Age | Commit message (Collapse) | Author |
|
The commit has to do with the addition of TTL security for LDP neighbors. The code was 90% done by Viascheslav. I modified it a little bit to get it to properly work.
We added more parameters to the neighbors dynamic loop. Once this is merged then we should be able to add more for the dynamic neighbor statements.
The way that this works is to have either TTL disabled, or to add the amount of hops accepted for the neighbor.
|
|
* 'wifi-wpa3' of github.com:c-po/vyos-1x:
wireless: T3042: move wifi-regulatory-domain into individual interface definition
wireless: T2653: reset wireless priority to crux state
wireless: T3034: add WPA3 support
wireless: T3043: rename "wpa mode both" to "wpa+wpa2"
ifconfig: T2985: fix wireless-bridge creation
|
|
definition
|
|
mpls-conf: T915: Separate IPv4 and IPv6 hello timers, add IPv6 timers
|
|
|
|
|
|
|
|
|
|
bgp-xml: T2387: Fix validators and add capability for new format bgp
|
|
|
|
Re-organize the template code and add addtitional Jinja2 filters for processing
the ifconfig-pool statement. This reverts the changes from commit 7e546be9
("openvpn: T2994: temporary revert to 1.2 crux behavior for client pools").
|
|
Remove workaround which split (local|remote)_address and also subnet keys into
individual keys for the assigned IP address family (4/6).
During template rendering check IP version by introducing new ipv4 and ipv6
Jinja2 filters {% if foo | ipv4 %} or {% if bar | ipv6 %} options.
|
|
|
|
|
|
|
|
bgp: T2850: Fix FRR template for new bgp scheme
|
|
|
|
The redirection was using the wrong variable ($server_name),
making the browser going to https://_ instead of the right
variable.
|
|
The commit has to do with separating the hello/hold timers from being only IPv4 to being both IPv4 and IPv6.
I renamed the existing hello and hold timers with an "-ipv4" and added ones that were "-ipv6". I did verify that the commands properly commit under FRR as well. I also added some room on the protocols_mpls.py file for the different variables as it seems we're might end up having longer names. Removed some spaces that I found too that weren't needed on ldpd.frr.tmpl as well.
|
|
|
|
conf-mode: T2938: Add format octet-counted for syslog
|
|
|
|
ipoe-server: T2978: Add required proxy-arp by default
|
|
|
|
|
|
|
|
In certain split DNS configurations, there is a need for more
fine-grained control over the local address DNS forwarding uses to
issue queries. The current pdns_recursor configuration allows the
recursor to send queries from any available address on the interface
the OS selects for the query, with no option to limit queries to a
particular address or set of addresses.
This commit exposes the `query-local-address` option in
`recursor.conf` to users via the `service` `dns` `forwarding`
`source-address` config node.
If the parameter is unspecified, the default value of 0.0.0.0 (any
IPv4 address) and :: (any IPv6 address) are used to match current
behavior.
Users who want more control can specify one or more IPv4 and IPv6
addresses to issue queries from. Per pdns_recursor docs, the recursor
will load balance queries between any available addresses in the
pools. Since IPv4 and IPv6 are different pools, note that specifying
only one type of address will disable issuing queries for the other
address family.
|
|
dhcpv6: T2961: support stateless dhcpv6 clients
|
|
For both source and destination NAT always the LOG name contained DST - which
is definately false. This has been corrected to use SRC and DST on the
appropriate rules.
|
|
This commit adds support for configuring the DHCPv6 server to serve
"stateless" DHCPv6 clients (those that send an information-request
message and do not request an address).
The change introduces a `common-options` node at the
`shared-network-name` level, which allows specifying options
applicable to clients regardless of subnet assigned (or in the case of
stateless clients, when no subnet is assigned). Parameters specified
at the subnet level take precedence over those set at the
shared-network level.
Presently, only parameters that are meaningful to stateless clients
have been exposed under `common-options`, as there is no precedent of
exposing parameters at multiple levels under the current DHCPv4 or
DHCPv6 configuration syntax. If desired, additional parameters could
certainly be added with relative ease.
|
|
|
|
|
|
Required to get a common CLI for all services provided by Accel-PPP. Once the
CLI for each service is consitent - Jinja2 templates can be reused together
with get_config_dict().
|
|
|
|
|
|
ntp: T2944: By default do not listen port 123 on any address
|
|
For easier configuration read in (CLI) validation and also template rendering
it makes sense to drop the old, single implementation and move to the new,
generic get_config_dict() approach.
Recurring configuration parts like ip-pool, ipv6-pool and nameservers have
also been split our into individual templates which will be included through
Jinja2 - leading to a single-source of the template sections, too.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|