summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-11-20IPsec: T4829: use type hint Optional for arg tunnel in reset_peerJohn Estabrook
2022-11-20IPsec: T4829: add missing import TimeoutExpiredJohn Estabrook
2022-11-20Merge pull request #1657 from sever-sever/T4812Daniil Baturin
T4812: Add op-mode Show vpn ipsec connections
2022-11-20op-mode: dns-forwarding: T4578: drop sudo callsChristian Poessinger
Commit 66288ccfee ("dns-forwarding: T4578: Rewrite show dns forwarding") added the implementation for the new standardized op-mode definitions/implementation. As the API daemon has the proper permissions and also the CLI op-mode calls the script already with "sudo", there is no need to call "sudo" inside this script, again. Also add dns.py to data/op-mode-standardized.json for the GraphQL schema to be generated.
2022-11-20T4827: Route-map state continue must be with action permit onlyViacheslav Hletenko
route-map action 'deny' cannot be used for "continue" as FRR does not validate it r14(config)# route-map FOO permit 100 r14(config-route-map)# route-map FOO deny 50 r14(config-route-map)# on-match goto 100 % Configuration failed. Error type: validation r14(config-route-map)#
2022-11-20vrf: T4562: no need to invode "sudo" when retrieving VRf informationChristian Poessinger
2022-11-18IPsec: T4828: raise op-mode error on incorrect valueJohn Estabrook
2022-11-18Merge pull request #1662 from jestabro/config-script-dependencyDaniil Baturin
firewall: T4821: correct calling of conf_mode script dependencies
2022-11-18Merge pull request #1645 from aapostoliuk/T4793-sagittaChristian Poessinger
T4793: Added warning about disable-route-autoinstall
2022-11-18T4793: Added warning about disable-route-autoinstallaapostoliuk
Added warning message about disable-route-autoinstall when ipsec vti is used.
2022-11-17Merge pull request #1654 from sarthurdev/pbr_refactorChristian Poessinger
policy: T2199: T4605: Migrate policy route interface node
2022-11-17firewall: T4821: correct calling of conf_mode script dependenciesJohn Estabrook
2022-11-16T4794: Fix show show firewall nameSander Klein
show firewall name <name> will output an error as explained in https://phabricator.vyos.net/T4794
2022-11-16bridge: T4673: remove "sudo" as there is no need to elevate permissionsChristian Poessinger
2022-11-16Revert "Revert "dns: T4799: fix bug with not reloading powerdns config""Christian Poessinger
This reverts commit 44df1cea1ebc3296844c5c35cf053a92cda4b944.
2022-11-15T4812: Add op-mode Show vpn ipsec connectionsViacheslav Hletenko
Add op-mode CLI "show vpn ipsec connections" Add the ability to show all configured connections/tunnels and their states. Ability to get --raw data
2022-11-15T4815: ip-up/down scripts needs the executable bitYuxiang Zhu
ip-up/down scripts added in https://github.com/vyos/vyos-1x/pull/1656 need the executable bit.
2022-11-14T4815: Fix various name server config issuesYuxiang Zhu
1. When a PPPoE session is connected, `pppd` will update `/etc/resolv.conf` regardless of `system name-server` option unless `no-peer-dns` is set. This is because `pppd` vendors scripts `/etc/ppp/ip-up.d/0000usepeerdns` and `/etc/ppp/ip-down.d/0000usepeerdns`, which updates `/etc/resolv.conf` on PPPoE connection and reverts the change on disconnection. This PR removes those scripts and adds custom scripts to update name server entries through `vyos-hostsd` instead. 2. There is a typo in `/etc/dhcp/dhclient-enter-hooks.d/04-vyos-resolvconf, which misspells variable name `new_dhcp6_name_servers` as `new_dhcpv6_name_servers`. This causes IPv6 name server entries in `vyos-hostsd` not updated when dhclient receives nameservers from DHCPv6. 3. Regular expressions in scripts under `/etc/dhcp/dhclient-enter-hooks.d` and `/etc/dhcp/dhclient-exit-hooks.d/` are not enclosed in `^$`, so those IPv4 related branches (like `BOUND`) could be mistakenly executed when an IPv6 reason (like `BOUND6`) is given.
2022-11-11policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵sarthurdev
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle
2022-11-10Merge pull request #1652 from aapostoliuk/T4496-sagittaChristian Poessinger
T4496: Refactoring vrf_list function in ping command
2022-11-10Merge pull request #1643 from sever-sever/T4789Christian Poessinger
T4789: Ability to get op-mode raw data for PPPoE L2TP SSTP IPoE
2022-11-10T4789: Ability to get op-mode raw data for PPPoE L2TP SSTP IPoEViacheslav Hletenko
Ability to get 'raw' data sessions and statistics for accel-ppp protocols IPoE/PPPoE/L2TP/PPTP/SSTP server
2022-11-10T4496: Refactoring vrf_list function in ping commandaapostoliuk
Changed the function code of vrf_list to using the function from vyos.util
2022-11-09Merge pull request #1647 from aapostoliuk/T4807-sagittaChristian Poessinger
T4807: Fixed traceroute help completion
2022-11-09T4807: Fixed traceroute help completionaapostoliuk
Changes in traceroute command: Added list of possible VRFs in the help. Added list of possible interfaces in the help. Changed, if an option was selected before, it does not appear in possible completion. Added error message when an unexpected option was selected
2022-11-09Revert "dns: T4799: fix bug with not reloading powerdns config"Christian Poessinger
This reverts commit ff09d4f47e5f54fad8258cd27fb0adfaa4c552b3. Process name is actually: <bound method Process.name of psutil.Process(pid=5031, name='pdns-r/worker', status='sleeping', started='08:51:51')>
2022-11-06graphql: T4803: allow 'Authorization' header in CORS middlewareJohn Estabrook
2022-11-05container: T4802: support per container shared-memory size configurationChristian Poessinger
Size of /dev/shm within a container can be defined via --shm-size when invoking the container. Add corresponding CLI node.
2022-11-05dns: T4799: fix bug with not reloading powerdns configinitramfs
PowerDNS version 4.7 and above has changed the main process name from 'pdns-r/worker' to 'pdns_recursor'. This commit updates the process name check to use the new name.
2022-11-03Merge pull request #1633 from sarthurdev/fqdnChristian Poessinger
firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT
2022-11-03nat: T1877: T970: Add firewall groups to NATsarthurdev
2022-11-03firewall: T970: Refactor domain resolver, add firewall source/destination ↵sarthurdev
`fqdn` node
2022-11-03validators: T4795: migrate fqdn python validator to validate-valueChristian Poessinger
2022-11-03Merge branch 'T4496-sagitta' of https://github.com/aapostoliuk/vyos-1x into ↵Christian Poessinger
current * 'T4496-sagitta' of https://github.com/aapostoliuk/vyos-1x: T4496: Added lists of values in the help of op-mode ping command
2022-11-03Merge pull request #1604 from sever-sever/T4758Christian Poessinger
T4758: Rewrite show DHCP(v6) server leases to vyos.opmode format
2022-11-03validators: T4795: migrate mac-address python validator to validate-valueChristian Poessinger
Instead of spawning the Python interpreter for every mac-address to validate, rather use the base validate-value OCaml implementation which is much faster. This removes redundant code and also makes the CLI more responsive. Validator is moved out to a dedicated file instead of using XML inlined <regex> for the reason of re-usability. So if that regex needs to be touched again - it can all happen in one single file.
2022-11-03validators: T4795: drop unused Python validatorsChristian Poessinger
2022-11-03xml: T4795: superseed allowed-vlan validator by numeric range validatorChristian Poessinger
Reduce CPU time when spawning the python interpreter. Same can be done by the numeric validator.
2022-11-02Merge pull request #1636 from jestabro/standardize-op-mode-outputJohn Estabrook
op-mode: T4791: consistent normalization of 'raw' output of op-mode scripts for CLI and API
2022-11-02T4496: Added lists of values in the help of op-mode ping commandaapostoliuk
Added list of possible VRFs in the help of the ping command Added list of possible interfaces in the help of the ping command Changed, if an option was selected before in the ping command, it does not appear in possible completion. Added error message when an unexpected option was selected.
2022-11-02T4758: Fix conflicts op-mode-standardizedViacheslav Hletenko
2022-11-02T4758: Rewrite show DHCP(v6) server leases to vyos.opmode formatViacheslav Hletenko
Rewrite op-mode DHCP and DHCPv6 leases to vyos.opmode format Abbility to show 'raw' format show dhcp server leases show dhcpv6 server leases
2022-11-02Merge pull request #1623 from sever-sever/T4771Daniil Baturin
T4771: Ability to get raw format for op-mode BGP commands
2022-11-01graphql: T4791: decamelize/normalize result of op-mode queriesJohn Estabrook
2022-11-01T4777: Ability to get logs in machine-readable formatViacheslav Hletenko
Ability to get logs in JSON format Possible filter by unit. Options for count lines, UTC time, facility or logs since boot
2022-11-01Merge pull request #1632 from dmbaturin/vrrp-commit-in-progressViacheslav Hletenko
T4526: use informative error messages for keepalived-fifo with commit in progress
2022-10-31ipsec: T4787: add support for road-warrior/remote-access RADIUS timeoutChristian Poessinger
This enabled users to also use 2FA/MFA authentication with a radius backend as there is enough time to enter the second factor.
2022-10-31T4526: use informative error messages for keepalived-fifo with commit in ↵Daniil Baturin
progress
2022-10-31T4771: Ability to get raw format for op-mode BGP commandsViacheslav Hletenko
2022-10-29Merge pull request #1621 from sarthurdev/T4774Christian Poessinger
wireguard: T4774: Prevent duplicate peer public keys