summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-04-04T5142: Add audit tool to monitor security-relevant eventsViacheslav Hletenko
2023-04-03Merge pull request #1932 from sever-sever/T5125Christian Breunig
T5125: Sflow op-mode add event_samples_suppressed option
2023-04-03Merge pull request #1934 from sever-sever/T5141Christian Breunig
T5141: Add numbers for dhclient-exit-hooks.d to enforce order
2023-04-03Merge pull request #1933 from sever-sever/T5139Christian Breunig
T5139: IPSec add IKE lifetime 0 for no rekeying
2023-04-03T5141: Add numbers for dhclient-exit-hooks.d to enforce orderViacheslav Hletenko
Add numbers for all dhclient-exit-hooks.d to enforce script order execution Also, move '99-run-user-hooks' to '98-run-user-hooks' due to vyatta-dhclient-hook bug and exit with 'exit 1' it is described in the https://vyos.dev/T4856, so we should move this hook to the end. Rename 'vyatta-dhclient-hook' to '99-vyatta-dhclient-hook'
2023-04-03T5139: IPSec add IKE lifetime 0 for no rekeyingViacheslav Hletenko
IKE lifetime should starting from 0 for disabling rekeying
2023-04-03T5125: Sflow op-mode add event_samples_suppressed optionViacheslav Hletenko
Add "Packet drops suppressed" option Rename "Samples drop events sent" to "Packet drops sent"
2023-04-02container: T5134: support binding container network to specific VRFChristian Breunig
Container networks now can be bound to a specific VRF instance. set vrf name <foo> table <xxx> set container network <name> vrf <foo>
2023-04-02xml: re-use generic-description.xml.i building block whenever possibleChristian Breunig
Remove redundant XML CLI node definitions for the common description node by referencing the common building block.
2023-04-01Merge pull request #1929 from sever-sever/T5125Christian Breunig
T5125: Extend op-mode show sflow add new metric
2023-04-01T5125: Extend op-mode show sflow add new metricViacheslav Hletenko
Add new metric, the number of packet-drop-events sent
2023-04-01container: T4959: bugfix credential validation on registriesChristian Breunig
Commit fe82d86d ("container: T4959: add registry authentication option") looked up the wrong config dict level when validating that both username and password need to be specified when registries are in use.
2023-04-01container: T5082: switch to netavark network stackChristian Breunig
We now support assigning discrete IPv6 addresses to a container.
2023-04-01container: T5047: bugfix TypeError: argument of type 'NoneType' is not iterableChristian Breunig
Commit 52e51ffb ("container: T5047: restart only containers that changed") started to iterate over a NoneType which is invalid. This happened when a network description was changed but no container was due for restart.
2023-04-01xml: include building block file name should end with .i and not .inChristian Breunig
2023-04-01isis: op-mode: T5132: bugfix VRF commands for route and neighborChristian Breunig
show isis vrf <name> neighbor|route did not call the vtysh wrapper but instead always called the commands for the default routing table.
2023-04-01Merge pull request #1926 from aapostoliuk/T5093-sagittaChristian Breunig
ipsec: T5093: Fixed 'reset vpn ipsec profile' command
2023-04-01xml: T5128: streamline help string for interface CLI node building blocksChristian Breunig
2023-04-01xml: allow-client: T5126: re-use new building block also for NTP serviceChristian Breunig
2023-03-31Merge pull request #1920 from jestabro/https-allow-clientViacheslav Hletenko
http-api: T5126: allow restricting client IP address
2023-03-31http-api: T5126: allow restricting client IP addressJohn Estabrook
2023-03-31Merge pull request #1922 from nicolas-fort/T5128Christian Breunig
T5128: Policy Route: allow wildcard on interface
2023-03-31Merge pull request #1927 from sever-sever/T5125Christian Breunig
T5125: Add op-mode for sFlow based on hsflowd
2023-03-31T5125: Add op-mode for sFlow based on hsflowdViacheslav Hletenko
Add op-mode for sFlow based on hsflowd "show sflow" Add machine readable format '--raw' and formatted output
2023-03-31T5128: Add contraint for firewall interface. Also update smoketest to ↵Nicolas Fort
include at least one wildcarded interface
2023-03-31T5128: Policy Route: allow wildcard on interfaceNicolas Fort
2023-03-31Merge pull request #1925 from sever-sever/T4173-smoketestViacheslav Hletenko
T4173: Fix smoketest for load-balancing wan
2023-03-31Merge pull request #1924 from fett0/T5131Christian Breunig
T5131: fix op-mode show isis segment-routing prefix-sids
2023-03-30 T5131: fix op-mode show isis segment-routing prefix-sidsfett0
2023-03-30Merge pull request #1923 from jestabro/fix-templateChristian Breunig
interfaces: T5130: remove show_interfaces.py reference and script
2023-03-30interfaces: T5130: remove obsoleted show_interfaces.pyJohn Estabrook
2023-03-30interfaces: T5130: show/interfaces/node.def defined in vyos-1xJohn Estabrook
2023-03-30ipsec: T5093: Fixed 'reset vpn ipsec profile' commandaapostoliuk
Fixed 'reset vpn ipsec profile' command using vici library and new op-mode style. Added ability to use 'reset vpn ipsec profile' command with 'remote-host' option.
2023-03-30T4173: Fix smoketest for load-balancing wanViacheslav Hletenko
Counter jump WANLOADBALANCE was deleted in the commit https://github.com/vyos/vyos-1x/commit/27ca5b9d6d699e201f88ffff41b0a651166b65eb I guess it was done to pass the smoketest even if it broke the load-balance wan feature Fix it
2023-03-29Merge pull request #1900 from jestabro/diff-testChristian Breunig
configdiff: T5089: add unit test of config_diff
2023-03-29ntp: T3008: start daemon with extended privileges but then drop to _chronyChristian Breunig
2023-03-29configdiff: T5089: add unit testJohn Estabrook
2023-03-29configdiff: T5089: add optional arg ordered_values for unit testsJohn Estabrook
2023-03-29configdiff: T5089: add union of configtrees for unit testJohn Estabrook
2023-03-29configtree: T5089: sorting of nodes is now implemented on parsing configJohn Estabrook
2023-03-29Merge pull request #1918 from sever-sever/T5110Christian Breunig
T5110: Fix op-mode FRR vtysh_pam account validation
2023-03-29T5110: Fix op-mode FRR vtysh_pam account validationViacheslav Hletenko
With FRR 8.5 there is exists file /etc/pam.d/frr With this file by default we have cosmtetic error for any op-mode command $ show ip bgp vtysh_pam: Failed in account validation: Success(0)No BGP prefixes displayed, 0 exist Fix it
2023-03-29T5115: bump version dns-forwarding 3 -> 4Christian Breunig
2023-03-29Merge pull request #1915 from indrajitr/pdns-port-round2Christian Breunig
dns: T5115: Support custom port for name servers for forwarding zones
2023-03-29Merge pull request #1916 from jestabro/clear-countersChristian Breunig
interfaces: T4885: add 'clear interfaces counters' to op-mode
2023-03-29Merge pull request #1917 from indrajitr/chrony-cleanupChristian Breunig
ntp: T5118: Remove vestigial ntp completion script
2023-03-29frr: T5045: remove LimitNOFILESoftChristian Breunig
Commit cb872efb ("frr: T5045: lift LimitNOFILE 1024 -> 4096") added both LimitNOFILE and LimitNOFILESoft parameters for FRR, as "systemctl cat frr.service" showed both versions. During daemon startup systemd complains: Unknown key name 'LimitNOFILESoft' in section 'Service', ignoring. So the key got removed again.
2023-03-28ntp: T5118: Remove vestigial ntp completion scriptIndrajit Raychaudhuri
This isn't used anymore after migration from ntpd to chrony as part of T3008.
2023-03-28container: T5047: restart only containers that changedChristian Breunig
By default VyOS used to restart all containers it managed. This makes no sense as it will be service disrupting. Instead only restart the containers that had changes on the CLI beeing made.
2023-03-28container: T2216: explicitly select CNI network backendChristian Breunig
As podman is going to use netavark as new default we must explicitly select the old driver until we have migrated to netavark.