Age | Commit message (Collapse) | Author |
|
Improve RegEx for firewall domain-groups.
This domain group looks good, but the current RegEx validation
fils:
```
set firewall group domain-group a_aa
```
(cherry picked from commit b67049edab41e8714aec087b81d589fdb03a350b)
|
|
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support (backport #2987)
|
|
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2
domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP
topology-independent means of marking and import-filtering EVPN routes
originated from a particular L2 domain. One situation where this is valuable
is when deploying EVPN using anycast VTEPs
set protocols bgp address-family l2vpn-evpn mac-vrf soo
(cherry picked from commit f308df322bd62024e29dd458642cb6bcac8a5ad6)
|
|
ipsec: T5981: Strip '@' from migrated peer PKI name (backport #2993)
|
|
(cherry picked from commit 8238f8cdae3ae14bd8bd95158c218c45285df478)
|
|
init: T2044: fix "binary operator expected" when two or more RPKI caches are defined (backport #2994)
|
|
defined
Fix commit 9b8e11e07 ("init: T2044: only start rpki if cache is configured")
which showed a disturbing error on tty0 after boot that a "binary operator
expected" when checking for RPKI caches when multiple results got returned.
(cherry picked from commit a5ac522f8c675ee2b2c2f4f08be7c41943632e94)
|
|
T6019: fix smoketest after upgrading nftables and libnftnl packages. (backport #2991)
|
|
(cherry picked from commit f3205d6dd1ea04adecbd8c857c80015ed53f2140)
|
|
srv6: T5849: add segment support to "protocols static route6" (backport #2980)
|
|
bgp: T6010: support setting multiple values for neighbor path-attribute (backport #2986)
|
|
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z'
* set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
(cherry picked from commit b84f7de453f3951945298d95a8a27345ba7d28c3)
|
|
(cherry picked from commit a22e0ee09ff4750de004090f1f55ee75a12dc821)
|
|
rpki: T6004: add missing startup priority (backport #2983)
|
|
xml: T5738: improve PKI building blocks for CLI (backport #2982)
|
|
(cherry picked from commit 4c2acb970c62478cf1139fcf66b0de341d46f7fc)
|
|
(cherry picked from commit d4278cde2b153e163fe41e1bc461891397336bc3)
|
|
T6028: Fix QoS policy shaper wrong class_id_max and default_minor_id (backport #2978)
|
|
The `class_id_max` is wrong due to `tmp.sort` of Strings
If we have class 5 and class 10 we get sorted max value 5, expected 10
```
>>> tmp = ['5', '10']
>>> tmp.sort()
>>> tmp
['10', '5']
>>>
>>> hex(5+1)
'0x6'
>>>
>>> hex(10+1)
'0xb'
>>>
```
This way we get wrong default maximum class value:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6
```
Expect:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b
```
Fix this converting Strings to Integers and get max value.
(cherry picked from commit 2e8fa45c7f0663549edd118622b3381e7c428b2e)
|
|
T5703: Fix reapply QoS for connection-oriented interfaces (backport #2967)
|
|
After `disconnect` and `connect` connection-oriented interfaces
like PPPoE, QoS policy has to be reapplied
(cherry picked from commit ffc6dc28780f4d3e8c548f3709c7f3d17babda68)
|
|
T5828: fix grub installation on arm64-efi machines (backport #2643)
|
|
https: T5902: fix migration of virtual-host port (backport #2975)
|
|
CLI source node is port and not listen-port.
(cherry picked from commit 63d53a17274349fd68defdbf9f7ce16be63fc9b1)
|
|
T5960: Rewritten authentication node in PPTP to a single view (backport #2950)
|
|
Since the migration of GRUB handling to vyos-1x, the grub install
sequence has hardcoded references to x86.
Change the GRUB sequence so it can work on arm64 as well.
(cherry picked from commit 37bd574c4e1f49b03f985c4293513ff7107ae82f)
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
(cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
|
|
rpki: T6023: add support for CLI knobs expire-interval and retry-interval (backport #2955)
|
|
(cherry picked from commit 17894f6f5d97df7d3ac1cf37ce0e1a96b8fa8e8b)
|
|
T5685: Keepalived VRRP prefix is not necessary for the virtual address (backport #2968)
|
|
T6026: QoS hide attempts to delete qdisc from devices (backport #2969)
|
|
Hide unexpected output by attempts of deleting `qdisc` from
interfaces
[ qos ]
Error: Cannot find specified qdisc on specified device.
Error: Cannot delete qdisc with handle of zero.
(cherry picked from commit 6dcb68ba5553ac94eb3a9da4a915999500b00ab2)
|
|
(cherry picked from commit 1cb52f758cec78b9ac19f47448064b8e9e722b67)
|
|
vrf: T5973: module is now statically compiled into the kernel (backport #2952)
|
|
bgp: T6024: add additional missing FRR features (backport #2957)
|
|
init: T2044: only start rpki if cache is configured (backport #2959)
|
|
This extends commit 9199c87cf ("init: T2044: always start/stop rpki during
system boot") to check the bootup configuration if an RPKI cache is defined.
Only start RPKI if this is the case.
(cherry picked from commit 9b8e11e078c42e3ae86ebfa45fec57336f25a0af)
|
|
Always enable VRF strict_mode
(cherry picked from commit 117fbcd6237b59f54f2c1c66986a8ce073808c84)
|
|
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null>
* set protocols bgp parameters allow-martian-nexthop
* set protocols bgp parameters no-hard-administrative-reset"
(cherry picked from commit fff6004d46c5b939800fc3e61fe2102224625c0d)
|
|
xml: T302: replace references to Quagga with FRRouting (backport #2960)
|
|
vpn: T3843: l2tp configuration not cleared after delete (backport #2944)
|
|
(cherry picked from commit 1c882769cc0627cfc1ebf5ab7c338c6c474456da)
|
|
vpn: T5926: IPSEC does not apply after l2tp configuration was changed
added dependency between l2tp and ipsec conf
added test for apply config to swanctl
(cherry picked from commit e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5)
|
|
T6021: Fix QoS shaper r2q calculation (backport #2953)
|
|
The current calculation `r2q` is wrong as it uses `Floor division`
but expecting `division`
This way `math.ceil` calculate wrong value as we expect
round a number upward to its nearest integer
For example for speed 710 mbits expected value `444` but we get `443`
```
from math import ceil
MAXQUANTUM = 200000
speed = 710000000
speed_bps = int(speed) // 8
>>> speed_bps // MAXQUANTUM
443
>>> speed_bps / MAXQUANTUM
443.75
>>>
>>>
>>> ceil(speed_bps // MAXQUANTUM)
443
>>> ceil(speed_bps / MAXQUANTUM)
444
>>>
```
(cherry picked from commit ce1035e1e8642bf740e2a21693a72fe2127b8f72)
|
|
image-tools: T6016: wait for umount in cleanup function (backport #2941)
|
|
T5921: Fix OpenConnect verify for local users (backport #2946)
|
|
(cherry picked from commit d80530c48a78dfeb55293494a257f6234b0ef76d)
|
|
Fix verify error for the VPN OpenConnect configuration with
local authentication and without any user
File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 94, in verify
if not ocserv["authentication"]["local_users"]:
KeyError: 'local_users'
(cherry picked from commit 71644dfed63f6248525db3c3bc9493c059707a2a)
|
|
op-mode:T6015:Fix for charon file generated by ipsec debug script
|