summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-11-11Merge pull request #2471 from nicolas-fort/T5729Christian Breunig
T5729: firewall: switch to valueless in
2023-11-11Merge pull request #2472 from gavol/currentChristian Breunig
dhclient: T5724: run user hooks using run_hookdir
2023-11-11dhclient: T5724: run user hooks using run_hookdirgavol
User hooks are executed using run_hookdir (defined in the /sbin/dhclient-script script) instead of run-parts. That allows user hooks to modify variables set by the dhcp client (e.g., the new_routers variable to avoid the installation of the default routes).
2023-11-11Merge pull request #2470 from indrajitr/ddclient-smoketest-20231109Christian Breunig
ddclient: T5708: Fix VRF table generation in smoketest
2023-11-10T5729: firewall: switch to valueless in order to remove unnecessary ↵Nicolas Fort
<enable|disable> commands; log and state moved to new syntax.
2023-11-10ddclient: T5708: Fix VRF table generation in smoketestIndrajit Raychaudhuri
Ensure that the random VRF table name is 4 digits long, not 5 and stays within the the range of 100 - 65535.
2023-11-10Merge pull request #2467 from indrajitr/validation-fixChristian Breunig
T5727: Use native URL validator instead of regex-based validator
2023-11-10Merge pull request #2468 from indrajitr/ddclient-smoketest-20231108Christian Breunig
ddclient: T5708: Additional smoketests for web-options
2023-11-10ddclient: T5708: Additional smoketests for web-optionsIndrajit Raychaudhuri
Add additional smoketests for web-options validation. Also, format error messages to optionally include protocol name.
2023-11-09T5727: Use native URL validator instead of regex-based validatorIndrajit Raychaudhuri
Replace regex-based URL validator with native validator from vyos-utils. Also, move `include/url.xml.i` to `include/url-http-https.xml.i` to reflect the fact that it is used only for HTTP(S) URLs.
2023-11-09Merge pull request #2464 from sever-sever/T1797Viacheslav Hletenko
T1797: Remove vpp packages and mentions
2023-11-09T1797: Remove vpp packages and mentionsViacheslav Hletenko
2023-11-09Merge pull request #2462 from sever-sever/T5412Christian Breunig
T5412: Beautify config dependencies JSON
2023-11-09T5412: Beautify config dependencies JSONViacheslav Hletenko
There are only cosmetic "changes" without functional changes
2023-11-09Merge pull request #2461 from indrajitr/ddclient-config-20231108Christian Breunig
ddclient: T5708: Ensure password is always wrapped in quotes
2023-11-08ddclient: T5708: Ensure password is always wrapped in quotesIndrajit Raychaudhuri
Migration to 3.11.1 follow-up: This should make `ddclient.conf` parsing more resilient to edge cases (particularly when `password` isn't the last option right before the host parameter). ddclient config parser applies special treatment to the password field and would unwrap the quotes automatically. Also, switch from now deprecated `use=no` to `use=disabled`.
2023-11-08Merge pull request #2459 from indrajitr/mdns-streamlineViacheslav Hletenko
mdns: T5723: Always reload systemd daemon before applying changes
2023-11-08Merge pull request #2460 from nicolas-fort/T5681-bump-cli-versionChristian Breunig
T5681: firewall: bump firewall cli version to 12
2023-11-07T5681: firewall: bump firewall cli version to 12, which was missed in last ↵Nicolas Fort
change.
2023-11-07mdns: T5723: Always reload systemd daemon before applying changesIndrajit Raychaudhuri
Additionally, templatize system service override and move it to the runtime path.
2023-11-07Merge pull request #2240 from sever-sever/T5559Christian Breunig
T5559: Add static neighbor-proxy feature
2023-11-07Merge pull request #2434 from sever-sever/T5702Christian Breunig
T5702: SNMP add interface-mib max-interfaces-number and prefix
2023-11-07Merge pull request #2436 from sever-sever/T5706Daniil Baturin
T5706: Add custom systemd udev rules to exclude dynamic interfaces
2023-11-07Merge pull request #2437 from sempervictus/bug/strip_secrets_misses_secretDaniil Baturin
T5713: Strip string after "secret" in IPSEC configs
2023-11-07Merge pull request #2453 from sever-sever/T5720Christian Breunig
T5720: Fix for PPPoE-server adding new interfaces
2023-11-07T5720: Fix for PPPoE-server adding new interfacesViacheslav Hletenko
If we add a new interface for PPPoe-server we MUST restart the `accel-ppp@pppoe.service` as `reload` is not implemented for accel-ppp daemon Otherwise we have listen interface in the /run/accel-pppd/pppoe.conf which does not work
2023-11-07Merge pull request #2451 from sever-sever/T5716Viacheslav Hletenko
T5716: Fix smoketest for accel-ppp limiter tbf
2023-11-07T5716: Fix smoketest for accel-ppp limiter tbfViacheslav Hletenko
Limiter in the commit cf92295 was changed to `tbf` Fix smoketest
2023-11-07Merge pull request #2447 from indrajitr/mdns-log-monitorChristian Breunig
mdns: T5719: Add op-mode commands to mDNS repeater
2023-11-06mdns: T5719: Add op-mode commands to mDNS repeaterIndrajit Raychaudhuri
The following ones are available now: - restart mdns repeater - show log mdns repeater - monitor log mdns repeater
2023-11-06Merge pull request #2446 from indrajitr/ddclient-bump-311-permission-fixChristian Breunig
ddclient: T5708: Migration to 3.11.1 and related improvements
2023-11-06ddclient: T5708: Migration to 3.11.1 and related improvementsIndrajit Raychaudhuri
Fix execution bit for migration script
2023-11-06Merge pull request #2440 from sever-sever/T5716Christian Breunig
T5716: Fix accel-ppp template down-limiter does not rely on fwmark
2023-11-06op-mode: bgp: T5698: add "es-vrf" and "next-hops" CLI commandsChristian Breunig
show bgp l2vpn evpn es-vrf show bgp l2vpn evpn next-hops
2023-11-06op-mode: bgp: T5698: fix "rd" route-distinguisher help stringChristian Breunig
2023-11-06T5713: only strip "secret" CLI node and nothing elseChristian Breunig
Commit 30eb308149 ("T5713: Strip string after "secret" in IPSEC config") had good intention but this will happen: use-secret foo CLI node will become " secret xxxxxx" so the output of strip-private invalidates the configuration. This has been changed to an exact match of "secret" only
2023-11-06Merge pull request #2439 from c-po/t3700-vxlan-svd-fixupChristian Breunig
vxlan: T3700: add bridge dependency call when altering member interfaces
2023-11-06Merge pull request #2438 from indrajitr/ddclient-bump-311Daniil Baturin
ddclient: T5708: Upgrade to ddclient 3.11.1
2023-11-06T5716: Fix accel-ppp template down-limiter does not rely on fwmarkViacheslav Hletenko
accel-ppp template shaper `down-limiter` does not rely on `fwmark` Fix it
2023-11-06T5702: SNMP add interface-mib max-interfaces-number and prefixViacheslav Hletenko
- Allow to configure only required interface prefixes set service snmp mib interface 'eth' set service snmp mib interface 'bond' include_ifmib_iface_prefix eth bond Sets the interface name prefixes to include in the IF-MIB data collection. For servers with a large number of interfaces (ppp, dummy, bridge, etc) the IF-MIB processing will take a large chunk of CPU for ioctl calls. A set of space separated interface name prefixes will reduce the CPU load for IF-MIB processing. For example, configuring "include_ifmib_iface_prefix eth dummy lo" will include only interfaces with these prefixes and ignore all others for IF-MIB processing. - Allow to configure maximum interface number set service snmp mib interface-max '100' ifmib_max_num_ifaces NUM Sets the maximum number of interfaces included in IF-MIB data collection. For servers with a large number of interfaces (ppp, dummy, bridge, etc) the IF-MIB processing will take a large chunk of CPU for ioctl calls (on Linux). Setting a reasonable maximum for the CPU used will reduce the CPU load for IF-MIB processing. For example, configuring "ifmib_max_num_ifaces 500" will include only the first 500 interfaces based on ifindex and ignore all others for IF-MIB processing.
2023-11-05vxlan: T3700: add bridge dependency call when altering member interfacesChristian Breunig
Commit 7f6624f5a6f8bd ("vxlan: T3700: support VLAN tunnel mapping of VLAN aware bridges") added support for Single VXLAN Device (SVD) containers supported by the Linux Kernel. When working with bridge VIFs it turned out that when deleting a VIF all the VXLAN tunnel mappings got deleted, too. In order to avoid this, if the bridge has a VXLAN member interface which vlan-to-vni mapping enabled, we add a dependency that we call VXLAN conf-mode script after messing arround with the bridge VIFs and re-create tunnel mappings.
2023-11-05ddclient: T5708: Migration to 3.11.1 and related improvementsIndrajit Raychaudhuri
- Migrate to ddclient 3.11.1 and enforce debian/control dependency - Add dual stack support for additional protocols - Restrict usage of `porkbun` protocol, VyOS configuration structure isn't compatible with porkbun yet - Improve and cleanup error messages
2023-11-05ddclient: T5708: Validate proper use of `web-options`Indrajit Raychaudhuri
`web-options` is only applicable when using HTTP(S) web request to obtain the IP address. Apply guard for that.
2023-11-05ddclient: T5708: Migrate `timeout` to `interval`Indrajit Raychaudhuri
Time interval in seconds to wait between DNS updates would be a bit more intuitive as `interval` than `timeout`.
2023-11-05T5713: Strip string after "secret" in IPSEC configRageLtMan
Make "strip-private" strip the string after "secret"
2023-11-04T5706: Add custom systemd udev rules to exclude dynamic interfacesViacheslav Hletenko
Add custom systemd udev rules to exclude some regular and dynamic interfaces from "systemd-sysctl" calls. It fixes high CPU utilization (100%) as we have a lot of calls per interface for dynamic interfaces like ppp|ipoe|sstp etc. /lib/systemd/systemd-udevd should not be called for those interfaces
2023-11-03Merge pull request #2431 from c-po/wireguard-t5707Christian Breunig
wireguard: T5707: remove previously deconfigured peer
2023-11-02wireguard: T5707: remove previously deconfigured peerChristian Breunig
Changing the public key of a peer (updating the key material) left the old WireGuard peer in place, as the key removal command used the new key. WireGuard only supports peer removal based on the configured public-key, by deleting the entire interface this is the shortcut instead of parsing out all peers and removing them one by one. Peer reconfiguration will always come with a short downtime while the WireGuard interface is recreated.
2023-11-02Merge pull request #2416 from c-po/evpn-mh-t5698Christian Breunig
T5698 EVPN ESI Multihoming
2023-11-02Merge pull request #2427 from sever-sever/T5704Christian Breunig
T5704: PPPoE L2TP SSTP IPoE add option max-concurrent-sessions