| Age | Commit message (Collapse) | Author |
|
bgp: T8865: Reject `vni` sub-block in VRF l2vpn-evpn when `advertise-all-vni` is globally active
|
|
geoip: T8987: Support updates via source-address/vrf
|
|
`advertise-all-vni` is globally active
When `advertise-all-vni` is configured in the global/default BGP instance,
VyOS generated a `vni <id>` sub-block under each VRF BGP `address-family
l2vpn evpn` context. This conflicts with advertise-all-vni: FRR already
owns all kernel VNIs and returns `% Failed to create VNI` when frr-reload.py
attempts to apply the VRF-level vni sub-block. FRR then performs an early
exit from config processing, silently dropping the entire l2vpn evpn
address-family for all subsequent VRF BGP instances.
|
|
T9011: enable proxy_ndp sysctl for static IPv6 neighbor proxy
|
|
bgp: T5526: Fix BGP neighbor validation not raising when interface does not exist
|
|
T8097: strongswan: add CLI for ESN
|
|
T9019: Update GitHub PR templates with AI tool usage policy
|
|
bgp: T9013: Add BMP source-interface support
|
|
|
|
T9015: fix thread safety of configtree read/write_cache
|
|
|
|
T8993: initialize ReferenceTree module from string not file
|
|
geoip: T5746: Add GeoIP ASN support
|
|
exist
Validation of interface-based BGP neighbors relied on checking physical
interface existence, which silently skipped the check when interface didn't
exist yet, letting invalid config reach FRR. Fix by checking whether the
neighbor is not an IP address instead, and improve the error messages to
show the correct command.
|
|
|
|
For thread-safe calls, move file operations to the Python side, leaving
only string operations for calls to ctypes bindings.
|
|
Add a checkbox for reviewing code produced by GenAI tools in the PR template.
|
|
Avoid initialization error in threaded applications, for example when
calling libvyosconfig functions from FastAPI background tasks.
The read_internal function from file relies on the inherently non
thread-safe Unix module; read string first and pass to lib read_string.
|
|
ipsec: T8975: lock vti-up-down state DB to prevent lost updates under concurrent rekey
|
|
|
|
The module previously had no tests. Cover the DB logic (add/remove,
multiple connections per interface, removeAllOtherInterfaces,
setPersistentInterfaces, seed-from-file) and assert each open_* helper
acquires the serialising lock, exercised with vyos.utils.locking.Lock
patched out.
|
|
concurrent rekey
The vti-up-down hook and vpn_ipsec.py modify a flat-file DB
(/tmp/ipsec_vti_interfaces) through three context managers that do an
unlocked read-modify-write. During a coordinated rekey, strongSwan fires
the hook for many VTIs concurrently, so the writers lost-update each
other: an interface whose up-client add is overwritten is left admin-down
while its CHILD_SA stays installed.
Serialise all DB access by reusing vyos.utils.locking.Lock. A new
_vti_updown_db_lock() context manager wraps the three public context
managers, and remove_vti_updown_db() holds the lock across both the DB
processing and the os.unlink() to close the create/delete race.
Make the helpers absence-safe under the lock so callers no longer compose
a separate existence check with a locked operation:
open_vti_updown_db_readonly() yields None when the DB does not exist and
remove_vti_updown_db() is a no-op when it is absent. Drop the
now-redundant unlocked vti_updown_db_exists() pre-checks in vti.py and
vpn_ipsec.py and handle the None yield.
|
|
T8099: strongswan: 6.0.6 + Post quantum options
|
|
openvpn: T8998: fix ccd-exclusive without client-config-dir
|
|
haproxy: T8931: Improve WebSocket support for HAProxy
|
|
T9009: op-mode: extend "monitor log" with filter level
|
|
vpp: T8913: Skip bond teardown for non-structural config changes
|
|
T8990: bgp: fix VPNv4/VPNv6 leaked routes flapping on every commit
|
|
pseudo-ethernet: T8540: Add anycast-gateway support for EVPN
|
|
qos: T7965: Fix qos fails to reapply on dynamic interfaces after reconnection
|
|
The previous vyos-netlinkd implementation for QoS policy re-apply was very heavy.
It conducted a full CLI validation and re-apply on every interface. Instead we
do not only re-apply the QoS configuration to the interface which has had an
address change detected by vyos-netlinkd.
This can be tested by checking "tc qdisc show" before disconnecting a PPPoE
interface and during/after reconnect. There will be no qdisc until the dynamic
interface has received an IP address - then the qdisc will be re-applied.
|
|
Add options for mlkem*
|
|
Introduce 'anycast-gateway' leafNode for pseudo-ethernet interfaces.
When set, a local FDB entry is installed on the parent bridge to
prevent the shared anycast MAC from leaking over the VXLAN overlay.
|
|
vpp: T8603: Expand ACL support to logical interfaces
|
|
HttpC.download() always probed remote URLs with HEAD before GET to
discover redirects and Content-Length. Some APIs (e.g. AbuseIPDB)
reject HEAD with 405 Method Not Allowed, causing firewall remote-group
downloads to fail and leave empty cached list files.
Treat HEAD 405/501 as unsupported and proceed with GET using the
original URL. When HEAD does not provide Content-Length, read it from
the GET response headers instead. Validate available storage after
determining file size and before opening the destination file.
Log sanitized download errors in vyos-domain-resolver when a remote-
group list-file fetch fails. Add unit tests with mock servers that
return 405 or 501 on HEAD and 200 on GET.
|
|
journalctl captures all syslog priority levels; filtering happens at query time
via -p <level>. The existing monitor log command always shows all priorities.
A "monitor log filter <priority>" sub-command lets operators tail the journal
at a specific minimum severity without having to remember journalctl flags.
"journalctl -p <level>" shows messages at that level and above (i.e., lower
numeric severity values are always included — warning also shows err, crit,
alert, emerg).
|
|
|
|
Drop third party binary grc for showing the log output in fancy colors.
Solely rely on what journalctl brings to the table.
|
|
Re-apply QoS after dynamic interfaces get addresses after connect/disconnect.
When PPPoE interfaces re-connect we need to re-do QoS settings.
|
|
|
|
VRF route leaking via VPNv4/VPNv6 caused all imported (leaked) routes to
be withdrawn and reinstalled on every commit - even commits unrelated to
BGP, VRF or routing - briefly blackholing traffic that depends on them.
Root cause: the BGP address-family template rendered the route-target
using the "route-target vpn ..." alias. FRR accepts that alias on input
but its config writer only ever emits the canonical "rt vpn ..." form.
frr-reload.py diffs the generated config against FRR's running config
line by line and has no normalisation for this, so the route-target lines
never matched and were deleted and re-added on every reload. Re-applying
the route-target runs FRR's vpn_leak_prechange()/postchange(), a
non-atomic withdraw-all then reinstall-all of every leaked route.
Emit the canonical "rt vpn" keyword so the rendered config round-trips
through frr-reload unchanged. FRR also folds an identical import+export
route-target into "both" (an order-sensitive, byte-identical match), so
do the same to stay idempotent; reordered or differing lists stay split
on both sides.
Add test_bgp_33_vpn_route_target_idempotency covering both / identical
export+import / asymmetric route-target, reading the generated FRR config
(getFRRconfig/vtysh returns FRR's already-canonical form and cannot catch
the alias).
|
|
By default now for each proposal two proposals are sent: with `-noesn`
and without. Update test accordingly.
|
|
execution
Replace all cmd() calls in the vyos.ifconfig library with cmdl(), passing
arguments as lists instead of interpolated strings. This eliminates a class
of command-injection risks that arise when building shell commands with
f-strings or other string formatting.
|
|
The decode argument of cmd() is never changed and thus always pointing to
utf-8, remove the code.
|
|
A list-argument variant of cmd() for safer subprocess execution named cmdl().
Command must be a list of strings; no shell interpolation is performed, which
eliminates a class of command-injection risks present when building commands
with f-strings or other string formatting.
|
|
get_wrapper() now returns [] instead of None. It makes the existing string
format usage in cmd() cleaner, as it will show just the command in debug runs
rather then "None /[path/to/cmd"
|
|
Add CLI commands:
set vpn ipsec ike-group MyIKEGroup proposal 1 esn ESN-VALUE
set vpn ipsec esp-group MyESPGroup proposal 1 esn ESN-VALUE
Where ESN-VALUE can be one of:
* required: only establish connection using ESN
* optional: try using ESN, but if not available, accept non-ESN
* disabled (default): don't use ESN
StrongSwan 6.0.6 doesn't allow connections between proposal with
'-noesn' and without '-esn'/'-noesn'. To make it work as expected, use
two proposals for 'optional' and 'disabled':
* required: PROPOSAL-esn
* optional: PROPOSAL-esn-noesn,PROPOSAL
* disabled: PROPOSAL-noesn,PROPOSAL
|
|
|
|
config: T8858: fix mutable default argument in config API methods
|
|
Emit `client-config-dir` when `reject-unconfigured-clients` is set,
even without server client entries, so OpenVPN does not crash-loop.
|