summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-14dhcpv6-server: T5993: Extend interface migrator to check VLAN/QinQsarthurdev
Updates smoketest config to test migrator change
2024-02-13Merge pull request #3005 from sever-sever/T6019Christian Breunig
T6019: Fix smoketest test_system_conntrack custom timeout
2024-02-13T6019: Fix smoketest test_system_conntrack custom timeoutViacheslav Hletenko
After updateing netfilter in the commit https://github.com/vyos/vyos-build/commit/b31f5fe934bcb37534d49acdb5f7756bf05422e8 The nftables format for conntrack timeouts is different. Fix this.
2024-02-13Merge pull request #2998 from sarthurdev/T5992Christian Breunig
dhcpv6-server: T5992: Fix op-mode DHCP lease output + updates
2024-02-13Merge pull request #2999 from sever-sever/T5928Christian Breunig
T5928: Change firewall priority to 319
2024-02-13Merge pull request #3000 from sever-sever/T5064Christian Breunig
T5064: Firewall fix RegEx for for domain-group
2024-02-13Merge pull request #2987 from c-po/evpn-macvrf-sooChristian Breunig
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support
2024-02-13T5064: Firewall fix RegEx for for domain-groupViacheslav Hletenko
Improve RegEx for firewall domain-groups. This domain group looks good, but the current RegEx validation fils: ``` set firewall group domain-group a_aa ```
2024-02-13T5928: Smoketest change firewall flowtable test to use VLANViacheslav Hletenko
2024-02-13T5928: Change firewall priority to 319Viacheslav Hletenko
Change the firewall priority to 319, after interface ethernet configuration For example if we use VLANs and the vlan interface must be created before we can use it in the firewall/flowtable The current priority ``` 199 firewall 300 interfaces/dummy 300 interfaces/loopback 300 interfaces/virtual-ethernet 310 interfaces/bridge 310 interfaces/input 318 interfaces/ethernet ... ```
2024-02-13Merge pull request #2988 from c-po/pki-rpki-t6034Christian Breunig
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
2024-02-13Merge pull request #2997 from sarthurdev/T5993Christian Breunig
dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally connected interfaces
2024-02-13dhcp: dhcpv6: T3316: Add op-mode for showing DHCP(v6) static-mappingssarthurdev
2024-02-13dhcpv6-server: T3316: Display delegated prefix length in lease outputsarthurdev
2024-02-13dhcpv6-server: T5992: Fix op-mode Kea DHCP lease outputsarthurdev
Due to Kea's lease file cleanup, the CSV file content is inconsistent. This commit makes changes to use the Kea control socket to fetch current lease information.
2024-02-13dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally ↵sarthurdev
connected interfaces Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
2024-02-12rpki: T6034: Add missing sections to configtestsarthurdev
2024-02-12Merge pull request #2993 from sarthurdev/T5981Christian Breunig
ipsec: T5981: Strip '@' from migrated peer PKI name
2024-02-12Merge pull request #2994 from c-po/init-T2044Christian Breunig
init: T2044: fix "binary operator expected" when two or more RPKI caches are defined
2024-02-12init: T2044: fix "binary operator expected" when two or more RPKI caches are ↵Christian Breunig
defined Fix commit 9b8e11e07 ("init: T2044: only start rpki if cache is configured") which showed a disturbing error on tty0 after boot that a "binary operator expected" when checking for RPKI caches when multiple results got returned.
2024-02-12rpki: T6024: add migration scripts from file based keys to PKI subsystemChristian Breunig
2024-02-12rpki: T6034: remove OpenSSH keys from /run/frr when unloadedChristian Breunig
2024-02-12pki: T6034: add dependencies to trigger rpki re-run on openssh key updateChristian Breunig
2024-02-12ipsec: T5981: Strip '@' from migrated peer namesarthurdev
2024-02-12Merge pull request #2991 from nicolas-fort/T6019Christian Breunig
T6019: fix smoketest after upgrading nftables and libnftnl packages.
2024-02-12T6019: fix smoketest after upgrading nftables and libnftnl packages.Nicolas Fort
2024-02-11Merge pull request #2980 from c-po/srv6-T5849Daniil Baturin
srv6: T5849: add segment support to "protocols static route6"
2024-02-11Merge pull request #2986 from c-po/bgp-t6010Daniil Baturin
bgp: T6010: support setting multiple values for neighbor path-attribute
2024-02-11rpki: T6034: move SSH authentication keys to PKI subsystemChristian Breunig
2024-02-11pki: T6034: add OpenSSH key supportChristian Breunig
set pki openssh rpki private key ... set pki openssh rpki public key ... set pki openssh rpki public type 'ssh-rsa'
2024-02-11bgp: T6032: add EVPN MAC-VRF Site-of-Origin supportChristian Breunig
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2 domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originated from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs set protocols bgp address-family l2vpn-evpn mac-vrf soo
2024-02-11srv6: T5849: add segment support to "protocols static route6"Christian Breunig
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z' * set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
2024-02-10bgp: T6010: support setting multiple values for neighbor path-attributeChristian Breunig
2024-02-10Merge pull request #2983 from c-po/rpki-t6004Christian Breunig
rpki: T6004: add missing startup priority
2024-02-10Merge pull request #2982 from c-po/pki-xmlChristian Breunig
xml: T5738: improve PKI building blocks for CLI
2024-02-10rpki: T6004: add missing startup priorityChristian Breunig
2024-02-10xml: T5738: improve PKI building blocks for CLIChristian Breunig
2024-02-09Merge pull request #2978 from sever-sever/T6028Christian Breunig
T6028: Fix QoS policy shaper wrong class_id_max and default_minor_id
2024-02-09T6028: Fix QoS policy shaper wrong class_id_max and default_minor_idViacheslav Hletenko
The `class_id_max` is wrong due to `tmp.sort` of Strings If we have class 5 and class 10 we get sorted max value 5, expected 10 ``` >>> tmp = ['5', '10'] >>> tmp.sort() >>> tmp ['10', '5'] >>> >>> hex(5+1) '0x6' >>> >>> hex(10+1) '0xb' >>> ``` This way we get wrong default maximum class value: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6 ``` Expect: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b ``` Fix this converting Strings to Integers and get max value.
2024-02-09Merge pull request #2967 from sever-sever/T5703Daniil Baturin
T5703: Fix reapply QoS for connection-oriented interfaces
2024-02-09T5703: Fix reapply QoS for connection-oriented interfacesViacheslav Hletenko
After `disconnect` and `connect` connection-oriented interfaces like PPPoE, QoS policy has to be reapplied
2024-02-09Merge pull request #2975 from c-po/migrator-t5902Christian Breunig
https: T5902: fix migration of virtual-host port
2024-02-09https: T5902: fix migration of virtual-host portChristian Breunig
CLI source node is port and not listen-port.
2024-02-08Merge pull request #2955 from c-po/rpki-T6023Christian Breunig
rpki: T6023: add support for CLI knobs expire-interval and retry-interval
2024-02-08Merge pull request #2968 from natali-rs1985/T5685-currentDaniil Baturin
T5685: Keepalived VRRP prefix is not necessary for the virtual address
2024-02-08T5685: Keepalived VRRP prefix is not necessary for the virtual addressNataliia Solomko
2024-02-08Merge pull request #2950 from aapostoliuk/T5960-circinusDaniil Baturin
T5960: Rewritten authentication node in PPTP to a single view
2024-02-08Merge pull request #2969 from sever-sever/T6026Daniil Baturin
T6026: QoS hide attempts to delete qdisc from devices
2024-02-08Merge pull request #2507 from erkin/image-toolsDaniil Baturin
op-mode: T4038: Python rewrite of image tools
2024-02-08T6026: QoS hide attempts to delete qdisc from devicesViacheslav Hletenko
Hide unexpected output by attempts of deleting `qdisc` from interfaces [ qos ] Error: Cannot find specified qdisc on specified device. Error: Cannot delete qdisc with handle of zero.