summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-18Merge pull request #3029 from vyos/mergify/bp/sagitta/pr-3026Christian Breunig
bridge: T6043: do not call vxlan dependency if interface does not exist (yet) (backport #3026)
2024-02-18bridge: T6043: do not call vxlan dependency if interface does not exist (yet)Christian Breunig
In order to keep the proper priority list during system startup and on initial setup/commit for this feature the dependent VXLAN code should not be called, if the interface in question does not exist (yet). (cherry picked from commit dbe8c613bb80bc8b714398825054ade5942ea75b)
2024-02-17Merge pull request #3023 from vyos/mergify/bp/sagitta/pr-3019John Estabrook
login: T5972: add possibility to disable individual local user accounts (backport #3019)
2024-02-17Merge pull request #3028 from vyos/mergify/bp/sagitta/pr-3027Daniil Baturin
op-mode: T5581: add "show ipv6 nht" command (backport #3027)
2024-02-17Merge pull request #3025 from vyos/mergify/bp/sagitta/pr-3024John Estabrook
image-tools: T6041: fix logic of is_live_boot to allow for PXE boot (backport #3024)
2024-02-17op-mode: T5581: add "show ipv6 nht" commandChristian Breunig
This improves the implementation to support both IPv4 and IPv6 (cherry picked from commit e144e55d6360a92279167198928cbe24efd97f08)
2024-02-17image-tools: T6041: fix logic of is_live_boot to allow for PXE bootJohn Estabrook
(cherry picked from commit 5949ff72a9f953da9d06d1ad75add0e6023d0dc4)
2024-02-17Merge pull request #3022 from vyos/mergify/bp/sagitta/pr-3021Viacheslav Hletenko
T3722: Fixed L-Time in 'show vpn ike sa' command (backport #3021)
2024-02-17login: T5972: add possibility to disable individual local user accountsChristian Breunig
* set system login user <name> disable (cherry picked from commit 6e0b146ed3b90da577c3ecba38836883fd435e7a)
2024-02-17T3722: Fixed L-Time in 'show vpn ike sa' commandaapostoliuk
Fixed L-Time in 'show vpn ike sa' command (cherry picked from commit bb6e6fc2119584df6ec571e7e9335dc509d5faeb)
2024-02-16Merge pull request #3017 from vyos/mergify/bp/sagitta/pr-3016Christian Breunig
T6001: add option to disable next-hop-tracking resolve-via-default (backport #3016)
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-default in VRF ↵Christian Breunig
context * set vrf name <name> ip nht no-resolve-via-default * set vrf name <name> ipv6 nht no-resolve-via-default (cherry picked from commit 0fafc4bcdb9efc03796ddab0832471b11ba1bbe0)
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-defaultChristian Breunig
* set system ip nht no-resolve-via-default * set system ipv6 nht no-resolve-via-default (cherry picked from commit ece0e768f36e52f8964823d891264d7c187204ec)
2024-02-16T5150: rename smoketest config egb-igp-route-maps -> egp-igp-route-mapsChristian Breunig
EDB should be EGP for exterior gateway protocol (cherry picked from commit 56654191613113764415d7eddadcbd8c97e126de)
2024-02-15Merge pull request #3014 from vyos/mergify/bp/sagitta/pr-3011Daniil Baturin
rpki: T6034: extend config migration testcase (backport #3011)
2024-02-15rpki: T6034: extend config migration testcaseChristian Breunig
(cherry picked from commit 354603398b693af06695d5d1a7602f17079f8350)
2024-02-15Merge pull request #3013 from vyos/mergify/bp/sagitta/pr-3004Christian Breunig
T6029: Rewritten Accel-PPP services to an identical feature set (backport #3004)
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code. (cherry picked from commit ac6a16f6c5ad7700789759e1ec093236c2e182a2)
2024-02-14Merge pull request #3009 from vyos/mergify/bp/sagitta/pr-2988Christian Breunig
rpki: T6034: move file based SSH keys for authentication to PKI subsystem (backport #2988)
2024-02-13Merge pull request #3008 from vyos/mergify/bp/sagitta/pr-3005Viacheslav Hletenko
T6019: Fix smoketest test_system_conntrack custom timeout (backport #3005)
2024-02-13rpki: T6034: Add missing sections to configtestsarthurdev
(cherry picked from commit 3bfbbef22954488541abd3cad262b1e196d4c240)
2024-02-13rpki: T6024: add migration scripts from file based keys to PKI subsystemChristian Breunig
(cherry picked from commit 4d76e9ef3e7773ed96c037108021c292675b101c)
2024-02-13rpki: T6034: remove OpenSSH keys from /run/frr when unloadedChristian Breunig
(cherry picked from commit 78820752b936e77d30f995498ff36487c5c6af87)
2024-02-13pki: T6034: add dependencies to trigger rpki re-run on openssh key updateChristian Breunig
(cherry picked from commit 0f8bf6bd0fb29cfd638e9920674e7ad1d1d25350)
2024-02-13rpki: T6034: move SSH authentication keys to PKI subsystemChristian Breunig
(cherry picked from commit ac2d7dfac6073d0f232191ec494f78a8d12889e4)
2024-02-13pki: T6034: add OpenSSH key supportChristian Breunig
set pki openssh rpki private key ... set pki openssh rpki public key ... set pki openssh rpki public type 'ssh-rsa' (cherry picked from commit 8c78ef0879f22ffd4a5f7fdb175e9109b46e9d7b)
2024-02-13T6019: Fix smoketest test_system_conntrack custom timeoutViacheslav Hletenko
After updateing netfilter in the commit https://github.com/vyos/vyos-build/commit/b31f5fe934bcb37534d49acdb5f7756bf05422e8 The nftables format for conntrack timeouts is different. Fix this. (cherry picked from commit 24860e092426bf0bb09c2d164d66330be13bcd77)
2024-02-13Merge pull request #3003 from vyos/mergify/bp/sagitta/pr-3000Daniil Baturin
T5064: Firewall fix RegEx for for domain-group (backport #3000)
2024-02-13Merge pull request #3002 from vyos/mergify/bp/sagitta/pr-2999Daniil Baturin
T5928: Change firewall priority to 319 (backport #2999)
2024-02-13T5064: Firewall fix RegEx for for domain-groupViacheslav Hletenko
Improve RegEx for firewall domain-groups. This domain group looks good, but the current RegEx validation fils: ``` set firewall group domain-group a_aa ``` (cherry picked from commit b67049edab41e8714aec087b81d589fdb03a350b)
2024-02-13T5928: Smoketest change firewall flowtable test to use VLANViacheslav Hletenko
(cherry picked from commit ef87bd7320da2750de4d93c14314965704f3dfbd)
2024-02-13T5928: Change firewall priority to 319Viacheslav Hletenko
Change the firewall priority to 319, after interface ethernet configuration For example if we use VLANs and the vlan interface must be created before we can use it in the firewall/flowtable The current priority ``` 199 firewall 300 interfaces/dummy 300 interfaces/loopback 300 interfaces/virtual-ethernet 310 interfaces/bridge 310 interfaces/input 318 interfaces/ethernet ... ``` (cherry picked from commit f1dcd2d23f89251b0a96c61f8186002cb0d50d18)
2024-02-13Merge pull request #3001 from vyos/mergify/bp/sagitta/pr-2987Daniil Baturin
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support (backport #2987)
2024-02-13bgp: T6032: add EVPN MAC-VRF Site-of-Origin supportChristian Breunig
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2 domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originated from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs set protocols bgp address-family l2vpn-evpn mac-vrf soo (cherry picked from commit f308df322bd62024e29dd458642cb6bcac8a5ad6)
2024-02-12Merge pull request #2996 from vyos/mergify/bp/sagitta/pr-2993Christian Breunig
ipsec: T5981: Strip '@' from migrated peer PKI name (backport #2993)
2024-02-12ipsec: T5981: Strip '@' from migrated peer namesarthurdev
(cherry picked from commit 8238f8cdae3ae14bd8bd95158c218c45285df478)
2024-02-12Merge pull request #2995 from vyos/mergify/bp/sagitta/pr-2994Christian Breunig
init: T2044: fix "binary operator expected" when two or more RPKI caches are defined (backport #2994)
2024-02-12init: T2044: fix "binary operator expected" when two or more RPKI caches are ↵Christian Breunig
defined Fix commit 9b8e11e07 ("init: T2044: only start rpki if cache is configured") which showed a disturbing error on tty0 after boot that a "binary operator expected" when checking for RPKI caches when multiple results got returned. (cherry picked from commit a5ac522f8c675ee2b2c2f4f08be7c41943632e94)
2024-02-12Merge pull request #2992 from vyos/mergify/bp/sagitta/pr-2991Daniil Baturin
T6019: fix smoketest after upgrading nftables and libnftnl packages. (backport #2991)
2024-02-12T6019: fix smoketest after upgrading nftables and libnftnl packages.Nicolas Fort
(cherry picked from commit f3205d6dd1ea04adecbd8c857c80015ed53f2140)
2024-02-12Merge pull request #2990 from vyos/mergify/bp/sagitta/pr-2980Christian Breunig
srv6: T5849: add segment support to "protocols static route6" (backport #2980)
2024-02-12Merge pull request #2989 from vyos/mergify/bp/sagitta/pr-2986Christian Breunig
bgp: T6010: support setting multiple values for neighbor path-attribute (backport #2986)
2024-02-11srv6: T5849: add segment support to "protocols static route6"Christian Breunig
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z' * set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z' (cherry picked from commit b84f7de453f3951945298d95a8a27345ba7d28c3)
2024-02-11bgp: T6010: support setting multiple values for neighbor path-attributeChristian Breunig
(cherry picked from commit a22e0ee09ff4750de004090f1f55ee75a12dc821)
2024-02-10Merge pull request #2985 from vyos/mergify/bp/sagitta/pr-2983Daniil Baturin
rpki: T6004: add missing startup priority (backport #2983)
2024-02-10Merge pull request #2984 from vyos/mergify/bp/sagitta/pr-2982Daniil Baturin
xml: T5738: improve PKI building blocks for CLI (backport #2982)
2024-02-10rpki: T6004: add missing startup priorityChristian Breunig
(cherry picked from commit 4c2acb970c62478cf1139fcf66b0de341d46f7fc)
2024-02-10xml: T5738: improve PKI building blocks for CLIChristian Breunig
(cherry picked from commit d4278cde2b153e163fe41e1bc461891397336bc3)
2024-02-09Merge pull request #2979 from vyos/mergify/bp/sagitta/pr-2978Christian Breunig
T6028: Fix QoS policy shaper wrong class_id_max and default_minor_id (backport #2978)
2024-02-09T6028: Fix QoS policy shaper wrong class_id_max and default_minor_idViacheslav Hletenko
The `class_id_max` is wrong due to `tmp.sort` of Strings If we have class 5 and class 10 we get sorted max value 5, expected 10 ``` >>> tmp = ['5', '10'] >>> tmp.sort() >>> tmp ['10', '5'] >>> >>> hex(5+1) '0x6' >>> >>> hex(10+1) '0xb' >>> ``` This way we get wrong default maximum class value: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6 ``` Expect: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b ``` Fix this converting Strings to Integers and get max value. (cherry picked from commit 2e8fa45c7f0663549edd118622b3381e7c428b2e)