summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2024-03-10firewall: T6071: truncate rule description field to 255 charactersChristian Breunig
(cherry picked from commit 259ef4740413b39da9b122db19c549eeec88114c)
2024-03-06T6075: firewall and NAT: check if interface-group exists when using them in ↵Nicolas Fort
firewall|nat rules. (cherry picked from commit 3c0634e572ffdecaf24a9dac16678427f22761ab)
2024-03-06T6096: Config commits are not synced properly because 00vyos-sync is deleted ↵Apachez
by vyos-router (cherry picked from commit 433faaa9fe7d7dfc02db78ff039e772f5037037a)
2024-03-06Merge pull request #3086 from vyos/mergify/bp/sagitta/pr-3079Christian Breunig
T6084: Add NHRP dependency for IPsec and fix NHRP empty config bug (backport #3079)
2024-03-05http-api: T6069: fix allocation outside of thread lockJohn Estabrook
(cherry picked from commit 7503e419d0dbc9ba81f7299d9df173c0a82f20da)
2024-03-05T6084: Add NHRP dependency for IPsec and fix NHRP empty config bugViacheslav Hletenko
If we have any `vpn ipsec` and `protocol nhrp` configuration we get the empty configuration file `/run/opennhrp/opennhrp.conf` after rebooting the system. Use config dependency instead of the old `resync_nhrp` function fixes this issue (cherry picked from commit 689fea253d9019df20d5c6ac7fa22d5e8454afab)
2024-03-04ospfv3: T6087: add support to redistribute IS-IS routesChristian Breunig
(cherry picked from commit 6a97fdfa1ba9b4135a51498ea5acabb804256b2c)
2024-03-02Merge pull request #3062 from sarthurdev/T6079_sagittaDaniil Baturin
dhcp-server: T6079: Disable duplicate static-mappings on migration
2024-03-02ospf: T5717: sync code with ospfv3 implementationChristian Breunig
(cherry picked from commit 298bcc5cb90c4c83981ec4baaaa0db785306867d)
2024-03-02ospfv3: T5717: allow metric and metric-type on redistributed routesChristian Breunig
Example: vyos@vyos# set protocols ospfv3 redistribute bgp Possible completions: metric OSPF default metric metric-type OSPF metric type for default routes (default: 2) route-map Specify route-map name to use (cherry picked from commit ed2c288c8a9031f91acf76d20b84e2002696981c)
2024-03-01smoketest: T6079: probe for duplicate IP address static-mappingChristian Breunig
2024-02-29T5504 Keepalived VRRP ability to set more than one peer-addressNataliia Solomko
(cherry picked from commit 3480d92a8c4d84e8c1f94a9362bac2be0cc77921)
2024-02-29Merge pull request #3058 from vyos/mergify/bp/sagitta/pr-3053Christian Breunig
container: T6074: do not allow deleting images which have a container running (backport #3053)
2024-02-29banner: T6077: implement ASCII contest winner default logoChristian Breunig
Implement VyOS ASCII art contest winners logo as the default for our MOTD (cherry picked from commit 0ea3a454cf560171d3eb9d4d1b97b172c06360fe)
2024-02-29dhcp-server: T6079: Disable duplicate static-mappings on migrationsarthurdev
2024-02-28vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is ↵sarthurdev
required (cherry picked from commit 6f7d1e15665655e37e8ca830e28d9650445c1217)
2024-02-28container: T6074: do not allow deleting images which have a container runningChristian Breunig
The current VyOS container image manipulation "delete container image" command allows force removal of container images - even if they still have a container running. Drop the --force option from the op-mode script. vyos@vyos:~$ delete container image 2636705a815a Error: image used by 6adb0175d47f.. image is in use by a container: consider listing external containers and force-removing image (cherry picked from commit bfc065f2c4dcfc969981453e49b8156330674006)
2024-02-24Merge pull request #3048 from vyos/mergify/bp/sagitta/pr-3046Christian Breunig
container: T6060: support removing all container images at once via op-mode (backport #3046)
2024-02-24Merge pull request #3047 from vyos/mergify/bp/sagitta/pr-2633Daniil Baturin
T5781: add ability to add additional minisign keys (backport #2633)
2024-02-24container: T6060: support removing all container images at once via op-modeChristian Breunig
cpo@LR1.wue3:~$ show container image REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/busybox latest 3f57d9401f8d 5 weeks ago 4.5 MB docker.io/jacobalberty/unifi v7.5 f6df690d6c67 4 months ago 827 MB docker.io/jacobalberty/unifi v7.4 7838b75ef7b9 7 months ago 786 MB cpo@LR1.wue3:~$ delete container image Possible completions: 3f57d9401f8d Delete container image 7838b75ef7b9 all f6df690d6c67 cpo@LR1.wue3:~$ delete container image all cpo@LR1.wue3:~$ show container image REPOSITORY TAG IMAGE ID CREATED SIZE (cherry picked from commit 9e51a1661fac3e0d762cffdd28705e7e4bad76e9)
2024-02-24T5781: use dynamic minisign key listKyleM
Updated image_installer.py to try and validate image with all minisign public keys in /usr/share/vyos/keys/ (cherry picked from commit dfbc854157fa4655a8f459b2447df64dc74119d1)
2024-02-24container: T5909: move registry login to op-modeChristian Breunig
It does not make sense to perform the "podman login" command when setting up containers, as images are not automatically pulled in from the registry - due to issues with the default route during startup. The same issue manifests in "podman login" where we can not login to a registry unless there is a default route present. This commit changes the behavior that the container registry is part of the configuration, but it is only referenced during "add container image" and thus never during system boot. (cherry picked from commit baf30d8319ef4d0f0cc4cdf0f7c12f03f8a492b6)
2024-02-20event-handler: T6048: handling exception when _PID is not foundgavol
(cherry picked from commit b678009b484eb6d20fceb5db00b0dc62344296a2)
2024-02-18bridge: T6043: do not call vxlan dependency if interface does not exist (yet)Christian Breunig
In order to keep the proper priority list during system startup and on initial setup/commit for this feature the dependent VXLAN code should not be called, if the interface in question does not exist (yet). (cherry picked from commit dbe8c613bb80bc8b714398825054ade5942ea75b)
2024-02-17Merge pull request #3023 from vyos/mergify/bp/sagitta/pr-3019John Estabrook
login: T5972: add possibility to disable individual local user accounts (backport #3019)
2024-02-17login: T5972: add possibility to disable individual local user accountsChristian Breunig
* set system login user <name> disable (cherry picked from commit 6e0b146ed3b90da577c3ecba38836883fd435e7a)
2024-02-17T3722: Fixed L-Time in 'show vpn ike sa' commandaapostoliuk
Fixed L-Time in 'show vpn ike sa' command (cherry picked from commit bb6e6fc2119584df6ec571e7e9335dc509d5faeb)
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-defaultChristian Breunig
* set system ip nht no-resolve-via-default * set system ipv6 nht no-resolve-via-default (cherry picked from commit ece0e768f36e52f8964823d891264d7c187204ec)
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code. (cherry picked from commit ac6a16f6c5ad7700789759e1ec093236c2e182a2)
2024-02-13rpki: T6024: add migration scripts from file based keys to PKI subsystemChristian Breunig
(cherry picked from commit 4d76e9ef3e7773ed96c037108021c292675b101c)
2024-02-13rpki: T6034: remove OpenSSH keys from /run/frr when unloadedChristian Breunig
(cherry picked from commit 78820752b936e77d30f995498ff36487c5c6af87)
2024-02-13pki: T6034: add dependencies to trigger rpki re-run on openssh key updateChristian Breunig
(cherry picked from commit 0f8bf6bd0fb29cfd638e9920674e7ad1d1d25350)
2024-02-13rpki: T6034: move SSH authentication keys to PKI subsystemChristian Breunig
(cherry picked from commit ac2d7dfac6073d0f232191ec494f78a8d12889e4)
2024-02-13pki: T6034: add OpenSSH key supportChristian Breunig
set pki openssh rpki private key ... set pki openssh rpki public key ... set pki openssh rpki public type 'ssh-rsa' (cherry picked from commit 8c78ef0879f22ffd4a5f7fdb175e9109b46e9d7b)
2024-02-12ipsec: T5981: Strip '@' from migrated peer namesarthurdev
(cherry picked from commit 8238f8cdae3ae14bd8bd95158c218c45285df478)
2024-02-12init: T2044: fix "binary operator expected" when two or more RPKI caches are ↵Christian Breunig
defined Fix commit 9b8e11e07 ("init: T2044: only start rpki if cache is configured") which showed a disturbing error on tty0 after boot that a "binary operator expected" when checking for RPKI caches when multiple results got returned. (cherry picked from commit a5ac522f8c675ee2b2c2f4f08be7c41943632e94)
2024-02-11srv6: T5849: add segment support to "protocols static route6"Christian Breunig
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z' * set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z' (cherry picked from commit b84f7de453f3951945298d95a8a27345ba7d28c3)
2024-02-09T5703: Fix reapply QoS for connection-oriented interfacesViacheslav Hletenko
After `disconnect` and `connect` connection-oriented interfaces like PPPoE, QoS policy has to be reapplied (cherry picked from commit ffc6dc28780f4d3e8c548f3709c7f3d17babda68)
2024-02-09https: T5902: fix migration of virtual-host portChristian Breunig
CLI source node is port and not listen-port. (cherry picked from commit 63d53a17274349fd68defdbf9f7ce16be63fc9b1)
2024-02-09T5960: Rewritten authentication node in PPTP to a single viewaapostoliuk
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication. (cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
2024-02-08T6026: QoS hide attempts to delete qdisc from devicesViacheslav Hletenko
Hide unexpected output by attempts of deleting `qdisc` from interfaces [ qos ] Error: Cannot find specified qdisc on specified device. Error: Cannot delete qdisc with handle of zero. (cherry picked from commit 6dcb68ba5553ac94eb3a9da4a915999500b00ab2)
2024-02-08Merge pull request #2964 from vyos/mergify/bp/sagitta/pr-2952Daniil Baturin
vrf: T5973: module is now statically compiled into the kernel (backport #2952)
2024-02-07init: T2044: only start rpki if cache is configuredChristian Breunig
This extends commit 9199c87cf ("init: T2044: always start/stop rpki during system boot") to check the bootup configuration if an RPKI cache is defined. Only start RPKI if this is the case. (cherry picked from commit 9b8e11e078c42e3ae86ebfa45fec57336f25a0af)
2024-02-07vrf: T5973: module is now statically compiled into the kernelChristian Breunig
Always enable VRF strict_mode (cherry picked from commit 117fbcd6237b59f54f2c1c66986a8ce073808c84)
2024-02-07vpn: T3843: l2tp configuration not cleared after deletekhramshinr
vpn: T5926: IPSEC does not apply after l2tp configuration was changed added dependency between l2tp and ipsec conf added test for apply config to swanctl (cherry picked from commit e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5)
2024-02-06Merge pull request #2948 from vyos/mergify/bp/sagitta/pr-2941Christian Breunig
image-tools: T6016: wait for umount in cleanup function (backport #2941)
2024-02-06image-tools: T6016: wait for umount in cleanup functionJohn Estabrook
(cherry picked from commit d80530c48a78dfeb55293494a257f6234b0ef76d)
2024-02-06T5921: Fix OpenConnect verify for local usersViacheslav Hletenko
Fix verify error for the VPN OpenConnect configuration with local authentication and without any user File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 94, in verify if not ocserv["authentication"]["local_users"]: KeyError: 'local_users' (cherry picked from commit 71644dfed63f6248525db3c3bc9493c059707a2a)
2024-02-06Merge pull request #2942 from srividya0208/debug-ipsecViacheslav Hletenko
op-mode:T6015:Fix for charon file generated by ipsec debug script
2024-02-06op-mode:T6015:Fix the charon file generated by ipsec debug scriptsrividya0208