- Feed Queries
- All Stories
- Search
- Feed Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Sep 6 2022
Sep 6 2022
GitHub <noreply@github.com> committed rVYOSONEXacd3a42355da: Merge pull request #1524 from jestabro/bridge-op-mode (authored by jestabro).
jestabro changed the status of T4674: API should show op-mode error message, if present from Open to In progress.
jestabro closed T4640: Integrate op-mode exception hierarchy into API, a subtask of T2719: Standardized op mode script structure, as Resolved.
jestabro closed T4640: Integrate op-mode exception hierarchy into API, a subtask of T3993: Extend HTTP API GraphQL support, as Resolved.
jestabro changed the status of T4673: op-mode bridge.py should raise error on show_fdb for nonexistent bridge interface from Open to In progress.
Changes for the inversion operator (--not-range instead of !) have been made. Generalizing exit codes, as suggested in PR comments will be handled in a separate task.
The PR:
initramfs updated the task description for T4671: linux-firmware package is missing symlinks defined in WHENCE file.
zsdc moved T4646: USB serial output console does not work from Finished to Backport Candidates on the VyOS 1.4 Sagitta board.
zsdc moved T4646: USB serial output console does not work from Open to Finished on the VyOS 1.4 Sagitta board.
The serial-getty@ttyUSB0.service seems to work well after the fix. We should backport this to the equuleus as well.
Viacheslav changed the status of T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp) from Open to In progress.
Viacheslav added a comment to T4557: fastnetmon: allow configure limits per protocol (tcp, udp, icmp).
As we have threshold it seems require migration threshold => threshold general
vyos@r14# set service ids ddos-protection threshold Possible completions: fps Flows per second mbps Megabits per second pps Packets per second
Viacheslav closed T4597: Check bind port before assign service HTTPS API and openconnect as Resolved.
Sep 5 2022
Sep 5 2022
PR https://github.com/vyos/vyos-1x/pull/1521
set system update-check auto-check set system update-check url 'http://192.168.122.14:8080/download/image-version.json'
PR for VyOS 1.3
jack9603301 added a comment to T4636: VLAN-Aware bridge not handling local traffic (and not able to perform inter-vlan routing).
When the interface of the bridge registers VLANs, the bridge itself must register the same VLANs at the same time, otherwise the bridge will not forward VLANs
n.fort renamed T4670: policy route - Update matching criteria from policy route - Update matching criterias to policy route - Update matching criteria.
n.fort changed the status of T4651: Firewall - Add options to match packet size from In progress to Needs testing.
jestabro closed T4628: ConfigTree() throws ValueError() if tagNode contains whitespaces as Resolved.
Resolved in T4664: merged in Sagitta; backport candidate for Equuleus 1.3.3.
jestabro closed T4664: Add validation to reject whitespace in tag node value names, a subtask of T4628: ConfigTree() throws ValueError() if tagNode contains whitespaces, as Unknown Status.
jestabro closed T4664: Add validation to reject whitespace in tag node value names as Unknown Status.
vyos@vyos:~$ sudo bridge -c vlan show
port vlan-id
eth0 10
20
eth1 10
20
br0 1 PVID Egress Untaggeddmbaturin renamed T4653: Interface offload options are not applied correctly from Interface offload options not being applied correctly to Interface offload options are not applied correctly.
dmbaturin renamed T4632: VLAN-aware bridge not working from Vlan aware bridge not working to VLAN-aware bridge not working.
dmbaturin set Is it a breaking change? to compatible on T1375: Add clear dhcp server lease function.
dmbaturin changed Is it a breaking change? from none to compatible on T3714: Some sysctl custom parameters disappear after reboot.
dmbaturin changed Issue type from internal to bug on T4324: wwan: check alive script should only be run via cron if a wwan interface is configured at all.
dmbaturin changed Is it a breaking change? from none to compatible on T4350: DMVPN opennhrp spokes dont work behind NAT.
dmbaturin changed Is it a breaking change? from none to compatible on T4405: DHCP client sometimes ignores `no-default-route` option of an interface.
dmbaturin changed Is it a breaking change? from none to compatible on T4510: set system static-host-mapping doesn't allow IPv4 and IPv6 for same name..
initramfs added a comment to T4668: Adding/removing members from bond doesn't work/results in incorrect interface state.
The smoketest seems suspect, the error line has nothing to do with this issue and running the smoketest several times results in tests passing/failing arbitrarily on that line (across multiple tests).
Viacheslav added a comment to T4668: Adding/removing members from bond doesn't work/results in incorrect interface state.
It seems can't pass smoketest
05:47:04 DEBUG - ====================================================================== 05:47:04 DEBUG - FAIL: test_add_multiple_ip_addresses (__main__.BondingInterfaceTest) 05:47:04 DEBUG - ---------------------------------------------------------------------- 05:47:04 DEBUG - Traceback (most recent call last): 05:47:04 DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/base_interfaces_test.py", line 109, in tearDown 05:47:04 DEBUG - self.assertFalse(process_named_running(daemon)) 05:47:04 DEBUG - AssertionError: 8769 is not false 05:47:04 DEBUG - 05:47:04 DEBUG - ------------------
Viacheslav closed T4655: Firewall in 1.4 sets the default action 'accept' instead of 'drop' as Resolved.
Sep 4 2022
Sep 4 2022
c-po moved T4668: Adding/removing members from bond doesn't work/results in incorrect interface state from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4666: EAP-TLS no longer allows TLSv1.0 after T4537, T4584 from Open to Finished on the VyOS 1.4 Sagitta board.
c-po moved T4666: EAP-TLS no longer allows TLSv1.0 after T4537, T4584 from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
c-po added a comment to T4630: Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time.
PR for VyOS 1.3 https://github.com/vyos/vyos-1x/pull/1519
GitHub <noreply@github.com> committed rVYOSONEXb9678136eac7: Merge pull request #1518 from initramfs/equuleus-fix-bond-members (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX11fadf15f8e5: GitHub: change all reviewers to the @vyos/maintainers team (authored by c-po).
GitHub <noreply@github.com> committed rVYOSONEX088f673f5f02: Merge pull request #1498 from initramfs/fix-v6-default-route (authored by c-po).
Sep 3 2022
Sep 3 2022
PR for 1.3 https://github.com/vyos/vyos-build/pull/260
c-po added a project to T4666: EAP-TLS no longer allows TLSv1.0 after T4537, T4584: VyOS 1.3 Equuleus (1.3.3).
c-po changed the status of T4630: Prevent attempts to use the same interface as a source interface for pseudo-ethernet and MACsec at the same time from Open to Needs testing.
GitHub <noreply@github.com> committed rVYOSONEXe7719b7be2f8: Merge pull request #1517 from initramfs/current-fix-bond-members (authored by c-po).
Initial draft; suggested changes and testing to follow:
jestabro changed the status of T4669: Extend numeric.ml for inversion of values and range values from Open to In progress.
Unknown Object (User) added a comment to T3900: Add support for raw tables to firewall.
In T3900#133375, @Viacheslav wrote:Regarding interface groups it will be possible later, after firewall re-design
Viacheslav changed the status of T4666: EAP-TLS no longer allows TLSv1.0 after T4537, T4584 from Open to Needs testing.
Sep 2 2022
Sep 2 2022
chenxiaolong added a comment to T4127: Upgrading from pre-certstore image to certstore image does not handle CA files with multiple certs.
In case anyone comes across this bug report, I submitted a couple PRs to fix this earlier this year: https://phabricator.vyos.net/T4245
chenxiaolong added a project to T4666: EAP-TLS no longer allows TLSv1.0 after T4537, T4584: VyOS 1.4 Sagitta.
I've submitted a PR to reintroduce the patch: https://github.com/vyos/vyos-build/pull/259
Viacheslav changed the status of T4665: Keepalived cannot use same VRID for VRRPv2 and VRRPv3 from In progress to Needs testing.
@daryll-swer For your use case, you can use your tables/chains (not standard names like RAW/MANGLE INPUT/OUTPUT etc.), that won't be cleared by the VyOS firewall CLI
nft add table MYRAW
nft -- add chain ip MYRAW my_chain '{ type filter hook prerouting priority raw; policy accept; }'
nft add rule ip MYRAW my_chain ip saddr 192.0.2.5 counter droproedie added a comment to T3933: The firewall does not filter incoming traffic on the interface with vrf..
In case of filtering on a VRF, would it be an idea to use the MAC address instead of the interface name in the rule?
Sep 2 2022, 7:45 PM · Bugs, VyOS 1.3 Equuleus (1.3.9), VyOS 1.4 Sagitta (1.4.0-GA), Restricted Project
Unknown Object (User) updated subscribers of T3900: Add support for raw tables to firewall.
Has there been any updates on this? @Viacheslav, it would be great to have this functionality on VyOS.
Viacheslav edited projects for T4668: Adding/removing members from bond doesn't work/results in incorrect interface state, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.2).
An example of dict that we can use
{
"images": {
"rolling": {
"latest": {
"arch": "amd64",
"flavors": ["azure"],
"image": "vyos-rolling-latest.iso",
"latest": True,
"lts": False,
"release_date": "2022-09-02",
"release_train": "sagitta",
"version": "1.4-rolling-202209020217"
},
"1.4-rolling-202209020217": {
"arch": "amd64",
"flavors": ["generic"],
"image": "vyos-1.4-rolling-202209020217-amd64.iso",
"latest": True,
"lts": False,
"release_date": "2022-09-02",
"release_train": "sagitta",
"version": "1.4-rolling-202209020217"
},
"1.4-rolling-202208291850": {
"arch": "amd64",
"flavors": ["openstack"],
"image": "vyos-1.4-rolling-202208291850-amd64.iso",
"latest": False,
"lts": False,
"release_date": "2022-08-29",
"release_train": "sagitta",
"version": "1.4-rolling-20220829850"
}
},
"lts": {
"latest": {
"arch": "amd64",
"flavors": ["generic"],
"image": "vyos-1.3-x.iso",
"latest": True,
"lts": True,
"release_date": "2022-xx-xx",
"release_train": "equuleus",
"version": "1.3-stable-202208230511"
}
}
}
}initramfs updated the task description for T4668: Adding/removing members from bond doesn't work/results in incorrect interface state.
Viacheslav changed the subtype of T4668: Adding/removing members from bond doesn't work/results in incorrect interface state from "Task" to "Bug".
I will modify the docs.
Could be a part of T4118
Sep 1 2022
Sep 1 2022