summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2021-08-23containers: T2216: add missing verify() step on environment variablesChristian Poessinger
A environment variable MUST always have a value specified. Non existing values will cause the following error: Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/containers.py", line 269, in <module> apply(c) File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in apply env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items()) File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in <genexpr> env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items()) KeyError: 'value'
2021-08-21pppoe: T3090: migrate to vyos.ifconfig library to use the full potentialChristian Poessinger
Now that MSS clamping is done on the "per-interface" level the entire PPPoE stuff would have needed to get a full copy in GNU BASH for this or, participate in the common library. Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the vyos.ifconfig.PPPoEIf.update() function to configure everything as done with all other interfaces. This removes duplicated code for VRF assignment and route installation when a PPPoE interface is brought up or down.
2021-08-21wwan: T3620: remove superfluous import statementChristian Poessinger
WWAN does no londer need to render any configuration files.
2021-08-21interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" ↵Christian Poessinger
level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value.
2021-08-21udev: T2490: fix substitution error reported by udevChristian Poessinger
2021-08-21nhrp: T3599: move PID file to /run/opennhrpChristian Poessinger
2021-08-20bgp: T3759: add IPv4/IPv6 unicast AFI route-map for VPN import/exportChristian Poessinger
This adds the following new commands: set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in
2021-08-18bgp: evpn: T1513: VNI rt and rd are only supported under EVPN VRFChristian Poessinger
2021-08-18nat: T2198: remove superfluous else clause on missing outbound-interfaceChristian Poessinger
2021-08-18nptv6: T2518: remove superfluous else clause on missing outbound-interfaceChristian Poessinger
2021-08-18nptv6: T2518: add missing verify() stage for mandatory translation addressChristian Poessinger
2021-08-18nat66: ndppd: T2518: rename Jinja2 template folder to match common naming ↵Christian Poessinger
convention
2021-08-18policy: T2425: import exact Perl match criteria for large-community-listChristian Poessinger
2021-08-17bgp: T3759: add l3vpn "import vrf" commandsChristian Poessinger
2021-08-17bgp: T2771: adjust verify() logic to common coding style for validationChristian Poessinger
2021-08-17policy: T2425: add missing validator for large-community-listsChristian Poessinger
without the validators FRR commit errors would happen.
2021-08-16conntrack: T3579: bugfix when deleting non existent iptable rulesChristian Poessinger
We only delete iptables rules if they really exist - if we try to delete a non- existing rule a PermissionError exception is thrown. We could either ignore the error code (that is what the old Vyatta code did), or we check what we are doing beforehand.
2021-08-16conntrack: T3579: remove debug print()Christian Poessinger
2021-08-16ospf: T3757: verify() bugfix for interface areaChristian Poessinger
Commit 6f87d8c9 ("ospf: T3757: support to configure area at an interface level") did not allow the old way an area and netwokr was set-up as the if expression was missing a check if 'area' was set in both the interface and the ospf process.
2021-08-15pbr: T3702: Fix incorrect splits for fwmarkViacheslav
2021-08-15ospf: T3757: support to configure area at an interface levelChristian Poessinger
FRR supports configuring either network prefixes per area, or assign an interface to an area to participate in the routing process. This is already well known from other venders and supported by FRR. A valid VyOS OSPF configuration would then look like: vyos@vyos# show protocols ospf { interface dum0 { area 0 } interface eth0.201 { area 0 authentication { md5 { key-id 10 { md5-key vyos } } } dead-interval 40 hello-interval 10 priority 1 retransmit-interval 5 transmit-delay 1 } log-adjacency-changes { detail } parameters { abr-type cisco router-id 172.18.254.201 } passive-interface default passive-interface-exclude eth0.201 }
2021-08-15wireguard: T3756: fix generated qr code headerBoris Manojlovic
2021-08-15Merge pull request #944 from sever-sever/T3702Christian Poessinger
pbr: T3702: Add rules match fwmark
2021-08-15Merge pull request #970 from jack9603301/T3648Christian Poessinger
op-mode: nat: T3648: Modify the operation mode script implementation of NAT to fix the existing problem
2021-08-15conntrack: T3275: migrate 'disable' syntax to 'enable' syntax for the new ↵Lulu Cathrinus Grimalkin
default behavior
2021-08-14op-mode: ipsec: T3745: "show vpn ipse sa" improve sortingChristian Poessinger
2021-08-14ospf: T3236: use proper daemon named template fileChristian Poessinger
2021-08-14op-mode: nat: T3648: Modify the operation mode script implementation of NAT ↵jack9603301
to fix the existing problem
2021-08-13vrf: T3734: T3728: vni must be configured with a higher priority then bgpdChristian Poessinger
When removing bgp (vrf) instances the assigned VRF vni must be deleted from FRR prior the removal of the bgp settings (T3734). This is now done by moving the CLI command "set vrf name red vni 1000" to a dedicated Python script with a priority higher then bgp.
2021-08-13Merge pull request #969 from sarthurdev/T3752Christian Poessinger
pki: T3752: Fix file output for certificate requests
2021-08-13pki: T3752: Fix file output for certificate requestssarthurdev
2021-08-13openvpn: T3738: Disable authentication option for server modeViacheslav
2021-08-13Merge pull request #967 from sever-sever/T3708-currChristian Poessinger
isis: T3708: Fix errors in MTU calculation
2021-08-13isis: T3708: Fix errors in MTU calculationViacheslav
2021-08-12T3749: Moving some counters into the proper loopKroy
2021-08-12login: T3746: inform users about pending rebootsChristian Poessinger
2021-08-12Merge pull request #963 from FileGo/T3744Christian Poessinger
dns: T3744: fixed dns fwd statistics formatting
2021-08-12dns: T3744: fixed dns fwd statistics formattingFileGo
2021-08-10snmp: T3709: Allow enable oid ipCidrRouteTableViacheslav
2021-08-10pki: wireguard: T3642: strip private keyChristian Poessinger
Extend regex used by the "| strip-private" modifier to remove the WireGuard private key portion from stdout.
2021-08-09ipsec: T3720: assigning vti secondary address caused interface in A/D stateChristian Poessinger
2021-08-08ipsec: l2tp: T2816: remove duplicate 3des-sha1-modp1024 proposalChristian Poessinger
2021-08-08Merge pull request #956 from Cheeze-It/currentChristian Poessinger
PING: T3634: Fixing do not fragment to Ping
2021-08-06http-api: T2768: add README.graphqlJohn Estabrook
2021-08-06http-api: T2768: example using GraphQL for high-level config operationsJohn Estabrook
2021-08-06Revert "http-api: T2768: example using GraphQL for high-level config operations"John Estabrook
This reverts commit a2b959c50c96698da173b9c4720369a51442cc5c.
2021-08-06Revert "http-api: T2768: add README.graphql"John Estabrook
This reverts commit 4a9063f755b72786c3c5928b2fa74cf1aa935129.
2021-08-06http-api: T2768: add README.graphqlJohn Estabrook
2021-08-06http-api: T2768: example using GraphQL for high-level config operationsJohn Estabrook
2021-08-06frr: T3694: temporary disable VRF VNI assignmentChristian Poessinger
Somehow we hit a priority inversion here as we need to remove the VRF assigned VNI before we can remove a BGP bound VRF instance. Maybe move this to an individual helper script that set's up the VNI for the given VRF after any routing protocol (in our case this was triggered by running "make testc" when building an ISO image by the bgp-rpki config).