| Age | Commit message (Collapse) | Author |
|---|
|
By default the scope of the port bindings for unbound sockets is limited to the
default VRF. That is, it will not be matched by packets arriving on interfaces
enslaved to an l3mdev and processes may bind to the same port if they bind to
an l3mdev.
TCP & UDP services running in the default VRF context (ie., not bound to any
VRF device) can work across all VRF domains by enabling the 'vrf bind-to-all'
option.
|
|
|
|
vyos.vrf.list_vrfs() was only used in one function thus building a library is
no longer needed. If it is needed in the future it should be placed into a
library again.
|
|
Keep it simple and stupid :)
|
|
All configuration mode scripts are already run with sudo.
|
|
- remove the additional depth for querying discrete VRF names
- retrieve available VRF names from via <path> from CLI rather then invoking
an external script
|
|
|
|
|
|
|
|
|
|
This is a work in progress to complete T31 whoever thought it was less than
1 hour of work was ..... optimistic.
Only VRF vreation and show is supported right now. No interface can be bound
to any one VRF.
|
|
this patch allows to get or change many interface options (mtu, arp settings, ...)
using get_interface / set_interface functions
|
|
os.environ['VYOS_TAGNODE_VALUE']
This has been only a theoretical problem but then the error condition was
triggered - only an error has been printed instead of raising an Exception.
|
|
dhcp-server: T2092: add default route to rfc3442-static-route option
|
|
ifconfig: T2074: add check for sysfs files
|
|
|
|
|
|
dhcp-server: T2062: Fix static route bytes
|
|
|
|
|
|
Do not query RADIUS servers when commit is running started from a non RADIUS
user (localuser, root). This should reduce the overall system boot time.
|
|
|
|
|
|
|
|
ifconfig: T2082: fix checking of argument passed
|
|
|
|
ifconfig: T2057: generalised Interface configuration
|
|
Encrypt and authenticate all control channel packets with the key from keyfile.
Encrypting (and authenticating) control channel packets:
* provides more privacy by hiding the certificate used for the TLS connection
* makes it harder to identify OpenVPN traffic as such
* provides "poor-man's" post-quantum security, against attackers who will
never know the pre-shared key (i.e. no forward secrecy)
|
|
We should not rely on the home dir value stored in user['home_dir'] as if a
crazy user will choose username root or any other system user this will fail.
Should be deny using root at all?
|
|
|
|
This reverts commit 998361ed0ac972a6856f373f1fc86e8a73cf141b.
|
|
|
|
|
|
Splitting was not a good idea. By combining both we can create a RADIUS server
XML include file which can be reused by multiple implementations to get a
uniformed CLI for the users.
|
|
|
|
|
|
|
|
* 'pppoe-t2070' of github.com:c-po/vyos-1x:
pppoe: T2070: rewrite (dis-)connect op-mode commands in XML and Python
gitignore: fix ignore pattern of all debhelper files
pppoe: T2055: make logfile owned by root/vyattacfg
pppoe: T1318: validate existing source-interface
|
|
|
|
|
|
|
|
It is not only sufficient to check if there is a source-interface configured,
but rather it must also be checked if the source-interface exists at all in the
system.
If the interface does not exist pppd will complain with:
pppd[2778]: /usr/sbin/pppd: In file /etc/ppp/peers/pppoe1: unrecognized option 'eth0.202'
|
|
Provides a way to pass options to interface consistent between
subclasses of Interface
|
|
pppoe-client: T2069: Use rp_pppoe_service for send correct service-name
|
|
|
|
|
|
|
|
|
|
* 'pppoe-rewrite' of https://github.com/c-po/vyos-1x: (23 commits)
pppoe: T2055: do not try to start a deleted dialer interface
pppoe: T1318: declutter name-server CLI nodes
pppoe: T2055: remove router-advert node in client interface
pppoe: T1318: migrate user-id and password nodes under an authentication node
pppoe: T1318: rename link to source-interface
pppoe: T1318: use include files for disable and descriptionx
pppoe: T1318: rephrase help text on default-route
interface-definitions: include: disable: rephrase help text
pppoe: T1318: extend migrator for firewall, qos and ip routing nodes
pppoe: T1318: proper delete old interfaces in migrator
pppoe: T1318: increase priority so PPPoE is run after bond interfaces
pppoe: T1318: fix migrator and add missing link statement
pppoe: T1318: use lists rather then strings on Config()
pppoe: T1318: support interface description
pppoe: T1318: remove obsolete ipv6-up.d script
pppoe: T1318: add op-mode commands for link information
pppoe: T1318: use systemd to manage connection
pppoe: T1318: remove process startup debug output
pppoe: T1318: move process startup to apply()
pppoe: T1318: "link" option is mandatory
...
|
|
|
