summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-04-09T5169: Add PoC for generating CGNAT rules rfc6888Viacheslav Hletenko
Add PoC for generating CGNAT rules https://datatracker.ietf.org/doc/html/rfc6888 Not all requirements are implemented, but some of them. Implemented: REQ-2 ``` A CGN MUST have a default "IP address pooling" behavior of "Paired" CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols. ``` REQ-3 ``` The CGN function SHOULD NOT have any limitations on the size or the contiguity of the external address pool ``` REQ-4 ``` A CGN MUST support limiting the number of external ports (or, equivalently, "identifiers" for ICMP) that are assigned per subscriber ``` CLI: ``` set nat cgnat pool external ext1 external-port-range '1024-65535' set nat cgnat pool external ext1 per-user-limit port '1000' set nat cgnat pool external ext1 range 192.0.2.222/32 set nat cgnat pool internal int1 range '100.64.0.0/28' set nat cgnat rule 10 source pool 'int1' set nat cgnat rule 10 translation pool 'ext1' ```
2024-04-08Merge pull request #3278 from jestabro/default-config-choiceChristian Breunig
T6207: restore ability to copy config.boot.default on image install
2024-04-07image-tools: T6207: restore choice of config.boot.default as boot configJohn Estabrook
2024-04-07utils.io: T6207: allow default in select_entryJohn Estabrook
2024-04-07Merge pull request #3277 from sarthurdev/T6163Christian Breunig
kea: T3316: T6163: Ensure correct permissions on lease files
2024-04-07kea: T3316: Ensure correct permissions on lease filessarthurdev
2024-04-07Merge pull request #3265 from c-po/ethernet-mtu-T5862Daniil Baturin
ethernet: T5862: default MTU is not acceptable in some environments
2024-04-07Merge pull request #3270 from c-po/login-T5875Daniil Baturin
login: T5875: fix corner case for KeyError: 'getpwuid(): uid not found: XXXX'
2024-04-07dhcp: T6068: drop unused variable "failover_ok"Christian Breunig
2024-04-07Merge pull request #3272 from c-po/container-fixChristian Breunig
container: T6208: fix AttributeError: 'ConfigDict' object has no attribute 'upper'
2024-04-07container: T6208: fix AttributeError: 'ConfigDict' object has no attribute ↵Christian Breunig
'upper' Commit b30faa43c (container: T6208: rename "cap-add" CLI node to "capability") added an AttributeError referencing an out of scope variable. This has been fixed.
2024-04-07ipoe: T6205: fix conditional branch error in config migratorChristian Breunig
Commit a5ccc06c0 ("ipoe: T6205: error in migration script logic while renaming mac-address to mac node") added a conditional path into the config which could result in the migrated config not beeing written if precondition was not met.
2024-04-07Merge pull request #3269 from c-po/container-T6208Daniil Baturin
container: T6208: rename "cap-add" CLI node to "capability"
2024-04-06login: T5875: fix corner case for KeyError: 'getpwuid(): uid not found: XXXX'Christian Breunig
Commit 1b364428f ("login: T5875: restore home directory permissions only when needed") added logic to chown the users home directory if it's UID changes. This might happen when a user account is deleted and re-added to the system. Under rar e circumstances it was possible that the implementation triggered Traceback (most recent call last): File "<stdin>", line 1, in <module> KeyError: 'getpwuid(): uid not found: XXXX' This has been fixed by re-arranging the code path with an additional try/except if the PW database information could not be retrieved leading to an implicit chown() of the home directory to the user beeing added.
2024-04-06container: T6208: rename "cap-add" CLI node to "capability"Christian Breunig
Containers have the ability to add Linux system capabilities to them, this is done using the "set container name <name> cap-add" command. The CLI node sounds off and rather should be "set container name <name> capability" instead as we use and pass a capability to a container and not add/invent new ones.
2024-04-06Merge pull request #3263 from c-po/T6205-ipoeDaniil Baturin
ipoe: T6205: error in migration script logic while renaming mac-address to mac node
2024-04-06ipoe: T6205: error in migration script logic while renaming mac-address to ↵Christian Breunig
mac node The problem was introduced in [1] but the config migrator part unfortunately was added to the wrong version [2]. As IPoE config version 0 was only active during the 1.3 development cycle and VyOS 1.3.0 was already released with config version 1 we can safely drop the migrator 0-to-1 and move the code to 1-to-2 to properly support upgrades from VyOS 1.3 -> 1.4 or newer. 1: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-08291bf77870abe3af8bbe3e8ce4bbf344fd0498b2c5c75a75aa7235d381c88eL168 2: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-b8bb58b75607d3653e74d82eff02442f9f3ab82698f160ba37858f7cdf6c79ccR44-R46
2024-04-06Merge pull request #3266 from c-po/spring-cleaning-4Christian Breunig
T6199: start validating smoketests against real CLI defaultValues
2024-04-06GitHub: run unused-imports ony for current and sagittaChristian Breunig
2024-04-06T6199: start validating smoketests against real CLI defaultValuesChristian Breunig
Use vyos.xml_ref.default_value to query XML default values and take them into account when validating properly applied defaults in individual smoketests instead of using hardcoded values like 443 for https port.
2024-04-06ethernet: T5862: default MTU is not acceptable in some environmentsChristian Breunig
There are cloud environments available where the maximum supported ethernet MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value or 1500 bytes - whatever is lower.
2024-04-06xml: T5862: drop defaultValue from mtu-68-16000.xml.i - use individual valuesChristian Breunig
In order to lower the Ethernet default MTU we need to drop the common defaultValue from the XML mtu-68-16000.xml.i building block. Per interface default MTU is later overloaded by XML.
2024-04-06conntrack-sync: T1244: add CLI support for StartupResyncNataliia Solomko
2024-04-06Debian: T6199: add pylint do list of build dependenciesChristian Breunig
2024-04-06Merge pull request #3260 from c-po/spring-cleaning-3Christian Breunig
T6199: remove unused Python imports from migration scripts
2024-04-06T6199: remove unused Python imports from migration scriptsChristian Breunig
2024-04-06Merge pull request #3219 from l0crian1/add-fw-description-showViacheslav Hletenko
T6188: add description to show firewall
2024-04-05Merge pull request #3255 from jestabro/remove-xml-libChristian Breunig
T6203: remove obsoleted xml lib
2024-04-05T6203: remove obsoleted xml libJohn Estabrook
The vyos.xml functionality is replaced with vyos.xml_ref.
2024-04-05T6188: Add description to detail view onlyl0crian1
For readability in console sessions, moved the description column to only be shown in the detail view. Changed wrapping in the detail view for description to 65 characters to prevent full line wrapping in console sessions.
2024-04-05Merge pull request #3252 from HollyGurza/T6204Christian Breunig
T6204: cleanup shebang lines
2024-04-05T6204: cleanup shebang lineskhramshinr
2024-04-04op-mode: T6203: replace use of vyos.xml.defaults with automatic defaultsJohn Estabrook
2024-04-04Merge pull request #3249 from c-po/ospf-T6089Christian Breunig
ospf: T6089: fix invalid "ospf passive-interface default"
2024-04-04GitHub: fix "on" trigger for unused-imports workflowChristian Breunig
2024-04-04ospf: T6089: fix invalid "ospf passive-interface default"Christian Breunig
The option "passive-interface default" was set even if it was not present in the previous version we are migrating from. Fix migration script to handle this with a conditional path.
2024-04-04Merge pull request #3244 from aapostoliuk/T6197-circinusChristian Breunig
T6197: Fixed usage ipoe interface client-subnet without pools
2024-04-04Merge pull request #3246 from c-po/spring-cleaning-2Christian Breunig
T6199: drop unused Python imports from graphql source
2024-04-04Makefile: improve "unused-imports" targetChristian Breunig
2024-04-04T6199: drop unused Python imports from graphql sourceChristian Breunig
2024-04-04Merge pull request #3238 from HollyGurza/T5943Daniil Baturin
bgp: T5943: BGP Peer-group members must be all internal or all external
2024-04-04Merge pull request #3214 from nicolas-fort/T6068-keaDaniil Baturin
T6068: dhcp-server: add command <set service dhcp-server high-availability mode>
2024-04-04T6197: Fixed usage ipoe interface client-subnet without poolsaapostoliuk
Allowed using ipoe interface client-subnet without client pools configuration.
2024-04-04Merge pull request #3242 from HollyGurza/T6166Christian Breunig
T6166: Tech support generation error for custom output location
2024-04-04T6166: Tech support generation error for custom output locationkhramshinr
2024-04-04bgp: T5943: BGP Peer-group members must be all internal or all externalkhramshinr
2024-04-03GitHub: run unused imports action only for pull requestsChristian Breunig
2024-04-03Merge pull request #3240 from c-po/spring-cleaningChristian Breunig
T6199: spring cleaning - drop unused Python imports
2024-04-03T6068: dhcp-server: add command <set service dhcp-server high-availability ↵Nicolas Fort
mode> so user can define what type of ha use: active-active or active-passive
2024-04-03GitHub: add action to check for unused importsChristian Breunig