summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-12-17dhcp: T3316: Kea DHCP and DHCPv6 fixessarthurdev
* Move Kea socket permission change on-demand and speed up conf scripts * Fix issue with DHCP reservations when no `ip-address` value
2023-12-16Merge pull request #2617 from indrajitr/ddclient-improvement-round-3-2023-12-11Christian Breunig
ddclient: T5144,T5791: Fix migration to avoid config name conflict
2023-12-16Merge pull request #2644 from c-po/ocserv-T5796Viacheslav Hletenko
ocserv: T5796: add CLI knob "http-security-headers"
2023-12-16ocserv: T5796: add smoketest for new "http-security-headers" featureChristian Breunig
2023-12-16ocserv: T5796: add CLI knob "http-security-headers"fett0
OCserv manual recommended HTTP headers tobe included in the configuration. (cherry picked from commit ad65d37ddf92ec8416c84707d7d41e63346b550c)
2023-12-15ddclient: T5791: Fix migration to normalize config name and avoid configIndrajit Raychaudhuri
Since `service dns dynamic address <address> service <service> ...` changed to `service dns dynamic name <service> address <address> ...`, the resulting service and address config flip can result in conflicting `service` name. Additionally, since dynamic DNS service name now have name constraint, we need to normalize the service name to conform with the constraint. We now migrate the service name to (service|rfc2136)-<service>-<address> to avoid the conflict and optionally append an index if there is still a name conflict after normalization.
2023-12-15Merge pull request #2639 from c-po/frr-t4020Viacheslav Hletenko
frr: T4020: add option to define number of open file descriptors
2023-12-15frr: T4020: add option to define number of open file descriptorsChristian Breunig
This allows the operator to control the number of open file descriptors each daemon is allowed to start with. The current assumed value on most operating systems is 1024. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen. set system frr descriptors <n>
2023-12-15firewall: T4502: add ofload to firewall table actionsGurliGebis
2023-12-14Merge pull request #2637 from sever-sever/5823Christian Breunig
T5823: Add recursive_defaults for BGP get_config dictionary
2023-12-14T5823: Add recursive_defaults for BGP get_config dictionaryViacheslav Hletenko
Add recursive_defaults values for BGP "get_config" dictionary.
2023-12-14Merge pull request #2635 from sever-sever/T5749Christian Breunig
T5749: Add a more scrict search for get_vrf method
2023-12-14T5749: Add a more scrict search for get_vrf methodViacheslav Hletenko
The current implementation is wrong as it searches `master` in the iproute2 JSON output. It is a worng as it could include bridges or bonding interfaces Add the more strict search `info_slave_kind == vrf`
2023-12-14Merge pull request #2627 from sever-sever/T4163Christian Breunig
T4163: Add BGP Monitoring Protocol BMP feature
2023-12-14Merge pull request #2590 from sever-sever/T5798Christian Breunig
T5798: load-balancing revese-proxy add multiple SSL certificates
2023-12-14T4163: Add BGP Monitoring Protocol BMP featureViacheslav Hletenko
Add BMP feature. BMP (BGP Monitoring Protocol, RFC 7854) is used to send monitoring data from BGP routers to network management entities https://docs.frrouting.org/en/latest/bmp.html Example: set system frr bmp commit run restart bgp set protocols bgp system-as '65001' set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast set protocols bgp neighbor 192.0.2.11 remote-as '65001' set protocols bgp bmp mirror-buffer-limit '256000000' set protocols bgp bmp target foo address '127.0.0.1' set protocols bgp bmp target foo port '5000' set protocols bgp bmp target foo min-retry '1000' set protocols bgp bmp target foo max-retry '2000' set protocols bgp bmp target foo mirror set protocols bgp bmp target foo monitor ipv4-unicast post-policy set protocols bgp bmp target foo monitor ipv4-unicast pre-policy set protocols bgp bmp target foo monitor ipv6-unicast post-policy set protocols bgp bmp target foo monitor ipv6-unicast pre-policy
2023-12-14Merge pull request #2630 from jestabro/authentication-add-imageChristian Breunig
image-tools: T5825: restore authentication for add system image
2023-12-14Merge pull request #2634 from Trae32566/T5827Christian Breunig
T5827: made show system image alphabetical
2023-12-14image-tools: T5825: restore authentication for add system imageJohn Estabrook
2023-12-14T5827: reversed version listingTrae Santiago
2023-12-14T5827: moved sys image sort to grub version_listTrae Santiago
2023-12-14T5827: made show system image alphabeticalTrae Santiago
2023-12-14T5827: made show system image alphabeticalTrae Santiago
2023-12-14Merge pull request #2624 from jestabro/vrf-aware-add-imageChristian Breunig
image-tools: T5821: restore vrf-aware add system image
2023-12-14Merge pull request #2631 from mcbridematt/t5826-add-dmidecode-depChristian Breunig
T5826: ensure dmidecode is installed as a dependency of vyos-1x
2023-12-14T5826: ensure dmidecode is installed as a dependency of vyos-1xMathew McBride
dmicode is used in the "show hardware dmi" and to derive synthetic MAC addresses (see python/vyos/ifconfig/interface.py). On non-x86 platforms like arm64 it may not be pulled in explictly by other packages (like libparted2) so add it as an explicit dependency.
2023-12-13image-tools: T5821: restore vrf-aware add system imageJohn Estabrook
2023-12-13Merge pull request #2621 from jestabro/clear-raid-on-installJohn Estabrook
image-tools: T5806: clear previous raid configs on install
2023-12-13ddclient: T5791: Enforce alphanumeric constraint on service nameIndrajit Raychaudhuri
Enforce constraint on Dynamic DNS service name to be alphanumeric (including hyphens and underscores).
2023-12-13ddclient: T5144: Fix migration to avoid config name conflictIndrajit Raychaudhuri
When migrating from `service dns dynamic interface <interface> ...` to `service dns dynamic address <address> ...`, the config name can potentially have a conflict when `address == 'web'`. Although the `/run/ddclient/ddclient.conf` that was generated earlier was incorrect, one could still potentially have misconfigured VyOS config without realizing it. We now append the old <interface> name to the config name to avoid conflict.
2023-12-13image-tools: T5806: deactive raid arraysJohn Estabrook
2023-12-13Merge pull request #2628 from jestabro/ftp-archiveJohn Estabrook
T5774: fix regression in remote.upload
2023-12-13T5774: fix regressions in remote.upload and use in config_mgmtJohn Estabrook
2023-12-13Merge pull request #2606 from c-po/srv6Christian Breunig
SRv6: T591: initial implementation to support locator definition
2023-12-13Merge pull request #2607 from indrajitr/ddclient-improvement-round-3-2023-12-10Christian Breunig
ddclient: T5791: Adjust warning messages, minor refactor and smoketest updates
2023-12-13Merge pull request #2622 from jestabro/obscure-passwd-on-installChristian Breunig
image-tools: T5819: do not echo password on image install
2023-12-13Merge pull request #2623 from sarthurdev/kea_opmode_fixChristian Breunig
dhcp: T3316: Fix raw op-mode lease output
2023-12-13Merge pull request #2618 from Trae32566/T5816Christian Breunig
validator: T5816: large community validator should only allos character set and basic format
2023-12-13validator: T5816: large community validator should only allos character set ↵Trae Santiago
and basic format
2023-12-12dhcp: T3316: Fix dhcp op-mode state 'all' matchingsarthurdev
2023-12-12dhcp: T3316: Fix raw op-mode lease outputsarthurdev
2023-12-12Merge pull request #2611 from nicolas-fort/T5804-mig-scriptDaniil Baturin
T5804: nat: remove inbound|outbound interface from old configuration when it was set to <any>.
2023-12-12image-tools: T5819: do not echo password on image installJohn Estabrook
2023-12-12image-tools: T5806: remove partition and disk signatures in cleanupJohn Estabrook
2023-12-12T5249: Add rollback-soft featureViacheslav Hletenko
Add the ability to rollback configs without rebooting ``` sudo /usr/bin/config-mgmt rollback_soft --rev 1 rollback-soft 1 ```
2023-12-12Merge pull request #2608 from jestabro/load-config-moduleJohn Estabrook
load-config: T5815: provide a variety of load config methods
2023-12-11ddclient: T5791: Add smoketest for dynamic interfaceIndrajit Raychaudhuri
2023-12-11ddclient: T5791: Cleanup smoketests and remove unnecessary importsIndrajit Raychaudhuri
2023-12-11ddclient: T5791: Adjust the warning messages and minor refactoringIndrajit Raychaudhuri
2023-12-11load-config: T5815: provide a variety of load config methodsJohn Estabrook
Collect in a module several versions of a 'load config' function. They have different use cases according to performance and error reporting, and allow comparison of non-legacy and legacy variants.