Age | Commit message (Collapse) | Author |
|
|
|
T4839: firewall: Add dynamic address group in firewall configuration
|
|
ddclient: T5966: Adjust dynamic dns config address subpath
|
|
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor
|
|
Commit eb76729d6324 ("dns forwarding: T5687: Implement ECS settings for PowerDNS
recursor") added a helper "_set_required_options()" method to reduce duplicate
code when setting up the base interface test.
This refactors the test class to call this code always in setUp() so we have
it written only once.
|
|
Completion help suggests only IPv4 and IPv6 prefixes are supported, thus add a
proper constraint enforcing this.
|
|
T5974: Fix QoS shape bandwidth and ceil calculation for default
|
|
T5941: Migration policy delete orphaned interface policy
|
|
T5941: Migration QoS delete orphaned interface traffic-policy
|
|
|
|
bgp: T5930: Denied using rt vpn 'export/import' with 'both' together
|
|
Denied using command 'route-target vpn export/import'
with 'both' together in bgp configuration.
|
|
T5977: firewall: remove ipsec options in output chain rule definition…
|
|
T5254: Deleted extra file git
|
|
Deleted extra file git.
|
|
reverse-proxy: T5999: Allow root for exact match in backend rule URL
|
|
Fix option descriptions
|
|
|
|
rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix'
|
|
|
|
vrf: T5973: multiple bugfixes and improvements
|
|
https: T6000: fix error in migration of path https certbot
|
|
|
|
|
|
image-tools: T5988: validate image name in add_image
|
|
remote: T5994: fix typo in check_storage for Ftp class
|
|
|
|
Add missing name validation in add_image, and fix typo in error msg
string.
|
|
T5817: Fix for show openvpn server (backport #2619)
|
|
appropiate commands to populate such groups using source and destination address of the packet.
|
|
In some cases we can get error:
```
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module>
data = get_status(args.mode, intf)
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status
client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface)
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address
tunnel_ip = lst[0].split(',')[0]
IndexError: list index out of range
```
(cherry picked from commit 58683a2444877bb989929625ad40a7d76259075d)
|
|
image-tools: T5983: fix regression in prune_vyos_versions
|
|
|
|
We can get an orphaned interface traffic-policy when the traffic-policy
name is removed from the interface, but the node `trffic-policy`
is still attached to the interface
For exmaple we have orphaned node traffic-policy on an interface:
```
set interfaces bonding bond0 vif 995 traffic-policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete traffic-policy from all interfaces if traffic-policy does not exist
|
|
We can get orphaned interface policy when the policy name was
removed from the interface but the node `policy` still attached
to the interface
For exmaple we have orphaned node policy on interface:
```
set interfaces bonding bond0 vif 995 policy
```
This causes of incorrect migration and we do not see VLANs on
the bonding interface after update.
Delete policy from all interfaces if policy does not exist
|
|
system-option: T5979: Add configurable kernel boot options
|
|
since it's not supported.
|
|
|
|
|
|
bfd: T5967: add minimum-ttl option
|
|
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254>
* set protocols bfd profile <name> minimum-ttl <1-254>
|
|
The default `bandwidth` and `ceiling` should calculate values
based on <tag> bandwidth but currently it gets the value from
qos.base `/sys/class/net/{self._interface}/speed`
```
set qos policy shaper SHAPER bandwidth '20mbit'
set qos policy shaper SHAPER default bandwidth '95%'
set qos policy shaper SHAPER default ceiling '100%'
```
It causes wrong calculations for class `default` i.e
950Mbit for bandwidth (expected 95% of bandwidth, 19Mbit)
1Gbit for ceil (expected 100% of bandwidth, 20Mbit)
Gets incorrect values
```
r4# tc class show dev eth1
class htb 1:1 root rate 20Mbit ceil 20Mbit burst 1600b cburst 1600b
class htb 1:a parent 1:1 leaf 8053: prio 0 rate 200Kbit ceil 200Kbit burst 1Mb cburst 1600b
class htb 1:b parent 1:1 leaf 8054: prio 7 rate 950Mbit ceil 1Gbit burst 15200b cburst 1375b
```
Fix this
|
|
ethernet: T5978: hw-tc-offload does not actually get enabled on the NIC
|
|
Typo (missaligned -/_) in the code causes hw-tc-offload to never be enabled in
the underlaying hardware via ethtool.
|
|
dhcp: T5787: Allow disabled duplicates on static-mapping
|
|
A code path was missing to check if only priority is available in the result of
"ip --json -4 rule show", in the case of l3mdev it's a dedicated key!
|
|
There is no need to add and remove this table during runtime - it can lurk
in the standard firewall init code.
|
|
|
|
This prevents the following error when configuring the first VRF:
sysctl: cannot stat /proc/sys/net/vrf/strict_mode: No such file or directory
|
|
op-mode: T5969: list multicast group membership
|