summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rw-r--r--data/templates/firewall/nftables-offload.j216
-rw-r--r--data/templates/firewall/nftables.j236
-rw-r--r--data/templates/frr/bgpd.frr.j214
-rw-r--r--data/templates/frr/isisd.frr.j28
4 files changed, 36 insertions, 38 deletions
diff --git a/data/templates/firewall/nftables-offload.j2 b/data/templates/firewall/nftables-offload.j2
index 6afcd79f7..a893e05b2 100644
--- a/data/templates/firewall/nftables-offload.j2
+++ b/data/templates/firewall/nftables-offload.j2
@@ -1,11 +1,9 @@
-{% macro render_flowtable(name, devices, priority='filter', hardware_offload=false, with_counter=true) %}
-flowtable {{ name }} {
- hook ingress priority {{ priority }}; devices = { {{ devices | join(', ') }} };
-{% if hardware_offload %}
- flags offload;
+{% macro flowtable(name, config) %}
+ flowtable VYOS_FLOWTABLE_{{ name }} {
+ hook ingress priority 0; devices = { {{ config.interface | join(', ') }} };
+{% if config.offload is vyos_defined('hardware') %}
+ flags offload;
{% endif %}
-{% if with_counter %}
- counter
-{% endif %}
-}
+ counter
+ }
{% endmacro %}
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index 1564b3ef8..75800ee3d 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -2,7 +2,7 @@
{% import 'firewall/nftables-defines.j2' as group_tmpl %}
{% import 'firewall/nftables-bridge.j2' as bridge_tmpl %}
-{% import 'firewall/nftables-offload.j2' as offload %}
+{% import 'firewall/nftables-offload.j2' as offload_tmpl %}
flush chain raw vyos_global_rpfilter
flush chain ip6 raw vyos_global_rpfilter
@@ -34,6 +34,12 @@ delete table ip vyos_filter
{% endif %}
table ip vyos_filter {
{% if ipv4 is vyos_defined %}
+{% if flowtable is vyos_defined %}
+{% for name, flowtable_conf in flowtable.items() %}
+{{ offload_tmpl.flowtable(name, flowtable_conf) }}
+{% endfor %}
+{% endif %}
+
{% set ns = namespace(sets=[]) %}
{% if ipv4.forward is vyos_defined %}
{% for prior, conf in ipv4.forward.items() %}
@@ -153,6 +159,12 @@ delete table ip6 vyos_filter
{% endif %}
table ip6 vyos_filter {
{% if ipv6 is vyos_defined %}
+{% if flowtable is vyos_defined %}
+{% for name, flowtable_conf in flowtable.items() %}
+{{ offload_tmpl.flowtable(name, flowtable_conf) }}
+{% endfor %}
+{% endif %}
+
{% set ns = namespace(sets=[]) %}
{% if ipv6.forward is vyos_defined %}
{% for prior, conf in ipv6.forward.items() %}
@@ -255,29 +267,7 @@ table ip6 vyos_filter {
{% if first_install is not vyos_defined %}
delete table bridge vyos_filter
{% endif %}
-{% if bridge is vyos_defined %}
table bridge vyos_filter {
{{ bridge_tmpl.bridge(bridge) }}
{{ group_tmpl.groups(group, False, False) }}
}
-{% endif %}
-
-{% if first_install is not vyos_defined %}
-delete table inet vyos_offload
-{% endif %}
-table inet vyos_offload {
-{% if global_options.flow_offload.hardware.interface is vyos_defined %}
- {{- offload.render_flowtable('VYOS_FLOWTABLE_hardware', global_options.flow_offload.hardware.interface | list, priority='filter - 2', hardware_offload=true) }}
- chain VYOS_OFFLOAD_hardware {
- type filter hook forward priority filter - 2; policy accept;
- ct state { established, related } meta l4proto { tcp, udp } flow add @VYOS_FLOWTABLE_hardware
- }
-{% endif %}
-{% if global_options.flow_offload.software.interface is vyos_defined %}
- {{- offload.render_flowtable('VYOS_FLOWTABLE_software', global_options.flow_offload.software.interface | list, priority='filter - 1') }}
- chain VYOS_OFFLOAD_software {
- type filter hook forward priority filter - 1; policy accept;
- ct state { established, related } meta l4proto { tcp, udp } flow add @VYOS_FLOWTABLE_software
- }
-{% endif %}
-}
diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2
index e1c102e16..d724dbd79 100644
--- a/data/templates/frr/bgpd.frr.j2
+++ b/data/templates/frr/bgpd.frr.j2
@@ -29,13 +29,14 @@
neighbor {{ neighbor }} bfd profile {{ config.bfd.profile }}
{% endif %}
{% endif %}
-{% if config.capability is vyos_defined %}
-{% if config.capability.dynamic is vyos_defined %}
+{% if config.capability.dynamic is vyos_defined %}
neighbor {{ neighbor }} capability dynamic
-{% endif %}
-{% if config.capability.extended_nexthop is vyos_defined %}
+{% endif %}
+{% if config.capability.extended_nexthop is vyos_defined %}
neighbor {{ neighbor }} capability extended-nexthop
-{% endif %}
+{% endif %}
+{% if config.capability.software_version is vyos_defined %}
+ neighbor {{ neighbor }} capability software-version
{% endif %}
{% if config.description is vyos_defined %}
neighbor {{ neighbor }} description {{ config.description }}
@@ -77,6 +78,9 @@
{% if config.path_attribute.discard is vyos_defined %}
neighbor {{ neighbor }} path-attribute discard {{ config.path_attribute.discard }}
{% endif %}
+{% if config.path_attribute.treat_as_withdraw is vyos_defined %}
+ neighbor {{ neighbor }} path-attribute treat-as-withdraw {{ config.path_attribute.treat_as_withdraw }}
+{% endif %}
{% if config.port is vyos_defined %}
neighbor {{ neighbor }} port {{ config.port }}
{% endif %}
diff --git a/data/templates/frr/isisd.frr.j2 b/data/templates/frr/isisd.frr.j2
index 3c37e28b9..dbb8c7305 100644
--- a/data/templates/frr/isisd.frr.j2
+++ b/data/templates/frr/isisd.frr.j2
@@ -58,6 +58,12 @@ exit
!
router isis VyOS {{ 'vrf ' + vrf if vrf is vyos_defined }}
net {{ net }}
+{% if advertise_high_metrics is vyos_defined %}
+advertise-high-metrics
+{% endif %}
+{% if advertise_passive_only is vyos_defined %}
+advertise-passive-only
+{% endif %}
{% if dynamic_hostname is vyos_defined %}
hostname dynamic
{% endif %}
@@ -191,4 +197,4 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is vyos_defined }}
is-type {{ level }}
{% endif %}
exit
-! \ No newline at end of file
+!
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-28 11:43:27 +0000