summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-04-12T5871: ipsec remote access VPN: specify "cacerts" for client auth.Lucas Christian
(cherry picked from commit ecc83562b4d756cc50910561a3f52ec260aeb478)
2024-04-12Merge pull request #3295 from vyos/mergify/bp/sagitta/pr-3292Daniil Baturin
T6222: VRRP show prefix for long rfc3768-compatibility interfaces allow prefix vrrp (backport #3292)
2024-04-11T6222: VRRP show prefix for long rfc3768-compatibility interfacesViacheslav Hletenko
If we use rfc3768-compatibility with long interface names like eth1.100.200 it converts the VRRP interface name name to `<interface>v<VRID><IP version>` For example `eth2.100.200v10v4` The limit for interface name is 15 symbols and it causes that interface name is ignoring by keepalived VMAC interface name 'eth2.100.200v10v4' too long or invalid characters - ignoring And it uses the default prefix `vrrp` for such cases. It works fine, but such interfaces are not displayed in the op-mode Allow prefix `vrrp` for the op-mode for `show interfaces` (cherry picked from commit 29a20ce9f9792e23137be57358ca52ddee7ac54b)
2024-04-11Merge pull request #3293 from vyos/mergify/bp/sagitta/pr-3281Christian Breunig
T6214: T6213: change constraint <alpha-numeric-hyphen-underscore-dot.xml.i> (backport #3281)
2024-04-11Merge pull request #3294 from vyos/mergify/bp/sagitta/pr-3290Daniil Baturin
firewall: T6216: replace plus symbols (allowed by IPset but not NFT) in group names with underscores (backport #3290)
2024-04-11T6216: firewall: add patch while migrating from 1.3 to 1.4 in order to avoid ↵Nicolas Fort
errors when using character <+> in 1.3 in firewall groups and custom firewall chains. (cherry picked from commit 36baf771b8ea52487bf6c913d2019f926acbc4f3)
2024-04-11T6214: T6213: change constraint <alpha-numeric-hyphen-underscore-dot.xml.i> ↵Nicolas Fort
in order to not allow string starting with dot character; use such constraint in firewall group definitions. (cherry picked from commit c455a1f71674300b8a74863ddfe6e551fe8fd252)
2024-04-09Merge pull request #3287 from vyos/mergify/bp/sagitta/pr-3286Viacheslav Hletenko
container: T6218: fix host IPv6 link-local address for VRF networks (backport #3286)
2024-04-09container: T6218: fix host IPv6 link-local address for VRF networksJonathan Voss
(cherry picked from commit 6b5590ae3325320a2b6bbcb34086ddb178860160)
2024-04-09Merge pull request #3285 from vyos/mergify/bp/sagitta/pr-3259Christian Breunig
container: T6210: add capability sys-nice (backport #3259)
2024-04-09container: T6210: add capability sys-nicetheflakes
(cherry picked from commit b8f3c61ca514cacdfc2495f16869c1b1e07d2bbc)
2024-04-09Merge pull request #3284 from vyos/mergify/bp/sagitta/pr-3283Christian Breunig
T6199: add missing build dependency (backport #3283)
2024-04-09T6199: add missing build dependencyChristian Breunig
(cherry picked from commit 8e2330fed6480886cbce97cc1b541e54c5394564)
2024-04-09Merge pull request #3282 from vyos/mergify/bp/sagitta/pr-3280Christian Breunig
T5858: Fix op-mode format for show conntrack statistics (backport #3280)
2024-04-09T5858: Fix op-mode format for show conntrack statisticsViacheslav Hletenko
(cherry picked from commit 13ed4f9d489dd5b8ee80c5f2fdebf1b0565e9137)
2024-04-08Merge pull request #3279 from vyos/mergify/bp/sagitta/pr-3278Daniil Baturin
T6207: restore ability to copy config.boot.default on image install (backport #3278)
2024-04-08image-tools: T6207: restore choice of config.boot.default as boot configJohn Estabrook
(cherry picked from commit 619e2262e77621c6110164712fed0a42f16715e3)
2024-04-08utils.io: T6207: allow default in select_entryJohn Estabrook
(cherry picked from commit 5a8be747febc13b7d3be88e8ace7ec2aa0b2ca28)
2024-04-07Merge pull request #3276 from vyos/mergify/bp/sagitta/pr-3265Daniil Baturin
ethernet: T5862: default MTU is not acceptable in some environments (backport #3265)
2024-04-07ethernet: T5862: default MTU is not acceptable in some environmentsChristian Breunig
There are cloud environments available where the maximum supported ethernet MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value or 1500 bytes - whatever is lower. (cherry picked from commit 8296cc727066e739c178918a91cfc11d20d26fe1)
2024-04-07xml: T5862: drop defaultValue from mtu-68-16000.xml.i - use individual valuesChristian Breunig
In order to lower the Ethernet default MTU we need to drop the common defaultValue from the XML mtu-68-16000.xml.i building block. Per interface default MTU is later overloaded by XML. (cherry picked from commit e86761fa1307596c721c3ddf3a61d263e8f5177b)
2024-04-07Merge pull request #3275 from vyos/mergify/bp/sagitta/pr-3270Christian Breunig
login: T5875: fix corner case for KeyError: 'getpwuid(): uid not found: XXXX' (backport #3270)
2024-04-07login: T5875: fix corner case for KeyError: 'getpwuid(): uid not found: XXXX'Christian Breunig
Commit 1b364428f ("login: T5875: restore home directory permissions only when needed") added logic to chown the users home directory if it's UID changes. This might happen when a user account is deleted and re-added to the system. Under rar e circumstances it was possible that the implementation triggered Traceback (most recent call last): File "<stdin>", line 1, in <module> KeyError: 'getpwuid(): uid not found: XXXX' This has been fixed by re-arranging the code path with an additional try/except if the PW database information could not be retrieved leading to an implicit chown() of the home directory to the user beeing added. (cherry picked from commit 1165bb497ec2d6d1b3b12d6c03435b0210efe9e5)
2024-04-07Merge pull request #3268 from vyos/mergify/bp/sagitta/pr-3263Christian Breunig
ipoe: T6205: error in migration script logic while renaming mac-address to mac node (backport #3263)
2024-04-07Merge pull request #3273 from vyos/mergify/bp/sagitta/pr-3272Viacheslav Hletenko
container: T6208: fix AttributeError: 'ConfigDict' object has no attribute 'upper' (backport #3272)
2024-04-07container: T6208: fix AttributeError: 'ConfigDict' object has no attribute ↵Christian Breunig
'upper' Commit b30faa43c (container: T6208: rename "cap-add" CLI node to "capability") added an AttributeError referencing an out of scope variable. This has been fixed. (cherry picked from commit 2463bd292f14e46fdb26116791a89ca2eb651d17)
2024-04-07ipoe: T6205: fix conditional branch error in config migratorChristian Breunig
Commit a5ccc06c0 ("ipoe: T6205: error in migration script logic while renaming mac-address to mac node") added a conditional path into the config which could result in the migrated config not beeing written if precondition was not met. (cherry picked from commit 2bbded1e485614d40b2e95165629487537fd1757)
2024-04-07Merge pull request #3271 from vyos/mergify/bp/sagitta/pr-3269Christian Breunig
container: T6208: rename "cap-add" CLI node to "capability" (backport #3269)
2024-04-07container: T6208: rename "cap-add" CLI node to "capability"Christian Breunig
Containers have the ability to add Linux system capabilities to them, this is done using the "set container name <name> cap-add" command. The CLI node sounds off and rather should be "set container name <name> capability" instead as we use and pass a capability to a container and not add/invent new ones. (cherry picked from commit b30faa43c28b592febd83a7fd3a58247de6b27bc)
2024-04-06ipoe: T6205: error in migration script logic while renaming mac-address to ↵Christian Breunig
mac node The problem was introduced in [1] but the config migrator part unfortunately was added to the wrong version [2]. As IPoE config version 0 was only active during the 1.3 development cycle and VyOS 1.3.0 was already released with config version 1 we can safely drop the migrator 0-to-1 and move the code to 1-to-2 to properly support upgrades from VyOS 1.3 -> 1.4 or newer. 1: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-08291bf77870abe3af8bbe3e8ce4bbf344fd0498b2c5c75a75aa7235d381c88eL168 2: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-b8bb58b75607d3653e74d82eff02442f9f3ab82698f160ba37858f7cdf6c79ccR44-R46 (cherry picked from commit a5ccc06c08d3a9696f1c03c8d0c7de78ce1fd3c5)
2024-04-06Merge pull request #3258 from vyos/mergify/bp/sagitta/pr-3255Daniil Baturin
T6203: remove obsoleted xml lib (backport #3255)
2024-04-06Merge pull request #3267 from vyos/mergify/bp/sagitta/pr-3266Daniil Baturin
T6199: start validating smoketests against real CLI defaultValues (backport #3266)
2024-04-06Merge pull request #3264 from vyos/mergify/bp/sagitta/pr-3219Daniil Baturin
T6188: add description to show firewall (backport #3219)
2024-04-06Merge pull request #3262 from vyos/mergify/bp/sagitta/pr-3254Daniil Baturin
conntrack-sync: T1244: Support for StartupResync in conntrackd (backport #3254)
2024-04-06Merge pull request #3261 from vyos/mergify/bp/sagitta/pr-3260Daniil Baturin
T6199: remove unused Python imports from migration scripts (backport #3260)
2024-04-06T6199: start validating smoketests against real CLI defaultValuesChristian Breunig
Use vyos.xml_ref.default_value to query XML default values and take them into account when validating properly applied defaults in individual smoketests instead of using hardcoded values like 443 for https port. (cherry picked from commit d9d2e9c8ead29c173fefd1b565d191a85baaa071)
2024-04-06GitHub: run unused-imports ony for current and sagittaChristian Breunig
(cherry picked from commit 4c5afe0ba7853cf3fc4626933ecde70b321e9d67)
2024-04-06T6188: Add description to detail view onlyl0crian1
For readability in console sessions, moved the description column to only be shown in the detail view. Changed wrapping in the detail view for description to 65 characters to prevent full line wrapping in console sessions. (cherry picked from commit 4dba82c7517f4a93b9727d22104e4a339bad127a)
2024-04-06 T6188:l0crian1
- modified: src/op_mode/firewall.py Changed behavior of "show firewall" for specific rule to only show rule and not also default-action (cherry picked from commit a7c5205ab12e767c6c60887033694c597e01f21b)
2024-04-06 modified: op-mode-definitions/firewall.xml.inl0crian1
- Added show firewall <sections> detail paths modified: src/op_mode/firewall.py - Added Description as a header to normal "show firewall" commands - Added 'detail' view which shows the output in a list key-pair format Description column was added for these commands and their subsections: show firewall statistics show firewall groups show firewall <family> Detail view was added for these commands: show firewall bridge forward filter detail show firewall bridge forward filter rule <rule#> detail show firewall bridge name <chain> detail show firewall bridge name <chain> rule <rule#> detail show firewall ipv4 forward filter detail show firewall ipv4 forward filter rule <rule#> detail show firewall ipv4 input filter detail show firewall ipv4 input filter rule <rule#> detail show firewall ipv4 output filter detail show firewall ipv4 output filter rule <rule#> detail show firewall ipv4 name <chain> detail show firewall ipv4 name <chain> rule <rule#> detail show firewall ipv6 forward filter detail show firewall ipv6 forward filter rule <rule#> detail show firewall ipv6 input filter detail show firewall ipv6 input filter rule <rule#> detail show firewall ipv6 output filter detail show firewall ipv6 output filter rule <rule#> detail show firewall ipv6 name <chain> detail show firewall ipv6 name <chain> rule <rule#> detail show firewall group detail show firewall group <group> detail (cherry picked from commit 025438ccacc654274efbd3bea8b13fcc73ae08b6)
2024-04-06T6188: add description to show firewalll0crian1
(cherry picked from commit b2ced47bdc547ada59b37e6617422188e150282c)
2024-04-06conntrack-sync: T1244: add CLI support for StartupResyncNataliia Solomko
(cherry picked from commit 2eb7f96ca2038bf37dc1d274821ca6f619489b58)
2024-04-06Debian: T6199: add pylint do list of build dependenciesChristian Breunig
(cherry picked from commit 71786307eed6a0ebb42755f24c19dfd46b1b9696)
2024-04-06T6199: remove unused Python imports from migration scriptsChristian Breunig
(cherry picked from commit 489e6fababa60d9c0fbfdb421305cbe563432499) # Conflicts: # src/migration-scripts/dhcp-server/9-to-10 # src/migration-scripts/dhcpv6-server/3-to-4
2024-04-05T6203: remove obsoleted xml libJohn Estabrook
The vyos.xml functionality is replaced with vyos.xml_ref. (cherry picked from commit 28a7195d8e200418d2fdc3b8839f14f514d788e7)
2024-04-05op-mode: T6203: replace use of vyos.xml.defaults with automatic defaultsJohn Estabrook
(cherry picked from commit aa1fb0733f18dfb0ccdfb37df36839c6a358d8ee)
2024-04-05Merge pull request #3253 from HollyGurza/T6204-sagittaDaniil Baturin
T6204: cleanup shebang lines
2024-04-05T6204: cleanup shebang lineskhramshinr
2024-04-05Merge pull request #3248 from vyos/mergify/bp/sagitta/pr-3244Daniil Baturin
T6197: Fixed usage ipoe interface client-subnet without pools (backport #3244)
2024-04-05Merge pull request #3251 from vyos/mergify/bp/sagitta/pr-3249Daniil Baturin
ospf: T6089: fix invalid "ospf passive-interface default" (backport #3249)