| Age | Commit message (Collapse) | Author |
|---|
|
There is no need to add and remove this table during runtime - it can lurk
in the standard firewall init code.
(cherry picked from commit 89f0d347bfe5e468355817a617dc71823a58c284)
|
|
This prevents the following error when configuring the first VRF:
sysctl: cannot stat /proc/sys/net/vrf/strict_mode: No such file or directory
(cherry picked from commit a821b8c603999665ce8a77acb0e44a743811992a)
|
|
https: T6000: fix error in migration of path https certbot (backport #2902)
|
|
(cherry picked from commit f057075409b024a18ea8a39b5e128fcde988c00e)
|
|
remote: T5994: fix typo in check_storage for Ftp class (backport #2899)
|
|
image-tools: T5988: validate image name in add_image (backport #2898)
|
|
Add missing name validation in add_image, and fix typo in error msg
string.
(cherry picked from commit 0a66ba35d12f0451a88ed7cc3e3ae2ae90e38d6e)
|
|
(cherry picked from commit 858ccb20b3e0c326fc7b7f791bd6798cf15b6b46)
|
|
image-tools: T5983: fix regression in prune_vyos_versions (backport #2893)
|
|
(cherry picked from commit d603b1e3b2d0edb5a996b687236c12b50ad60259)
|
|
T5817: Fix for show openvpn server (backport #2619)
|
|
In some cases we can get error:
```
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module>
data = get_status(args.mode, intf)
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status
client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface)
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address
tunnel_ip = lst[0].split(',')[0]
IndexError: list index out of range
```
(cherry picked from commit 58683a2444877bb989929625ad40a7d76259075d)
|
|
bfd: T5967: add minimum-ttl option (backport #2884)
|
|
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254>
* set protocols bfd profile <name> minimum-ttl <1-254>
(cherry picked from commit 1f07dcbddfcfdbb9079936ec479c5633934dd547)
|
|
ethernet: T5978: hw-tc-offload does not actually get enabled on the NIC (backport #2881)
|
|
Typo (missaligned -/_) in the code causes hw-tc-offload to never be enabled in
the underlaying hardware via ethtool.
(cherry picked from commit bfb7e4f2b3743ae3c9a132daf4e2109e90d27f26)
|
|
dhcp: T5787: Allow disabled duplicates on static-mapping (backport)
|
|
|
|
op-mode: T5975: add missing 2FA OTP commands and other op-mode permission fixes
|
|
|
|
|
|
|
|
|
|
T5957: fix removal of interface in firewall rules. (backport #2873)
|
|
op-mode: T5969: list multicast group membership (backport #2871)
|
|
cpo@LR1.wue3:~$ show ip multicast group interface eth0.201
Interface Family Address
----------- -------- ---------
eth0.201 inet 224.0.0.6
eth0.201 inet 224.0.0.5
eth0.201 inet 224.0.0.1
cpo@LR1.wue3:~$ show ipv6 multicast group interface eth0
Interface Family Address
----------- -------- -----------------
eth0 inet6 ff02::1:ff00:0
eth0 inet6 ff02::1:ffbf:c56d
eth0 inet6 ff05::2
eth0 inet6 ff01::2
eth0 inet6 ff02::2
eth0 inet6 ff02::1
eth0 inet6 ff01::1
(cherry picked from commit 3eea8dbed1bd201373eb8a452239d9565d468b33)
|
|
T5958: QoS add basic implementation of policy shaper-hfsc (backport #2852)
|
|
ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces left (backport #2867)
|
|
left
This extends commit 7ba47f027 ("ethernet: T4638: deleting parent interface does
not delete underlying VIFs") with a smoketests ensure no VIFs are left behind.
(cherry picked from commit e390d0080d1a15b18ede49f1f2472ef940145c19)
|
|
(cherry picked from commit 0a436e1fce66391311799bc970f05f6f4ba880ad)
|
|
QoS policy shaper-hfsc was not implemented after rewriting the
traffic-policy to qos policy. We had CLI but it does not use the
correct class. Add a basic implementation of policy shaper-hfsc.
Write the class `TrafficShaperHFS`
(cherry picked from commit f6b6ee636e34f98d336ee53599666afd1f395d78)
|
|
sflow: T5968: add VRF support (backport #2869)
|
|
Add support to run hsflowd in a dedicated (e.g. management) VRF.
Command will be "set system sflow vrf <name>" like with any other service
(cherry picked from commit 64473fa6f320375fb3d3de4de9e729f456ee5ae2)
|
|
firewall: T5729: T5681: T5217: backport subsystem from current branch
|
|
This is a combined backport for all accumulated changes done to the firewall
subsystem on the current branch.
|
|
ntp: T5692: add support to configure leap second behavior (backport #2863)
|
|
T5961: Fix QoS policy shaper class match vif (backport #2862)
|
|
* set service ntp leap-second [ignore|smear|system|timezone]
Where timezone is the new and old default resulting in adding "leapsectz right/UTC"
to chrony.conf. The most prominent new option is "smear" which will add
leapsecmode slew
maxslewrate 1000
smoothtime 400 0.001 leaponly
to chrony.
See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for
additional information
(cherry picked from commit 7ae064bab0010dff8827a0ed5e1239d2778dc7c1)
|
|
If we have QoS policy shaper class match `vif` (VLAN) we have to
use `basic match "meta(vlan mask 0xfff eq xxx)` instead of
`action policy`
Actual incorrect TC filter:
tc filter add dev eth1 parent 1: protocol all prio 1 action police rate 100000000 burst 15k flowid 1:64
The correct TC filter after fix:
tc filter add dev eth1 parent 1: protocol all prio 1 basic match "meta(vlan mask 0xfff eq 100)" flowid 1:64
(cherry picked from commit bb532f7f65930f8bc42e3bf3ebbcc690bffcfd0a)
|
|
dhcp: T3316: add deprecation warning on RAW ISC DHCPD options
|
|
The following CLI nodes are deprecated and will be remove in VyOS 1.5 while
moving to KEA as DHCP server.
* set service dhcp-server global-parameters
* set service dhcp-server shared-network-name <name> shared-network-parameters
* set service dhcp-server shared-network-name <name> subnet <x.x.x.x/y> subnet-parameters
Please open feature requests if any DHCP option is missing and should be added
as a proper CLI node to make your life easier.
|
|
T5963: Fix QoS shaper rate calculations and set default 1Gbit (backport #2855)
|
|
It is impossible to detect interface speed for some devices
for exmaple virtio interfaces:
```
vyos@r4:~$ cat /sys/class/net/eth1/speed
-1
```
It causes wrong negative calcultaions like:
- bandwidth: -1000000
- 4% of bandwidth: -40000
tc class replace dev eth1 parent 1: classid 1:1 htb rate -1000000
tc class replace dev eth1 parent 1:1 classid 1:a htb rate -40000
Fix this with checking negative value.
Add default interface speed to 1000 Mbit if we cannot detect the
interface speed, the current default value 10 Mbit is too low
for nowadays
(cherry picked from commit a7fe02e989cf7034609cb833c86143660eb609d5)
|
|
T5964: add missing imports for is_wwan_connected() (backport #2858)
|
|
(cherry picked from commit 844e35dea0500c48ff942ef4542dbb7a25b9dc7d)
|
|
(cherry picked from commit c7d35deb8ea2fb15796fb98b103f027b927a020f)
|
|
dhcp: T5952: validate duplicate MAC and IP address in static-mappings incl. smoketests
|
|
This extends commit 2c3e4696b3e22 ("T2267: Versioning: Update version tag from
GIT repo") to also include release tags.
(cherry picked from commit 04aa70e3f75169fc592b20acfa6e0b2f37d90a6c)
|
|
T5779: conntrack: Apply fixes to <set system conntrack timeout custom> (backport #2574)
|
|
Backport of the conntrack system from current branch.
(cherry picked from commit fd0bcaf12)
(cherry picked from commit 5acf5aced)
(cherry picked from commit 42ff4d8a7)
(cherry picked from commit 24a1a7059)
|
