summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-01upnp: T5989: add ipv4-prefix as a valid option for UPnP ACLsChris Buechler
2024-02-01Merge pull request #2756 from nicolas-fort/T4839Christian Breunig
T4839: firewall: Add dynamic address group in firewall configuration
2024-02-01Merge pull request #2860 from indrajitr/ddclient-update-20240119Christian Breunig
ddclient: T5966: Adjust dynamic dns config address subpath
2024-02-01Merge pull request #2903 from HollyGurza/T5687Christian Breunig
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor
2024-02-01smoketest: T5687: simplify "dns forwarding" test setupChristian Breunig
Commit eb76729d6324 ("dns forwarding: T5687: Implement ECS settings for PowerDNS recursor") added a helper "_set_required_options()" method to reduce duplicate code when setting up the base interface test. This refactors the test class to call this code always in setUp() so we have it written only once.
2024-02-01dns forwarding: T5687: add missing constraints on ecs-add-for CLI nodeChristian Breunig
Completion help suggests only IPv4 and IPv6 prefixes are supported, thus add a proper constraint enforcing this.
2024-02-01Merge pull request #2883 from sever-sever/T5974Viacheslav Hletenko
T5974: Fix QoS shape bandwidth and ceil calculation for default
2024-02-01Merge pull request #2890 from sever-sever/T5941Christian Breunig
T5941: Migration policy delete orphaned interface policy
2024-02-01Merge pull request #2892 from sever-sever/T5941-tpChristian Breunig
T5941: Migration QoS delete orphaned interface traffic-policy
2024-02-01GitHub: update PR request laballer to v5.0.0 tagChristian Breunig
2024-02-01Merge pull request #2914 from aapostoliuk/T5930-circinusChristian Breunig
bgp: T5930: Denied using rt vpn 'export/import' with 'both' together
2024-02-01bgp: T5930: Denied using rt vpn 'export/import' with 'both' togetheraapostoliuk
Denied using command 'route-target vpn export/import' with 'both' together in bgp configuration.
2024-02-01Merge pull request #2887 from nicolas-fort/T5977Christian Breunig
T5977: firewall: remove ipsec options in output chain rule definition…
2024-01-31Merge pull request #2910 from aapostoliuk/T5254-fixChristian Breunig
T5254: Deleted extra file git
2024-01-31T5254: Deleted extra file gitaapostoliuk
Deleted extra file git.
2024-01-31Merge pull request #2908 from cleopold73/cleopold73-patch-1Christian Breunig
reverse-proxy: T5999: Allow root for exact match in backend rule URL
2024-01-31dns forwarding: T5687: Implement ECS settings for PowerDNS recursorkhramshinr
Fix option descriptions
2024-01-30reverse-proxy: T5999: Allow root for exact match in backend rule URLcleopold73
2024-01-30Merge pull request #2906 from jvoss/T6003Christian Breunig
rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix'
2024-01-30rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix'Jonathan Voss
2024-01-30Merge pull request #2877 from c-po/vrf-5973Christian Breunig
vrf: T5973: multiple bugfixes and improvements
2024-01-30Merge pull request #2902 from jestabro/migration-certbotChristian Breunig
https: T6000: fix error in migration of path https certbot
2024-01-30dns forwarding: T5687: Implement ECS settings for PowerDNS recursorkhramshinr
2024-01-29https: T6000: fix error in migration of path https certbotJohn Estabrook
2024-01-28Merge pull request #2898 from jestabro/validate-nameDaniil Baturin
image-tools: T5988: validate image name in add_image
2024-01-28Merge pull request #2899 from jestabro/typo-add-image-ftpDaniil Baturin
remote: T5994: fix typo in check_storage for Ftp class
2024-01-27remote: T5994: fix typo in check_storage for Ftp classJohn Estabrook
2024-01-27image-tools: T5988: validate image name in add_imageJohn Estabrook
Add missing name validation in add_image, and fix typo in error msg string.
2024-01-25Merge pull request #2894 from vyos/mergify/bp/current/pr-2619Daniil Baturin
T5817: Fix for show openvpn server (backport #2619)
2024-01-25T4839: firewall: Add dynamic address group in firewall configuration, and ↵Nicolas Fort
appropiate commands to populate such groups using source and destination address of the packet.
2024-01-25T5817: Fix for show openvpn serverViacheslav Hletenko
In some cases we can get error: ``` Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module> data = get_status(args.mode, intf) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address tunnel_ip = lst[0].split(',')[0] IndexError: list index out of range ``` (cherry picked from commit 58683a2444877bb989929625ad40a7d76259075d)
2024-01-25Merge pull request #2893 from jestabro/fix-regression-version-filesDaniil Baturin
image-tools: T5983: fix regression in prune_vyos_versions
2024-01-24image-tools: T5983: fix regression in prune_vyos_versionsJohn Estabrook
2024-01-24T5941: Migration QoS delete orphaned interface traffic-policyViacheslav Hletenko
We can get an orphaned interface traffic-policy when the traffic-policy name is removed from the interface, but the node `trffic-policy` is still attached to the interface For exmaple we have orphaned node traffic-policy on an interface: ``` set interfaces bonding bond0 vif 995 traffic-policy ``` This causes of incorrect migration and we do not see VLANs on the bonding interface after update. Delete traffic-policy from all interfaces if traffic-policy does not exist
2024-01-24T5941: Migration policy delete orphaned interface policyViacheslav Hletenko
We can get orphaned interface policy when the policy name was removed from the interface but the node `policy` still attached to the interface For exmaple we have orphaned node policy on interface: ``` set interfaces bonding bond0 vif 995 policy ``` This causes of incorrect migration and we do not see VLANs on the bonding interface after update. Delete policy from all interfaces if policy does not exist
2024-01-23Merge pull request #2886 from jestabro/add-kernel-boot-optionsDaniil Baturin
system-option: T5979: Add configurable kernel boot options
2024-01-23T5977: firewall: remove ipsec options in output chain rule definitions, ↵Nicolas Fort
since it's not supported.
2024-01-23T5979: add configurable kernel boot option 'disable-mitigations'Christian Breunig
2024-01-23image-tools: T5980: add support for configurable kernel boot optionsJohn Estabrook
2024-01-23Merge pull request #2884 from c-po/bfd-T5967Christian Breunig
bfd: T5967: add minimum-ttl option
2024-01-23bfd: T5967: add minimum-ttl optionChristian Breunig
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254> * set protocols bfd profile <name> minimum-ttl <1-254>
2024-01-23T5974: Fix QoS shape bandwidth and ceil calculation for defaultViacheslav Hletenko
The default `bandwidth` and `ceiling` should calculate values based on <tag> bandwidth but currently it gets the value from qos.base `/sys/class/net/{self._interface}/speed` ``` set qos policy shaper SHAPER bandwidth '20mbit' set qos policy shaper SHAPER default bandwidth '95%' set qos policy shaper SHAPER default ceiling '100%' ``` It causes wrong calculations for class `default` i.e 950Mbit for bandwidth (expected 95% of bandwidth, 19Mbit) 1Gbit for ceil (expected 100% of bandwidth, 20Mbit) Gets incorrect values ``` r4# tc class show dev eth1 class htb 1:1 root rate 20Mbit ceil 20Mbit burst 1600b cburst 1600b class htb 1:a parent 1:1 leaf 8053: prio 0 rate 200Kbit ceil 200Kbit burst 1Mb cburst 1600b class htb 1:b parent 1:1 leaf 8054: prio 7 rate 950Mbit ceil 1Gbit burst 15200b cburst 1375b ``` Fix this
2024-01-23Merge pull request #2881 from c-po/ethernet-gso-T5978Christian Breunig
ethernet: T5978: hw-tc-offload does not actually get enabled on the NIC
2024-01-23ethernet: T5978: hw-tc-offload does not actually get enabled on the NICChristian Breunig
Typo (missaligned -/_) in the code causes hw-tc-offload to never be enabled in the underlaying hardware via ethtool.
2024-01-22Merge pull request #2879 from sarthurdev/T5787_disabledChristian Breunig
dhcp: T5787: Allow disabled duplicates on static-mapping
2024-01-22vrf: T5973: fix has_rule() to check for l3mdev ruleChristian Breunig
A code path was missing to check if only priority is available in the result of "ip --json -4 rule show", in the case of l3mdev it's a dedicated key!
2024-01-22vrf: T5973: move initial conntrack firewall table to startupChristian Breunig
There is no need to add and remove this table during runtime - it can lurk in the standard firewall init code.
2024-01-22dhcp: T5787: Allow disabled duplicates on static-mappingsarthurdev
2024-01-22vrf: T5973: ensure Kernel module is loadedChristian Breunig
This prevents the following error when configuring the first VRF: sysctl: cannot stat /proc/sys/net/vrf/strict_mode: No such file or directory
2024-01-22Merge pull request #2871 from c-po/multicast-T5969Christian Breunig
op-mode: T5969: list multicast group membership