summaryrefslogtreecommitdiff
path: root/src/etc
AgeCommit message (Collapse)Author
2022-09-13firewall: T4605: Rename filter tables to vyos_filtersarthurdev
2022-08-27Merge pull request #1500 from aapostoliuk/T1070-sagittaChristian Poessinger
opennhrp: T1070: Fixed creating IPSEC tunnel to Hub
2022-08-27telegraf: T3872: replace local get_interfaces() function with ↵Christian Poessinger
Section.interface() Commit cfde4b49 ("ifconfig: T2223: add vlan switch for Section.interfaces()") added the functionality of the local get_interfaces() function to the base class so all other parts in the system can query for interface names of a given type including or excluding their vlan sub-interfaces.
2022-08-26opennhrp: T1070: Fixed creating IPSEC tunnel to Hubaapostoliuk
Fixed creating IPSEC tunnel to Hub. Added continues of execution generator functions.
2022-08-24opennhrp: T1070: Fixed removal all SAs in scriptaapostoliuk
Fixed removal all dmvpn SAs. Changed vici terminate by child-sa name on terminate by ike-id
2022-08-19ethernet: T4538: fix wrong systemd unit used for EAPoLChristian Poessinger
When MACsec was bound to an ethernet interface and the underlaying source-interface got changed (even description only) this terminated the MACsec session running on top of it. The root cause is when EAPoL was implemented in commit d59354e52a8a7f we re-used the same systemd unit which is responsible for MACsec. That indeed lead to the fact that wpa_supplicant was always stopped when anything happened on the underlaying source-interface that was not related to EAPoL.
2022-08-02hostap: T4584: add Debian specific options to systemd unit filesChristian Poessinger
2022-07-26nhrp: T4546: Fixed gateway in route add commandaapostoliuk
Fixed incorrect key to get gateway for route add command
2022-07-25fastnetmon: T2659: PID file location is static and can't be changedChristian Poessinger
2022-07-22Merge pull request #1418 from zdc/T4546-sagittaChristian Poessinger
nhrp: T4546: Fixed route add command if MTU presented
2022-07-21fastnetmon: T2659: move configuration files to /runChristian Poessinger
2022-07-19nhrp: T4546: Fixed route add command if MTU presentedzsdc
In case if `NHRP_DESTMTU` environment variable is presented, the script uses an intermediate command to get the current route before adding a new one. Then received data is used in the `route add` command generation. This commit fixes this process, so setting MTU becomes possible.
2022-07-17login: T4536: add all accounts to frr groupChristian Poessinger
2022-07-09ip: T4517: add option to enable directed broadcast forwardingYuxiang Zhu
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644. By default Linux kernel doesn't forward directed broadcast packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding` and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
2022-07-07syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotatesarthurdev
After discussion with @zsdc this was decided the better long term fix * Removes hourly logrotate cron in favour of systemd timer override
2022-07-06firewall: T4500: Fix logrotate size to match rsyslog default valuesarthurdev
2022-06-11firewall: T4299: Add support for GeoIP filteringsarthurdev
2022-05-10T4405: Fix administrative distance of DHCP routesDmitri Toubelis
- Default dhclient script only uses value of `$IF_MERIC` envvar for default route recived via `router` option. - This variable has no effect on rotes received via `rfc3442-classless-static-routes` option - Considering that Vyos overrrides `ip` command originating from `dhclient` this can be easily fixed in `iptovtysh()` function by using the `$IF_METRIC` envvar directly in the dhclient hook. (cherry picked from commit 0c00e7bf8b6e68814607fde4ff0cd70ce9f4b486)
2022-04-25pppoe: T4391: bugfix IPv6 DHCP-PD not working after rebootChristian Poessinger
When VyOS is booting and an interface is brought up (PPPoE) which requires a user callback script that is executed asynchronously when the interface is up we can not use Config(). The problem is, Config() is not available when the system starts and the initial commit is still processed. We need to move to ConfigTreeQuery() which was build for this exact same purpose.
2022-04-21pppoe: T4384: replace default-route CLI option with common CLI nodes already ↵Christian Poessinger
present for DHCP VyOS 1.4 still leverages PPPd internals on the CLI. pppd supports three options for a default route, none, auto, force. * none: No default route is installed on interface up * auto: Default route is only installed if there is yet no default route * force: overwrite any default route There are several drawbacks in this design for VyOS and the users. If auto is specified, this only counted for static default routes - but what about dynamic ones? Same for force, only a static default route got replaced but dynamic ones did not got taken into account. The CLI is changed and we now re-use already existing nodes from the DHCP interface configuration: * no-default-route: On link up no default route is installed, same as the previous default-route none * default-route-distance: We can now specify the distance of this route for the routing table on the system. This defaults to 210 as we have for DHCP interfaces. All this will be migrated using a CLI migration script.
2022-04-18Revert "salt-minion: T4364: use systemd FinalKillSignal as process sometimes ↵Christian Poessinger
does not terminate" This reverts commit dda1b02932a5108ef257f59323dcfcf82582b805.
2022-04-16salt-minion: T4364: use systemd FinalKillSignal as process sometimes does ↵Christian Poessinger
not terminate
2022-04-02wwan: T4324: cronjob is setup via interfaces-wwan.py - drop dedicated cron fileChristian Poessinger
2022-03-28Revert "openvpn: T4230: globally enable ip_nonlocal_bind"Daniil Baturin
This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c.
2022-03-07logrotate: T4250: Fixed logrotate config generationzsdc
* Removed `/var/log/auth.log` and `/var/log/messages` from `/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled items what leads to service error. * Removed generation config file for `/var/log/messages` from `system-syslog.py` - this should be done from `syslom logs` now. * Generate each logfile from `system syslog file` to a dedicated logrotate config file. * Fixed logrotate config file names in `/etc/rsyslog.d/vyos-rsyslog.conf`. * Added default logrotate settins for `/var/log/messages`
2022-03-05conntrackd: T4259: prevent startup of multiple daemon instancesChristian Poessinger
2022-03-01flow-accounting: T4277: support sending flow-data via VRF interfaceChristian Poessinger
It should be possible to send the gathered data via a VRF bound interface to the collector. This is somehow related to T3981 but it's the opposite side of the netflow process. set system flow-accounting vrf <name>
2022-02-17openvpn: T4230: globally enable ip_nonlocal_bindChristian Poessinger
2022-02-08monitoring: T3872: Add input filter for firewall InfluxDB2Viacheslav Hletenko
Input filter for firewall allows to get bytes/counters from nftables in format, required for InfluxDB2
2022-02-01Revert "dhclient: T3392: remove /usr/sbin prefix from iproute2 ip command"Christian Poessinger
This reverts commit 78b247b724f74bdabab0706aaa7f5b00e5809bc1.
2022-01-28dhclient: T3392: remove /usr/sbin prefix from iproute2 ip commandChristian Poessinger
2022-01-13monitoring: T3872: Rewrite input filter custom_scriptViacheslav
Rewrite and improve the custom input filter telegraf script "show_interfaces_input_filter.py" to more readable and clear format Fix bug when it failed with configured tunnel "tunX" interfaces
2022-01-03keepalived: T4128: add missing keepalived.service fileChristian Poessinger
2022-01-03keepalived: T4128: add systemd option Type=simpleChristian Poessinger
Without this option systemd startup will hit a timeout and the kill keepalived again.
2022-01-03Merge pull request #1018 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Add a new feature service monitoring
2022-01-03monitoring: T3872: Add a new feature service monitoring telegrafViacheslav
2021-12-30dhclient: T4121: Fixed resolv.conf generation at early boot stagezsdc
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils.
2021-12-26flow-accounting: T4097: move configuration file to /runChristian Poessinger
2021-11-18wwan: T3795: periodically check if WWAN connection needs a reconnectChristian Poessinger
(cherry picked from commit eb6247e4b464c36fa7441627b221d0db39429251)
2021-11-15openvpn: T3995: implement systemd reload supportChristian Poessinger
2021-11-10Merge pull request #1068 from zdc/T3774-sagittaChristian Poessinger
atop: T3774: Atop log file rotation fix
2021-11-09interface-names: T3871: Add temporary interface names to properly renamingDmitriyEshenko
2021-11-09atop: T3774: Atop log file rotation fixzsdc
The systemd unit for atop service is changed, so the log file name and location will be always the same. It also adds the logrotate configuration to conditionally rotate a log file. Hardcoded values: - maximum log file size: 10 MB - maximum count of files: 10 These values can be easily changed within the `/etc/logrotate.d/vyos-atop`, no additional configuration is required. Rotation will be done hourly, if necessary, according to `/etc/cron.hourly/vyos-logrotate-hourly`. This change has two benefits: - rotation strategy control can be done via logrotate, and can be exposed to CLI now; - the total size of all logs is now controlled more aggressively, so the chance to get a situation when atop logs took all the space on a drive is significantly lower. Also, if this will be necessary, rotation may be done even each minute what reduces risks related to logs size even more.
2021-11-01Merge branch 'current' into T3350-sagittazdc
2021-10-31console: udev: T3954: adjust rule script to new systemd-udev versionChristian Poessinger
We can no longer use bash veriable string code vor string manipulation. Move to a more robust "cut" implementation.
2021-10-25dhclient: T3940: Added lease file argument to the `dhclient -x` callzsdc
When `dhclient` with the `-x` option is used to stop running DHCP client with a lease file that is not the same as in the new `dhclient` process, it requires a `-lf` argument with a path to the old lease file to find information about old/active leases and process them according to instructions and config. This commit adds the option to the `02-vyos-stopdhclient` hook, which allows to properly process `dhclient` instances started in different ways.
2021-10-21dhclient hooks: T3920: avoid 'too many args' error when no vrfRoss Dougherty
(cherry picked from commit 67b3dd6b4715fef266eb47e68623944f8be617e0)
2021-10-20mdns: T3917: move avahi configuration file to /runChristian Poessinger
2021-10-04OpenVPN: T3350: Changed custom options for OpenVPN processingzsdc
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing.
2021-09-30interface-names: T3869: update udev rulesJohn Estabrook