| Age | Commit message (Collapse) | Author |
|---|
|
Add new nodes for 'service dns forwarding domain':
'addnta': adds addNTA to lua-config-file
'recursion-desired': sets '+' before the zone in forward-zones-file
The migrator sets both options for all configured domains. This is
usually the desired config.
|
|
The previous implementation only supported disabling DHCP nameservers for
all interfaces, and was implemented improperly so it didn't work anyway.
This migrates it to name-servers-dhcp <interface>, which allows us to enable
just the interfaces we want to use for system DNS, identical in syntax to
'service dns forwarding dhcp <interface>'.
The migrator searches through all interfaces that have address 'dhcp(v6)?'
and adds them to the name-servers-dhcp list if disable-dhcp-nameservers is
not set, else it does nothing.
|
|
It shouldn't be required, if necessary it should be added to
vyos-hostsd apply command.
|
|
Removes and adds all required settings.
|
|
The getter methods will return empty values if config nodes don't exist,
so there's no point in checking if they exist before.
|
|
Init Config once in main() and pass it to both get_config() and verify().
|
|
The previous implementation only supported disabling DHCP nameservers for all
interfaces, and was implemented improperly so it didn't work anyway.
It's safe to remove it completely.
This adds support for a new config node name-servers-dhcp <interface>, which
allows us to enable just the interfaces we want to use for system DNS,
identical in syntax to 'service dns forwarding dhcp <interface>'.
The new option works by adding tags to vyos-hostsd that we want to use to add
nameservers to resolv.conf, same as adding tags for dns forwarding but for a
different destination file.
A config migrator will be added in a separate commit.
|
|
Debian Buster doesn't have the length and character limitations of
/etc/resolv.conf 'search' any more, it is unlimited.
https://sourceware.org/bugzilla/show_bug.cgi?id=19569
(glibc >2.26)
|
|
Change internal representation to the one required by vyos-hostsd.
|
|
Removes and adds all required settings.
|
|
- generate recursor.conf, recursor.conf.lua
- if recursor.vyos-hostsd.conf.lua and recursor.forward-zones.conf don't exist,
create empty ones (they are/will be generated by vyos-hostsd)
|
|
Add warning that forwarding will operate as a recursor in case there are no
nameservers configured.
|
|
Remove the old solution that retrieved dhcp tagged nameservers from hostsd
and added it to nameservers, as it didn't work anyway (only once during
configuration but it didn't update them later). This is now handled by
vyos-hostsd, just retrieve the configured interfaces and send it the list
of tags to use.
|
|
Remove manual retrieval of 'system name-server' from config and adding it to
the name servers list, as this is now handled by simply adding a 'system' tag
in vyos-hostsd.
|
|
|
|
Change internal representation to the new one expected by vyos-hostsd.
|
|
As Config is required in both get_config and verify, init it once
and pass it to both functions.
|
|
The functionality was moved to vyos-hostsd.
|
|
|
|
Add a 'dhcpd' system user that is a member of hostsd group and can
connect to vyos-hostsd.
Run dhcpd as this user.
|
|
To better control access from other daemons that may not be running as root,
create a new group 'hostsd' to which the other daemons running users can be
added.
Run vyos-hostsd as root:hostsd to create the socket file with correct user and
group.
|
|
- set RuntimeDirectory to vyos-hostsd
- set RuntimeDirectoryPreserve in order to not delete the state file between
service restarts (/run will be deleted across reboots as it's on a tmpfs but
the state doesn't need to be saved across reboots anyway)
- set WorkingDirectory to /run/vyos-hostsd
|
|
- update copyright date
- validate incoming JSON data against a schema with voluptuous
- add usage help describing internal messages syntax at top of vyos-hostsd
- move socket and state file to directory /run/vyos-hostsd
- replace jinja2 rendering with vyos.template
- move all templates out of the executable into dedicated data/templates dirs
- move recursor.conf forward-zones-recurse to forward-zones-file
- generate lua-config-file for pdns-recursor with addNTA
- support adding custom forward zones for pdns-recursor with optional added NTA and/or recursion-desired
- move search_domains from set_host_name to separate add/delete/get commands
- unify functions to support abstracting them in the future
- track number of internal changes in "changes" variable saved in state file (informational in apply function)
- do not apply changes immediately, add apply function that applies all changes (to not reload pdns-recursor excessively for a large set of changes, users must call the apply function once at the end)
- add pdns_rec_control function that supports sending arbitrary commands to rec_control (fix pdns-recursor process name that caused the old function to think pdns-recursor was never running)
- create /run/powerdns if it doesn't exist (on boot vyos-hostsd starts before pdns-recursor but we need to put our generated conf files there)
- abstract specific command functions (add_*/del_*) into general functions to manipulate various types of data in the state variable
- add command types:
- forward_zones (generate custom forward zones for pdns-recursor)
- search_domains (move from set_host_name as dhcp client needs to change them too)
- name_server_tags_recursor (to set tags whose nameservers are added to pdns-recursor)
- name_server_tags_system (to set tags whose nameservers and search domains are added to /etc/resolv.conf)
- change hosts data format to make more sense (move tag from within each host dict to the key for a list of host dicts)
- do not remove state file when shut down cleanly, to not lose state when restarting vyos-hostsd service that's then impossible to restore without restarting the whole router - a reboot will remove the state file as it lives in a tmpfs (/run)
- remove too verbose info log on every received message
- set mode of socket to 770 to secure it against processes not in hostsd group
|
|
As part of T1595 listen-on was removed and migrated to listen-address,
but some references to it stayed in the variable names and validator
error message.
|
|
tested using:
set nat destination rule 399 description 'Redirect DNS iot VLAN'
set nat destination rule 399 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 399 destination port '53'
set nat destination rule 399 inbound-interface bond10.204
set nat destination rule 399 log
set nat destination rule 399 protocol 'tcp_udp'
set nat destination rule 399 translation address '192.168.67.243'
set nat destination rule 399 translation port '53'
set nat destination rule 400 description 'Redirect DNS lan VLAN'
set nat destination rule 400 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 400 destination port '53'
set nat destination rule 400 inbound-interface bond10.204
set nat destination rule 400 log
set nat destination rule 400 protocol 'tcp_udp'
set nat destination rule 400 translation address '192.168.67.243'
set nat destination rule 400 translation port '53'
set nat destination rule 401 description 'Redirect DNS guest VLAN'
set nat destination rule 401 destination address '!192.168.67.243-192.168.67.244'
set nat destination rule 401 destination port '53'
set nat destination rule 401 inbound-interface bond10.204
set nat destination rule 401 log
set nat destination rule 401 protocol 'tcp_udp'
set nat destination rule 401 translation address '192.168.67.243'
set nat destination rule 401 translation port '53'
|
|
|
|
|
|
|
|
|
|
|
|
Only start console if it exists on the running system. If a user detaches a
USB serial console and reboots - it should not fail!
|
|
During testing it was discovered that there is a well known problem (we had for
ethernet interfaces) also in the serial port world. They will be enumerated and
mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially
painful on my development APU4 board which also has a Sierra Wireless MC7710
LTE module installed.
The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the
amount of serial port extenders attached (FT4232H).
The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves
this by enumerating the devices into /dev/serial/by-id folder with their name
and serial number - it's a very good idea but I've found that not all of the
FT4232H dongles have a serial number programmed - this leads to the situation
that when you plug in two cables with both having serial number 0 - only one
device symlink will appear - the previous one is always overwritten by the
latter one.
Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus
directory and group devices by attached USB root port.
|
|
Support for Hayes modems has been long gone (1.2.x) and nobody cared. It was
removed in commit d582bbaf3 ("update console settings for systemd") of
vyatta-cfg-system.
So as there have been zero complaints - cleanup the CLI.
|
|
The current implementation only works once the system has been fully booted
up and the config nodes have been process. So there is no "early" kernel
debugging. It is started with priority 400 (after all network stuff) - thus it
has a questionable at all for Kernel debugging.
It would only make sense if the entire system is changed to supply the config
stuff to the Kernel commandline and then send it to a dedicated MAC address
target as network will be initialized late.
As there are zero Phabricator tasks available and we do not know any user using
this - the "feature" will be removed.
|
|
Migrate the serial console subsystem to XML and Python.
|
|
|
|
Instead of using "show version" as catch-all command for information rather
add "show system cpu" op-mode command which is analogous to "show system memory"
which deals with RAM.
|
|
* 'udev' of github.com:c-po/vyos-1x:
usb: op-mode: T2560: display USB interface information
pppoe: op-mode: T2488: retrieve log info from journalctl
wwan: op-mode: T2488: retrieve log info from journalctl
wwan: T2241: interface is not bond- or bridgeable
wwan: T2488: remove generation of dedicated logfile
wwan: T2529: migrate device from ttyUSB to usbXbY.YpZ.Z
udev: T2490: add persistent USB device files
|
|
|
|
vyos@vyos:~$ show system usb
/: Bus 03.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M
|__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/4p, 480M
|__ Port 3: Dev 4, If 0, Class=Vendor Specific Class, Driver=qcserial, 480M
|__ Port 3: Dev 4, If 2, Class=Vendor Specific Class, Driver=qcserial, 480M
|__ Port 3: Dev 4, If 3, Class=Vendor Specific Class, Driver=qcserial, 480M
|__ Port 3: Dev 4, If 8, Class=Vendor Specific Class, Driver=qmi_wwan, 480M
vyos@vyos:~$ show system usb serial
No USB to serial converter connected
vyos@vyos:~$ show system usb serial
Device Model Vendor
------ ------ ------
usb0b1.3.3.4p1.0 Quad_RS232-HS Future Technology Devices International, Ltd
usb0b1.3.3.4p1.1 Quad_RS232-HS Future Technology Devices International, Ltd
usb0b1.3.3.4p1.2 Quad_RS232-HS Future Technology Devices International, Ltd
usb0b1.3.3.4p1.3 Quad_RS232-HS Future Technology Devices International, Ltd
usb0b1.3.4p1.0 Quad_RS232-HS Future Technology Devices International, Ltd
usb0b1.3.4p1.1 Quad_RS232-HS Future Technology Devices International, Ltd
usb0b1.3.4p1.2 Quad_RS232-HS Future Technology Devices International, Ltd
usb0b1.3.4p1.3 Quad_RS232-HS Future Technology Devices International, Ltd
usb0b1.3p1.0 MC7710 Sierra Wireless, Inc.
usb0b1.3p1.2 MC7710 Sierra Wireless, Inc.
usb0b1.3p1.3 MC7710 Sierra Wireless, Inc.
usb0b1.4p1.0 Quad_RS232-HS Future Technology Devices International, Ltd
usb0b1.4p1.1 Quad_RS232-HS Future Technology Devices International, Ltd
usb0b1.4p1.2 Quad_RS232-HS Future Technology Devices International, Ltd
usb0b1.4p1.3 Quad_RS232-HS Future Technology Devices International, Ltd
|
|
Commit 2cb806271928 ("wirelessmodem: T2241: make VRF and bond/bridge membership
mutually exclusive") added some logic which is not forseen/neither makes sense
on a dialup interface, thus it's removed again
|
|
... all information are present in journald.
|
|
During testing it was discovered that there is a well known problem (we had for
ethernet interfaces) also in the serial port world. They will be enumerated and
mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially
painful on my development APU4 board which also has a Sierra Wireless MC7710
LTE module installed.
The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the
amount of serial port extenders attached (FT4232H).
The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves
this by enumerating the devices into /dev/serial/by-id folder with their name
and serial number - it's a very good idea but I've found that not all of the
FT4232H dongles have a serial number programmed - this leads to the situation
that when you plug in two cables with both having serial number 0 - only one
device symlink will appear - the previous one is always overwritten by the
latter one.
Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus
directory and group devices by attached USB root port.
vyos@vyos:~$ find /dev/serial/by-bus/ -name usb* -exec basename {} \; | sort
usb0b1.3p1.0
usb0b1.3p1.2
usb0b1.3p1.3
usb0b2.4p1.0
usb0b2.4p1.1
usb0b2.4p1.2
usb0b2.4p1.3
So we have USB root 0 with bus 1.3 and port 1.0. The enumeration is constant
accross reboots.
|
|
During testing it was discovered that on 5 out of 10 reboots the USB
enumeration/mapping from physical port to /dev/ttyUSB is different. The root
cause is that it's a FIFO so first found/loaded driver module will be assigned
ttyUSB0.
This mixed up the serial interfaces of my FTDI chips and my connected Sierra
Wireless MC7710 card which was no longer functioning as it now was mapped to
a different USB interface.
The solution is a udev rule which persistently maps the USB-tree-device to a
device file in /dev. Wait? isn't this what /dev/serial/by-{id,path} is for?
Correct, it does the very same thing but the problem is as follows:
* by-path uses device file names which also incorporate the parent bus system,
this results in "pci-0000:00:10.0-usb-0:2.4:1.0-port0"
* by-id will overwrite the assigned device symlink if a new USB device with the
same name appears. This happens to some FTDI devices with no serial number
programmed so the device added last wins and will be the only one in
the by-id folder - cruel world!
This commit adds a new directory /dev/serial/by-bus which holds the following
device files (as example):
$ ls -1 /dev/serial/by-bus/
usb0b1.3p1.0
usb0b1.3p1.2
usb0b1.3p1.3
usb0b2.4p1.0
usb0b2.4p1.1
usb0b2.4p1.2
usb0b2.4p1.3
|
|
|
|
Retrieving the CLI nodes from current config was missed out and only
implemented for PPPoE.
|
|
When DHCPv6-PD is configured to delegate a prefix to a non existing interface,
it is restarted (systemd default) but will then hit the restart rate-limit which
disables the service entirely.
As VyOS currently has no "hook" to be called once an interface goes online we
need this "try and error" approach until there is a way to deal with it. This
behavior can be reproduced when delegating an IPv6 prefix to a bridge interface
as a bridge interface will always be started after all interfaces have been
configured.
We will now restart dhcp6c as long as the requested interface is online.
|
|
openvpn: T2550: fix for IPv4 remote-host addresses
|
|
Commit bb9f998 added IPv6 support for OpenVPN, but IPv4 only
configurations stopped working (Address family for hostname not supported)
Commit fc467519 fixed some scenarios by using IPv4 protocols
if 'local-host' is IPv4 address, but the client mode is using
'remote-host' instead and was still broken.
This commit in addition to 'local-host' also checks all the
'remote-host' addresses.
|
|
|
