summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2025-06-11smoketest: T7539: improve Kernel option check for INOTIFY STACKFS patchsetChristian Breunig
2025-06-11Merge pull request #4553 from dmbaturin/T7540-reset-connectionViacheslav Hletenko
op-mode: T7540: move "clear interface connection" to "reset connection"
2025-06-11op-mode: T7540: move "clear interface connection" to "reset connection"Daniil Baturin
2025-06-10T7488: exit silently if path doesn't exist, unless debugJohn Estabrook
2025-06-10T7488: allow reloads outside of config sessionJohn Estabrook
2025-06-10T7488: add utility for automatic rollback of section on apply stage errJohn Estabrook
2025-06-10configd: T7488: allow distinction of first-order error verify vs applyJohn Estabrook
Leave hint if vyos-configd encounters an error in the generate/apply stages: this only detects 'first-order' differences, meaning those originating from the called config mode script, and not its dependencies. This is useful for supporting automatic rollback for certain cases of apply stage error.
2025-06-10Merge pull request #4550 from ↵Daniil Baturin
dmbaturin/T7527-eliminate-embedded-op-mode-shell-snippets op-mode: T7527: move assorted embedded shel snippets to script files
2025-06-10Merge pull request #4551 from dmbaturin/T7538-remove-show-login-levelDaniil Baturin
op-mode: T7538: remove the obsolete "show login level" command
2025-06-10Merge pull request #4527 from cblackburn-igl/currentDaniil Baturin
T7492: Fix modem connection code
2025-06-10Merge pull request #4536 from ig0rb/fix/T7510-ospf-nssa-translation-errorDaniil Baturin
T7510: ospfd.frr.j2 ospf nssa translation error - fix template
2025-06-10op-mode: T7527: move assorted embedded shel snippets to script filesDaniil Baturin
2025-06-09Merge pull request #4526 from jestabro/config-mgmt-contextJohn Estabrook
T7365: add commit hooks and cli integration
2025-06-09op-mode: T7538: remove the obsolete "show login level" commandDaniil Baturin
2025-06-09T7374: update hash for vyconf_cli toolJohn Estabrook
2025-06-09T7374: add links for vyconf_cli.pyJohn Estabrook
2025-06-09T7374: add environment variable vyconf_bin_dirJohn Estabrook
2025-06-09T7374: add python cli script to compliment executable vyconf_cliJohn Estabrook
For certain commands, notably 'commit', a python script is preferable to the more responsive executable vyconf_cli. Criteria are (1) longer running process, not benefiting from a compiled tool (2) convenience of integration with the ecosystem, for example pre-/post-commit hooks.
2025-06-09T7365: add env var used by post-commit scriptsJohn Estabrook
2025-06-09T7365: call commit hooks in vyconf sessionJohn Estabrook
2025-06-09T7352: add check for privileges in utilityJohn Estabrook
2025-06-09Merge pull request #4549 from yzguy/T7532Daniil Baturin
T7532: container sysctl parameter values are quoted
2025-06-09Merge pull request #4548 from c-po/T7202-conntrackDaniil Baturin
conntrack: T7208: nf_conntrack_buckets defaults and behavior
2025-06-09Merge pull request #4544 from opswill/firewall-featureViacheslav Hletenko
T7523: firewall: Accepting invalid traffic for pppoe discovery and wol
2025-06-08T7510: add commit warnings about invalid use of OSPF area-typesChristian Breunig
To keep existing CLI behavior use a Warning() to prompt the user for an invalid configuration. It is not possible to have more the one area-type defined per area logically - the CLI does support it. In addition the backbone area cannot be of type STUB or NSSA. CLI configuration should be cleaned up using a migrator in the future.
2025-06-08T7510: add smoketests for OSPF nssa translationChristian Breunig
2025-06-08T7510: ospfd.frr.j2 ospf nssa translation error - fix templateig0rb
2025-06-07T7532: container sysctl parameter values are quotedAdam Smith
2025-06-07conntrack: T7208: nf_conntrack_buckets defaults and behaviorChristian Breunig
Previously, we used a lower limit of 1 and a default value of 32768 for the nf_conntrack_buckets (conntrack hash-size) sysctl option. However, the Linux kernel enforces an internal minimum of 1024. A configuration migrator will now adjust the lower limit to 1024 if necessary. The former default value of 32768 was passed as a kernel module option, which only took effect after the second system reboot. This was due to the option being rendered but not applied during the first boot. This behavior has been changed so that the value is now configurable at runtime and takes effect immediately. Additionally, since VyOS 1.4 increased the hardware requirements to 4GB of RAM, we now align the default value of nf_conntrack_buckets with the kernel's default for systems with more than 1GB of RAM to 65536 entries. Previously, we only supported half that amount.
2025-06-05openvpn: T7056: Raise error if non-TAP device is bridgedsarthurdev
2025-06-05Merge pull request #4545 from sever-sever/T7524Daniil Baturin
T7524: Fix binary path for gwlbtun
2025-06-05T7524: Fix binary path for gwlbtunViacheslav Hletenko
Fix the gwlbtun binary path ``` r14 (gwlbtun)[8378]: aws-gwlbtun.service: Failed to locate executable /usr/bin/gwlbtun: No such file or directory ``` path ``` vyos@r14# sudo whereis gwlbtun gwlbtun: /usr/sbin/gwlbtun ```
2025-06-05T7523: firewall: Accepting invalid traffic for pppoe discovery and wolopswill
2025-06-04Merge pull request #4533 from jestabro/api-commit-confirmViacheslav Hletenko
http-api: T3955: add commit-confirm to endpoints /configure /config-file
2025-06-03Merge pull request #4538 from c-po/op-mode-bgpDaniil Baturin
op-mode: T7509: add "detail" and "wide" modifier for BGP advertised-routes|received-routes
2025-06-03Merge pull request #4540 from red55/currentDaniil Baturin
openconnect: T7511: bugfix invalid variable name
2025-06-03Merge pull request #4543 from sever-sever/T7514Daniil Baturin
T7514: Fix smoketest QoS burst bytes replaced with kilobytes
2025-06-03Merge pull request #4512 from dmbaturin/T7459-no-direct-sudo-in-op-modeJohn Estabrook
op-mode: T7459: eliminate direct use of sudo in op mode commands
2025-06-03T7514: Fix smoketest QoS burst bytes replaced with kilobytesViacheslav Hletenko
The `tc` output burst size was changed from bytes to kilobytes
2025-06-02Merge pull request #4537 from sarthurdev/T7237Christian Breunig
nat: T7237: Remove expensive NAT address check
2025-06-02vyos-1x-vmware: T3681: Remove extra -x flag from Python bytecompileYun Zheng Hu
2025-06-02op-mode: T7509: refactor "show bgp" XML definitions to re-usable code blocksChristian Breunig
2025-06-02openconnect: T7511: ruff formatLeonid Korokh
2025-06-02openconnect: T7511: fix ruff warningsLeonid Korokh
2025-06-02openconnect: T7511: Correct variable name in accounting checks blockLeonid Korokh
2025-06-02Merge pull request #4539 from indrajitr/firewall-bridge-vlan-awareDaniil Baturin
T7512: firewall: Modify accepting invalid traffic for VLAN aware bridge
2025-06-01T7512: Update smoketest for invalid traffic for VLAN aware bridgeIndrajit Raychaudhuri
2025-06-01T7512: firewall: Modify accepting invalid traffic for VLAN aware bridgeIndrajit Raychaudhuri
Allow accepting invalid packets for ethernet types `8021q` and `8021ad` in addition to ARP and UDP types so that stateful bridge firewall works for VLAN-aware bridges in addition to regular bridges.
2025-06-01op-mode: T7509: add "detail" and "wide" modifier for received-routesChristian Breunig
show ip bgp neighbors <ip> received-routes [detail [wide]|wide] show bgp neighbors <ip> received-routes [detail [wide]|wide] show bgp ipv4 neighbors <ip> received-routes [detail [wide]|wide] show bgp ipv6 neighbors <ip> received-routes [detail [wide]|wide] show bgp vrf <name> neighbors <ip> received-routes [detail [wide]|wide] show bgp vrf <name> ipv4 neighbors <ip> received-routes [detail [wide]|wide] show bgp vrf <name> ipv6 neighbors <ip> received-routes [detail [wide]|wide]
2025-06-01op-mode: T7509: add "detail" and "wide" modifier for advertised-routesChristian Breunig
show ip bgp neighbors <ip> advertised-routes [detail [wide]|wide] show bgp neighbors <ip> advertised-routes [detail [wide]|wide] show bgp ipv4 neighbors <ip> advertised-routes [detail [wide]|wide] show bgp ipv6 neighbors <ip> advertised-routes [detail [wide]|wide] show bgp vrf <name> neighbors <ip> advertised-routes [detail [wide]|wide] show bgp vrf <name> ipv4 neighbors <ip> advertised-routes [detail [wide]|wide] show bgp vrf <name> ipv6 neighbors <ip> advertised-routes [detail [wide]|wide]