| Age | Commit message (Collapse) | Author |
|---|
|
(cherry picked from commit b62b2f5f8a9c4f0a7dc26bce1f15843651119256)
|
|
* ethernet: T6709: move EAPoL support to common framework
Instead of having EAPoL (Extensible Authentication Protocol over Local Area
Network) support only available for ethernet interfaces, move this to common
ground at vyos.ifconfig.interface making it available for all sorts of
interfaces by simply including the XML portion
#include <include/interface/eapol.xml.i>
(cherry picked from commit 0ee8d5e35044e7480dac6a23e92d43744b8c5d36)
* bond: T6709: add EAPoL support
(cherry picked from commit 8eeb1bdcdfc104ffa77531f270a38cda2aee7f82)
---------
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
An empty component version string will trigger a full migration,
however, the case of component_version is None was missed in a utility
function. Fix comment formatting.
(cherry picked from commit bd42f131ea2ceec2c591303ea69b7d3a36e41a7c)
|
|
(cherry picked from commit 5502a75b1747caf94e2b69982c89088281c8ca1f)
|
|
(cherry picked from commit 8b4c2fcba2fe49af8c8ee87d3bb1f7b5803a08ea)
|
|
(cherry picked from commit ed0cb7ffc2c627b9de96d64b45c7978c3bce7ed3)
|
|
(cherry picked from commit 51865448599ec40283fffe4dc15729f88f389886)
|
|
(cherry picked from commit 403f1d2f2159f5436bb7c71a3694647a870357b7)
|
|
(cherry picked from commit 9388f62783849854fb9ca9852b5dc285932cf562)
|
|
(cherry picked from commit ea714891a0d6c02610e479a66f4d85dd7fee2dda)
|
|
(cherry picked from commit 601e07c34205fb379d729c4faf654f95add90471)
|
|
(cherry picked from commit 83ca4a5a6ed042ee10881a861ba022e3b88b6de2)
|
|
(cherry picked from commit 8a57e7b14c818c93655819757d99b69747c9b2ca)
|
|
(cherry picked from commit 734db72b916192a3988f3b1e9f4bcc3be159cfe5)
|
|
(cherry picked from commit 1c59315e9d14a4160b6e744ded08312aa8c70d11)
|
|
(cherry picked from commit 23356ee435344d8e9272f3a8a2273e00e7fca3ad)
|
|
(cherry picked from commit 4f0e0265d87b01aafde39f2682d2d5099ac4e942)
|
|
(cherry picked from commit 5819fd88e7948572a65b62885ddcba8ebbb7371c)
|
|
(cherry picked from commit 57a0333c423f74ef733619f57dbfc608e513aa56)
|
|
(cherry picked from commit 58125b64c6678ea581998c9f83a19fae0cdbda12)
Co-authored-by: John Estabrook <jestabro@vyos.io>
|
|
(cherry picked from commit 69ab44309d56d73d92c2f8a7b0b4ca3016e61ff6)
|
|
rule
(cherry picked from commit 2d953bedd0e416ead924f77ec612c997f950535a)
|
|
configverify: T6642: verify_interface_exists requires config_dict arg (backport #3961)
|
|
configd: T6640: enforce in_session returns False under configd (backport #3955)
|
|
The function verify_interface_exists requires a reference to the ambient
config_dict rather than creating an instance. As access is required to
the 'interfaces' path, provide as attribute of class ConfigDict, so as
not to confuse path searches of script-specific config_dict instances.
(cherry picked from commit 5f23b7275564cfaa7c178d320868b5f5e86ae606)
|
|
(cherry picked from commit ff58f3e5f30d3775487a6a3b561863aa37d11d43)
|
|
(cherry picked from commit ed63c9d1896a218715e13e1799fc059f4561f75e)
|
|
The CStore in_session check is a false positive outside of a config
session if a specific environment variable is set with an existing
referent in unionfs. To allow extensions when running under configd and
avoid confusion, enforce in_session returns False.
(cherry picked from commit 6543f444c42ff45e8115366256643186bf1dd567)
|
|
ipsec: T6148: Fixed reset command by adding init after terminating (backport #3763)
|
|
Make it more obvious for the user aber the severity of his action.
(cherry picked from commit b3b31153963cc4338e8229f9f94b339682dd73a0)
|
|
ports
* Created op-mode command "restart serial console"
* Relocated service control to vyos.utils.serial helpers, used by conf- and
op-mode serial console handling
* Checking for logged-in serial sessions that may be affected by getty reconfig
* Warning the user when changes are committed and serial sessions are active,
otherwise restart services as normal. No prompts issued during commit,
all config gen/commit steps still occur except for the service restarts
(everything remains consistent)
* To apply committed changes, user will need to run "restart serial console"
to complete the process or reboot the whole router
* Added additional flags and target filtering for generic use of helpers.
(cherry picked from commit bc9049ebd76576d727fa87b10b96d1616950237c)
|
|
Strongswan does not initiate session after termination via vici.
Added an CHILD SAs initialization on the initiator side
of the tunnel.
(cherry picked from commit 8838b29180ccc26d2aca0c22c9c8ca5e274825b2)
|
|
(cherry picked from commit 115e99630a317cab62c6f99e0461f6ce2c1edaf3)
|
|
deletion
Now that interfaces are deleted from ct_iface_map during deletion it's time to
also add a smoketest ensuring there is no entry in the ct_iface_map once an
interface was deleted from the CLI.
(cherry picked from commit 1c42ee9d16dd49fff2cbde652bf24a38f364526c)
|
|
We always have had stale interface entries in the ct_iface_map of nftables/
conntrack for any interface that once belonged to a VRF.
This commit will always clean the nftables interface map when the interface
is deleted from the system.
(cherry picked from commit 17c12bde5c6f314311e7524842fd1ddc254009b4)
|
|
(cherry picked from commit 92461c35c7ef131940c885aca894a2d8b3c89592)
|
|
(cherry picked from commit 11b273108d78ab1588be3c077f40b2ac876369a4)
|
|
To reproduce:
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit
This resulted in an error while interacting with nftables:
[Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
The reason is that the old mapping entry still exists and was not removed.
This commit adds a new utility function get_vrf_tableid() and compares the
current and new VRF table IDs assigned to an interface. If the IDs do not
match, the nftables ct_iface_map entry is removed before the new entry is added.
(cherry picked from commit 452068ce78581bb6fba2df4dba197e95b9aeb33d)
|
|
(cherry picked from commit 52d08b1ec5b2943744daac7123e35fd415f85db2)
|
|
(cherry picked from commit 7249d10f1fbb3f90a4bdbcd0223926d0380ddd3a)
|
|
During a corner case where the configuration is migrated to a different system
with fewer ethernet interfaces, migration will fail during an image upgrade.
vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an
exception that kills the migrator
(cherry picked from commit e47d4fd385631236da6882233b09f6364cbb077b)
|
|
get_current_user()
(cherry picked from commit 710bb184045baa85897d589ffbc8af14b0fce629)
|
|
filesystem
(cherry picked from commit d7a18a3da949bfa3df89661cc0871e8f23b18a10)
|
|
(cherry picked from commit e1a34e661d3e5f0090550796ac266dac15e1e337)
|
|
(cherry picked from commit f0923acffbef04c1f8cf2a6c8a9e2afd66c4a494)
|
|
deleted
* Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances
* Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
(cherry picked from commit 8281383a09f12da20a1c9b4864b38ac3f541b48f)
|
|
(cherry picked from commit f29caa824c02c833a3978b9236391e4277c1a6ba)
|
|
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
|
