Age | Commit message (Collapse) | Author |
|
In verify function for arp-monitor option was used by mistake an extra
conversion for incoming data before comparing items. This commit removed
these unnecessary conversions and makes the option operable.
|
|
Firewall: T4286: Correct ipv6-range validator
|
|
When we use neighbor as interface we must not use option
'source-interface'
for example:
neighbor eth0 source-interface eth0
Such option can be used for IP/IPv6 neighbors
|
|
|
|
into current
* 'T2493-nexthop-unchanged' of https://github.com/plett/vyos-1x:
policy: T2493 ip-next-hop unchanged & peer-address
|
|
logrotate: T4250: Fixed logrotate config generation
|
|
bgp: T4265: Add op-mode for bgp flowspec routes
|
|
|
|
[Ethtool] T4297: Update drivers supporting speed/flow/duplex
|
|
The iavf, ice, and i40e drivers do not support speed, flow, or duplex control using ethtool.
As a result, interface configuration changes fail to commit when using those drivers.
This patch fixes that by correctly marking those drivers as not supporting those controls.
|
|
This reverts commit 534f677d36285863decb2cdff179687b4fd690cb.
Revert while investigating failure in vyos-configtest.
|
|
This reverts commit c4d389488970c8510200cac96a67182e9333b891.
Revert while investigating failure in vyos-configtest.
|
|
This reverts commit 2a4b45ba7fa4dabf7e592f499cfb06a7ae38cdea.
Revert while investigating failure in vyos-configtest.
|
|
Also add ipv6-next-hop peer-address
|
|
|
|
|
|
|
|
ipsec prefix: T4275: Fix for prefix val_help of remote-access and s2s vpn
|
|
* Removed `/var/log/auth.log` and `/var/log/messages` from
`/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled
items what leads to service error.
* Removed generation config file for `/var/log/messages` from
`system-syslog.py` - this should be done from `syslom logs` now.
* Generate each logfile from `system syslog file` to a dedicated
logrotate config file.
* Fixed logrotate config file names in
`/etc/rsyslog.d/vyos-rsyslog.conf`.
* Added default logrotate settins for `/var/log/messages`
|
|
It accepts network as the input value but the completion help is showing
ip address, continuation of previous commit
|
|
|
|
|
|
|
|
|
|
|
|
Commit 0e23fc10 ("interface: T4203: switch to new recursive node_changed()
implementation") switched to a new implementation to retrieve nested changes
under a CLI node. Unfortunately the new API was not called - instead the
old one was used.
|
|
|
|
|
|
|
|
|
|
configdiff: T4260: add support for diff_tree class
|
|
Add support for the configtree diff algorithm. A new function
ConfigDiff().is_node_changed(path) -> bool
is added to recursively detect changes in the tree below the node at
path; existing functions take the keyword argument 'recursive: bool' to
apply the algorithm in place of the existing, non-recursive, comparison.
|
|
T4235: changes to interface of diff_tree class
|
|
It should be possible to send the gathered data via a VRF bound interface to
the collector. This is somehow related to T3981 but it's the opposite side of
the netflow process.
set system flow-accounting vrf <name>
|
|
ipsec prefix: T4275: Incorrect val_help for local/remote prefix in site-to-site ipsec vpn
|
|
The DiffTree class maintains both the 'sub'(-tract) configtree,
containing all paths in the LHS of the comparison that are not in the
RHS, and the 'delete' configtree: the delete tree is the minimal subtree
containing only the first node of a path not present in the RHS. It is
the delete tree that is needed to produce 'delete' commands for config
mode, whereas the 'sub' tree contains full information, needed for
recursively detecting changes to a node.
|
|
|
|
The return value of diff_tree is now a single config_tree, with initial
children of names: ["add", "delete", "inter"] containing the config
sub-trees of added paths; deleted paths; and intersection, respectively.
The simplifies dumping to json, and checking existence of paths, hence,
of node changes.
|
|
|
|
It accepts network as the input value but the completion help is showing
ip address
|
|
RADIUS authentication can be handled by a variety of mechanisms,
including proxy for 2FA systems requiring user interaction with a
separate device, token acquisition, or other time-consuming action.
Given the delays required for certain 2FA implementations, a thirty
second timeout can range from onerous to untenable. Accomodate the
2FA time requirements by extending the hard-coded RADIUS time limit
from 30 seconds to 240.
Co-authored-by: RageLtMan <rageltman [at] sempervictus>
|
|
After hardning the regex validator to be preceeded with ^ and ending with $
it was no longer possible to have a comma separated list as SSH ciphers. The
migrations cript is altered to migrate the previous comma separated list
to individual multi node entries - cipher and key-exchange always had been
multinodes - so this just re-arranges some values and does not break CLI
compatibility
|
|
|
|
(cherry picked from commit 2fd5eea801bb524c12217c26d98c44a819b2086e)
|
|
|
|
|
|
|
|
Instead of hardcoding the default behavior inside the Jinaj2 template, all
defaults are required to be specified inside teh XML definition. This is
required to automatically render the appropriate CLI tab completion commands.
|
|
|
|
|