Age | Commit message (Collapse) | Author |
|
firewall: T5729: T5681: T5217: backport subsystem from current branch
|
|
This is a combined backport for all accumulated changes done to the firewall
subsystem on the current branch.
|
|
ntp: T5692: add support to configure leap second behavior (backport #2863)
|
|
T5961: Fix QoS policy shaper class match vif (backport #2862)
|
|
* set service ntp leap-second [ignore|smear|system|timezone]
Where timezone is the new and old default resulting in adding "leapsectz right/UTC"
to chrony.conf. The most prominent new option is "smear" which will add
leapsecmode slew
maxslewrate 1000
smoothtime 400 0.001 leaponly
to chrony.
See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for
additional information
(cherry picked from commit 7ae064bab0010dff8827a0ed5e1239d2778dc7c1)
|
|
If we have QoS policy shaper class match `vif` (VLAN) we have to
use `basic match "meta(vlan mask 0xfff eq xxx)` instead of
`action policy`
Actual incorrect TC filter:
tc filter add dev eth1 parent 1: protocol all prio 1 action police rate 100000000 burst 15k flowid 1:64
The correct TC filter after fix:
tc filter add dev eth1 parent 1: protocol all prio 1 basic match "meta(vlan mask 0xfff eq 100)" flowid 1:64
(cherry picked from commit bb532f7f65930f8bc42e3bf3ebbcc690bffcfd0a)
|
|
dhcp: T3316: add deprecation warning on RAW ISC DHCPD options
|
|
The following CLI nodes are deprecated and will be remove in VyOS 1.5 while
moving to KEA as DHCP server.
* set service dhcp-server global-parameters
* set service dhcp-server shared-network-name <name> shared-network-parameters
* set service dhcp-server shared-network-name <name> subnet <x.x.x.x/y> subnet-parameters
Please open feature requests if any DHCP option is missing and should be added
as a proper CLI node to make your life easier.
|
|
T5963: Fix QoS shaper rate calculations and set default 1Gbit (backport #2855)
|
|
It is impossible to detect interface speed for some devices
for exmaple virtio interfaces:
```
vyos@r4:~$ cat /sys/class/net/eth1/speed
-1
```
It causes wrong negative calcultaions like:
- bandwidth: -1000000
- 4% of bandwidth: -40000
tc class replace dev eth1 parent 1: classid 1:1 htb rate -1000000
tc class replace dev eth1 parent 1:1 classid 1:a htb rate -40000
Fix this with checking negative value.
Add default interface speed to 1000 Mbit if we cannot detect the
interface speed, the current default value 10 Mbit is too low
for nowadays
(cherry picked from commit a7fe02e989cf7034609cb833c86143660eb609d5)
|
|
T5964: add missing imports for is_wwan_connected() (backport #2858)
|
|
(cherry picked from commit 844e35dea0500c48ff942ef4542dbb7a25b9dc7d)
|
|
(cherry picked from commit c7d35deb8ea2fb15796fb98b103f027b927a020f)
|
|
dhcp: T5952: validate duplicate MAC and IP address in static-mappings incl. smoketests
|
|
This extends commit 2c3e4696b3e22 ("T2267: Versioning: Update version tag from
GIT repo") to also include release tags.
(cherry picked from commit 04aa70e3f75169fc592b20acfa6e0b2f37d90a6c)
|
|
T5779: conntrack: Apply fixes to <set system conntrack timeout custom> (backport #2574)
|
|
Backport of the conntrack system from current branch.
(cherry picked from commit fd0bcaf12)
(cherry picked from commit 5acf5aced)
(cherry picked from commit 42ff4d8a7)
(cherry picked from commit 24a1a7059)
|
|
smoketests
(cherry picked from commit 62a8ef29d6238d5b777c3e946c132aca16a813c3)
(cherry picked from commit eb4cac98cb3790eb888d4ea7626781b9afbea8f4)
|
|
ethernet: T4638: deleting parent interface does not delete underlying VIFs (backport #2850)
|
|
xml: T5738: re-use source-address-ipv4-ipv6 building block for config-management (backport #2848)
|
|
(cherry picked from commit 7ba47f027f3a9441125c13a927eb23cee2de041b)
|
|
(cherry picked from commit 100c2393e8732d4faa108889575a25f2a0a397d4)
|
|
ndp-proxy: T5863: add missing priority to honor interface dependencies (backport #2846)
|
|
(cherry picked from commit 40ed1e4f63878a33538370f8c980c2bb73a9fbc4)
|
|
T5953: Changed values of 'close-action' to Strongswan values (backport #2842)
|
|
Changed the value from 'hold' to 'trap' in the 'close-action'
option in the IKE group.
Changed the value from 'restart' to 'start' in the 'close-action'
option in the IKE group.
(cherry picked from commit 8870fabf1b4358618fca7db459515106653214b5)
|
|
image-tools: T5923: update system_console.py for new GRUB file structure (backport #2818)
|
|
Add util function to set serial console speed in accordance with revised
GRUB file structure; in keeping with the intentions of the config_mode
script, adjust the GRUB var 'console_speed' to only modify ttyS0.
(cherry picked from commit 5ceaff2ef970cb9c567ac317bafbffca5b073f4a)
|
|
T4658: Renamed DPD action value from 'hold' to 'trap' (backport #2837)
|
|
Renamed DPD action value from 'hold' to 'trap'
(cherry picked from commit 9f4aee5778eefa0a17d4795430d50e4a046e88b0)
|
|
T5889: Fix migration scripts nat 5-to-6 (backport #2833)
|
|
The current migration drop interface name for NAT where not should
```
nat {
source {
rule 100 {
outbound-interface {
name "eth0"
...
}
}
}
```
After migration we lost interface:
/home/vyos# /opt/vyatta/etc/config-migrate/migrate/nat/5-to-6 tmp.conf
/home/vyos#
/home/vyos# cat tmp.conf | grep "nat {" -A 10
nat {
source {
rule 100 {
outbound-interface {
interface-name ""
...
}
}
}
```
This commit fixes it.
(cherry picked from commit 813237d9766f636394b9ab385bb825fbf83202b3)
|
|
T671: call dmidecode directly in "show hardware dmi" (backport #2201)
|
|
bgp: T5937: fix migration script for IPv6 AFI peer-group (backport #2834)
|
|
Migrate "bgp <ASN> neighbor <NEIGH> address-family ipv6-unicast peer-group"
to "bgp neighbor <NEIGH> peer-group"
(cherry picked from commit 9febed1344e93815dc3a94047daa69967c3af160)
|
|
The old script isn't doing much, in fact, it's much less informative
than actual dmidecode
(cherry picked from commit 7f0a363c9034a3b1600efab7c30bf7ab06381816)
|
|
ospf: T5936: when migrating passive interfaces set_tag() must be set (backport #2829)
|
|
(cherry picked from commit 495c3c3cc646c378746dc458f30da72c85f16dba)
|
|
T4856: Fix IPsec DHCP-client exit hook (backport #2823)
|
|
T5901: Add DHCP base_path dir during first boot (backport #2824)
|
|
We should create dhclient base_path dir `/run/dhclient` during the
first boot.
It fixes cloud-init boot issues
```
/etc/dhcp/dhclient-exit-hooks.d/03-vyos-dhclient-hook: line 33: /run/dhclient/dhclient_eth0.lease: No such file or directory
```
(cherry picked from commit e613983721c48c13c2e6e73e7c4dbdbaa8e9eacf)
|
|
The script acually does not have the variable `secrets_lines` and
secret lines itself does not have the marker `# dhcp:{interface}`
in `to_find`
Needs to rewrite this script in the future if it is required
This commit fixes DHCP-client exit hook:
```
dhclient[6800]: NameError: name 'secrets_lines' is not defined
root[6801]: /etc/dhcp/dhclient-exit-hooks.d/99-ipsec-dhclient-hook returned non-zero exit status 1
```
(cherry picked from commit a9cf7246d4450c8b3e1b749b36c3393b0963404b)
|
|
op-mode: T5944: remove double whitespace in reboot error message (backport #2825)
|
|
(cherry picked from commit 01b7ae796e870be90d4e448100c5e7551d9767ec)
|
|
T5944: Fix reboot in arg (backport #2821)
|
|
Fix the arg for the `reboot in x` command
The current arg is `--reboot_in [Minutes ...]`
The expected arg is `--reboot-in [Minutes ...]`
(cherry picked from commit 3b27d5bc97372c01cb02d4dd0cd3b0b6fa1c3d94)
|
|
bgp: T591: SRv6 improvements (backport #2819)
|
|
set protocols bgp address-family ipv4-unicast nexthop vpn export <ipv4-address|ipv6-address>
set protocols bgp address-family ipv6-unicast nexthop vpn export <ipv4-address|ipv6-address>
(cherry picked from commit 7349927908206fa83a7295d643f56950309efb4f)
|
|
set protocols bgp address-family ipv4-unicast sid vpn export <auto|1-1048575>
set protocols bgp address-family ipv6-unicast sid vpn export <auto|1-1048575>
(cherry picked from commit d7e248ba514108461ca9d5875c0be077c80ceca7)
|
|
T5925: Containers change systemd KillMode (backport #2814)
|