summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-01T5977: firewall: remove ipsec options in output chain rule definitions, ↵Nicolas Fort
since it's not supported. (cherry picked from commit 9d490ecf616eb9d019beee37a3802705c4109d9d)
2024-01-31Merge pull request #2912 from vyos/mergify/bp/sagitta/pr-2910Viacheslav Hletenko
T5254: Deleted extra file git (backport #2910)
2024-01-31T5254: Deleted extra file gitaapostoliuk
Deleted extra file git. (cherry picked from commit 5602f9fda633c58c6c986e5e649696e982d4d245)
2024-01-31Merge pull request #2909 from vyos/mergify/bp/sagitta/pr-2908Christian Breunig
reverse-proxy: T5999: Allow root for exact match in backend rule URL (backport #2908)
2024-01-31reverse-proxy: T5999: Allow root for exact match in backend rule URLcleopold73
(cherry picked from commit f2c6cb62521bf13a51225462e8d39ee184645de1)
2024-01-30Merge pull request #2907 from vyos/mergify/bp/sagitta/pr-2906Christian Breunig
rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix' (backport #2906)
2024-01-30rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix'Jonathan Voss
(cherry picked from commit c23775d29fd3bebbfd6ae9483fd12f2fb643c9a2)
2024-01-30Merge pull request #2888 from vyos/mergify/bp/sagitta/pr-2886John Estabrook
system-option: T5979: Add configurable kernel boot options (backport #2886)
2024-01-30Merge pull request #2905 from vyos/mergify/bp/sagitta/pr-2877Christian Breunig
vrf: T5973: multiple bugfixes and improvements (backport #2877)
2024-01-30vrf: T5973: fix has_rule() to check for l3mdev ruleChristian Breunig
A code path was missing to check if only priority is available in the result of "ip --json -4 rule show", in the case of l3mdev it's a dedicated key! (cherry picked from commit a009143a62caca207fdffffcf0b490c747a87025)
2024-01-30vrf: T5973: move initial conntrack firewall table to startupChristian Breunig
There is no need to add and remove this table during runtime - it can lurk in the standard firewall init code. (cherry picked from commit 89f0d347bfe5e468355817a617dc71823a58c284)
2024-01-30vrf: T5973: ensure Kernel module is loadedChristian Breunig
This prevents the following error when configuring the first VRF: sysctl: cannot stat /proc/sys/net/vrf/strict_mode: No such file or directory (cherry picked from commit a821b8c603999665ce8a77acb0e44a743811992a)
2024-01-30Merge pull request #2904 from vyos/mergify/bp/sagitta/pr-2902Viacheslav Hletenko
https: T6000: fix error in migration of path https certbot (backport #2902)
2024-01-30https: T6000: fix error in migration of path https certbotJohn Estabrook
(cherry picked from commit f057075409b024a18ea8a39b5e128fcde988c00e)
2024-01-29Merge pull request #2900 from vyos/mergify/bp/sagitta/pr-2899John Estabrook
remote: T5994: fix typo in check_storage for Ftp class (backport #2899)
2024-01-29Merge pull request #2901 from vyos/mergify/bp/sagitta/pr-2898John Estabrook
image-tools: T5988: validate image name in add_image (backport #2898)
2024-01-29image-tools: T5988: validate image name in add_imageJohn Estabrook
Add missing name validation in add_image, and fix typo in error msg string. (cherry picked from commit 0a66ba35d12f0451a88ed7cc3e3ae2ae90e38d6e)
2024-01-29remote: T5994: fix typo in check_storage for Ftp classJohn Estabrook
(cherry picked from commit 858ccb20b3e0c326fc7b7f791bd6798cf15b6b46)
2024-01-25Merge pull request #2896 from vyos/mergify/bp/sagitta/pr-2893John Estabrook
image-tools: T5983: fix regression in prune_vyos_versions (backport #2893)
2024-01-25image-tools: T5983: fix regression in prune_vyos_versionsJohn Estabrook
(cherry picked from commit d603b1e3b2d0edb5a996b687236c12b50ad60259)
2024-01-25Merge pull request #2895 from vyos/mergify/bp/sagitta/pr-2619Viacheslav Hletenko
T5817: Fix for show openvpn server (backport #2619)
2024-01-25T5817: Fix for show openvpn serverViacheslav Hletenko
In some cases we can get error: ``` Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module> data = get_status(args.mode, intf) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface) File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address tunnel_ip = lst[0].split(',')[0] IndexError: list index out of range ``` (cherry picked from commit 58683a2444877bb989929625ad40a7d76259075d)
2024-01-23T5979: add configurable kernel boot option 'disable-mitigations'Christian Breunig
(cherry picked from commit 256346a66cc3bb20e93c68245ebca2f68f42e7b5)
2024-01-23image-tools: T5980: add support for configurable kernel boot optionsJohn Estabrook
(cherry picked from commit 1b1569d5b88a20994fc65fd529f8103db371bf3f)
2024-01-23Merge pull request #2885 from vyos/mergify/bp/sagitta/pr-2884Christian Breunig
bfd: T5967: add minimum-ttl option (backport #2884)
2024-01-23bfd: T5967: add minimum-ttl optionChristian Breunig
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254> * set protocols bfd profile <name> minimum-ttl <1-254> (cherry picked from commit 1f07dcbddfcfdbb9079936ec479c5633934dd547)
2024-01-23Merge pull request #2882 from vyos/mergify/bp/sagitta/pr-2881Viacheslav Hletenko
ethernet: T5978: hw-tc-offload does not actually get enabled on the NIC (backport #2881)
2024-01-23ethernet: T5978: hw-tc-offload does not actually get enabled on the NICChristian Breunig
Typo (missaligned -/_) in the code causes hw-tc-offload to never be enabled in the underlaying hardware via ethtool. (cherry picked from commit bfb7e4f2b3743ae3c9a132daf4e2109e90d27f26)
2024-01-22Merge pull request #2880 from sarthurdev/T5787_disabledbpChristian Breunig
dhcp: T5787: Allow disabled duplicates on static-mapping (backport)
2024-01-22dhcp: T5787: Allow disabled duplicates on static-mapping (backport)sarthurdev
2024-01-22Merge pull request #2878 from c-po/sagitta-only-fixesChristian Breunig
op-mode: T5975: add missing 2FA OTP commands and other op-mode permission fixes
2024-01-22op-mode: T5975: add missing 2FA OTP commandsChristian Breunig
2024-01-22op-mode: T5658: fix mtr.py permissionsChristian Breunig
2024-01-22op-mode: T5137: fix show_techsupport_report.py permissionsChristian Breunig
2024-01-22op-mode: T4864: fix zone.py permissionsChristian Breunig
2024-01-22Merge pull request #2875 from vyos/mergify/bp/sagitta/pr-2873Christian Breunig
T5957: fix removal of interface in firewall rules. (backport #2873)
2024-01-22Merge pull request #2876 from vyos/mergify/bp/sagitta/pr-2871Viacheslav Hletenko
op-mode: T5969: list multicast group membership (backport #2871)
2024-01-22op-mode: T5969: list multicast group membershipChristian Breunig
cpo@LR1.wue3:~$ show ip multicast group interface eth0.201 Interface Family Address ----------- -------- --------- eth0.201 inet 224.0.0.6 eth0.201 inet 224.0.0.5 eth0.201 inet 224.0.0.1 cpo@LR1.wue3:~$ show ipv6 multicast group interface eth0 Interface Family Address ----------- -------- ----------------- eth0 inet6 ff02::1:ff00:0 eth0 inet6 ff02::1:ffbf:c56d eth0 inet6 ff05::2 eth0 inet6 ff01::2 eth0 inet6 ff02::2 eth0 inet6 ff02::1 eth0 inet6 ff01::1 (cherry picked from commit 3eea8dbed1bd201373eb8a452239d9565d468b33)
2024-01-22Merge pull request #2872 from vyos/mergify/bp/sagitta/pr-2852Christian Breunig
T5958: QoS add basic implementation of policy shaper-hfsc (backport #2852)
2024-01-22Merge pull request #2874 from vyos/mergify/bp/sagitta/pr-2867Viacheslav Hletenko
ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces left (backport #2867)
2024-01-22ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces ↵Christian Breunig
left This extends commit 7ba47f027 ("ethernet: T4638: deleting parent interface does not delete underlying VIFs") with a smoketests ensure no VIFs are left behind. (cherry picked from commit e390d0080d1a15b18ede49f1f2472ef940145c19)
2024-01-22T5957: fix removal of interface in firewall rules.Nicolas Fort
(cherry picked from commit 0a436e1fce66391311799bc970f05f6f4ba880ad)
2024-01-22T5958: QoS add basic implementation of policy shaper-hfscViacheslav Hletenko
QoS policy shaper-hfsc was not implemented after rewriting the traffic-policy to qos policy. We had CLI but it does not use the correct class. Add a basic implementation of policy shaper-hfsc. Write the class `TrafficShaperHFS` (cherry picked from commit f6b6ee636e34f98d336ee53599666afd1f395d78)
2024-01-22Merge pull request #2870 from vyos/mergify/bp/sagitta/pr-2869Christian Breunig
sflow: T5968: add VRF support (backport #2869)
2024-01-22sflow: T5968: add VRF supportChristian Breunig
Add support to run hsflowd in a dedicated (e.g. management) VRF. Command will be "set system sflow vrf <name>" like with any other service (cherry picked from commit 64473fa6f320375fb3d3de4de9e729f456ee5ae2)
2024-01-22Merge pull request #2856 from c-po/firewall-backportsChristian Breunig
firewall: T5729: T5681: T5217: backport subsystem from current branch
2024-01-22firewall: T5729: T5681: T5217: backport subsystem from current branchChristian Breunig
This is a combined backport for all accumulated changes done to the firewall subsystem on the current branch.
2024-01-21Merge pull request #2866 from vyos/mergify/bp/sagitta/pr-2863Christian Breunig
ntp: T5692: add support to configure leap second behavior (backport #2863)
2024-01-21Merge pull request #2865 from vyos/mergify/bp/sagitta/pr-2862Christian Breunig
T5961: Fix QoS policy shaper class match vif (backport #2862)
2024-01-21ntp: T5692: add support to configure leap second behaviorChristian Breunig
* set service ntp leap-second [ignore|smear|system|timezone] Where timezone is the new and old default resulting in adding "leapsectz right/UTC" to chrony.conf. The most prominent new option is "smear" which will add leapsecmode slew maxslewrate 1000 smoothtime 400 0.001 leaponly to chrony. See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for additional information (cherry picked from commit 7ae064bab0010dff8827a0ed5e1239d2778dc7c1)
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-06 17:33:32 +0000