VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) https://git.amelek.net/marekm72/vyos-1x.git/atom?h=1.3.3-epa1 2023-02-23T11:42:39+00:00 2023-02-23T11:42:39+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-02-20T11:54:36+00:00 urn:sha1:05d0f593bbfe9c85c690f6e4cddfb257a835906e Multicast has not been implemented for the tunnel interfaces. We have only configuration CLI commands that do anything. Fix it. ip link set dev <tag> multicast on ip link set dev <tag> multicast off (cherry picked from commit ac821d0d1764e9623015e04c5158a06c00ab370b) 2023-02-12T20:00:53+00:00 Christian Breunig christian@breunig.cc 2023-02-12T20:00:53+00:00 urn:sha1:b6290329f2d6f5d05a8ff577f0be8a7e0f0ebdee Replace links to the phabricator site from https://phabricator.vyos.net to https://vyos.dev (cherry-picked form commit bd9416a6aa9d5d0a746dc2cebc8d0330fd27d1a2) 2022-10-03T12:00:29+00:00 Christian Poessinger christian@poessinger.com 2022-10-03T12:00:29+00:00 urn:sha1:8560c1cc38f9104fe0d12fe72e0312c52afa9c08 wireguard: T4702: actively revoke peer if it gets disabled 2022-09-24T17:56:53+00:00 Christian Poessinger christian@poessinger.com 2022-09-24T17:27:16+00:00 urn:sha1:23e92590334ad179befdffd3e181e1b48a6d07f7 The initial implementation in commit 9fb9e5cade ("ethernet: T3171: add CLI option to enable RPS (Receive Packet Steering)" only changed the CPU affinity for RX queue 0. This commit takes all RX queues into account. (cherry picked from commit 13645bc2cfd31f1525078469f23e89491987e0ea) 2022-09-17T19:10:04+00:00 Christian Poessinger christian@poessinger.com 2022-09-17T18:36:22+00:00 urn:sha1:99b63a1eb5a4441aba4bd0c8908007450ceb7d1c When any configured peer is set to `disable` while the Wireguard tunnel is up and running it does not get actively revoked and removed. This poses a security risk as connections keep beeing alive. Whenever any parameter of a peer changes we actively remove the peer and fully recreate it on the fly. (cherry picked from commit a4feb96af9ac45aff41ded1744cf302b5c5a9e7e) 2022-09-02T11:36:45+00:00 initramfs initramfs@initramfs.io 2022-09-01T12:51:21+00:00 urn:sha1:0f1d29ac0480dc202595b96357789e6d15d49f2c Fixes several bugs around bonding member interface states not matching the committed configuration, including: - Disabled removed interfaces coming back up - Newly added disabled interfaces not staying down - Newly added interfaces not showing up in the bond 2022-08-29T18:40:24+00:00 Christian Poessinger christian@poessinger.com 2022-08-29T18:36:20+00:00 urn:sha1:27b94505582fb4f4c0c9188e8cc2026700a5a3bd Commit 31169fa8a763e ("vyos.ifconfig: T3619: only set offloading options if supported by NIC") added the new implementation which handles NIC offloading. Unfortunately every single implementation was copied from "gro" which resulted in a change to gro for each offloading option - thus options like lro, sg, tso had no effect at all. It all comes down to copy/paste errors ... one way or another. (cherry picked from commit b01f27b3bb3f4cbc6096011856d83009d0440313) 2022-08-22T15:56:50+00:00 Christian Poessinger christian@poessinger.com 2022-08-22T15:52:58+00:00 urn:sha1:3b6f8bf8f7499af4a6841e5e1f1dafae9db55c38 The VLAN aware bridge was forwarding traffic between member ports, but traffic destined torwards the CPU was dropped. This resulted in a gateway not reachable or DHCP leases that could not be handed out. Tested via: VyOS set interfaces bridge br0 enable-vlan set interfaces bridge br0 member interface eth1 allowed-vlan '10' set interfaces bridge br0 member interface eth1 allowed-vlan '20' set interfaces bridge br0 member interface eth1 allowed-vlan '30' set interfaces bridge br0 member interface eth1 allowed-vlan '40' set interfaces bridge br0 member interface eth1 native-vlan '40' set interfaces bridge br0 member interface eth2 allowed-vlan '30' set interfaces bridge br0 member interface eth2 allowed-vlan '20' set interfaces bridge br0 member interface eth2 allowed-vlan '10' set interfaces bridge br0 member interface eth2 allowed-vlan '40' set interfaces bridge br0 vif 10 address '10.0.10.1/24' set interfaces bridge br0 vif 20 address '10.0.20.1/24' set interfaces bridge br0 vif 30 address '10.0.30.1/24' set interfaces bridge br0 vif 40 address '10.0.40.1/24' Arista vEOS vlan 10,20,30,40 interface Ethernet1 switchport trunk allowed vlan 10,20,30,40 interface Vlan10 ip address 10.0.10.2/24 interface Vlan20 ip address 10.0.20.2/24 interface Vlan30 ip address 10.0.30.2/24 interface Vlan40 ip address 10.0.40.2/24 interface Ethernet1 switchport trunk allowed vlan 10,20,30,40 switchport mode trunk spanning-tree portfast Cisco vIOS interface GigabitEthernet0/0 ip address 10.0.40.3 255.255.255.0 duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip address 10.0.10.3 255.255.255.0 ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip address 10.0.20.3 255.255.255.0 ! interface GigabitEthernet0/0.30 encapsulation dot1Q 30 ip address 10.0.30.3 255.255.255.0 ! (cherry picked from commit f60d0e1ce029925b843f635b36154c90049b9577) 2022-08-04T14:41:13+00:00 Daniil Baturin daniil@vyos.io 2022-08-04T14:41:13+00:00 urn:sha1:c8ba6bc59d981309552c90e845c560ec2bd9b21c mtu: T4572: Add DHCP-option MTU to get values from DHCP-server 2022-08-01T16:24:38+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-08-01T13:19:53+00:00 urn:sha1:67583141f433c31ebccc8eeba06b2b285636e680 Ability to get MTU from DHCP-server and don't touch it per any interface change if interface 'dhcp-options mtu' is configured (cherry picked from commit 29b0ee30bf2622a40ca3d17e3f6b9e94e5b62072)