Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 194a14e958ad336d590ba8f076e163f6908dcddc)
|
|
During podman upgrade and a build from the original source the UNIX socket
definition for systemd got lost in translation.
This commit re-adds the UNIX socket which is started on boot to interact with
Podman.
Example:
curl --unix-socket /run/podman/podman.sock -H 'content-type: application/json' \
-sf http://localhost/containers/json
(cherry picked from commit f67e217f2716937115a3bdf6d316b172bbec75e5)
|
|
(cherry picked from commit 07dee6164533d5f06d5768b597b6962b6af3b76e)
|
|
(cherry picked from commit 9ff620c50625c81733020f399c7f5a14e07c4d09)
|
|
(cherry picked from commit 8500e8658ff10f52739143fd7814cf60c9195f16)
|
|
T6672: Fix system option ssh-client source-interface (backport #4000)
|
|
Wireless devices are subject to regulations issued by authorities. For any
given AP or router, there will most likely be no case where one wireless NIC is
located in one country and another wireless NIC in the same device is located
in another country, resulting in different regulatory domains to apply to the
same box.
Currently, wireless regulatory domains in VyOS need to be configured per-NIC:
set interfaces wireless wlan0 country-code us
This leads to several side-effects:
* When operating multiple WiFi NICs, they all can have different regulatory
domains configured which might offend legislation.
* Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply
regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US"
This is true for the Compex WLE600VX. This setting cannot be done
per-interface.
Migrate the first found wireless module country-code from the wireless
interface CLI to: "system wireless country-code"
(cherry picked from commit 9e22ab6b2aee48029d3455f65880e45c558cf1da)
|
|
Fix for system option ssh-client source-interface
For the `verify_source_interface` the key `ifname` if required
(cherry picked from commit f453b33a6056de8fc5145ca9e680361fbce68348)
# Conflicts:
# smoketest/scripts/cli/test_system_option.py
|
|
(cherry picked from commit 663e468de2b431f771534b4e3a2d00a5924b98fe)
|
|
rule
(cherry picked from commit 2d953bedd0e416ead924f77ec612c997f950535a)
|
|
(cherry picked from commit ff58f3e5f30d3775487a6a3b561863aa37d11d43)
|
|
Commit dd5908eac ("T6539: add logging options to load-balancer reverse-proxy")
added CLI commands to add custom log entries for frontend and backend servers
as well as a global log directive.
Remove explicit test code for no longer always present "global log" directive.
(cherry picked from commit b71481f7de93d43ff7208ff76cbc6b829b8951b2)
|
|
(cherry picked from commit 9bd2c196fe238a38f4fd0977efd1727333e7770e)
|
|
(cherry picked from commit 2fd817e51532c6428c95704233e62585e76b2ad8)
|
|
(cherry picked from commit d5ae708581d453e2205ad4cf8576503f42e262b6)
|
|
(cherry picked from commit 4acad3eb8d9be173b76fecafc32b0c70eae9b192)
|
|
T6619: Remove the remaining uses of per-protocol FRR configs (backport #3916)
|
|
(cherry picked from commit 31de01242a26dff8ff993061ea2f86102a8a7493)
Co-authored-by: John Estabrook <jestabro@vyos.io>
|
|
(cherry picked from commit f2256ad338fc3fbaa9a5de2c0615603cd23e0f94)
|
|
iifname/oifname
When any of the following features NAT, NAT66 or Firewall is enabled, for every
VRF on the CLI we install one rule into nftables for conntrack:
chain vrf_zones_ct_in {
type filter hook prerouting priority raw; policy accept;
counter packets 3113 bytes 32227 ct original zone set iifname map @ct_iface_map
counter packets 8550 bytes 80739 ct original zone set iifname map @ct_iface_map
counter packets 5644 bytes 67697 ct original zone set iifname map @ct_iface_map
}
This is superfluous.
(cherry picked from commit d6e9824f1612bd8c876437c071f31a1a0f44af5d)
|
|
smoketest: T6614: initial support for op-mode command testing (backport #3888)
|
|
smoketest: T6592: remove unused "import os" (backport #3874)
|
|
(cherry picked from commit 4717139174a869141a71cd28d10018e0cfcaece0)
|
|
(cherry picked from commit 33156c675f1bce0d2b3b1836a7d85abe25cd7f61)
|
|
As there has been no route to the configured syslog servers, smoketests produced:
rsyslogd: omfwd: socket 8: error 101 sending via udp: Network is unreachable
Rather use some fake syslog servers from 127.0.0.0/8 which are directly
connected and we do not need to look up a route, which will suppress the above
error message.
(cherry picked from commit 744ecfe60ed3633775feeb3da767a88709fd626c)
|
|
(cherry picked from commit 115e99630a317cab62c6f99e0461f6ce2c1edaf3)
|
|
interface: T6592: remove interface from conntrack ct_iface_map on deletion (backport #3857)
|
|
Only some (e.g. ethernet or wireguard) interfaces validate if the supplied VRF
actually exists. If this is not validated, one can pass an invalid VRF to the
system which generates an OSError exception.
To reproduce
set interfaces vxlan vxlan1 vni 1000
set interfaces vxlan vxlan1 remote 1.2.3.4
set interfaces vxlan vxlan1 vrf smoketest
results in
OSError: [Errno 255] failed to run command: ip link set dev vxlan1 master smoketest_mgmt
This commit adds the missing verify_vrf() call to the missing interface types
and an appropriate smoketest for all interfaces supporting VRF assignment.
(cherry picked from commit dd0ebffa33728e452ac6e11737c2283f0e390359)
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
deletion
Now that interfaces are deleted from ct_iface_map during deletion it's time to
also add a smoketest ensuring there is no entry in the ct_iface_map once an
interface was deleted from the CLI.
(cherry picked from commit 1c42ee9d16dd49fff2cbde652bf24a38f364526c)
|
|
We always have had stale interface entries in the ct_iface_map of nftables/
conntrack for any interface that once belonged to a VRF.
This commit will always clean the nftables interface map when the interface
is deleted from the system.
(cherry picked from commit 17c12bde5c6f314311e7524842fd1ddc254009b4)
|
|
(cherry picked from commit 71926f64385d7ab66431c60afa1fc8554ad7e2dc)
|
|
(cherry picked from commit 8bf6687b5276589e64988c3c54dbf61a628ee2a0)
|
|
(cherry picked from commit f6485f7df8713298d81ec0d45c548417db111523)
|
|
Authored-By: Alain Lamar <alain_lamar@yahoo.de>
(cherry picked from commit d5e988ba2d0fa0189feff22374c9b46eb49e2e79)
|
|
Commit 9e22ab6b2a ("wireless: T6318: move country-code to a system wide
configuration") removed the per wifi interface setting for a country-code. This
commit adjust the smoketests to the new design.
(cherry picked from commit 312273c9569d973c510d871adb941709804d8868)
|
|
(cherry picked from commit 578fbe0eb436697132e5a738fec5a4ac61ced8da)
|
|
(cherry picked from commit 23a3419d512139650cfe3dc76759b370b0c0c3d6)
|
|
Also adds support for life_bytes, life_packets, and DPD for
remote-access connections. Changes behavior of remote-access esp-group
lifetime setting to have parity with site-to-site connections.
(cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
|
|
Commit 452068ce7 ("interfaces: T6592: moving an interface between VRF instances
failed") introduced a new helper to retrieve the VRF table ID from the Kernel.
This commit migrates the old code path where the individual fields got queried
to the new helper vyos.utils.network.get_vrf_tableid().
(cherry picked from commit 36f3791e0c15267483d59a3bb74465811d08df88)
|
|
To reproduce:
set vrf name mgmt table '150'
set vrf name no-mgmt table '151'
set interfaces ethernet eth2 vrf 'mgmt'
commit
set interfaces ethernet eth2 vrf no-mgmt
commit
This resulted in an error while interacting with nftables:
[Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 }
The reason is that the old mapping entry still exists and was not removed.
This commit adds a new utility function get_vrf_tableid() and compares the
current and new VRF table IDs assigned to an interface. If the IDs do not
match, the nftables ct_iface_map entry is removed before the new entry is added.
(cherry picked from commit 452068ce78581bb6fba2df4dba197e95b9aeb33d)
|
|
(cherry picked from commit ad43aa885a8ef689da212088d6ebb37c32d72883)
|
|
openvpn: T5487: Remove deprecated option --cipher for server and client mode
|
|
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
|
|
|
|
Add Loki plugin to telegraf
set service monitoring telegraf loki url xxx
(cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
|
|
(cherry picked from commit 4c7719efa27d9d2966b70b924c90aa2c90022388)
|
|
(cherry picked from commit f29caa824c02c833a3978b9236391e4277c1a6ba)
|
|
openvpn: T5487: Remove deprecated option --cipher for server and client mode
|
|
|
|
Commit 770edf016838523 ("T3900: T6394: extend functionalities in firewall")
changed the position in the CLI for conntrack timeout. This lead to failing
smoketests because of a regression in the migrator.
|