summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-11-23op-mode: wireless: T3084: fix TypeErrorChristian Poessinger
2020-11-23mpls: T915: unclutter verify() code by using "not" statementsChristian Poessinger
2020-11-23mpls: T915: replace os.system() calls with vyos.util.call()Christian Poessinger
Also drop the Python2 print formatting code in favour of Python3 formatted strings.
2020-11-23mpls: T915: drop superfluous "-%}" from Jinja2 templateChristian Poessinger
Trimming blocks manually is not needed as the renderer is already called with the 'trim_blocks' option.
2020-11-23Debian: move wireguard-modules dependency to vyos-buildChristian Poessinger
The dependency on the WireGuard modules actually depend on the runnning Kernel. While already working on 5.9 support which has a buildin version of WireGuard, this also eases ARM development.
2020-11-23openvpn: T3074: fix site-2-site operation modeChristian Poessinger
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected.
2020-11-23vyos.template: fix is_ipv6 Jinja2 filterChristian Poessinger
Commit 6962bc53 ("vyos.template: provide general is_ip(v4|v6) helpers") introduced new Jinja2 template filters, but the one for checking an address if it is an IPv6 address was broken as it was yet unused.
2020-11-23Merge pull request #616 from Cheeze-It/currentChristian Poessinger
mpls-conf: T915: Refactored template, handler, added global features
2020-11-22mpls-conf: T915: Refactored FRR LDP template, MPLS handler, added MPLS ↵Cheeze_It
global features So this is a big update. The first thing that was done was a refactor to the FRR LDP template, MPLS handler, and XML conf tree MPLS global additions. The refactors should work and I did test them in my lab. It seems that everything does work as needed so far in my testing. There is something here that is considered configuration breaking from the old setup though. In the old setup the MPLS interface operation (as in the interfaces accepting MPLS labels and processing them) was tied with LDP. What this means is that MPLS processing was enabled at the same time as LDP interfaces were configured. We do not want this behavior for the future as there's other MPLS underlay technologies like SR and RSVP. If someone wants to enable SR or RSVP without enabling LDP then they now can. Before, they couldn't. The other additions are global changes to MPLS TTL propagation and MPLS max TTL enforcement. They have now been added. Lastly, there is an frr-reload bug that Runar Borge found with this. We have found that when totally deleting LDP that there has to be 3 commits done. This is because frr-reload doesn't properly do what it needs to do in 1 operation so we had to do 3. This will only affect people that are doing an entire LDP clear using "delete protocols mpls ldp." Otherwise it isn't seen. Anyway, this refactor now works with the FRR daemon directly for all changes. This also makes it much easier for adding stuff in the future. Thank you
2020-11-22defaults: T3082: multi_to_list must distinguish between values and defaultsJohn Estabrook
2020-11-22configdict: T3081: honor whitespace in multi node valuesJohn Estabrook
2020-11-22bgp: T2174: refactor Jinja template and reduce redundant pathsChristian Poessinger
The Jinja2 template contained a lot of redundant paths which only differed in either the address-family or neighbor vs. peer-group. This paths have been combined into for loops and a macro for generating a neighbor statement as peer-groups and regular neighbors share ~95% of the config.
2020-11-22smoketest: openvpn: T3080: verify configured keep-alive valuesChristian Poessinger
2020-11-22isis: T1316: remove debug printChristian Poessinger
2020-11-22op-mode: add "restart" treeChristian Poessinger
2020-11-22openvpn: T3080: add missing multiplication on keepalive config optionChristian Poessinger
2020-11-21smoketest: openvpn: T3060: verify authentication username and passwordChristian Poessinger
2020-11-21openvpn: T3060: fix client authentication username and password fileChristian Poessinger
2020-11-21openvpn: T3060: always listen op IPv4 and IPv6 socketsChristian Poessinger
2020-11-21system: T3078: fix vyos-configd handling for "system option" pathChristian Poessinger
In commit 193323ba ('system: T3078: rename "system options" -> "system option'") the Python handler was renamed but so was not the JSON file corresponding to the vyos-configd enabled scripts.
2020-11-21bridge: T3079: bugfix on VLAN 1 is deleted in VLAN-aware bridgesJACK
2020-11-21ethernet: T3048: fix migrator to also support a plain configChristian Poessinger
When VyOS boots the first time with the default configuration there it actually no "interface ethernet" node present in the config, thus we must exit the migrator. Without this change vyos.configtree.ConfigTreeError: Path [b'interfaces ethernet'] doesn't exist will be thrown.
2020-11-21system: T3078: rename "system options" -> "system option"Christian Poessinger
By design a CLI node should not be named by its plural but rather describe it as singular.
2020-11-21ethernet: T3048: drop static smp-affinity for dynamic performance tuningChristian Poessinger
After migrating the ethernet interfaces from the good old Perl days the smp-affinity node yet has no effect anymore as the code is still missing (my bad, sorry). Drop the smp-affinity node and rather use tuned instead with the network-throughput or network-latency profile. - network-throughput: Profile for throughput network tuning. It is based on the throughput-performance profile. It additionaly increases kernel network buffers. - network-latency: Profile for low latency network tuning. It is based on the latency-performance profile. It additionaly disables transparent hugepages, NUMA balancing and tunes several other network related sysctl parameters. I'd set network-throughput as the default on a new set system option performance <throughput | latency> CLI node which is present in the default configuration. https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf
2020-11-20Merge pull request #614 from sever-sever/T439Christian Poessinger
policy-conf: T439: Add policy local-route PBR
2020-11-20policy-conf: T439: Add policy local-route PBRsever-sever
2020-11-20tunnel: T3072: remove debug print codeChristian Poessinger
2020-11-20tunnel: T3072: bugfix KeyError for IPv6 GRE verify codeChristian Poessinger
2020-11-20Makefile: T2653: remove ipv6 wireguard nodeChristian Poessinger
2020-11-20wireguard: ifconfig: T2653: interface address is not mandatoryChristian Poessinger
2020-11-20wireguard: T2653: fix IPv6 peer address configurationChristian Poessinger
While migration to get_config_dict() was introduced in commit 789775af9f5 the logic for adding an IPv4 or IPv6 peer address was using the wrong dictionary to determine if it's an IPv4 or IPv6 address. We now use the proper peer dict over the wrong config dict.
2020-11-20wireguard: T3077: automatically create link-local IPv6 adressesChristian Poessinger
link-local addresses can still be disabled using: set interfaces wireguard wg0 ipv6 address no-default-link-local
2020-11-20tunnel: T3072: drop dead codeChristian Poessinger
2020-11-20tunnel: T3072: support changing tunnel encapsulation on-the-flyChristian Poessinger
2020-11-20Merge branch 'tunnel-rewrite' into currentChristian Poessinger
* tunnel-rewrite: tunnel: T3068: automatic generate link-local adresses tunnel: T3072: interfaces used for NHRP can not be deleted tunnel: T3072: xml: harden regex validators tunnel: T3072: migrate to get_config_dict()
2020-11-20tunnel: T3068: automatic generate link-local adressesChristian Poessinger
2020-11-20tunnel: T3072: interfaces used for NHRP can not be deletedChristian Poessinger
2020-11-20tunnel: T3072: xml: harden regex validatorsChristian Poessinger
2020-11-20tunnel: T3072: migrate to get_config_dict()Christian Poessinger
2020-11-19ifconfig: T1405: ensure MAC address is configured firstChristian Poessinger
The MAC address is changed after we have set an IP address on the interface or started dhclient. This will cause some users to receive the wrong IP address on device startup. Change to order of how parameters are set in the system. The interface MAC address is now configured first.
2020-11-19bridge: T3067: Fix VLAN aware setting failure under WLAN (#613)JACK
In the implementation of T3042, it will cause two problems: 1. Even if VLAN awareness is not enabled, the VLAN settings of the vlan filter will be modified. When the bridge member has a WLAN interface, the error is exposed, so repair it here. You should not modify the related settings when the VLAN awareness mode is not enabled 2. Even if VLAN awareness is not enabled, the VLAN settings of the vlan filter will be modified. When the bridge member has a WLAN interface, due to special settings, the bridge mode cannot be entered and the settings cannot be completed directly. Therefore, the WLAN interface should be rejected Enter the bridge with VLAN awareness
2020-11-18Revert "wireless: T2241: add "wds" CLI option"Christian Poessinger
This reverts commit 806f35b5856c3f8dae634718a6a9e82cc90bb63a. Unfortunately this did not work our in the attempt to bridge a station to a bridge "brX" interface. Also adjusting the wireless interface during operation cause several exceptions and the feature is removed again as it was never in any production system.
2020-11-15smoketest: tunnel: local-ip and dhcp-interface can not be used togetherChristian Poessinger
2020-11-15smoketest: tunnel: validate if local/remote address matches proper address ↵Christian Poessinger
family Certain tunnel types require that the local and remote IP is either both IPv4 or IPv6, add a check which ensures that an error is throws if this is not the case.
2020-11-15op-mode: fix "show arp interface" argument levelChristian Poessinger
Commit 84ce69a4 ('op-mode: add "show arp" command') copied the syntax from "show protocols static arp" to "show arp" but the CLI variable reference index was not decreases from 6 to 4 as the CLI level changed for the new command.
2020-11-14openvpn: T2550: default connection protocol to udpChristian Poessinger
setting this to udp will allow both IPv4 and IPv6 connections. According to the MAN page: proto indicates the protocol to use when connecting with the remote, and may be "tcp" or "udp". For forcing IPv4 or IPv6 connection suffix tcp or udp with 4/6 like udp4/udp6/tcp4/tcp6.
2020-11-14Merge pull request #604 from jack9603301/T3042Christian Poessinger
bridge: T3042: Better fix implementation errors
2020-11-14bridge: T3042: Better fix implementation errorsjack9603301
In #601, I provided a basic patch. Under this patch, I rely on vif to detect the vlan id range that the bridge should flow through, which may lead to greater redundancy in the configuration, so I am considering detecting effective vlan filters In setting the range of vlan id that is required to flow through the bridge, I use set() to complete the deduplication of this vlan id and set it to the bridge uniformly (at the same time, I slightly modified the smoke test script)
2020-11-14tuned: T3048: programm proper daemon startupChristian Poessinger
Daemon was only enabled/disabled before and not started/stopped. This has been corrected to start the daemon and wait until startup before sending the configuration profile.
2020-11-14options: keyboard: T3038: use proper XML <defaultValue> over hardcoded ↵Christian Poessinger
Python value We should not use hardcoded Python values whenever possible. vyos.xml provides an abstraction of the XML CLI definitions providing default values from the CLI specified via the <defaultValue> node. This increases consistency among all XML/Python wrappers. Additional small fixes in this commit (besides the bad practice incorporating unrelated changes into the same commit) contain: - Keyboard layout shout be explicitly set for /dev/console - Added missing Debian dependency on console-data - When looking for a key in a dict, we do not need to specify dict.keys()