summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-11-16Merge pull request #2497 from vyos/mergify/bp/sagitta/pr-2495Christian Breunig
T3983: show pki certificate Doesnt show x509 certificates (backport #2495)
2023-11-16T3983: show pki certificate Doesnt show x509 certificatesJeffWDH
(cherry picked from commit 36de14913e0f4370d7c4e2828032a5378d3bba77)
2023-11-16Merge pull request #2489 from vyos/mergify/bp/sagitta/pr-2476Christian Breunig
pim(6): T5733: add missing FRR related features (backport #2476)
2023-11-16Merge pull request #2496 from vyos/mergify/bp/sagitta/pr-2481Christian Breunig
smoketest: Extend HTTP-API tests (backport #2481)
2023-11-16smoketest: Extend HTTP-API testsViacheslav Hletenko
(cherry picked from commit 15b5ede2cdd65af441be6de89b8b1df6d186f874)
2023-11-16Merge pull request #2494 from vyos/mergify/bp/sagitta/pr-2491Christian Breunig
T5747: op-mode add show interfaces summary (backport #2491)
2023-11-16T5747: op-mode add MAC and MTU for show interfaces summaryViacheslav Hletenko
Add op-mode "show interfaces summary" Add MAC, VRF and MTU options: vyos@r4# run show interfaces summary Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1 eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2 eth3 - 52:54:00:09:a4:b4 default 1500 A/D (cherry picked from commit dc3906f04fbfe8014531e092a77c1c8c2d10dfe0)
2023-11-16Merge pull request #2493 from vyos/mergify/bp/sagitta/pr-2490Christian Breunig
op-mode: vrf: T5150: add "show vrf vni" and "show vrf <name> vni" commands (backport #2490)
2023-11-16op-mode: vrf: T5150: add "show vrf vni" and "show vrf <name> vni" commandsChristian Breunig
vyos@vyos:~$ show vrf vni VRF VNI VxLAN IF L3-SVI State Rmac blue 2000 None None Down None green 3000 None None Down None red 1000 None None Down None vyos@vyos:~$ show vrf blue vni VRF VNI VxLAN IF L3-SVI State Rmac blue 2000 None None Down None (cherry picked from commit 2fb763ffbc5c5babe552ec97c06570c54ea4aad8)
2023-11-15pim: T5733: incorporate feedback from peer reviewChristian Breunig
(cherry picked from commit 64b4cfc71d402222fd6b034336b3588b5986ba24)
2023-11-15pim6: T5733: add missing FRR PIM6 related featuresChristian Breunig
(cherry picked from commit 403d2ffd6e46cb082b1d16ddf515e1784bee968c) # Conflicts: # data/templates/frr/pim6d.frr.j2 # interface-definitions/protocols-pim6.xml.in # smoketest/scripts/cli/test_protocols_pim6.py # src/conf_mode/protocols_pim6.py
2023-11-15igmp: T5736: support per interface "disable" CLI nodeChristian Breunig
(cherry picked from commit 6ce2ecb10884a4b79a7643e22596a2d03d805a91)
2023-11-15pim: T5733: fix CLI level of global PIM commandsChristian Breunig
(cherry picked from commit dd13213ae94f071bc30cc17f5fabef02fbf95939)
2023-11-15igmp: T5736: migrate "protocols igmp" to "protocols pim"Christian Breunig
IGMP and PIM are two different but related things. FRR has both combined in pimd. As we use get_config_dict() and FRR reload it is better to have both centrally stored under the same CLI node (as FRR does, too) to just "fire and forget" the commit to the daemon. "set protocols igmp interface eth1" -> "set protocols pim interface eth1 igmp" (cherry picked from commit bc83fb097719f5c4c803808572f690fbc367b9e5)
2023-11-15pim: T5733: rename watermark-warn -> watermark-warningChristian Breunig
(cherry picked from commit 45ea9ed72ee11809f69619a40ae243df562de39f)
2023-11-15pim: T5733: split out XML definitions to be re-used by pim6Christian Breunig
(cherry picked from commit c5e2c25f8968c0f06a9e4e992decc46a4f690868)
2023-11-15pim: T5733: add missing FRR PIM related featuresChristian Breunig
Migrate CLI configuration retrival to common get_config_dict(). In addition add new functionality to VyOS that is PIM related and already available in FRR. (cherry picked from commit 9abc02edcc237760f1f8aa1b3f08d7f4d18f866c) # Conflicts: # python/vyos/frr.py # src/op_mode/restart_frr.py
2023-11-15Merge pull request #2487 from vyos/mergify/bp/sagitta/pr-2486Daniil Baturin
T5732: generate firewall rule-resequence drops geoip country-code fro… (backport #2486)
2023-11-15T5732: generate firewall rule-resequence drops geoip country-code from outputJeffWDH
(cherry picked from commit aa7a5131a5d1bd901ffdc7670a62bad8218147ab)
2023-11-15Merge pull request #2474 from vyos/mergify/bp/sagitta/pr-2435Christian Breunig
mtr: T5658: Add VRF support for mtr (+ op_mode wrapper) (backport #2435)
2023-11-15Merge pull request #2484 from vyos/mergify/bp/sagitta/pr-2479Christian Breunig
xml: T5738: add source-address-ipv4-ipv6-multi building block (backport #2479)
2023-11-15Merge pull request #2485 from vyos/mergify/bp/sagitta/pr-2483Christian Breunig
remote: T5726: Disable the progressbar if the shell is noninteractive or the terminal is missing capabilities (backport #2483)
2023-11-15Merge pull request #2478 from nicolas-fort/T5729-SagittaChristian Breunig
T5729: firewall: multiple backports
2023-11-15remote: T5726: Disable the progressbar if the shell is noninteractive or the ↵erkin
terminal is missing capabilities (cherry picked from commit 59b432b97e361f3f5670302f51881ee596afe2f8)
2023-11-14xml: T5738: add source-address-ipv4-ipv6-multi building blockChristian Breunig
(cherry picked from commit dccca4307339d13e5c3ae78058194baf2fd04002)
2023-11-14Merge pull request #2482 from vyos/mergify/bp/sagitta/pr-2475Christian Breunig
T5728: OpenVPN server replace first_host_address to vpn_gateway (backport #2475)
2023-11-14T5728: OpenVPN server replace first_host_address to vpn_gatewayViacheslav Hletenko
Some OpenVPN clients (OpenVPN3) do not understand address of gateway for the pushed networks. It leads that pushed routes are not installed at all. Replace `subnet | first_host_address` to the `vpn_gateway` to fix it (cherry picked from commit 480711c329a38b773bb0b8f64f0e50dfc4ea4437)
2023-11-14T5729: T5590: T5616: backport to sagita fwall marks, fix on firewall logs ↵Nicolas Fort
parsing, and migration to valueless node for log and state matchers
2023-11-13Merge pull request #2445 from c-po/sagittaChristian Breunig
op-mode: bgp: T5698: add "es-vrf" and "next-hops" CLI commands (backport)
2023-11-13Merge pull request #2466 from sever-sever/T1797-sagDaniil Baturin
T1797: Remove vpp packages and mentions
2023-11-12op-mode: T5658: fix "monitor traceroute" completion helperChristian Breunig
(cherry picked from commit c0de93d37354ec89f44dde7f1b5a4c8af550a019)
2023-11-12op-mode: T5658: reduce amount of exposed optionsChristian Breunig
Example: we should focus on JSON output and not expose XML and CSV. (cherry picked from commit b8e9daf12eaef46747e7379042f8acd575e5b1d6)
2023-11-12T5658: add common methods interface_list() and vrf_list() to vyos.utils.networkChristian Breunig
Reduce amount of duplicated (3 times) code in op-mode scripts for ping, traceroute and mtr. (cherry picked from commit 7b27a20c8664460482301cc8d7554048f152485e)
2023-11-12op-mode: T5658: adjust "monitor traceroute" CLI argument indexChristian Breunig
(cherry picked from commit 709c578e123bcf258eba1d15842b63eb63413523)
2023-11-12op-mode: T5658: add VRF support for "monitor traceroute"bbabich
(cherry picked from commit 07ecc0c33fb32878cac25ec84f2f3a977588f0dd)
2023-11-11Merge pull request #2473 from vyos/mergify/bp/sagitta/pr-2472Christian Breunig
dhclient: T5724: run user hooks using run_hookdir (backport #2472)
2023-11-11dhclient: T5724: run user hooks using run_hookdirgavol
User hooks are executed using run_hookdir (defined in the /sbin/dhclient-script script) instead of run-parts. That allows user hooks to modify variables set by the dhcp client (e.g., the new_routers variable to avoid the installation of the default routes). (cherry picked from commit 645a0e768e27912a3f46d00de31d0fc79b6fd463)
2023-11-09T1797: Remove vpp packages and mentionsViacheslav Hletenko
2023-11-09Merge pull request #2463 from vyos/mergify/bp/sagitta/pr-2370John Estabrook
T1797: Delete VPP from vyos-1x as it is implemented in addon (backport #2370)
2023-11-09T1797: Delete VPP from vyos-1x as it is implemented in addonViacheslav Hletenko
(cherry picked from commit 59c8d5febb2b1333643372f8956fa8f219d022cb)
2023-11-07Merge pull request #2458 from vyos/mergify/bp/sagitta/pr-2240Christian Breunig
T5559: Add static neighbor-proxy feature (backport #2240)
2023-11-07Merge pull request #2457 from vyos/mergify/bp/sagitta/pr-2434Christian Breunig
T5702: SNMP add interface-mib max-interfaces-number and prefix (backport #2434)
2023-11-07T5559: Add static neighbor-proxy featureViacheslav Hletenko
Ability to set ip neigbhor proxy set protocols static neighbor-proxy arp 192.0.2.1 interface 'eth0' set protocols static neighbor-proxy arp 192.0.2.2 interface 'eth0' set protocols static neighbor-proxy nd 2001:db8::1 interface 'eth1' (cherry picked from commit c56af995b6e3d867c2a67deeb4be79e498f0a7cf)
2023-11-07T5702: SNMP add interface-mib max-interfaces-number and prefixViacheslav Hletenko
- Allow to configure only required interface prefixes set service snmp mib interface 'eth' set service snmp mib interface 'bond' include_ifmib_iface_prefix eth bond Sets the interface name prefixes to include in the IF-MIB data collection. For servers with a large number of interfaces (ppp, dummy, bridge, etc) the IF-MIB processing will take a large chunk of CPU for ioctl calls. A set of space separated interface name prefixes will reduce the CPU load for IF-MIB processing. For example, configuring "include_ifmib_iface_prefix eth dummy lo" will include only interfaces with these prefixes and ignore all others for IF-MIB processing. - Allow to configure maximum interface number set service snmp mib interface-max '100' ifmib_max_num_ifaces NUM Sets the maximum number of interfaces included in IF-MIB data collection. For servers with a large number of interfaces (ppp, dummy, bridge, etc) the IF-MIB processing will take a large chunk of CPU for ioctl calls (on Linux). Setting a reasonable maximum for the CPU used will reduce the CPU load for IF-MIB processing. For example, configuring "ifmib_max_num_ifaces 500" will include only the first 500 interfaces based on ifindex and ignore all others for IF-MIB processing. (cherry picked from commit 30a05ee1d447c6f92627162a506225f833a80f8c)
2023-11-07Merge pull request #2455 from vyos/mergify/bp/sagitta/pr-2437Christian Breunig
T5713: Strip string after "secret" in IPSEC configs (backport #2437)
2023-11-07Merge pull request #2456 from vyos/mergify/bp/sagitta/pr-2436Christian Breunig
T5706: Add custom systemd udev rules to exclude dynamic interfaces (backport #2436)
2023-11-07T5706: Add custom systemd udev rules to exclude dynamic interfacesViacheslav Hletenko
Add custom systemd udev rules to exclude some regular and dynamic interfaces from "systemd-sysctl" calls. It fixes high CPU utilization (100%) as we have a lot of calls per interface for dynamic interfaces like ppp|ipoe|sstp etc. /lib/systemd/systemd-udevd should not be called for those interfaces (cherry picked from commit ca9cc86233520eb495c17602bf7a110094c1d8e7)
2023-11-07Merge pull request #2454 from vyos/mergify/bp/sagitta/pr-2453Christian Breunig
T5720: Fix for PPPoE-server adding new interfaces (backport #2453)
2023-11-07T5713: only strip "secret" CLI node and nothing elseChristian Breunig
Commit 30eb308149 ("T5713: Strip string after "secret" in IPSEC config") had good intention but this will happen: use-secret foo CLI node will become " secret xxxxxx" so the output of strip-private invalidates the configuration. This has been changed to an exact match of "secret" only (cherry picked from commit 863af115df853987dd8ad25ecef3f0ea58485e83)
2023-11-07T5713: Strip string after "secret" in IPSEC configRageLtMan
Make "strip-private" strip the string after "secret" (cherry picked from commit 30eb308149f24b7f15aa3e40ced6918a8a3a04b8)