summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2020-06-22console-server: T2588: migrate to defaults from XML interface definitionsChristian Poessinger
2020-06-22xml: ssh: fix typo in service descriptionChristian Poessinger
2020-06-22dns-forwarding: T2486: fix warning about missing terminating ' characterChristian Poessinger
2020-06-22Merge pull request #452 from jjakob/T2486-dns-hostsd-fixesDaniil Baturin
T2486: DNS, vyos-hostsd fixes
2020-06-19console-server: T2490: set service priority to 990Christian Poessinger
... to ensure the service is started very late.
2020-06-19console-server: T2490: remove superfluous "port" node from XML definitionChristian Poessinger
2020-06-18console-server: T2490: rename CLI to console-serverChristian Poessinger
2020-06-18console-server: T2490: add SSH supportChristian Poessinger
A user can define a port under the SSH node per device. WHen connecting to that port and authenticating using regular credentials we will immediately drop to the serial console. This is the same as executing "connect serial-proxy <name>".
2020-06-18console-server: T2490: move CLI parsing to get_config_dict()Christian Poessinger
For more examples on the new get_config_dict() approach migrate this implementation as it is not yet in production use. Also this serves as proof of concept code for further migrations.
2020-06-18console-server: T2490: add default CLI valuesChristian Poessinger
2020-06-18console-server: T2490: rename CLI to "serial-proxy"Christian Poessinger
2020-06-18console-server: T2490: use new USB ports "by-bus"Christian Poessinger
2020-06-18console-server: T2490: use "ls" for completion helperChristian Poessinger
Using "ls" is much faster compared to "find ... -exec basename"
2020-06-18console-server: T2490: initial supportChristian Poessinger
2020-06-17login: radius: T2299: Move RADIUS priority XML definitions to system-login.xmlDmitriyEshenko
2020-06-17login: radius: T2299: Implement RADIUS servers priorityDmitriyEshenko
2020-06-14wireless: T2354: add new validator for phy interfacesChristian Poessinger
2020-06-13snmp: T2321: add VRF supportChristian Poessinger
2020-06-13ntp: T2321: add VRF supportChristian Poessinger
2020-06-11dns forwarding: T2486: add conf nodes 'addnta', 'recursion-desired', migratorJernej Jakob
Add new nodes for 'service dns forwarding domain': 'addnta': adds addNTA to lua-config-file 'recursion-desired': sets '+' before the zone in forward-zones-file The migrator sets both options for all configured domains. This is usually the desired config.
2020-06-11system: T2486: migrate disable-dhcp-nameservers to name-servers-dhcpJernej Jakob
The previous implementation only supported disabling DHCP nameservers for all interfaces, and was implemented improperly so it didn't work anyway. This migrates it to name-servers-dhcp <interface>, which allows us to enable just the interfaces we want to use for system DNS, identical in syntax to 'service dns forwarding dhcp <interface>'. The migrator searches through all interfaces that have address 'dhcp(v6)?' and adds them to the name-servers-dhcp list if disable-dhcp-nameservers is not set, else it does nothing.
2020-06-11ssh: T2321: add VRF supportChristian Poessinger
2020-06-09console: T2529: migrate from ttyUSB device to new device in /dev/serial/by-busChristian Poessinger
During testing it was discovered that there is a well known problem (we had for ethernet interfaces) also in the serial port world. They will be enumerated and mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially painful on my development APU4 board which also has a Sierra Wireless MC7710 LTE module installed. The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the amount of serial port extenders attached (FT4232H). The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves this by enumerating the devices into /dev/serial/by-id folder with their name and serial number - it's a very good idea but I've found that not all of the FT4232H dongles have a serial number programmed - this leads to the situation that when you plug in two cables with both having serial number 0 - only one device symlink will appear - the previous one is always overwritten by the latter one. Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus directory and group devices by attached USB root port.
2020-06-09console: T2569: initial implementation with XML and PythonChristian Poessinger
Migrate the serial console subsystem to XML and Python.
2020-06-09wwan: T2529: add XML device constraintChristian Poessinger
2020-06-07wwan: T2529: harden device completion helperChristian Poessinger
Commit 1c7d7cbd39 ("wwan: T2529: migrate device from ttyUSB to usbXbY.YpZ.Z") added a new completion helper path for USB based serial interfaces. If no USB based serial port was available on the system this produced the following error: "ls: cannot access '/dev/serial/by-bus': No such file or directory" Only list USB based serial interfaces if there is at least one connected to the system.
2020-06-07wwan: T2529: migrate device from ttyUSB to usbXbY.YpZ.ZChristian Poessinger
During testing it was discovered that there is a well known problem (we had for ethernet interfaces) also in the serial port world. They will be enumerated and mapped to /dev/ttyUSBxxx differently from boot to boot. This is especially painful on my development APU4 board which also has a Sierra Wireless MC7710 LTE module installed. The serial port will toggle between ttyUSB2 and ttyUSB5 depending on the amount of serial port extenders attached (FT4232H). The shipped udev rule (/usr/lib/udev/rules.d/60-serial.rules) partly solves this by enumerating the devices into /dev/serial/by-id folder with their name and serial number - it's a very good idea but I've found that not all of the FT4232H dongles have a serial number programmed - this leads to the situation that when you plug in two cables with both having serial number 0 - only one device symlink will appear - the previous one is always overwritten by the latter one. Derive /usr/lib/udev/rules.d/60-serial.rules and create a /dev/serial/by-bus directory and group devices by attached USB root port. vyos@vyos:~$ find /dev/serial/by-bus/ -name usb* -exec basename {} \; | sort usb0b1.3p1.0 usb0b1.3p1.2 usb0b1.3p1.3 usb0b2.4p1.0 usb0b2.4p1.1 usb0b2.4p1.2 usb0b2.4p1.3 So we have USB root 0 with bus 1.3 and port 1.0. The enumeration is constant accross reboots.
2020-06-06isis: T2495: add XML definitions for "protocol isis"Viacheslav Hletenko
2020-06-05Merge pull request #443 from mrozentsvayg/openvpn-T2550-ipv4-remote-hostChristian Poessinger
openvpn: T2550: fix for IPv4 remote-host addresses
2020-06-04openvpn: T2550: fix for IPv4 remote-host addressesMikhail Rozentsvayg
Commit bb9f998 added IPv6 support for OpenVPN, but IPv4 only configurations stopped working (Address family for hostname not supported) Commit fc467519 fixed some scenarios by using IPv4 protocols if 'local-host' is IPv4 address, but the client mode is using 'remote-host' instead and was still broken. This commit in addition to 'local-host' also checks all the 'remote-host' addresses.
2020-06-05T2548: interface address does not support IP network definitionChristian Poessinger
When migrating all single instances of the IP address XML definition to the reusable include file an error was ported, too. This allowed an interface be assigned an IPv4/IPv6 network address es e.g. 192.0.2.0/24 which is invalid. The validator has been fixed to only allow IPv4/IPv6 host addresses instead.
2020-06-04rip-xml: T2547: XML for conf-mode protocol RIPsever-sever
2020-06-01bgp: T2387: move "aggregate address" to XML includeChristian Poessinger
2020-06-01firewall: T1843: no need to call "sudo" for ownerChristian Poessinger
2020-06-01nat: T2198: no need to call "sudo" for ownerChristian Poessinger
2020-05-31openvpn: T2532: add VRF supportChristian Poessinger
2020-05-30vrf: T2530: instance name must be 15 characters or lessChristian Poessinger
2020-05-29wwan: T1988: add CLI completion helper for "device" nodeChristian Poessinger
2020-05-26dhcpv6-pd: pppoe: T2506: restructure CLIChristian Poessinger
Rename the CLI nodes for prefix delegation from "dhcpv6-options delegate <interface>" to "dhcpv6-options prefix-delegation interface <interface>". The change is required to add the possibility to request for specific prefix sized via the CLI. That option was not possible with the old configuration tree.
2020-05-26bgp: xml: T2387: fix warning: missing terminating ' characterChristian Poessinger
2020-05-24fromdos: fix wrong line encodingChristian Poessinger
2020-05-22macsec: T2491: add replay window protectionChristian Poessinger
2020-05-21macsec: T2023: add valueHelp for MKA keysChristian Poessinger
2020-05-21macsec: T2023: support MACsec Key Agreement protocol actor priorityChristian Poessinger
2020-05-21macsec: T2023: rename "security key" node to "security mka"Christian Poessinger
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that.
2020-05-21macsec: T2023: use wpa_supplicant for key managementChristian Poessinger
2020-05-21macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" nodeChristian Poessinger
This is best suited as a key is required, too.
2020-05-21macsec: T2023: remove gcm-aes-256 cipher typeChristian Poessinger
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2.
2020-05-21macsec: T2023: add optional encryption commandChristian Poessinger
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt
2020-05-21macsec: T2023: add initial XML and Python interfacesChristian Poessinger