Age | Commit message (Collapse) | Author |
|
conntrack: T6147: Enable conntrack when firewall state-policy is defined (backport #3159)
|
|
bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filtering (backport #3158)
|
|
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType
value of 0x88A8 is required.
Reusing CLI command from VIF-S (QinQ) interfaces:
set interfaces bridge br0 protocol 802.1ad
(cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
|
|
* Move global state-policy smoketest to it's own test, verify conntrack
(cherry picked from commit 62bda3b082a79c2f31483dba5bfeb19464f6dbe2)
|
|
T6143: Increase configurable timeout range for service config-sync (backport #3155)
|
|
The maximum timeout for the `service config-sync` is 300 seconds
(Connection API timeout). It could not be enough for the real massive
configurations.
Increase the maximum value to 3600
```
set service config-sync secondary address 192.0.2.1
set service config-sync secondary timeout 3600
```
(cherry picked from commit 4a90e00a886397d9f4202b78cc8995ed93d40014)
|
|
qos: T1871: add MTU option when configure limiter traffic-policy (backport #3131)
|
|
add mtu to default and specified class
update smoke test
(cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
|
|
T6138: Fix op-mode show conntrack table with flowtable offloads (backport #3150)
|
|
T6136: add error checks when using dynamic firewall groups (backport #3146)
|
|
The op-mode command `show conntrack table ipv4` fails if gets a
conntrack entrie with `flowtable` offload. Those entries do not
have key `timeout`
```
File "/usr/libexec/vyos/op_mode/conntrack.py", line 115, in get_formatted_output
timeout = meta['timeout']
~~~~^^^^^^^^^^^
```
Use the timeout `n/a` for those offload conntrack entries
(cherry picked from commit a75be3b6814dd39711c157c29405ee6bd83993f5)
|
|
T6127: Fixed show log firewall for rule with offload (backport #3145)
|
|
op-mode: T6133: add support to manually trigger commit-archive update (backport #3143)
|
|
(cherry picked from commit e2df1f4929774792c1d4bfb78c2dfa5bdf7f0825)
|
|
(cherry picked from commit d1fb9eddd9017ffbcd9e0d43209700649da2cc57)
|
|
(cherry picked from commit 326db209ab5c907ddb93f29b484c423c68f1ee36)
|
|
(cherry picked from commit 1f3df2d63561ea9c6dd64d1d9292920274964ca3)
|
|
Automatic update of the remote commit-archive could fail under certian
circumstances, add an op-mode command to manually trigger the update:
cpo@LR1.wue3# run force commit-archive
Archiving config...
git+https://git.FOOO.de/cpo/vyos-config-backup [edit]
(cherry picked from commit 09de453194e9f8e7aa5dcb2e5c8de5a89e82708d)
|
|
T6121: Extend service config-sync to new sections (backport #3132)
|
|
Extend `service config-sync` with new sections:
- LeafNodes: pki, policy, vpn, vrf (syncs the whole sections)
- Nodes: interfaces, protocols, service (syncs subsections)
In this cae the Node allows to uses the next level section
i.e subsection
For example any of the subsection of the node `interfaces`:
- set service config-sync section interfaces pseudo-ethernet
- set service config-sync section interfaces virtual-ethernet
Example of the config:
```
set service config-sync mode 'load'
set service config-sync secondary address '192.0.2.1'
set service config-sync secondary key 'xxx'
set service config-sync section firewall
set service config-sync section interfaces pseudo-ethernet
set service config-sync section interfaces virtual-ethernet
set service config-sync section nat
set service config-sync section nat66
set service config-sync section protocols static
set service config-sync section pki
set service config-sync section vrf
```
(cherry picked from commit 25b611f504521181f85cb4460bfdfd702c377b5e)
|
|
policy: T6129: add route-map option "as-path exclude all" (backport #3139)
|
|
T6133: append domain-name to commit-archive if defined (backport #3140)
|
|
Remove all AS numbers from the AS_PATH of the BGP path's NLRI.
set policy route-map <name> rule <rule> set as-path exclude all
(cherry picked from commit 16395c902ff79fcb34019a6d499467488ed45849)
|
|
(cherry picked from commit 4291a1a423c3cbbae9e4142575b36d6fbe1c126f)
|
|
T6090: policy: fix migration script (backport #3137)
|
|
occurs also if only <policy route> is defined.
(cherry picked from commit 1048f49e403d7ce3df379bbf48e7fcc60a74e67b)
|
|
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s (backport #3135)
|
|
xml: T3642: improve PKI CLI help string (backport #3133)
|
|
(cherry picked from commit 7ca0ad91744044f74690179eaec4160d9c4fee65)
|
|
(cherry picked from commit 63de63f43aaa720993faf06ba2789789d87d63c6)
|
|
(cherry picked from commit d6226d60dce4a46c9fa63adbf85f2df86c7bd1b1)
|
|
radvd: T6118: add nat64prefix support RFC8781 (backport #3125)
|
|
T2447: add configurable kernel boot option 'disable-power-saving' (backport #3093)
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
(cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
|
|
grub: T4548: Fixed GRUB configuration files order (backport #3126)
|
|
Lower available CPU C states to a minimum if this option set. This will set
Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1".
(cherry picked from commit 3a3e0dff4ff1f80835eca6b2362d792e3ecacc8e)
|
|
To iterate files on ext* file systems GRUB reads their inodes one by one,
ignoring names. This breaks our configuration logic that relies on proper
loading order.
This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB
configuration files are created. It recreates files, changing their inodes in a
way where inodes order matches alphabetical order.
(cherry picked from commit f74923202311e853b677e52cd83bae2be9605c26)
|
|
conntrack: T5080: Fix rule order for applied conntrack modules (backport #3123)
|
|
(cherry picked from commit 1fbda31623054ee944d063f738e4d1d4170341ef)
|
|
vrrp: T6020: vrrp health-check script not applied correctly in keepal…
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
dhcp-client: T6093: extend regex for client class-id's with DOT (backport #3117)
|
|
xml: T6098: relax description constraint to allow non-ascii characters (backport #3110)
|
|
A restriction to ascii in the constraint disallowed earlier support for
unicode bytes.
(cherry picked from commit 66b92e1cd4ec948c1e2df4bee9b21da9633f5bd8)
|
|
xml: T5738: revert invalid change from lower character limit - 0 length must be allowed (backport #3115)
|
|
The regex used is not working if the string contains dots.
Originally authored by: Lucas <pinheirolucas@pm.me>
(cherry picked from commit c8670ae7941a8bac31e2174d4c6426b47272bfcc)
|
|
be allowed
This reverts a change from commit a72ededa0 ("xml: T5738: lower maximum
description to 255 characters") which incresaed the lower limit from 0 to 1.
We actually require 0 length value for description nodes as introduced in
commit 6eea12512e ("xml: T1579: allow zero length for description").
(cherry picked from commit 724c685cba423758bece827d6d286815933ba912)
|
|
firewall: T6071: truncate rule description field to 255 characters (backport #3113)
|
|
(cherry picked from commit 259ef4740413b39da9b122db19c549eeec88114c)
|
|
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field.
(cherry picked from commit a72ededa0b29c25efaab52f2db170c34eba50248)
|