summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2020-11-23openvpn: T3074: fix site-2-site operation modeChristian Poessinger
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected.
2020-11-23Merge pull request #616 from Cheeze-It/currentChristian Poessinger
mpls-conf: T915: Refactored template, handler, added global features
2020-11-22mpls-conf: T915: Refactored FRR LDP template, MPLS handler, added MPLS ↵Cheeze_It
global features So this is a big update. The first thing that was done was a refactor to the FRR LDP template, MPLS handler, and XML conf tree MPLS global additions. The refactors should work and I did test them in my lab. It seems that everything does work as needed so far in my testing. There is something here that is considered configuration breaking from the old setup though. In the old setup the MPLS interface operation (as in the interfaces accepting MPLS labels and processing them) was tied with LDP. What this means is that MPLS processing was enabled at the same time as LDP interfaces were configured. We do not want this behavior for the future as there's other MPLS underlay technologies like SR and RSVP. If someone wants to enable SR or RSVP without enabling LDP then they now can. Before, they couldn't. The other additions are global changes to MPLS TTL propagation and MPLS max TTL enforcement. They have now been added. Lastly, there is an frr-reload bug that Runar Borge found with this. We have found that when totally deleting LDP that there has to be 3 commits done. This is because frr-reload doesn't properly do what it needs to do in 1 operation so we had to do 3. This will only affect people that are doing an entire LDP clear using "delete protocols mpls ldp." Otherwise it isn't seen. Anyway, this refactor now works with the FRR daemon directly for all changes. This also makes it much easier for adding stuff in the future. Thank you
2020-11-22bgp: T2174: refactor Jinja template and reduce redundant pathsChristian Poessinger
The Jinja2 template contained a lot of redundant paths which only differed in either the address-family or neighbor vs. peer-group. This paths have been combined into for loops and a macro for generating a neighbor statement as peer-groups and regular neighbors share ~95% of the config.
2020-11-22isis: T1316: remove debug printChristian Poessinger
2020-11-21openvpn: T3060: fix client authentication username and password fileChristian Poessinger
2020-11-21ethernet: T3048: fix migrator to also support a plain configChristian Poessinger
When VyOS boots the first time with the default configuration there it actually no "interface ethernet" node present in the config, thus we must exit the migrator. Without this change vyos.configtree.ConfigTreeError: Path [b'interfaces ethernet'] doesn't exist will be thrown.
2020-11-21system: T3078: rename "system options" -> "system option"Christian Poessinger
By design a CLI node should not be named by its plural but rather describe it as singular.
2020-11-21ethernet: T3048: drop static smp-affinity for dynamic performance tuningChristian Poessinger
After migrating the ethernet interfaces from the good old Perl days the smp-affinity node yet has no effect anymore as the code is still missing (my bad, sorry). Drop the smp-affinity node and rather use tuned instead with the network-throughput or network-latency profile. - network-throughput: Profile for throughput network tuning. It is based on the throughput-performance profile. It additionaly increases kernel network buffers. - network-latency: Profile for low latency network tuning. It is based on the latency-performance profile. It additionaly disables transparent hugepages, NUMA balancing and tunes several other network related sysctl parameters. I'd set network-throughput as the default on a new set system option performance <throughput | latency> CLI node which is present in the default configuration. https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf
2020-11-20Merge pull request #614 from sever-sever/T439Christian Poessinger
policy-conf: T439: Add policy local-route PBR
2020-11-20policy-conf: T439: Add policy local-route PBRsever-sever
2020-11-20tunnel: T3072: bugfix KeyError for IPv6 GRE verify codeChristian Poessinger
2020-11-20wireguard: ifconfig: T2653: interface address is not mandatoryChristian Poessinger
2020-11-20tunnel: T3072: support changing tunnel encapsulation on-the-flyChristian Poessinger
2020-11-20tunnel: T3072: interfaces used for NHRP can not be deletedChristian Poessinger
2020-11-20tunnel: T3072: migrate to get_config_dict()Christian Poessinger
2020-11-19bridge: T3067: Fix VLAN aware setting failure under WLAN (#613)JACK
In the implementation of T3042, it will cause two problems: 1. Even if VLAN awareness is not enabled, the VLAN settings of the vlan filter will be modified. When the bridge member has a WLAN interface, the error is exposed, so repair it here. You should not modify the related settings when the VLAN awareness mode is not enabled 2. Even if VLAN awareness is not enabled, the VLAN settings of the vlan filter will be modified. When the bridge member has a WLAN interface, due to special settings, the bridge mode cannot be entered and the settings cannot be completed directly. Therefore, the WLAN interface should be rejected Enter the bridge with VLAN awareness
2020-11-18Revert "wireless: T2241: add "wds" CLI option"Christian Poessinger
This reverts commit 806f35b5856c3f8dae634718a6a9e82cc90bb63a. Unfortunately this did not work our in the attempt to bridge a station to a bridge "brX" interface. Also adjusting the wireless interface during operation cause several exceptions and the feature is removed again as it was never in any production system.
2020-11-14tuned: T3048: programm proper daemon startupChristian Poessinger
Daemon was only enabled/disabled before and not started/stopped. This has been corrected to start the daemon and wait until startup before sending the configuration profile.
2020-11-14options: keyboard: T3038: use proper XML <defaultValue> over hardcoded ↵Christian Poessinger
Python value We should not use hardcoded Python values whenever possible. vyos.xml provides an abstraction of the XML CLI definitions providing default values from the CLI specified via the <defaultValue> node. This increases consistency among all XML/Python wrappers. Additional small fixes in this commit (besides the bad practice incorporating unrelated changes into the same commit) contain: - Keyboard layout shout be explicitly set for /dev/console - Added missing Debian dependency on console-data - When looking for a key in a dict, we do not need to specify dict.keys()
2020-11-14Merge pull request #608 from DmitriyEshenko/kb-layoutChristian Poessinger
system: T3038: Add keyboard layout CLI command
2020-11-13system: T3038: Add keyboard layout CLI commandDmitriyEshenko
2020-11-13Merge branch 't1316-frr-isis' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 't1316-frr-isis' of github.com:c-po/vyos-1x: isis: T1316: refactor config retrieval and Jinja2 template isis: T1316: October steps
2020-11-13isis: T1316: refactor config retrieval and Jinja2 templateChristian Poessinger
Make the entire template code more human readable by denesting it, as there can only be one ISIS daemon instance in FRR.
2020-11-13Merge pull request #602 from DmitriyEshenko/fix-op-rebootChristian Poessinger
powerctl: T3066: Calculate minutes over 60
2020-11-13openvpn: T3060: Remote-host is a required param for clientsever-sever
2020-11-13Merge branch 'T1316_october' of https://github.com/sever-sever/vyos-1x into ↵Christian Poessinger
t1616-isis * 'T1316_october' of https://github.com/sever-sever/vyos-1x: isis: T1316: October steps
2020-11-13vyos.template: provide general is_ip(v4|v6) helpersChristian Poessinger
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.
2020-11-13powerctl: T3066: Calculate minutes over 60DmitriyEshenko
2020-11-13wwan: T3065: add IPv6 support for wirelessmodem interfacesChristian Poessinger
2020-11-12udev: T3063: drop special WWAN rule for Sierra Wireless cardsChristian Poessinger
This is no longer required after commit for the VyOS Kernel configuration https://github.com/vyos/vyos-build/commit/3fa7fe6926a538a8b4f25
2020-11-12ssh: T2635: drop superfluous importChristian Poessinger
Commit a1327d2b970 ("ssh: T2635: reuse common verify_vrf() function") already moved to the common verify logic but did not remove the no longer needed import statement.
2020-11-12Merge pull request #600 from sever-sever/T2174Christian Poessinger
bgp-new: T2174: Fix abbility to del global route-map param
2020-11-12Merge pull request #594 from jack9603301/T3042John Estabrook
bridge: T3042: Support VLAN filter and VLAN sub-interface on the bridge
2020-11-12bgp-new: T2174: Fix abbility to del global route-map paramsever-sever
2020-11-11 mpls-conf: T915: Add MPLS misc parameters, add LDP misc parametersCheeze-It
This commit has to do with the addition of miscellaneous MPLS parameters, as well as miscellaneous LDP parameters. Per c-po, for miscellaneous options and whatnot that do not fit anywhere we will put them into a specific "parameters" node. I also did some global linux configuration changes here. We make changes to kernel options "net.mpls.ip_ttl_propagate" and "net.mpls.default_ttl" which should allow the behavior of VyOS to have the same as routers from the big vendors. I added two LDP options for cisco interoperation TLV and for a dual stack preference. Lastly, I went through and changes some of the help/description fields in the definitions page because I just felt they weren't uniform and the words seemed to not properly explain what they were doing. I also did some code clean up (or tried to...) with comments and whatnot.
2020-11-11wwan: T2529: fix validation logic for non existing devicesChristian Poessinger
A non existing device usb0b1.4p1.?? device was not detected, as find_device_file() returned None which can not be passed into os.path.exists(). Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/interfaces-wirelessmodem.py", line 126, in <module> verify(c) File "/usr/libexec/vyos/conf_mode/interfaces-wirelessmodem.py", line 60, in verify if dev_path is None or os.path.exists(find_device_file(dev_path)): File "/usr/lib/python3.7/genericpath.py", line 19, in exists os.stat(path) TypeError: stat: path should be string, bytes, os.PathLike or integer, not NoneType
2020-11-10bridge: T3042: Support VLAN filter and VLAN sub-interface on the bridgejack9603301
2020-11-08mpls-conf: T915: Add targeted LDP neighbors with parametersCheeze_It
The commit has to do with the addition of targeted LDP neighbors and parameters being added. FRR allows for this functionality and I just wanted to add it. We have basically 4 options that are added. Enabling targeted LDP functionality, the targeted neighbor, the hello interval of targeted sessions, and the hold time of targeted sessions. Both IPv4 and IPv6 has been coded in.
2020-11-06op-mode: T2731: fix "show interfaces" returns invalid state when link is downChristian Poessinger
There has been a miss-match of admin-down and oper-down status for the Python implementation of "show interfaces".
2020-11-06validator: ipv4-range: T3050: fix wrong exit code when no range was givenChristian Poessinger
2020-11-06system: T3048: use proper service name "tuned.service"Christian Poessinger
2020-11-06system: T3048: add dynamic performance tuning daemonChristian Poessinger
Add new CLI command "set system options performance <latency | throughput>"
2020-11-06openvpn: T3051: fix multiple pushed routes to preconfigured clientsChristian Poessinger
2020-11-04mpls-conf: T915: Add session hold time adjustment for static LDP neighborsCheeze_It
The commit has to do with the addition of session hold time parameter for LDP neighbors. This allows for being able to change said hold time on a static neighbor. The way that this works is to have it either delegated to a value (15-65535), or to just be default to whatever FRR stipulates or per the other session configuration values. I opted to remove the "-ipv4-" only because we know it's an IPv4 session that one has to create first. I figure it's redundant to add it there so I removed it.
2020-11-04Merge pull request #595 from Cheeze-It/currentChristian Poessinger
mpls-conf: T915: Add TTL security for static LDP neighbors
2020-11-04mpls-conf: T915: Add TTL security for static LDP neighborsCheeze_It
The commit has to do with the addition of TTL security for LDP neighbors. The code was 90% done by Viascheslav. I modified it a little bit to get it to properly work. We added more parameters to the neighbors dynamic loop. Once this is merged then we should be able to add more for the dynamic neighbor statements. The way that this works is to have either TTL disabled, or to add the amount of hops accepted for the neighbor.
2020-11-04openvpn: T3046: create client config dir on-demandChristian Poessinger
This commit partially reverts commit eb1ed5e518 ("openvpn: T2994: re-add ifconfig-pool statement in server config").
2020-11-03Merge branch 'wifi-wpa3' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'wifi-wpa3' of github.com:c-po/vyos-1x: wireless: T3042: move wifi-regulatory-domain into individual interface definition wireless: T2653: reset wireless priority to crux state wireless: T3034: add WPA3 support wireless: T3043: rename "wpa mode both" to "wpa+wpa2" ifconfig: T2985: fix wireless-bridge creation
2020-11-03wireless: T3042: move wifi-regulatory-domain into individual interface ↵Christian Poessinger
definition