summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-12-28container: T5829: verify container network used supports the given AFIChristian Breunig
2023-12-28Merge pull request #2658 from aapostoliuk/T5801-circinusChristian Breunig
T5801: Rewritten L2TP to get_config_dict
2023-12-28Merge pull request #2695 from aapostoliuk/T5842-circinusChristian Breunig
T5842: Rewritten PPTP to get_config_dict
2023-12-28Merge pull request #2650 from indrajitr/kea-reservation-fixChristian Breunig
dhcp: T3316: Support hostname, DUID and MAC address in reservation
2023-12-27T5842: Rewritten PPTP to get_config_dictaapostoliuk
Rewritten PPTP to get_config_dict Fixed 'dynamic-author' commands. These commands did not create anything in accel-ppp config.
2023-12-27Merge pull request #2693 from aapostoliuk/T5859-circinusChristian Breunig
T5859: Fixed format of pool range in the accel-ppp config
2023-12-27Merge pull request #2651 from indrajitr/firewal-rename-enable-default-logChristian Breunig
firewall: T5834: Rename 'enable-default-log' to 'default-log'
2023-12-27T5859: Fixed format of pool range in the accel-ppp configaapostoliuk
Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y' to 'x.x.x.x-y'
2023-12-26firewall: T5834: Improve log message and simplify log-option includeIndrajit Raychaudhuri
`include/firewall/rule-log-options.xml.i` is now more aptly renamed to `include/firewall/log-options.xml.i`.
2023-12-26firewall: T5834: Remove vestigial include fileIndrajit Raychaudhuri
This file is a left over from previous refactoring and no longer referenced anywhere in the interface definitions.
2023-12-26firewall: T5834: Add support for default log for route policyIndrajit Raychaudhuri
One can now do `set policy route foo default-log` which will add log to the policy route chain.
2023-12-26firewall: T5834: Migration for 'enable-default-log' to 'default-log'Indrajit Raychaudhuri
2023-12-26firewall: T5834: Rename 'enable-default-log' to 'default-log'Indrajit Raychaudhuri
Rename chain level defaults log option from `enable-default-log` to `default-log` for consistency.
2023-12-26Merge pull request #2691 from indrajitr/ddclient-update-20231224-02Christian Breunig
ddclient: T5144: Warn against configuration with broken IP lookup service
2023-12-26ddclient: T5144: Warn against configuration with broken IP lookup serviceIndrajit Raychaudhuri
We always enable HTTPS in ddclient configuration, however `http://checkip.dyndns.org` is HTTP only and does not support HTTPS. Warn the user if they are using this service. Also, make `url` in `web-options` mandatory.
2023-12-26Merge pull request #2686 from indrajitr/ddclient-update-20231224-01Christian Breunig
ddclient: T5144: Migrate web-options url to stricter format
2023-12-25Merge pull request #2689 from c-po/eee-t5311-t5566Daniil Baturin
ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces
2023-12-25ethernet: T5566: disable energy efficient ethernet (EEE) for interfacesChristian Breunig
VyOS is a routing (packet pushing) platform, thus supporting EEE which potentially causes issues is not a good idea. Some recent Intel drivers enable EEE by default, thus we will disable this for every NIC supporting EEE.
2023-12-25Merge pull request #2687 from c-po/lldp-snmp-t5855Christian Breunig
snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"
2023-12-25snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"Christian Breunig
2023-12-25snmp: T5855: add GPL license headerChristian Breunig
2023-12-25ddclient: T5144: Migrate web-options url to stricter formatIndrajit Raychaudhuri
Legacy ddclient allowed arbitrary URLs in web-options, but the new has stricter validations. Apply migration to the old URLs. Also migrate checkip.dyndns.org to https://domains.google.com/checkip for better TLS support.
2023-12-24ddclient: T5791: Adjust migration to normalize underscore in config namesIndrajit Raychaudhuri
2023-12-24Merge pull request #2682 from c-po/node-changed-t5837Christian Breunig
configdict: T5837: add support to return added nodes when calling node_changed()
2023-12-24Merge pull request #2683 from c-po/snmp-T5865Viacheslav Hletenko
snmp: 5856: fix service removal error
2023-12-24snmp: 5856: fix service removal errorChristian Breunig
When deleting SNMP from CLI the 'delete' key was not honored in the config dictionary, leading to a false process startup causing the following error: Job for snmpd.service failed because the control process exited with error code. See "systemctl status snmpd.service" and "journalctl -xeu snmpd.service" for details.
2023-12-24configdict: T5837: add support to return added nodes when calling node_changed()Christian Breunig
In the past, node_changed() suggested it would also return nodes that got added (function comment) but in reality only deleted keys got accounted for. This commit changes the signature and adds an argument expand_nodes to specify the users interest of a node was deleted (default), added (expand_nodes=Diff.ADD) or even both (expand_nodes=Diff.ADD|Diff.DELETE).
2023-12-24T5837: cleanup use of calls to vyos.configdict.node_changed()Christian Breunig
node_changed() will return a list of changed keys under "path". We are not always interested what changed, sometimes we are only interested if something changed at all, that what vyos.configdict.is_node_changed() is for.
2023-12-24Merge pull request #2677 from sever-sever/T160Christian Breunig
T160: NAT64 add match firewall mark feature
2023-12-24T160: NAT64 add match firewall mark featureViacheslav Hletenko
Match mark allows to use firewall marks of packet to use a specific pool Example of instance config /run/jool/instance-100.json ``` ... "pool4": [ { "protocol": "TCP", "prefix": "192.0.2.10", "port range": "1-65535", "mark": 23 }, ... ```
2023-12-24veth: T5853: fix typo in constraintErrorMessagezero13th
2023-12-24Merge pull request #2679 from jestabro/allow-embedded-overrideChristian Breunig
xml: T5854: clear empty paths left by embedded override of defaultValue
2023-12-23xml: T5854: clear empty paths left by embedded override of defaultValueJohn Estabrook
2023-12-22Merge pull request #2676 from sever-sever/T5840Christian Breunig
T5840: Add override for systemd kea-ctrl-agent.service
2023-12-22T5840: Add override for systemd kea-ctrl-agent.serviceViacheslav Hletenko
After update KEA to 2.4.x in the bf04cd8fea44d375fb7d93d75a1f31c220730c88 there is a file that expects ConditionFileNotEmpty=/etc/kea/kea-api-password It cause the unit `kea-ctrl-agent.service` cannot start systemd[1]: kea-ctrl-agent.service - Kea Control Agent was skipped because of an unmet condition check (ConditionFileNotEmpty=/etc/kea/kea-api-password) Override systemd kea-ctrl-agent.service do not check this file
2023-12-21dhcp: T3316: Update smoketest for hostname, DUID, MAC in reservationIndrajit Raychaudhuri
Also, have the smoketest start with a clean CLI instance.
2023-12-21dhcp: T3316: Apply migration for valid hostname, and identifier (DUID)Indrajit Raychaudhuri
2023-12-21dhcp: T3316: Support hostname, DUID and MAC address in reservationIndrajit Raychaudhuri
Reinstate support for hostname in DHCP reservation. Having `hostname` in allows for server-side assignment of hostname. This is useful for static lookup of hostname. Ensure that hostname is a valid FQDN (doesn't have underscore, etc.) Additionally, support using either of DUID or MAC address for reservation. While MAC address is typically used for IPv4, and DUID is typically used for IPv6, either of them can be used in IPv4 and IPv6 reservations in Kea.
2023-12-21T5781: use dynamic minisign key listKyleM
Updated image_installer.py to try and validate image with all minisign public keys in /usr/share/vyos/keys/
2023-12-21Merge pull request #2663 from c-po/srv6-part2Christian Breunig
srv6: T591: enable SR enabled packet processing on defined interfaces
2023-12-21Merge pull request #2665 from c-po/ndp-proxyChristian Breunig
T2898: add ndp-proxy service
2023-12-21Merge pull request #2670 from indrajitr/duid-refactor-T5846-3Christian Breunig
dhcp: T5846: Ensure DUID regex range is bound
2023-12-21dhcp: T5846: Ensure DUID regex range is boundIndrajit Raychaudhuri
The DUID regex was missing a lower bound, which could cause it not to match when it should. We have to specify the lower bound explicitly as 0 to keep the regex behavior similar to that in Python (in Python, omitting the lower bound is equivalent to specifying 0).
2023-12-21Merge pull request #2668 from c-po/currentChristian Breunig
frr: T4020: re-enable watchfrr in config as it is always running
2023-12-21Merge pull request #2667 from indrajitr/duid-refactor-T5846-2Christian Breunig
dhcp: T5846: Fix include path
2023-12-21frr: T4020: re-enable watchfrr in config as it is always runningChristian Breunig
2023-12-21dhcp: T5846: Fix include pathIndrajit Raychaudhuri
2023-12-21Merge pull request #2664 from indrajitr/duid-refactor-T5846Christian Breunig
dhcp: T5846: Refactor and simplify DUID definition
2023-12-21dhcp: T5846: Refactor and simplify DUID definitionIndrajit Raychaudhuri
Refactor DUID XML definition in conf-mode to be reusable. Additionally, remove explicit call to a separate validator `ipv6-duid` and inline the regex into the XML definition.
2023-12-20T2898: add ndp-proxy serviceChristian Breunig
VyOS CLI command set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static' Will generate the following NDP proxy configuration $ cat /run/ndppd/ndppd.conf # autogenerated by service_ndp-proxy.py # This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route route-ttl 30000 # This sets up a listener, that will listen for any Neighbor Solicitation # messages, and respond to them according to a set of rules proxy eth0 { # Turn on or off the router flag for Neighbor Advertisements router no # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds) timeout 500 # Control how long a valid or invalid entry remains in the cache (milliseconds) ttl 30000 # This is a rule that the target address is to match against. If no netmask # is provided, /128 is assumed. You may have several rule sections, and the # addresses may or may not overlap. rule 2001:db8::/64 { static } }