Age | Commit message (Collapse) | Author |
|
Add op-mode "show interfaces summary"
Add MAC, VRF and MTU options:
vyos@r4# run show interfaces summary
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address MAC VRF MTU S/L Description
----------- ----------------- ----------------- ------- ----- ----- -------------
dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u
eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN
eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1
eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2
eth3 - 52:54:00:09:a4:b4 default 1500 A/D
(cherry picked from commit dc3906f04fbfe8014531e092a77c1c8c2d10dfe0)
|
|
op-mode: vrf: T5150: add "show vrf vni" and "show vrf <name> vni" commands (backport #2490)
|
|
vyos@vyos:~$ show vrf vni
VRF VNI VxLAN IF L3-SVI State Rmac
blue 2000 None None Down None
green 3000 None None Down None
red 1000 None None Down None
vyos@vyos:~$ show vrf blue vni
VRF VNI VxLAN IF L3-SVI State Rmac
blue 2000 None None Down None
(cherry picked from commit 2fb763ffbc5c5babe552ec97c06570c54ea4aad8)
|
|
T5732: generate firewall rule-resequence drops geoip country-code fro… (backport #2486)
|
|
(cherry picked from commit aa7a5131a5d1bd901ffdc7670a62bad8218147ab)
|
|
mtr: T5658: Add VRF support for mtr (+ op_mode wrapper) (backport #2435)
|
|
xml: T5738: add source-address-ipv4-ipv6-multi building block (backport #2479)
|
|
remote: T5726: Disable the progressbar if the shell is noninteractive or the terminal is missing capabilities (backport #2483)
|
|
T5729: firewall: multiple backports
|
|
terminal is missing capabilities
(cherry picked from commit 59b432b97e361f3f5670302f51881ee596afe2f8)
|
|
(cherry picked from commit dccca4307339d13e5c3ae78058194baf2fd04002)
|
|
T5728: OpenVPN server replace first_host_address to vpn_gateway (backport #2475)
|
|
Some OpenVPN clients (OpenVPN3) do not understand address of
gateway for the pushed networks. It leads that pushed routes are
not installed at all.
Replace `subnet | first_host_address` to the `vpn_gateway` to fix it
(cherry picked from commit 480711c329a38b773bb0b8f64f0e50dfc4ea4437)
|
|
parsing, and migration to valueless node for log and state matchers
|
|
op-mode: bgp: T5698: add "es-vrf" and "next-hops" CLI commands (backport)
|
|
T1797: Remove vpp packages and mentions
|
|
(cherry picked from commit c0de93d37354ec89f44dde7f1b5a4c8af550a019)
|
|
Example: we should focus on JSON output and not expose XML and CSV.
(cherry picked from commit b8e9daf12eaef46747e7379042f8acd575e5b1d6)
|
|
Reduce amount of duplicated (3 times) code in op-mode scripts for ping,
traceroute and mtr.
(cherry picked from commit 7b27a20c8664460482301cc8d7554048f152485e)
|
|
(cherry picked from commit 709c578e123bcf258eba1d15842b63eb63413523)
|
|
(cherry picked from commit 07ecc0c33fb32878cac25ec84f2f3a977588f0dd)
|
|
dhclient: T5724: run user hooks using run_hookdir (backport #2472)
|
|
User hooks are executed using run_hookdir (defined in the /sbin/dhclient-script script) instead of run-parts. That allows user hooks to modify variables set by the dhcp client (e.g., the new_routers variable to avoid the installation of the default routes).
(cherry picked from commit 645a0e768e27912a3f46d00de31d0fc79b6fd463)
|
|
|
|
T1797: Delete VPP from vyos-1x as it is implemented in addon (backport #2370)
|
|
(cherry picked from commit 59c8d5febb2b1333643372f8956fa8f219d022cb)
|
|
T5559: Add static neighbor-proxy feature (backport #2240)
|
|
T5702: SNMP add interface-mib max-interfaces-number and prefix (backport #2434)
|
|
Ability to set ip neigbhor proxy
set protocols static neighbor-proxy arp 192.0.2.1 interface 'eth0'
set protocols static neighbor-proxy arp 192.0.2.2 interface 'eth0'
set protocols static neighbor-proxy nd 2001:db8::1 interface 'eth1'
(cherry picked from commit c56af995b6e3d867c2a67deeb4be79e498f0a7cf)
|
|
- Allow to configure only required interface prefixes
set service snmp mib interface 'eth'
set service snmp mib interface 'bond'
include_ifmib_iface_prefix eth bond
Sets the interface name prefixes to include in the IF-MIB data collection.
For servers with a large number of interfaces (ppp, dummy, bridge, etc)
the IF-MIB processing will take a large chunk of CPU for ioctl calls.
A set of space separated interface name prefixes will reduce the CPU
load for IF-MIB processing. For example, configuring
"include_ifmib_iface_prefix eth dummy lo" will include only interfaces
with these prefixes and ignore all others for IF-MIB processing.
- Allow to configure maximum interface number
set service snmp mib interface-max '100'
ifmib_max_num_ifaces NUM
Sets the maximum number of interfaces included in IF-MIB data collection.
For servers with a large number of interfaces (ppp, dummy, bridge, etc)
the IF-MIB processing will take a large chunk of CPU for ioctl calls
(on Linux). Setting a reasonable maximum for the CPU used will
reduce the CPU load for IF-MIB processing. For example, configuring
"ifmib_max_num_ifaces 500" will include only the first 500 interfaces
based on ifindex and ignore all others for IF-MIB processing.
(cherry picked from commit 30a05ee1d447c6f92627162a506225f833a80f8c)
|
|
T5713: Strip string after "secret" in IPSEC configs (backport #2437)
|
|
T5706: Add custom systemd udev rules to exclude dynamic interfaces (backport #2436)
|
|
Add custom systemd udev rules to exclude some regular and dynamic
interfaces from "systemd-sysctl" calls.
It fixes high CPU utilization (100%) as we have a lot of calls per
interface for dynamic interfaces like ppp|ipoe|sstp etc.
/lib/systemd/systemd-udevd should not be called for those interfaces
(cherry picked from commit ca9cc86233520eb495c17602bf7a110094c1d8e7)
|
|
T5720: Fix for PPPoE-server adding new interfaces (backport #2453)
|
|
Commit 30eb308149 ("T5713: Strip string after "secret" in IPSEC config") had
good intention but this will happen:
use-secret foo CLI node will become " secret xxxxxx" so the output of
strip-private invalidates the configuration.
This has been changed to an exact match of "secret" only
(cherry picked from commit 863af115df853987dd8ad25ecef3f0ea58485e83)
|
|
Make "strip-private" strip the string after "secret"
(cherry picked from commit 30eb308149f24b7f15aa3e40ced6918a8a3a04b8)
|
|
If we add a new interface for PPPoe-server we MUST restart the
`accel-ppp@pppoe.service` as `reload` is not implemented for
accel-ppp daemon
Otherwise we have listen interface in the /run/accel-pppd/pppoe.conf
which does not work
(cherry picked from commit ffda9068b22e2d8a6841fcd8cdf62bbe266ea02c)
|
|
T5716: Fix smoketest for accel-ppp limiter tbf (backport #2451)
|
|
Limiter in the commit cf92295 was changed to `tbf`
Fix smoketest
(cherry picked from commit d8ffbbe72c791ec5516d029e85619678b2841402)
|
|
T5716: Fix accel-ppp template down-limiter does not rely on fwmark (backport #2440)
|
|
ldpd: T5648: Fix ldpd template errors (backport #2357)
|
|
mdns: T5719: Add op-mode commands to mDNS repeater (backport #2447)
|
|
accel-ppp template shaper `down-limiter` does not rely on `fwmark`
Fix it
(cherry picked from commit cf9229544a30e5aa47e307c021d4798a0162d291)
|
|
Bug introduced in https://github.com/vyos/vyos-1x/commit/8fb6e715d32e7eff77e413d8577059dd55b24c0a
(cherry picked from commit df6ced3811ebe6446039277ff3fc301a83776dc1)
|
|
The following ones are available now:
- restart mdns repeater
- show log mdns repeater
- monitor log mdns repeater
(cherry picked from commit ace8a25552fa7f2b2369a385ed8933feb66f355b)
|
|
T5698 EVPN ESI Multihoming (backport #2416)
|
|
show bgp l2vpn evpn es-vrf
show bgp l2vpn evpn next-hops
(cherry picked from commit f4b1df3c84072624060e13a6099d2032e0a4ee47)
|
|
(cherry picked from commit 43288b57d8dc79a12a9bedd6386d81c85bd00149)
|
|
vxlan: T3700: add bridge dependency call when altering member interfaces (backport #2439)
|
|
(cherry picked from commit 1d67620e656766731ad6825fd8961140eb50d8a7)
|