Age | Commit message (Collapse) | Author |
|
since it's not supported.
(cherry picked from commit 9d490ecf616eb9d019beee37a3802705c4109d9d)
|
|
T5254: Deleted extra file git (backport #2910)
|
|
Deleted extra file git.
(cherry picked from commit 5602f9fda633c58c6c986e5e649696e982d4d245)
|
|
reverse-proxy: T5999: Allow root for exact match in backend rule URL (backport #2908)
|
|
(cherry picked from commit f2c6cb62521bf13a51225462e8d39ee184645de1)
|
|
rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix' (backport #2906)
|
|
(cherry picked from commit c23775d29fd3bebbfd6ae9483fd12f2fb643c9a2)
|
|
system-option: T5979: Add configurable kernel boot options (backport #2886)
|
|
vrf: T5973: multiple bugfixes and improvements (backport #2877)
|
|
A code path was missing to check if only priority is available in the result of
"ip --json -4 rule show", in the case of l3mdev it's a dedicated key!
(cherry picked from commit a009143a62caca207fdffffcf0b490c747a87025)
|
|
There is no need to add and remove this table during runtime - it can lurk
in the standard firewall init code.
(cherry picked from commit 89f0d347bfe5e468355817a617dc71823a58c284)
|
|
This prevents the following error when configuring the first VRF:
sysctl: cannot stat /proc/sys/net/vrf/strict_mode: No such file or directory
(cherry picked from commit a821b8c603999665ce8a77acb0e44a743811992a)
|
|
https: T6000: fix error in migration of path https certbot (backport #2902)
|
|
(cherry picked from commit f057075409b024a18ea8a39b5e128fcde988c00e)
|
|
remote: T5994: fix typo in check_storage for Ftp class (backport #2899)
|
|
image-tools: T5988: validate image name in add_image (backport #2898)
|
|
Add missing name validation in add_image, and fix typo in error msg
string.
(cherry picked from commit 0a66ba35d12f0451a88ed7cc3e3ae2ae90e38d6e)
|
|
(cherry picked from commit 858ccb20b3e0c326fc7b7f791bd6798cf15b6b46)
|
|
image-tools: T5983: fix regression in prune_vyos_versions (backport #2893)
|
|
(cherry picked from commit d603b1e3b2d0edb5a996b687236c12b50ad60259)
|
|
T5817: Fix for show openvpn server (backport #2619)
|
|
In some cases we can get error:
```
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 173, in <module>
data = get_status(args.mode, intf)
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 130, in get_status
client["tunnel"] = get_vpn_tunnel_address(client['remote'], interface)
File "/usr/libexec/vyos/op_mode/show_openvpn.py", line 66, in get_vpn_tunnel_address
tunnel_ip = lst[0].split(',')[0]
IndexError: list index out of range
```
(cherry picked from commit 58683a2444877bb989929625ad40a7d76259075d)
|
|
(cherry picked from commit 256346a66cc3bb20e93c68245ebca2f68f42e7b5)
|
|
(cherry picked from commit 1b1569d5b88a20994fc65fd529f8103db371bf3f)
|
|
bfd: T5967: add minimum-ttl option (backport #2884)
|
|
* set protocols bfd peer <x.x.x.x> minimum-ttl <1-254>
* set protocols bfd profile <name> minimum-ttl <1-254>
(cherry picked from commit 1f07dcbddfcfdbb9079936ec479c5633934dd547)
|
|
ethernet: T5978: hw-tc-offload does not actually get enabled on the NIC (backport #2881)
|
|
Typo (missaligned -/_) in the code causes hw-tc-offload to never be enabled in
the underlaying hardware via ethtool.
(cherry picked from commit bfb7e4f2b3743ae3c9a132daf4e2109e90d27f26)
|
|
dhcp: T5787: Allow disabled duplicates on static-mapping (backport)
|
|
|
|
op-mode: T5975: add missing 2FA OTP commands and other op-mode permission fixes
|
|
|
|
|
|
|
|
|
|
T5957: fix removal of interface in firewall rules. (backport #2873)
|
|
op-mode: T5969: list multicast group membership (backport #2871)
|
|
cpo@LR1.wue3:~$ show ip multicast group interface eth0.201
Interface Family Address
----------- -------- ---------
eth0.201 inet 224.0.0.6
eth0.201 inet 224.0.0.5
eth0.201 inet 224.0.0.1
cpo@LR1.wue3:~$ show ipv6 multicast group interface eth0
Interface Family Address
----------- -------- -----------------
eth0 inet6 ff02::1:ff00:0
eth0 inet6 ff02::1:ffbf:c56d
eth0 inet6 ff05::2
eth0 inet6 ff01::2
eth0 inet6 ff02::2
eth0 inet6 ff02::1
eth0 inet6 ff01::1
(cherry picked from commit 3eea8dbed1bd201373eb8a452239d9565d468b33)
|
|
T5958: QoS add basic implementation of policy shaper-hfsc (backport #2852)
|
|
ethernet: T4638: add smoketests verifying there are no stale VLAN interfaces left (backport #2867)
|
|
left
This extends commit 7ba47f027 ("ethernet: T4638: deleting parent interface does
not delete underlying VIFs") with a smoketests ensure no VIFs are left behind.
(cherry picked from commit e390d0080d1a15b18ede49f1f2472ef940145c19)
|
|
(cherry picked from commit 0a436e1fce66391311799bc970f05f6f4ba880ad)
|
|
QoS policy shaper-hfsc was not implemented after rewriting the
traffic-policy to qos policy. We had CLI but it does not use the
correct class. Add a basic implementation of policy shaper-hfsc.
Write the class `TrafficShaperHFS`
(cherry picked from commit f6b6ee636e34f98d336ee53599666afd1f395d78)
|
|
sflow: T5968: add VRF support (backport #2869)
|
|
Add support to run hsflowd in a dedicated (e.g. management) VRF.
Command will be "set system sflow vrf <name>" like with any other service
(cherry picked from commit 64473fa6f320375fb3d3de4de9e729f456ee5ae2)
|
|
firewall: T5729: T5681: T5217: backport subsystem from current branch
|
|
This is a combined backport for all accumulated changes done to the firewall
subsystem on the current branch.
|
|
ntp: T5692: add support to configure leap second behavior (backport #2863)
|
|
T5961: Fix QoS policy shaper class match vif (backport #2862)
|
|
* set service ntp leap-second [ignore|smear|system|timezone]
Where timezone is the new and old default resulting in adding "leapsectz right/UTC"
to chrony.conf. The most prominent new option is "smear" which will add
leapsecmode slew
maxslewrate 1000
smoothtime 400 0.001 leaponly
to chrony.
See https://chrony-project.org/doc/4.3/chrony.conf.html leapsecmode for
additional information
(cherry picked from commit 7ae064bab0010dff8827a0ed5e1239d2778dc7c1)
|