summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2024-09-24Merge pull request #3966 from lucasec/t6630Daniil Baturin
T6630: ntp: support hardware timestamp offload and other mechanisms to improve accuracy
2024-09-21T6630: ntp: move interface timestamping configuration under ptp nodeChristian Breunig
2024-09-21T6630: ntp: rename ptp-transport to ptp and use defaultValue for portChristian Breunig
2024-09-21T6630: ntp: add chrony "ntp over ptp" transportLucas Christian
2024-09-21T6630: ntp: add hardware timestamp offloadLucas Christian
2024-09-21T6630: ntp: add "interleave" optionLucas Christian
2024-09-21lldp: T6727: add missing input validation for interface namesChristian Breunig
There is no input CLI validation on the interface name passed to the LLDP service.
2024-09-19Merge pull request #4061 from c-po/syslog-T5367Daniil Baturin
syslog: T5367: add format option to include timezone in message
2024-09-15bond: T6709: add EAPoL supportChristian Breunig
2024-09-12syslog: T5367: add format option to include timezone in messageChristian Breunig
Add CLI option to include the systems timezone in the syslog message sent to a collector. This can be enabled using: set system syslog host <hostname> format include-timezone
2024-09-12Merge pull request #4046 from nvollmar/T6703Christian Breunig
T6703: Adds option to configure AMD pstate driver
2024-09-12Merge pull request #4021 from natali-rs1985/T6652-currentDaniil Baturin
openfabric: T6652: Add support for OpenFabric protocol
2024-09-12Merge pull request #4041 from natali-rs1985/T6685-currentDaniil Baturin
pppoe-server: T6685: Add options to accept any and blank service names
2024-09-12pppoe-server: T6685: Possibility of any services name or blank in pppoeNataliia Solomko
2024-09-12Merge pull request #4032 from dvlogic/Allow_Container_DNS_DisableChristian Breunig
T6701: Added ability to disable the container DNS plugin
2024-09-11T6703: shorten help descriptionNicolas Vollmar
2024-09-11T6703: Adds option to configure AMD pstate driverNicolas Vollmar
2024-09-11T6294: Service dns forwarding add the ability to configure ZonetoCachekhramshinr
2024-09-11Merge pull request #4023 from nvollmar/T6679Christian Breunig
T6679: add group option for nat66
2024-09-11Merge pull request #4028 from alainlamar/T6693Christian Breunig
T6693: wireless: Enable WiFi-6 (802.11ax) for 2.4GHz AccessPoints
2024-09-11container: T6701: add support to disable container network DNS supportDave Vogel
Add ability to set the container network with a disable-dns setting to disable the DNS plugin that is on be default. set container network <network> no-name-server
2024-09-10T6698: firewall: add matcher for vlan type. (#4027)Nicolás Fort
2024-09-07T6693: wireless: Enable WiFi-6 (802.11ax) for 2.4GHz AccessPointsAlain Lamar
2024-09-04openfabric: T6652: Add support for OpenFabric protocolNataliia Solomko
OpenFabric is a routing protocol providing link-state routing with efficient flooding for topologies like spine-leaf networks. FRR implements OpenFabric in a daemon called fabricd
2024-09-02T6679: add destination groupsNicolas Vollmar
2024-09-02Merge pull request #4018 from nicolas-fort/T6647Daniil Baturin
T6647: firewall. Introduce patch for accepting invalid ARP and DHCP
2024-08-28T6647: firewall. Introduce patch for accepting ARP and DHCP replies on ↵Nicolas Fort
stateful bridge firewall. This patch is needed because ARP and DHCP are marked as invalid connections. Also, add ehternet-type matcher in bridge firewall.
2024-08-27T6681: Add option for SLAAC to support suppress Interval Advertisement in RAsHikari Kongou
2024-08-20Merge pull request #3975 from lucasec/t6183Christian Breunig
T6183: interfaces openvpn: suppport specifying IP protocol version
2024-08-16Merge pull request #3987 from natali-rs1985/T6649-currentDaniil Baturin
ipoe_server: T6649: Accel-ppp separate vlan-mon from listen interfaces
2024-08-15T5794: change firewall priority in oder to be loaded after all interfaces.nicolas
2024-08-15T6649: Accel-ppp separate vlan-mon from listen interfacesNataliia Solomko
2024-08-13T6183: interfaces openvpn: suppport specifying IP protocol versionLucas Christian
2024-08-12T6648: dhcpv6-server: align stateless DHCPv6 options with statefulLucas Christian
2024-08-05firewall: T4694: fix GRE key include path in XMLChristian Breunig
2024-08-05Merge branch 'current' into feature/T4694/gre-match-fieldsChristian Breunig
2024-08-05Merge pull request #3920 from fett0/T6555Christian Breunig
OPENVPN: T6555: add server-bridge options in mode server
2024-08-04firewall: T4694: Adding GRE flags & fields matches to firewall rulesAndrew Topp
* Only matching flags and fields used by modern RFC2890 "extended GRE" - this is backwards-compatible, but does not match all possible flags. * There are no nftables helpers for the GRE key field, which is critical to match individual tunnel sessions (more detail in the forum post) * nft expression syntax is not flexible enough for multiple field matches in a single rule and the key offset changes depending on flags. * Thus, clumsy compromise in requiring an explicit match on the "checksum" flag if a key is present, so we know where key will be. In most cases, nobody uses the checksum, but assuming it to be off or automatically adding a "not checksum" match unless told otherwise would be confusing * The automatic "flags key" check when specifying a key doesn't have similar validation, I added it first and it makes sense. I would still like to find a workaround to the "checksum" offset problem. * If we could add 2 rules from 1 config definition, we could match both cases with appropriate offsets, but this would break existing FW generation logic, logging, etc. * Added a "test_gre_match" smoketest
2024-08-02OPENVPN: T6555: fix name to bridgefett0
2024-08-02T4072: change same helpers in xml definitions; add notrack action for ↵Nicolas Fort
prerouting chain; re introduce <set vrf> in policy; change global options for passing traffic to IPvX firewall; update smoketest
2024-08-01T6570: firewall: add global-option to configure sysctl parameter for ↵Nicolas Fort
enabling/disabling sending traffic from bridge layer to ipvX layer
2024-08-01T4072: firewall: extend firewall bridge capabilities, in order to include ↵Nicolas Fort
new chains, priorities, and firewall groups
2024-08-01Merge pull request #3221 from lucasec/t5873Christian Breunig
T5873: ipsec remote access VPN: support VTI interfaces.
2024-07-31OPENVPN: T6555: add server-bridge options in mode serverfett0
2024-07-31T5657: Add VRF support for zabbix-agentViacheslav Hletenko
To start the service under VRF requires starting under User=root otherwise it had issues with cgroups
2024-07-30pbr: T6430: Allow forwarding into VRFs by name as well as route table IDsAndrew Topp
* PBR can only target table IDs up to 200 and the previous PR to extend the range was rejected * PBR with this PR can now also target VRFs directly by name, working around targeting problems for VRF table IDs outside the overlapping 100-200 range * Validation ensures rules can't target both a table ID and a VRF name (internally they are handled the same) * Added a simple accessor (get_vrf_table_id) for runtime mapping a VRF name to table ID, based on vyos.ifconfig.interface._set_vrf_ct_zone(). It does not replace that usage, as it deliberately does not handle non-VRF interface lookups (would fail with a KeyError). * Added route table ID lookup dict, global route table and VRF table defs to vyos.defaults. Table ID references have been updated in code touched by this PR. * Added a simple smoketest to validate 'set vrf' usage in PBR rules
2024-07-29Merge pull request #3804 from HollyGurza/T6362Daniil Baturin
T6362: Create conntrack logger daemon
2024-07-29Merge pull request #3823 from srividya0208/T6571Daniil Baturin
OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphers
2024-07-28firewall: T4694: Adding rt ipsec exists/missing match to firewall configs ↵talmakion
(#3616) * Change ipsec match-ipsec/none to match-ipsec-in and match-none-in for fw rules * Add ipsec match-ipsec-out and match-none-out * Change all the points where the match-ipsec.xml.i include was used before, making sure the new includes (match-ipsec-in/out.xml.i) are used appropriately. There were a handful of spots where match-ipsec.xml.i had snuck back in for output hooked chains already (the common-rule-* includes) * Add the -out generators to rendered templates * Heavy modification to firewall config validators: * I needed to check for ipsec-in matches no matter how deeply nested under an output-hook chain(via jump-target) - this always generates an error. * Ended up retrofitting the jump-targets validator from root chains and for named custom chains. It checks for recursive loops and improper IPsec matches. * Added "test_ipsec_metadata_match" and "test_cyclic_jump_validation" smoketests
2024-07-25OpenVPN CLI-option: T6571: rename ncp-ciphers with data-cipherssrividya0208