summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2023-06-04dns: T5144: Apply migration for dynamic dns path updateIndrajit Raychaudhuri
Create migration and bump package version from 0 -> 1 for dynamic dns
2023-06-03dns: T5144: Modernize dynamic dns operationIndrajit Raychaudhuri
Apply next round of configuration tree updates to 'service dns dynamic' with the following changes: - Migrate `service dns dynamic interface <interface> [use-web]` to `service dns dynamic address <interface>` or `service dns dynamic address web [web-options]` This communicates the intent that dynamic dns IP address is detected in only one way - using the `<interface>` or using an external web request, not both. - When using external web request, (`service dns dynamic address web`), external url is optional (`web-options url`). Ddclient defaults are used when unspecified, - Rename all config `login` to `username` for consistency and also to align better with alternative ddclient backends in consideration. - Apply global 'ipv6-enable' to per service 'ip-version: ipv6'. Selecting usage of IPv4 or IPv6 (or both simultaneously) is now at per service (protocol) level instead of global level. This allows more control on the ability to select IPv4 in some cases and IPv6 in some other cases wherever supported by the underlying ddclient protocol. - While the IP address (and by extension, the detection mechanism) is global, the way it is applied to a particular ddclient protocol depends on whether it supports IPv4 or IPv6 or both. - Related to the above, this also prevents generating incorrect config file (`ddclient.conf`) with multiple global sections leading to an unpredictable behavior of ddclient. - Implement provider (protocol) specific custom tweaks whenever possible (e.g., `zone`, `username`, `server` are not necessary in all cases). - Move service name from a combination of 'protocol' (with protocol config autodetected) and custom (with protocol config specified) to a single 'service' key. This allows for consisent setup of multiple config for the same ddclient protocol (with different options and credentials). This also avoid ambiguity with usual networking term 'protocol' and ddclient specific term 'protocol' (and can change with a move to a different backend). - Apply upfront XML constraints and validations consistently wherever applicable. - RFC2136 specific change: Rename rfc2136 config `record` to `host-name` for consistency. - Cloudflare specific change: While ddclient still supports authenticating with email and global auth key, skipping `username` in config will indicate the intent to use API token authentication (with special 'token' literal as `username`).
2023-06-03netns: xml: T3829: fix format stringChristian Breunig
2023-05-26geneve: T2630: change lower limit MTU to 1200 bytesChristian Breunig
2023-05-24T5237: Add support VLANs and QinQ for virtual-ethernet interfacesViacheslav Hletenko
Ability to use 'vif' and 'vif-s' for virtual-ethernet "vethX" interfaces set interfaces virtual-ethernet veth10 vif 50
2023-05-19Merge pull request #2014 from ServerForge/currentChristian Breunig
T5230: Added missing enforce-first-as option to bgp protocol common c…
2023-05-19T5230: Added missing enforce-first-as option to bgp protocol common config ↵Wered
and frr bgp jinja template.
2023-05-19T5222: reverse-proxy add send-proxy option for backend serverViacheslav Hletenko
To accept a Proxy Protocol header on incoming TCP connections, add an accept-proxy parameter to the bind line in a frontend section. This parameter detects both Proxy Protocol version 1 (text format) and Proxy Protocol version 2 (binary format). set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
2023-05-19T5222: Refactoring load-balancing reverse-proxyViacheslav Hletenko
Improve and refactoring "load-balancing reverse-proxy" - replace 'reverse-proxy server <tag>' => 'reverse-proxy service <tag>' - replace 'reverse-proxy global-parameters tls <xxx>' => 'reverse-proxy global-parameters tls-version-min xxx' => 'reverse-proxy global-parameters ssl-bind-ciphers xxx' - replace 'reverse-proxy service https rule <tag> set server 'xxx' => 'reverse-proxy service https rule <tag> set backend 'xxx' 'service https rule <tag> domain-name xxx' set as multinode
2023-05-18mdns: T5227: Relax 'allow-service' patternIndrajit Raychaudhuri
Relax allow service pattern to allow for '.' as well for SRV records.
2023-05-17reverse-proxy: T5222: improve help stringsChristian Breunig
2023-05-17reverse-proxy: T5222: combine ipv4/ipv6-address validatorsChristian Breunig
Sync up with commit 96d846d27ac ("T5226: Combine ipv4-address and ipv6-address validators")
2023-05-17reverse-proxy: T5222: use common XML building blocks for alpha numeric ↵Christian Breunig
constraint
2023-05-17Merge pull request #2004 from sever-sever/T5222Christian Breunig
T5222: Add load-balancing for web traffic
2023-05-17Merge pull request #2008 from indrajitr/misc-conf-mode-fixesChristian Breunig
T5226: Standardize hostname and IP address validators and constraints
2023-05-17T5222: Add load-balancing for web trafficViacheslav Hletenko
2023-05-17mdns: T5227: Add support for browse domains and service filtersIndrajit Raychaudhuri
Allow listing additional browse domains (in addition to the default 'local') so that custom domains can be reflected. Additionally, allow filtering the services that are allowed to be reflected across multiple (V)LANs.
2023-05-16T5226: Fix typo in XML include headersIndrajit Raychaudhuri
2023-05-16T5226: Make host-name constraints to consistent everywhereIndrajit Raychaudhuri
Make host-name constraints consistent across all definitions
2023-05-16T5226: Combine ipv4-address and ipv6-address validatorsIndrajit Raychaudhuri
Use a single ip-address validator to combine and replace ipv4-address and ipv6-address validators.
2023-05-14Merge pull request #2007 from frebib/veth-netns-revertChristian Breunig
Revert "veth: T3829: Allow moving veth into netns"
2023-05-14Revert "veth: T3829: Allow moving veth into netns"Joe Groocock
netns management for any Vyos interfaces doesn't work past the initial creation, because Vyos always tries to recreate it/move it into the netns even though it already exists. Until this is fixed, don't let anyone even attempt to use this: set interfaces virtual-ethernet veth10 peer-name 'veth100' set interfaces virtual-ethernet veth100 netns 'ns01' set interfaces virtual-ethernet veth100 peer-name 'veth10' set netns name ns01 commit vyos@r14# sudo ip netns exec ns01 ip link show 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 12: veth100@if13: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether ee:8f:0b:bd:a2:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0 [edit] vyos@r14# set interfaces virtual-ethernet veth100 description MyNetns commit Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 111, in <module> apply(c) File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 101, in apply p.update(veth) File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1413, in update self.set_netns(config.get('netns', '')) File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 552, in set_netns self.set_interface('netns', netns) File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 183, in set_interface return self._set_command(self.config, name, value) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 110, in _set_command return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd)) ^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd return cmd(command, self.debug) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd raise OSError(code, feedback) PermissionError: [Errno 1] failed to run command: ip link set dev veth100 netns ns01 returned: exit code: 1 noteworthy: cmd 'ip link set dev veth100 netns ns01' returned (out): returned (err): Cannot find device "veth100" This reverts commit f5cc8453860568351cd9b3b7a05d06e1462460e8.
2023-05-12ocserv: T3896: improve XML definition and add warning about 3rd party configsChristian Breunig
When enabling identity-based-config, users can add arbitrary config keys that are processed by ocserv. The user "must know" what he is been doing, as invalid config option will make the ocserv daemon go ... whoop! Thus add a warning and inform the user about this setting.
2023-05-12Merge pull request #1783 from PeppyH/T3896-ocserv-config-per-xChristian Breunig
ocserv: T3896: add CLI options to configure ocserv config-per-user/group
2023-05-11T5171: Set default value icmp for load-balancing test checkViacheslav Hletenko
Use 'ICMP' type check as default
2023-05-10Merge pull request #1996 from frebib/veth-netnsChristian Breunig
veth: T3829: Allow moving veth into netns
2023-05-10veth: T3829: Allow moving veth into netnsJoe Groocock
This makes netns infinitely more useful as they can be chained together in many ways to build complex network structures all on the host. Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-10Merge pull request #1987 from dmbaturin/T5251-vrrp-group-pingChristian Breunig
T5215: add a built-in ping check for VRRP groups
2023-05-10vrrp: T5215: Add built-in ping check for VRRP groupsDaniil Baturin
2023-05-10T5213: Add accounting-interim-interval option for L2TP-serverViacheslav Hletenko
Add RADIUS accounting-interim-interval option for L2TP-server Specifies interval in seconds to send accounting information (may be overridden by radius Acct-Interim-Interval attribute) set vpn l2tp remote-access authentication radius accounting-interim-interval '120'
2023-05-09Merge pull request #1984 from sever-sever/T5060Christian Breunig
T5060: Add disable option for high-availability
2023-05-09Merge pull request #1985 from c-po/t2778-syslogChristian Breunig
syslog: T2778: T2769: refactoring and VRF support
2023-05-09T5213: Add accounting-interim-interval option for PPPoE IPoE SSTPViacheslav Hletenko
Add RADIUS accounting-interim-interval option for PPPoE/IPoE/SSTP servers. Specifies interval in seconds to send accounting information (may be overridden by radius Acct-Interim-Interval attribute) set service pppoe-server authentication radius accounting-interim-interval '60'
2023-05-08syslog: T2769: add VRF supportChristian Breunig
Allow syslog messages to be sent through a VRF (e.g. management).
2023-05-08syslog: T2778: migrate to get_config_dict()Christian Breunig
2023-05-08T4780: bump firewall version 9 -> 10Christian Breunig
2023-05-08T5060: Add disable option for high-availabilityViacheslav Hletenko
Add 'maintenance mode' (option disable) for high-availability set high-availability disable
2023-05-08Merge pull request #1964 from indrajitr/ddclient-improvement-round-1Christian Breunig
dns: T5144: Improve dynamic DNS validations and completions
2023-05-08dns: T4144: additional improvements to dynamic DNS XML definitionsChristian Breunig
* Re-use XML building blocks when poossible * Use XML constraints when possible (password) * Capitalize protocols (HTTP) in <help> strings
2023-05-06lldp: T671: use the new interface list generator for LLDP helpDaniil Baturin
2023-05-05syslog: T2769: xml: improve completion helpersChristian Breunig
2023-05-05syslog: T2769: xml: provide common facility building blockChristian Breunig
2023-05-05syslog: T2769: xml: provide common constraint for system usernamesChristian Breunig
2023-05-04dns-forwarding: T5193: implement NS resource typeChristian Breunig
2023-05-04dns-forwarding: T5193: cleanup help stringsChristian Breunig
Remove superfluous quotes on resource types.
2023-05-04Merge pull request #1973 from sever-sever/T5171Christian Breunig
T5171: Use XML for loadbalancing wan instead of old templates
2023-05-02T5171: Rewrite load-balancing wan to XML and python3Viacheslav Hletenko
Use XML and python3 for 'load-balancing wan' Use Jinja2 templates instead of old vyatta-wanloadbalance.pl to generate configuration '/run/load-balance/wlb.conf' wich used by /opt/vyatta/sbin/wan_lb
2023-05-02T5163: Add match protocol filter for route-mapViacheslav Hletenko
Ability to match 'source-protocol' for the route-map filters set policy route-map foo rule 10 action 'permit' set policy route-map foo rule 10 match protocol 'bgp'
2023-04-29static: T5161: add BFD monitoring for static IPv6 routesfett0
2023-04-29static: T5161: add BFD monitoring for static routesfett0