Age | Commit message (Collapse) | Author |
|
nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0
|
|
nat66: T6365: remove warnings for negated interface selections by name
|
|
current (#3508)
|
|
>=5.0
random - In kernel 5.0 and newer this is the same as fully-random. In earlier
kernels the port mapping will be randomized using a seeded MD5 hash mix using
source and destination address and destination port.
https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
|
|
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no
|
|
|
|
nat: T6365: remove warnings for negated interface selections by name
|
|
|
|
|
|
|
|
T6378: remove labler yml as it is kept in reusable workflow repo
|
|
rollback-soft: T6384: tell the user to compare or commit
|
|
and return False if the user interrupts the prompt with Ctrl-C
|
|
after applying the diff
|
|
|
|
T6373: QoS Policy Limiter - classes for marked traffic do not work
|
|
T6366: CGNAT add ability to get external and internal allocations
|
|
T6375: Fix/Update NAT logging
|
|
|
|
Fixed broken logging for "show log nat"
Added the following commands:
show log nat source
show log nat source rule <ruleNum>
show log nat destination nat
show log nat destination nat rule <ruleNum>
show log nat static
show log nat static rule <ruleNum>
|
|
op-mode: T6367: fix "force commit-archive" TypeError
|
|
Add the ability to show port allocation per external or internal address
With huge entries, it is necessary to filter it by specific
external/internal IP address
|
|
/usr/bin/config-mgmt requires an argument OR to be symbolically linked to
*commit-revision or *commit-archive, for which it interprets argv[0] through
the useful trickery:
https://github.com/vyos/vyos-1x/blob/current/python/vyos/config_mgmt.py#L693-L700
Traceback (most recent call last):
File "/usr/bin/config-mgmt", line 33, in <module>
sys.exit(load_entry_point('vyos==1.3.0', 'console_scripts', 'config-mgmt')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/config_mgmt.py", line 746, in run
func = getattr(config_mgmt, args['subcommand'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: attribute name must be string, not 'NoneType'
|
|
T6372: added codeowners
|
|
|
|
T6364: CGNAT drop hard limit that allows only one translation rule
|
|
|
|
Allow to set multiple CGNAT internal pools
```
set nat cgnat pool internal int-01 range '100.64.0.0/28'
set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14'
```
|
|
As PoC for CGNAT had a hard limit of using only one translation
rule for one internal pool.
Drop this limit and extend the usage number of the rules.
```
set nat cgnat rule 100 source pool 'int-01'
set nat cgnat rule 100 translation pool 'ext-01'
set nat cgnat rule 120 source pool 'vyos-int-02'
set nat cgnat rule 120 translation pool 'vyos-ext-02'
```
|
|
T5169: Add smoketest for CGNAT
|
|
T6354: do an explicit read from version file to avoid circular reference
|
|
* T6349: updated conflict workflow
* T6349: updated conflict workflow
* T6349: updated all workflows to use reusable workflows
* T6349: updated all workflows to use reusable workflows
|
|
|
|
|
|
op mode: T6348: SNAT op-mode fails with flowtable offload entries
|
|
T6354: Get rid of the custom boot type check in version.py
|
|
T6358: Container config option to enable host pid
|
|
|
|
|
|
|
|
T6350: CGNAT add op-mode to show allocation
|
|
T6351: CGNAT add verification if the pool exists
|
|
|
|
T6347: CGNAT fix error if pool contain dashes in the name
|
|
Add op-mode command `show nat cgnat allocation` to get CGNAT
allocations (internal address, external address, port-range)
|
|
T6335: Add/Update EVPN op commands
|
|
Add verification if the external/internal pools are exists before we
can use them in the source and translation rules
|
|
|
|
Converted completion helpers from python to bash for performance
Previous commit:
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
|
|
op mode: T3355: remove the mention of legacy non-image installations
|