Age | Commit message (Collapse) | Author |
|
(cherry picked from commit 405cc66041d8035500f7b7116301983c48464a9b)
|
|
(cherry picked from commit e70ca62c474b4e2cc135851a6e5cceee037bf378)
|
|
ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces (backport #2689)
|
|
VyOS is a routing (packet pushing) platform, thus supporting EEE which
potentially causes issues is not a good idea. Some recent Intel drivers enable
EEE by default, thus we will disable this for every NIC supporting EEE.
(cherry picked from commit ab30509b25d54dac99294b76ba03fd49c3d2c946)
|
|
snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp" (backport #2687)
|
|
(cherry picked from commit a9201e77110ce0695e2ba879304aef41b7ac9a0c)
|
|
(cherry picked from commit 2490f22408ad811ff9f63ec970d0167ecbf4ab59)
|
|
configdict: T5837: add support to return added nodes when calling node_changed() (backport #2682)
|
|
In the past, node_changed() suggested it would also return nodes that got added
(function comment) but in reality only deleted keys got accounted for.
This commit changes the signature and adds an argument expand_nodes to specify
the users interest of a node was deleted (default), added (expand_nodes=Diff.ADD)
or even both (expand_nodes=Diff.ADD|Diff.DELETE).
(cherry picked from commit 4ee4064705ebd1e1a6a59be0c6df3b96755a067e)
|
|
node_changed() will return a list of changed keys under "path". We are not
always interested what changed, sometimes we are only interested if something
changed at all, that what vyos.configdict.is_node_changed() is for.
(cherry picked from commit 5e7a8288d06a6d6beee5e1abd2e06698ab778650)
|
|
snmp: 5856: fix service removal error (backport #2683)
|
|
When deleting SNMP from CLI the 'delete' key was not honored in the config
dictionary, leading to a false process startup causing the following error:
Job for snmpd.service failed because the control process exited with error code.
See "systemctl status snmpd.service" and "journalctl -xeu snmpd.service" for details.
(cherry picked from commit 20b98e780fda4131eb242921884d4955147ce51a)
|
|
T160: NAT64 add match firewall mark feature (backport #2677)
|
|
Match mark allows to use firewall marks of packet to use
a specific pool
Example of instance config /run/jool/instance-100.json
```
...
"pool4": [
{
"protocol": "TCP",
"prefix": "192.0.2.10",
"port range": "1-65535",
"mark": 23
},
...
```
(cherry picked from commit 8e1e79cfa24c155c8d504822fbbd3c20f890fb70)
|
|
xml: T5854: clear empty paths left by embedded override of defaultValue (backport #2679)
|
|
(cherry picked from commit 89cd75b8dbe5cc145a4423bf10faa76fd6bdcdbf)
|
|
(cherry picked from commit c4f9c936c9fdd32e7f6258c0dfa8c8cf6057998d)
|
|
nat66: T2898: build fix after ndp-proxy backport
|
|
|
|
T2898: add ndp-proxy service (backport #2665)
|
|
VyOS CLI command
set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static'
Will generate the following NDP proxy configuration
$ cat /run/ndppd/ndppd.conf
# autogenerated by service_ndp-proxy.py
# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route
route-ttl 30000
# This sets up a listener, that will listen for any Neighbor Solicitation
# messages, and respond to them according to a set of rules
proxy eth0 {
# Turn on or off the router flag for Neighbor Advertisements
router no
# Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds)
timeout 500
# Control how long a valid or invalid entry remains in the cache (milliseconds)
ttl 30000
# This is a rule that the target address is to match against. If no netmask
# is provided, /128 is assumed. You may have several rule sections, and the
# addresses may or may not overlap.
rule 2001:db8::/64 {
static
}
}
(cherry picked from commit 4d721a58020971d00ab854c37b68e88359999f9c)
|
|
srv6: T591: enable SR enabled packet processing on defined interfaces (backport #2663)
|
|
The Linux Kernel needs to be told if IPv6 SR enabled packets whether should be
processed or not. This is done using
/proc/sys/net/conf/<iface>/seg6_* variables:
seg6_enabled - BOOL
Accept or drop SR-enabled IPv6 packets on this interface.
Relevant packets are those with SRH present and DA = local.
0 - disabled (default)
not 0 - enabled
Or the VyOS CLI command:
* set protocols segment-routing interface eth0 srv6
(cherry picked from commit 774cc97eda61eb0b91df820797fb3c705d0073d5)
|
|
Enable/Disable VRF strict mode, when net.vrf.strict_mode=0 (default) it is
possible to associate multiple VRF devices to the same table. Conversely, when
net.vrf.strict_mode=1 a table can be associated to a single VRF device.
A VRF table can be used by the VyOS CLI only once (ensured by verify()), this
simply adds an additional Kernel safety net, but a requirement for IPv6 segment
routing headers.
(cherry picked from commit 10701108fecb36f7be7eb7ef5f1e54e63da5fb4e)
|
|
T5804: nat: remove inbound|outbound interface from old configuration when it was set to <any>. (backport #2611)
|
|
dhcp: T5846: Ensure DUID regex range is bound (backport #2670)
|
|
was set to <any>.
(cherry picked from commit 5cb95aed965b45a900c6ba97c0bccefed83332b6)
|
|
The DUID regex was missing a lower bound, which could cause it not to
match when it should.
We have to specify the lower bound explicitly as 0 to keep the regex
behavior similar to that in Python (in Python, omitting the lower bound
is equivalent to specifying 0).
(cherry picked from commit 551f06218755076cde588c848c01ce5ca1bf5e6b)
|
|
frr: T4020: re-enable watchfrr in config as it is always running (backport #2668)
|
|
(cherry picked from commit 42614633901713e6472b43f95065d215344843b1)
|
|
dhcp: T5846: Refactor and simplify DUID definition (backport #2664)
|
|
(cherry picked from commit 5768bc2d56cc8aabd8d276a2afc30608c1bc9838)
|
|
Refactor DUID XML definition in conf-mode to be reusable. Additionally, remove
explicit call to a separate validator `ipv6-duid` and inline the regex into the
XML definition.
(cherry picked from commit 51e7832fc5c88f9956b26157a80947bad4495a4e)
|
|
Allow the HTTPS API server to start without any configured keys when GraphQL JWT auth is configured (backport #2661)
|
|
and use only PAM auth and JWT
(cherry picked from commit 495bf4732439ebd55edfbf6050af8b2064993d86)
|
|
when no API keys are set
(cherry picked from commit 7bad0e115ecc25224a0c3a2720a2697442624229)
|
|
T5798: load-balancing revese-proxy add multiple SSL certificates (backport #2590)
|
|
Add ability to configure multiple SSL certificates for
frontend/service
set load-balancing reverse-proxy service web mode http
set load-balancing reverse-proxy service web port 443
set load-balancing reverse-proxy service web ssl certificate cert1
set load-balancing reverse-proxy service web ssl certificate cert2
(cherry picked from commit fe99c45e05fd5794905145ddca80e6078145c2e8)
|
|
smoketest: bgp: T4163: use explicit kill to respawn bgpd process
|
|
T5823: Add recursive_defaults for BGP get_config dictionary (backport #2637)
|
|
(cherry picked from commit b873112dd7253b64d323e183758dbabaa0f28b6e)
|
|
(cherry picked from commit 259a3d637081fad9f86a8edb39814d8f0fbf7b95)
|
|
Add recursive_defaults values for BGP "get_config" dictionary.
(cherry picked from commit 4d5445740a1529691594263af22f2a9d07bbfe70)
|
|
image-tools: T5831: show system image reverse ordered by date (backport #2649)
|
|
(cherry picked from commit f19b2acb34e77baeae34aa156ea96d0580a61725)
|
|
T5249: Add rollback-soft feature (backport #2596)
|
|
Add the ability to rollback configs without rebooting
```
sudo /usr/bin/config-mgmt rollback_soft --rev 1
rollback-soft 1
```
(cherry picked from commit f208e9b9acaec45468295e33b113bbef6c0309a1)
|
|
T4163: Add BGP Monitoring Protocol BMP feature (backport #2627)
|
|
Add BMP feature.
BMP (BGP Monitoring Protocol, RFC 7854) is used to send monitoring
data from BGP routers to network management entities
https://docs.frrouting.org/en/latest/bmp.html
Example:
set system frr bmp
commit
run restart bgp
set protocols bgp system-as '65001'
set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast
set protocols bgp neighbor 192.0.2.11 remote-as '65001'
set protocols bgp bmp mirror-buffer-limit '256000000'
set protocols bgp bmp target foo address '127.0.0.1'
set protocols bgp bmp target foo port '5000'
set protocols bgp bmp target foo min-retry '1000'
set protocols bgp bmp target foo max-retry '2000'
set protocols bgp bmp target foo mirror
set protocols bgp bmp target foo monitor ipv4-unicast post-policy
set protocols bgp bmp target foo monitor ipv4-unicast pre-policy
set protocols bgp bmp target foo monitor ipv6-unicast post-policy
set protocols bgp bmp target foo monitor ipv6-unicast pre-policy
(cherry picked from commit 5523fccf4f7d05444c36c568128e94cd7b08c34f)
|
|
image-tools: T4516: revise system image tools
|