| Age | Commit message (Collapse) | Author |
|---|
|
sudo: T6926: remove spam messages to syslog
|
|
|
|
Right now every command that's executed via op-mode/conf-mode is logged with a
session entry/exit and command execution into syslog.
sudo[1082396]: vyos : TTY=pts/1 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/bin/mv /tmp/config.boot.1082388 /opt/vyatta/etc/config/archive/config.boot
sudo[1082396]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002)
sudo[1082396]: pam_unix(sudo:session): session closed for user root
sudo[1082399]: vyos : TTY=pts/1 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/sbin/logrotate -f -s /opt/vyatta/etc/config/archive/lr.state /opt/vyatta/etc/config/archive/lr.conf
sudo[1082399]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1002)
sudo[1082399]: pam_unix(sudo:session): session closed for user root
This heavily bloats remote logging services - remove the log entries
|
|
op_mode: T6770: Fix op command "show bridge vni"
|
|
|
|
|
|
|
|
ipoe_server: T6872: Add the ability to configure LUA scripts and username
|
|
dhcp: T6692: Fix range options not present when `exclude` is used
|
|
|
|
|
|
Add smoketest to verify range options are present with `exclude`
|
|
|
|
op-mode: T6900: remove uninformative 'show configuration files'
|
|
- Removed default `m1` and `m2` values from interface definitions
- Adjusted filter priorities for shapers
- Fixed SFQ qdisc and HFSC class creation to fully support `m1`, `d`, and `m2` parameters
- Added validation logic similar to VyOS 1.3 to improve error handling and user experience
|
|
|
|
The legacy node and behavior under 'show configuration files' is not
useful as is; remove node and drop script to allow for a useful
repurpose in the future.
|
|
configd: T6899: use multipart message instead of extra exchange
|
|
- Fixed handling of flow isolation parameters.
- Corrected support for `nat` and `nonat` in flow isolation.
- Extended RTT values to cover the full range supported by `tc`.
- Make migration script 2-to-3 qos
|
|
* T6490: Allow creation of wireguard interfaces without requiring peers
|
|
|
|
|
|
T6801: QoS: Policy rate-control is broken by default
|
|
|
|
- Fixed unhandled exception for policy rate-control without params
|
|
T3501: Allow using more than one tuned profile
|
|
T6695: Machine-readable operational mode support for traceroute
|
|
|
|
T4583: Rewrite VRRP op-mode to vyos.opmode format
|
|
|
|
pki: T4914: Rewrite the PKI op mode in the new style
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(cherry picked from commit 3abe7c72c95c3d9b825db08b092c555786e9fbcf)
Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io>
|
|
|
|
config-mgmt: T5976: add option for commit-confirm to use 'soft' rollback
|
|
|
|
cli: T6740: add a converter from set commands to config
|
|
Signed-off-by: Daniil Baturin <daniil@baturin.org>
|
|
pbr: T6430: Local IP rules targeting VRFs by name as well as route table IDs
|
|
* This is the `policy local-route*` part of T6430, manipulating ip rules,
another PR covers firewall-backed `policy route*` for similar functionality
* Local PBR (policy local-route*) can only target table IDs up to 200 and
the previous PR to extend the range was rejected
* PBR with this PR can now also target VRFs directly by name, working around
targeting problems for VRF table IDs outside the overlapping 100-200 range
* Validation ensures rules can't target both a table ID and a VRF name
(internally they are handled the same)
* Relocated TestPolicyRoute.verify_rules() into VyOSUnitTestSHIM.TestCase,
extended to allow lookups in other address families (IPv6 in the new tests).
verify_rules() is used by original pbr and new lpbr smoketests in this PR.
|
|
pki: T6481: auto import ACME certificate chain into CLI
|
|
When using an ACME based certificate with VyOS we provide the necessary PEM
files opaque in the background when using the internal tools. This however will
not properly work with the CA chain portion, as the system is based on the
"pki certificate <name> acme" CLI node of a certificate but CA chains reside
under "pki ca".
This adds support for importing the PEM data of a CA chain issued via ACME into
the "pki ca AUTOCHAIN_<name> certificate" subsystem so it can be queried by
other daemons. Importing the chain only happens, when the chain was not already
added manually by the user.
ACME certificate chains that are automatically added to the CLI are all prefixed
using AUTOCHAIN_certname so they can be consumed by any daemon. This also adds
a safeguard when the intermediate CA changes, the referenced name on the CLI
stays consitent for any pending daemon updates.
|
|
static: T4283: fix missing f'ormat string
|
|
|
|
This fixes the error message:
Can not use both blackhole and reject for prefix "{prefix}"!
Added in commit bb78f3a9ad28 ("static: T4283: support "reject" routes - emit an
ICMP unreachable when matched")
|
