Age | Commit message (Collapse) | Author |
|
After updateing netfilter in the commit https://github.com/vyos/vyos-build/commit/b31f5fe934bcb37534d49acdb5f7756bf05422e8
The nftables format for conntrack timeouts is different.
Fix this.
|
|
dhcpv6-server: T5992: Fix op-mode DHCP lease output + updates
|
|
T5928: Change firewall priority to 319
|
|
T5064: Firewall fix RegEx for for domain-group
|
|
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support
|
|
Improve RegEx for firewall domain-groups.
This domain group looks good, but the current RegEx validation
fils:
```
set firewall group domain-group a_aa
```
|
|
|
|
Change the firewall priority to 319, after interface ethernet
configuration
For example if we use VLANs and the vlan interface must be
created before we can use it in the firewall/flowtable
The current priority
```
199 firewall
300 interfaces/dummy
300 interfaces/loopback
300 interfaces/virtual-ethernet
310 interfaces/bridge
310 interfaces/input
318 interfaces/ethernet
...
```
|
|
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
|
|
dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally connected interfaces
|
|
|
|
|
|
Due to Kea's lease file cleanup, the CSV file content is inconsistent. This commit makes changes to use the Kea control socket to fetch current lease information.
|
|
connected interfaces
Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
|
|
|
|
ipsec: T5981: Strip '@' from migrated peer PKI name
|
|
init: T2044: fix "binary operator expected" when two or more RPKI caches are defined
|
|
defined
Fix commit 9b8e11e07 ("init: T2044: only start rpki if cache is configured")
which showed a disturbing error on tty0 after boot that a "binary operator
expected" when checking for RPKI caches when multiple results got returned.
|
|
|
|
|
|
|
|
|
|
T6019: fix smoketest after upgrading nftables and libnftnl packages.
|
|
|
|
srv6: T5849: add segment support to "protocols static route6"
|
|
bgp: T6010: support setting multiple values for neighbor path-attribute
|
|
|
|
set pki openssh rpki private key ...
set pki openssh rpki public key ...
set pki openssh rpki public type 'ssh-rsa'
|
|
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2
domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP
topology-independent means of marking and import-filtering EVPN routes
originated from a particular L2 domain. One situation where this is valuable
is when deploying EVPN using anycast VTEPs
set protocols bgp address-family l2vpn-evpn mac-vrf soo
|
|
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z'
* set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
|
|
|
|
rpki: T6004: add missing startup priority
|
|
xml: T5738: improve PKI building blocks for CLI
|
|
|
|
|
|
T6028: Fix QoS policy shaper wrong class_id_max and default_minor_id
|
|
The `class_id_max` is wrong due to `tmp.sort` of Strings
If we have class 5 and class 10 we get sorted max value 5, expected 10
```
>>> tmp = ['5', '10']
>>> tmp.sort()
>>> tmp
['10', '5']
>>>
>>> hex(5+1)
'0x6'
>>>
>>> hex(10+1)
'0xb'
>>>
```
This way we get wrong default maximum class value:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6
```
Expect:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b
```
Fix this converting Strings to Integers and get max value.
|
|
T5703: Fix reapply QoS for connection-oriented interfaces
|
|
After `disconnect` and `connect` connection-oriented interfaces
like PPPoE, QoS policy has to be reapplied
|
|
https: T5902: fix migration of virtual-host port
|
|
CLI source node is port and not listen-port.
|
|
rpki: T6023: add support for CLI knobs expire-interval and retry-interval
|
|
T5685: Keepalived VRRP prefix is not necessary for the virtual address
|
|
|
|
T5960: Rewritten authentication node in PPTP to a single view
|
|
T6026: QoS hide attempts to delete qdisc from devices
|
|
op-mode: T4038: Python rewrite of image tools
|
|
Hide unexpected output by attempts of deleting `qdisc` from
interfaces
[ qos ]
Error: Cannot find specified qdisc on specified device.
Error: Cannot delete qdisc with handle of zero.
|
|
vrf: T5973: module is now statically compiled into the kernel
|
|
bgp: T6024: add additional missing FRR features
|