| Age | Commit message (Collapse) | Author |
|---|
|
Try to have as few calls to sudo in the op-mode scripts as possible. The XML
definitions can deal with it.
(cherry picked from commit 428dee29d36cc3629990ec41afef887821886834)
|
|
This makes the code more easy to maintain in the future if everyone uses the
same structure when calling journalctl.
(cherry picked from commit e1b4e972b40941acec76c97e714767214cefe426)
|
|
|
|
|
|
T5683: Fix reverse-proxy PKI filenames mismatch (backport #2405)
|
|
The current named for certificates are hardcoded in generated config to:
- ca.pem
- cert.pem.key
- cert.pem
It cause a generated config certificates and certificates itself
are different (test-cert-1.pem and ca.pem)
bind :::8080 v4v6 ssl crt /run/haproxy/test-cert-1.pem
/run/haproxy/ca.pem
It is a bug of initial impelemtation. Fix required correct names
from PKI certificates
(cherry picked from commit 0431f1b32c1fc90de82adea5a7e63dad1416c340)
|
|
vrf: netns: T3829: T31: priority needs to be after netns
|
|
T5497: Add ability to resequence rule numbers for firewall (backport #2323)
|
|
Updated spacing.
(cherry picked from commit f39a35338ac967381356f8b9b499ec1d730653fc)
|
|
(cherry picked from commit 5180622cd6c928812a644f427d65acae763c37cc)
|
|
|
|
A network namespace can have VRFs assigned, thus we need to get the priorities
right. This lowers both priorities in general as a VRF or NETNS needs to be
available very early as services can run on top of them.
(cherry picked from commit 9dd5ff064a37b4e884f7bd9fb7630bf7829fa1ad)
|
|
T5637: Firewall: add new rule at the end of base chains for default-a…
|
|
This enables logs capabilities for default-action in base chains.
|
|
T5675: Use addr_prefix instead of addr in NAT66 source rule prefix parsing (backport #2395)
|
|
T5677: show lldp neighbors shows empty platform if descr not in lldpctl output (backport #2396)
|
|
(cherry picked from commit 0c046a1f5a020af30c9522011aa5c86524874a47)
|
|
(cherry picked from commit fca8cce1c114f28cf2db8a0fe2ed7f8b37ea010c)
|
|
T5299: Add missed option ceiling for QoS shaper (backport #2391)
|
|
vxlan: T5671: change port to IANA assigned default port (backport #2386)
|
|
|
|
bonding: T5254: Fixed changing ethernet when it is a bond member (backport #2277)
|
|
Add missed option `ceil` for QoS class 'trafficshaper'
(cherry picked from commit 5218241e6293317f8837b3f7c3893d653d960993)
|
|
If ethernet interface is a bond memeber:
1. Allow for changing only specific parameters which are specified
in EthernetIf.get_bond_member_allowed_options function.
2. Added inheritable parameters from bond interface to ethernet
interface which are scpecified
in BondIf.get_inherit_bond_options.
Users can change inheritable options under ethernet interface
but in commit it will be copied from bond interface.
3. All other parameters are denied for changing.
Added migration script. It deletes all denied parameters under
ethernet interface if it is a bond member.
(cherry picked from commit aa0282ceb379df1ab3cc93e4bd019134d37f0d89)
|
|
(cherry picked from commit 719a3622f35a0596ffd8a0bd28c071fdaf930153)
|
|
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that
predates the IANA assignment. As Most other vendors use the IANA assigned port,
follow this guideline and use the new default port 4789.
Existing configuration not defining an explicit port number will be migrated
to the old default port number of 8472, keeping existing configurations work!
(cherry picked from commit 6db8d3ded19f652b99231be0d705d76b598ac72a)
# Conflicts:
# interface-definitions/include/version/interfaces-version.xml.i
|
|
T5667: BGP label-unicast enable ecmp (backport #2385)
|
|
T5541: firewall: re-add zone-based firewall.
|
|
T5642: op-cmd: correction of generated file name (backport #2384)
|
|
(cherry picked from commit e7cdf855ddce7dfe45af8b4b75eeee9de09f2451)
|
|
|
|
(cherry picked from commit cd54195d070e49aa084c325b83a71621a4011c97)
|
|
T4913: migrate wireless scripts to new op-mode style (backport #2373)
|
|
bridge: T5670: add missing constraint on "member interface" node (backport #2378)
|
|
We have had a mix of both string and list arguments to conf.exists(),
stremaline this to only make use of list calls.
(cherry picked from commit 3f17de7c32621353b51f782ca889a83cad7a6cfd)
|
|
One could specify a bridge member of VXLAN1 interface, but it is not possible
to create a VXLAN interface with the name of VXLAN1 - prohibited by VXLAN
interface name validator.
Add missing interface-name validator code
(cherry picked from commit 45dc149e4e3c0c294deac6fd541bb027d2280ea1)
|
|
cluster: T2897: add a migration script for converting cluster to VRRP (backport #2377)
|
|
(cherry picked from commit 4c4c2b1f8a58398798f20c252bde80461320d330)
|
|
pmacct: T5232: Fixed socket parameters for trigger-packets (backport #2374)
|
|
(cherry picked from commit ed29faeea1354dc2bec544c63e55c1c666e0d900)
|
|
This fixes sending packets to uacctd using a socket.
(cherry picked from commit 7a0af0d00bae9179c89155e4b2e6ce94abb29c05)
|
|
configdep: T5662: fix incorrect inspect.stack index of calling script (backport #2371)
|
|
(cherry picked from commit eff58d8b8842e0bac9fe123cebf93801a92f05d3)
|
|
op-mode: T5642: 'generate tech-support archive' moved to vyos-1x (backport #2367)
|
|
'generate tech-support archive' moved to vyos-1x.
Output of 'show tech-support report' command is added to archive.
The default location of the archive is moved to '/tmp'.
The script is rewritten to Python.
(cherry picked from commit 65911b17340a7894aba973113d83ab43964bbf99)
|
|
T5165: Implement policy local-route source and destination port (backport #2342)
|
|
remote: T5650: Resize-aware progressbar implementation (backport #2359)
|
|
(cherry picked from commit 799d24eba18d6710219b7380cbafb954b9eec5ce)
|
|
pmacct: T5232: Fixed pmacct service control via systemctl (backport #2361)
|
|
pmacct daemons have one very important specific - they handle control signals in
the same loop as packets. And packets waiting is blocking operation.
Because of this, when systemctl sends SIGTERM to uacctd, this signal has no
effect until uacct receives at least one packet via nflog. In some cases, this
leads to a 90-second timeout, sending SIGKILL, and improperly finished tasks.
As a result, a working folder is not cleaned properly.
This commit contains several changes to fix service issues:
- add a new nftables table for pmacct with a single rule to get the ability to
send a packet to nflog and unlock uacctd
- remove PID file options from the uacctd and a systemd service file. Systemd
can detect proper PID, and PIDfile is created by uacctd too late, which leads
to extra errors in systemd logs
- KillMode changed to mixed. Without this, SIGTERM is sent to all plugins and
the core process exits with status 1 because it loses connection to plugins too
early. As a result, we have errors in logs, and the systemd service is in a
failed state.
- added logging to uacctd
- systemctl service modified to send packets to specific address during a service
stop which unlocks uacctd and allows systemctl to finish its work properly
(cherry picked from commit e364e9813b6833f6b108e7177ef7ea2d9e7bac33)
|
