd to report:
"Jul 18 16:15:32 systemd[1]: hostapd@wlan1.service: Deactivated successfully."
According to the internal systemd logic used in our version this is explained by:
/* If there's a stop job queued before we enter the DEAD state, we shouldn't act on Restart=, in order to not
* undo what has already been enqueued. */
if (unit_stop_pending(UNIT(s)))
allow_restart = false;
if (s->result == SERVICE_SUCCESS)
s->result = f;
if (s->result == SERVICE_SUCCESS) {
unit_log_success(UNIT(s));
end_state = SERVICE_DEAD;`
Where unit_log_success() generates the log message in question.
Improve the restart login in the wireless interface script and an upgrade to
hostapd solved the issue.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
T6578: Fix unhandled exception in "show openconnect-server sessions"
|
|
|
|
op-mode: T6586: add a distinct exception for unconfigured objects (as opposed to entire subsystems)
|
|
|
|
T6590: rebase label worflow added
|
|
op-mode: T6580: read active nodes directly from the config tree without calling cli-shell-api
|
|
|
|
op-mode: T6577: create generic service restart helper to work with the API
|
|
as opposed to entire subsystems
|
|
Right now we have multiple restart helpers (e.g. dhcp server, ssh, ntp) that
all do the same (more or less):
* Check if service is configured on CLI
* Restart if configured
* Error out if unconfigured
This is not available via the op-mode API. Create a new restart.py op-mode
helper that takes the service name and possible VRF as argument so it's also
exposed via API.
|
|
T6572: added trigger pr caller workflow
|
|
ruff: T6583: Added settings for ruff
|
|
Ruff settings help to write code in the same style for all contributors. These
settings are compatible with requirements used in another very (if not the most)
popular code formatter - black, except using a single quote, to keep the style
also compatible with what we have now.
|
|
op-mode: T6575: add support for NTP service restart via CLI
|
|
configdep: T6559: fix regression in dependent script error under configd
|
|
|
|
|
|
|
|
firewall: T6581: fix completion for "show firewall ... rule"
|
|
|
|
without calling cli-shell-api
|
|
This seemed to be arround in the early days, but is not available since at
least VyOS 1.3.3. Add CLI helper to restart the NTP process (chrony).
|
|
|
