summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-01bgp: T5930: Denied using rt vpn 'export/import' with 'both' togetheraapostoliuk
Denied using command 'route-target vpn export/import' with 'both' together in bgp configuration.
2024-01-30Merge pull request #2877 from c-po/vrf-5973Christian Breunig
vrf: T5973: multiple bugfixes and improvements
2024-01-30Merge pull request #2902 from jestabro/migration-certbotChristian Breunig
https: T6000: fix error in migration of path https certbot
2024-01-29https: T6000: fix error in migration of path https certbotJohn Estabrook
2024-01-28Merge pull request #2898 from jestabro/validate-nameDaniil Baturin
image-tools: T5988: validate image name in add_image
2024-01-28Merge pull request #2899 from jestabro/typo-add-image-ftpDaniil Baturin
remote: T5994: fix typo in check_storage for Ftp class
2024-01-27remote: T5994: fix typo in check_storage for Ftp classJohn Estabrook
2024-01-27image-tools: T5988: validate image name in add_imageJohn Estabrook
Add missing name validation in add_image, and fix typo in error msg string.
2024-01-25Merge pull request #2894 from vyos/mergify/bp/current/pr-2619Daniil Baturin
T5817: Fix for show openvpn server (backport #2619)
2024-01-25T5817: Fix for show openvpn serverViacheslav Hletenko
In some cases we can get error: ``` Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module> data = get_status(args.mode, intf) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address tunnel_ip = lst[0].split(',')[0] IndexError: list index out of range ``` (cherry picked from commit 58683a2444877bb989929625ad40a7d76259075d)
2024-01-25Merge pull request #2893 from jestabro/fix-regression-version-filesDaniil Baturin
image-tools: T5983: fix regression in prune_vyos_versions
2024-01-24image-tools: T5983: fix regression in prune_vyos_versionsJohn Estabrook
2024-01-23Merge pull request #2886 from jestabro/add-kernel-boot-optionsDaniil Baturin
system-option: T5979: Add configurable kernel boot options
2024-01-23T5979: add configurable kernel boot option 'disable-mitigations'Christian Breunig
2024-01-23image-tools: T5980: add support for configurable kernel boot optionsJohn Estabrook
2024-01-23Merge pull request #2884 from c-po/bfd-T5967Christian Breunig
bfd: T5967: add minimum-ttl option
2024-01-23bfd: T5967: add minimum-ttl optionChristian Breunig
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254> * set protocols bfd profile <name> minimum-ttl <1-254>
2024-01-23Merge pull request #2881 from c-po/ethernet-gso-T5978Christian Breunig
ethernet: T5978: hw-tc-offload does not actually get enabled on the NIC
2024-01-23ethernet: T5978: hw-tc-offload does not actually get enabled on the NICChristian Breunig
Typo (missaligned -/_) in the code causes hw-tc-offload to never be enabled in the underlaying hardware via ethtool.
2024-01-22Merge pull request #2879 from sarthurdev/T5787_disabledChristian Breunig
dhcp: T5787: Allow disabled duplicates on static-mapping
2024-01-22vrf: T5973: fix has_rule() to check for l3mdev ruleChristian Breunig
A code path was missing to check if only priority is available in the result of "ip --json -4 rule show", in the case of l3mdev it's a dedicated key!
2024-01-22vrf: T5973: move initial conntrack firewall table to startupChristian Breunig
There is no need to add and remove this table during runtime - it can lurk in the standard firewall init code.
2024-01-22dhcp: T5787: Allow disabled duplicates on static-mappingsarthurdev
2024-01-22vrf: T5973: ensure Kernel module is loadedChristian Breunig
This prevents the following error when configuring the first VRF: sysctl: cannot stat /proc/sys/net/vrf/strict_mode: No such file or directory
2024-01-22Merge pull request #2871 from c-po/multicast-T5969Christian Breunig
op-mode: T5969: list multicast group membership
2024-01-22Merge pull request #2867 from c-po/ethernet-T4638Christian Breunig
ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces left
2024-01-22Merge pull request #2873 from nicolas-fort/T5957Christian Breunig
T5957: fix removal of interface in firewall rules.
2024-01-22op-mode: T5969: list multicast group membershipChristian Breunig
cpo@LR1.wue3:~$ show ip multicast group interface eth0.201 Interface Family Address ----------- -------- --------- eth0.201 inet 224.0.0.6 eth0.201 inet 224.0.0.5 eth0.201 inet 224.0.0.1 cpo@LR1.wue3:~$ show ipv6 multicast group interface eth0 Interface Family Address ----------- -------- ----------------- eth0 inet6 ff02::1:ff00:0 eth0 inet6 ff02::1:ffbf:c56d eth0 inet6 ff05::2 eth0 inet6 ff01::2 eth0 inet6 ff02::2 eth0 inet6 ff02::1 eth0 inet6 ff01::1
2024-01-22T5957: fix removal of interface in firewall rules.Nicolas Fort
2024-01-22Merge pull request #2869 from c-po/sflow-t5968Viacheslav Hletenko
sflow: T5968: add VRF support
2024-01-22sflow: T5968: add VRF supportChristian Breunig
Add support to run hsflowd in a dedicated (e.g. management) VRF. Command will be "set system sflow vrf <name>" like with any other service
2024-01-21Merge pull request #2854 from indrajitr/simplify-pdns-recursorChristian Breunig
dns: T5959: Streamline dns forwarding service
2024-01-21dns: T5959: Avoid using reserved ports for testingIndrajit Raychaudhuri
For example, port 5353 is reserved for multicast DNS, this means tests will fail if the host running the tests is also running a mDNS server.
2024-01-21dns: T5959: Streamline dns forwarding serviceIndrajit Raychaudhuri
Streamline configuration and operation of dns forwarding service in following ways: - Remove `dns_forwarding_reset.py` as its functionality is now covered by `dns.py` - Adjust function names in `dns.py` to disambiguate between DNS forwarding and dynamic DNS - Remove `dns_forwarding_restart.sh` as its functionality is inlined in `dns-forwarding.xml` - Templatize systemd override for `pdns-recursor.service` and move the generated override files in /run. This ensures that the override files are always generated afresh after boot - Simplify the systemd override file by removing the redundant overrides - Relocate configuration path for pdns-recursor to `/run/pdns-recursor` and utilize the `RuntimeDirectory` default that pdns-recursor expects - We do not need to use custom `--socket-dir` path anymore, the default path (viz., `/run/pdns-recursor` is fine)
2024-01-21dns: T4578: Remove unnecessary dns forwarding statistics scriptIndrajit Raychaudhuri
2024-01-21ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces ↵Christian Breunig
left This extends commit 7ba47f027 ("ethernet: T4638: deleting parent interface does not delete underlying VIFs") with a smoketests ensure no VIFs are left behind.
2024-01-21Merge pull request #2863 from c-po/ntp-T5692Christian Breunig
ntp: T5692: add support to configure leap second behavior
2024-01-21Merge pull request #2852 from sever-sever/T5958Viacheslav Hletenko
T5958: QoS add basic implementation of policy shaper-hfsc
2024-01-21ntp: T5692: add support to configure leap second behaviorChristian Breunig
* set service ntp leap-second [ignore|smear|system|timezone] Where timezone is the new and old default resulting in adding "leapsectz right/UTC" to chrony.conf. The most prominent new option is "smear" which will add leapsecmode slew maxslewrate 1000 smoothtime 400 0.001 leaponly to chrony. See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for additional information
2024-01-20Merge pull request #2862 from sever-sever/T5961Christian Breunig
T5961: Fix QoS policy shaper class match vif
2024-01-20T5961: Fix QoS policy shaper class match vifViacheslav Hletenko
If we have QoS policy shaper class match `vif` (VLAN) we have to use `basic match "meta(vlan mask 0xfff eq xxx)` instead of `action policy` Actual incorrect TC filter: tc filter add dev eth1 parent 1: protocol all prio 1 action police rate 100000000 burst 15k flowid 1:64 The correct TC filter after fix: tc filter add dev eth1 parent 1: protocol all prio 1 basic match "meta(vlan mask 0xfff eq 100)" flowid 1:64
2024-01-19Merge pull request #2858 from yzguy/yzguy/T5964Christian Breunig
T5964: add missing imports for is_wwan_connected()
2024-01-19T5964: add missing imports for is_wwan_connected()Adam Smith
2024-01-19Merge pull request #2855 from sever-sever/T5963Daniil Baturin
T5963: Fix QoS shaper rate calculations and set default 1Gbit
2024-01-19Merge pull request #2857 from sarthurdev/T5948_1Christian Breunig
dhcp: T5948: Strip trailing dot, detect if hostname is FQDN
2024-01-19op-mode: xml: remove executable bit from XML definitionChristian Breunig
2024-01-19dhcp: T5948: Strip trailing dot, detect if hostname is FQDNsarthurdev
2024-01-19Debian: T2267: extend version tag from GIT repoChristian Breunig
This extends commit 2c3e4696b3e22 ("T2267: Versioning: Update version tag from GIT repo") to also include release tags.
2024-01-19T5963: Fix QoS shaper rate calculations and set defaul 1GbitViacheslav Hletenko
It is impossible to detect interface speed for some devices for exmaple virtio interfaces: ``` vyos@r4:~$ cat /sys/class/net/eth1/speed -1 ``` It causes wrong negative calcultaions like: - bandwidth: -1000000 - 4% of bandwidth: -40000 tc class replace dev eth1 parent 1: classid 1:1 htb rate -1000000 tc class replace dev eth1 parent 1:1 classid 1:a htb rate -40000 Fix this with checking negative value. Add default interface speed to 1000 Mbit if we cannot detect the interface speed, the current default value 10 Mbit is too low for nowadays
2024-01-18smoketest: T5779: clear conntrack config on test startupChristian Breunig