summaryrefslogtreecommitdiff
path: root/op-mode-definitions
AgeCommit message (Collapse)Author
2024-01-11T5915:firewall: re-add opmode command for zone based firewallNicolas Fort
(cherry picked from commit 62f10e0ec8075634e1515d6cecc822d87053bccb)
2024-01-10T5530: isis: Adding loop free alternate featureCheeze_It
(cherry picked from commit 7a2b70bd73c8579a885348b93b8addfb20fb006c)
2024-01-08pki: T5886: add op-mode commands for log and renewalChristian Breunig
* show log certbot * monitor log certbot * renew certbot (cherry picked from commit 9d02d32319f9328df618910a038ef580588e13c8)
2024-01-07op-mode: T5904: add "show ipv6 route vrf <name> <prefix>" commandChristian Breunig
We've always had a command to display discrete IPv6 routes/prefixes within the global VRF. This commit also adds support for a discrete VRF. vyos@vyos:~$ show ipv6 route vrf <name> Possible completions: <Enter> Execute the current command <h:h:h:h:h:h:h:h> Show IPv6 routes of given address or prefix <h:h:h:h:h:h:h:h/x> (cherry picked from commit 119d94bdb05d0c88bfc452d903e64000b278c43e)
2024-01-03Merge pull request #2745 from vyos/fix-wg-helpDaniil Baturin
op-mode: T5884: correct "generate wireguard" help string (backport)
2024-01-03op-mode: T5890: Fix arguments passed to generate_system_login_user.pyMatthew Kobayashi
(cherry picked from commit 51bb6d0487c5a0918276f142f41ea5bca7b380fc)
2024-01-02op-mode: T5884: correct "generate wireguard" help stringhwlnx
(cherry picked from commit e2c9ffd8bc2d6119b78ec166fe5b90764fb38563)
2023-12-28op-mode: T5866: Add command to restart IPv6 RA daemonChristian Breunig
vyos@vyos:~$ restart router-advert (cherry picked from commit 9d15c7d3fb21648a52b9c06bdc0a5055f8099119)
2023-12-21T2898: add ndp-proxy serviceChristian Breunig
VyOS CLI command set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static' Will generate the following NDP proxy configuration $ cat /run/ndppd/ndppd.conf # autogenerated by service_ndp-proxy.py # This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route route-ttl 30000 # This sets up a listener, that will listen for any Neighbor Solicitation # messages, and respond to them according to a set of rules proxy eth0 { # Turn on or off the router flag for Neighbor Advertisements router no # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds) timeout 500 # Control how long a valid or invalid entry remains in the cache (milliseconds) ttl 30000 # This is a rule that the target address is to match against. If no netmask # is provided, /128 is assumed. You may have several rule sections, and the # addresses may or may not overlap. rule 2001:db8::/64 { static } } (cherry picked from commit 4d721a58020971d00ab854c37b68e88359999f9c)
2023-12-16image-tools: T5751: normalize args using hyphen instead of underscoreJohn Estabrook
(cherry picked from commit bb578a1cab177e8cee6e4d02144d21387ba13a93)
2023-12-16image: T4516: restore select entry to set/delete imageJohn Estabrook
(cherry picked from commit 9ffa3e82d951756696367578dd5e82ef0f690065)
2023-12-16image: T4516: Added system image toolszsdc
This commit adds the whole set of system image tools written from the scratch in Python that allows performing all the operations on images: * check information * perform installation and deletion * versions management Also, it contains a new service that will update the GRUB menu and keep tracking its version in the future. WARNING: The commit contains non-reversible changes. Because of boot menu changes, it will not be possible to manage images from older VyOS versions after an update. (cherry picked from commit 8f94262e8fa2477700c50303ea6e2c6ddad72adb)
2023-12-13srv6: T591: initial implementation to support locator definitionChristian Breunig
VyOS CLI set protocols segment-routing srv6 locator bar prefix '2001:b::/64' set protocols segment-routing srv6 locator foo behavior-usid set protocols segment-routing srv6 locator foo prefix '2001:a::/64' Will generate in FRR segment-routing srv6 locators locator bar prefix 2001:b::/64 block-len 40 node-len 24 func-bits 16 exit ! locator foo prefix 2001:a::/64 block-len 40 node-len 24 func-bits 16 behavior usid exit ! exit ! exit ! exit (cherry picked from commit ca301cdd4746187f96ff84e411fda6a84e33f237)
2023-12-13bgp: T591: add SRv6 support from FRRChristian Breunig
set protocols bgp sid vpn per-vrf export '99' set protocols bgp srv6 locator 'foo' set protocols bgp system-as '100' Will generate in FRR config router bgp 100 no bgp ebgp-requires-policy no bgp default ipv4-unicast no bgp network import-check ! segment-routing srv6 locator foo exit sid vpn per-vrf export 99 exit (cherry picked from commit af46fe54e56cf85d13b62ee771bec3d80f225ac5)
2023-12-09git: T5803: Adjust git configuration for baseline defaultsIndrajit Raychaudhuri
Apply baseline defaults for `.gitattributes` and `.vscode/settings.json` for improved developer experience. The `.gitattrbutes` settings are based on: Git documentation (https://git-scm.com/docs/gitattributes#_effects) GitHub documentation (https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings) Community templates (https://github.com/gitattributes/gitattributes) Since editor-agnostic line-ending specific settings are applied to `.gitattributes`, they can be removed from `.vscode/settings.json`. The global VSCode defaults have also been removed to avoid duplication. (cherry picked from commit c30002208d392177cb1ffc1a5c714f7ad6d573b6)
2023-12-08login: T4943: use pam-auth-update to enable/disable Google authenticatorChristian Breunig
The initial version always enabled Google authenticator (2FA/MFA) support by hardcoding the PAM module for sshd and login. This change only enables the PAM module on demand if any use has 2FA/MFA configured. Enabling the module is done system wide via pam-auth-update by using a predefined template. Can be tested using: set system login user vyos authentication plaintext-password vyos set system login user vyos authentication otp key 'QY735IG5HDHBFHS5W7Y2A4EM274SMT3O' See https://docs.vyos.io/en/latest/configuration/system/login.html for additional details. (cherry picked from commit e134dc4171b051d0f98c7151ef32a347bc4f87e2)
2023-12-07op-mode: T5808: Correction of description for ipv6 ospfv3 graceful-restartsrividya0208
(cherry picked from commit 21ad36aa8789b28311fa04f8add14388057a67ad)
2023-12-07T5778: dhcp server: fix op-mode command <show dhcp server leases ...>.Nicolas Fort
(cherry picked from commit 57761a370d2217eeb79827e8c20384f6de649c66)
2023-11-22vxlan: T5753: add support for VNI filteringChristian Breunig
In a service provider network a service provider typically supports multiple bridge domains with overlapping vlans. One bridge domain per customer. Vlans in each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to each customer. Without the ability of VNI filtering, we can not provide VXLAN tunnels with multiple tenants all requiring e.g. VLAN 10. To Test: set interfaces vxlan vxlan987 parameters external set interfaces vxlan vxlan987 source-interface eth0 set interfaces vxlan vxlan987 parameters vni-filter set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050 set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051 set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052 set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053 set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054 set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060 set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069 set interfaces bridge br0 member interface vxlan987 Add new op-mode command: show bridge vni Interface VNI ----------- ----------- vxlan987 10050-10054 vxlan987 10060 vxlan987 10069 (cherry picked from commit 35f6033d21053fa420e837f157cd9377a4ccd26a)
2023-11-19Merge pull request #2498 from nicolas-fort/T4072-sagittaChristian Breunig
T4072: firewall: backport bridge firewall to sagitta
2023-11-18T5749: Swap show interfaces and show interfaces summaryViacheslav Hletenko
By default show VRF, MAC, MTU for `show interfaces` The original `show interfaces` moved to `show interfacces summary` (cherry picked from commit 056885c02b8671279808c226a759de6c5356f578)
2023-11-16T4072: firewall: backport bridge firewall to sagittaNicolas Fort
2023-11-16Merge pull request #2489 from vyos/mergify/bp/sagitta/pr-2476Christian Breunig
pim(6): T5733: add missing FRR related features (backport #2476)
2023-11-16T5747: op-mode add MAC and MTU for show interfaces summaryViacheslav Hletenko
Add op-mode "show interfaces summary" Add MAC, VRF and MTU options: vyos@r4# run show interfaces summary Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1 eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2 eth3 - 52:54:00:09:a4:b4 default 1500 A/D (cherry picked from commit dc3906f04fbfe8014531e092a77c1c8c2d10dfe0)
2023-11-16op-mode: vrf: T5150: add "show vrf vni" and "show vrf <name> vni" commandsChristian Breunig
vyos@vyos:~$ show vrf vni VRF VNI VxLAN IF L3-SVI State Rmac blue 2000 None None Down None green 3000 None None Down None red 1000 None None Down None vyos@vyos:~$ show vrf blue vni VRF VNI VxLAN IF L3-SVI State Rmac blue 2000 None None Down None (cherry picked from commit 2fb763ffbc5c5babe552ec97c06570c54ea4aad8)
2023-11-15pim6: T5733: add missing FRR PIM6 related featuresChristian Breunig
(cherry picked from commit 403d2ffd6e46cb082b1d16ddf515e1784bee968c) # Conflicts: # data/templates/frr/pim6d.frr.j2 # interface-definitions/protocols-pim6.xml.in # smoketest/scripts/cli/test_protocols_pim6.py # src/conf_mode/protocols_pim6.py
2023-11-15pim: T5733: fix CLI level of global PIM commandsChristian Breunig
(cherry picked from commit dd13213ae94f071bc30cc17f5fabef02fbf95939)
2023-11-15igmp: T5736: migrate "protocols igmp" to "protocols pim"Christian Breunig
IGMP and PIM are two different but related things. FRR has both combined in pimd. As we use get_config_dict() and FRR reload it is better to have both centrally stored under the same CLI node (as FRR does, too) to just "fire and forget" the commit to the daemon. "set protocols igmp interface eth1" -> "set protocols pim interface eth1 igmp" (cherry picked from commit bc83fb097719f5c4c803808572f690fbc367b9e5)
2023-11-15pim: T5733: add missing FRR PIM related featuresChristian Breunig
Migrate CLI configuration retrival to common get_config_dict(). In addition add new functionality to VyOS that is PIM related and already available in FRR. (cherry picked from commit 9abc02edcc237760f1f8aa1b3f08d7f4d18f866c) # Conflicts: # python/vyos/frr.py # src/op_mode/restart_frr.py
2023-11-15Merge pull request #2474 from vyos/mergify/bp/sagitta/pr-2435Christian Breunig
mtr: T5658: Add VRF support for mtr (+ op_mode wrapper) (backport #2435)
2023-11-13Merge pull request #2445 from c-po/sagittaChristian Breunig
op-mode: bgp: T5698: add "es-vrf" and "next-hops" CLI commands (backport)
2023-11-12op-mode: T5658: fix "monitor traceroute" completion helperChristian Breunig
(cherry picked from commit c0de93d37354ec89f44dde7f1b5a4c8af550a019)
2023-11-12op-mode: T5658: adjust "monitor traceroute" CLI argument indexChristian Breunig
(cherry picked from commit 709c578e123bcf258eba1d15842b63eb63413523)
2023-11-12op-mode: T5658: add VRF support for "monitor traceroute"bbabich
(cherry picked from commit 07ecc0c33fb32878cac25ec84f2f3a977588f0dd)
2023-11-09T1797: Remove vpp packages and mentionsViacheslav Hletenko
2023-11-07mdns: T5719: Add op-mode commands to mDNS repeaterIndrajit Raychaudhuri
The following ones are available now: - restart mdns repeater - show log mdns repeater - monitor log mdns repeater (cherry picked from commit ace8a25552fa7f2b2369a385ed8933feb66f355b)
2023-11-06op-mode: bgp: T5698: add "es-vrf" and "next-hops" CLI commandsChristian Breunig
show bgp l2vpn evpn es-vrf show bgp l2vpn evpn next-hops (cherry picked from commit f4b1df3c84072624060e13a6099d2032e0a4ee47)
2023-11-06op-mode: bgp: T5698: fix "rd" route-distinguisher help stringChristian Breunig
(cherry picked from commit 43288b57d8dc79a12a9bedd6386d81c85bd00149)
2023-11-02T5513: opmode command show firewall - Manual backportNicolas Fort
2023-10-29op-mode: T5661: add "monitor ssh dynamic-protection" command to follow the ↵Christian Breunig
logfile (cherry picked from commit 78e00bf4099bfac2164ef2075acce8169c40c9c3)
2023-10-29op-mode: T5661: remove call to sudo in ssh.py and move it to XML definitionChristian Breunig
Try to have as few calls to sudo in the op-mode scripts as possible. The XML definitions can deal with it. (cherry picked from commit 428dee29d36cc3629990ec41afef887821886834)
2023-10-29op-mode: T5661: use common journalctl syntax for sshguardChristian Breunig
This makes the code more easy to maintain in the future if everyone uses the same structure when calling journalctl. (cherry picked from commit e1b4e972b40941acec76c97e714767214cefe426)
2023-10-28T5661: Add show ssh dynamic-protection and show log ssh dynamic-protectionJeffWDH
2023-10-28T5653: Command to display SSH server fingerprintJeffWDH
2023-10-18T4913: migrate wireless scripts to new op-mode styleChristian Breunig
(cherry picked from commit ed29faeea1354dc2bec544c63e55c1c666e0d900)
2023-10-16op-mode: T5642: 'generate tech-support archive' moved to vyos-1xaapostoliuk
'generate tech-support archive' moved to vyos-1x. Output of 'show tech-support report' command is added to archive. The default location of the archive is moved to '/tmp'. The script is rewritten to Python. (cherry picked from commit 65911b17340a7894aba973113d83ab43964bbf99)
2023-09-26Merge pull request #2311 from vyos/mergify/bp/sagitta/pr-2308Christian Breunig
firewall: T5160: Remove zone policy op-mode (backport #2308)
2023-09-26firewall: T5160: Remove zone policy op-modesarthurdev
(cherry picked from commit 9b9b37e9cbb225eaacac2ad8cb03bef735fed117)
2023-09-26T5497: op-mode: Add generate firewall rule-resequenceViacheslav Hletenko
Add op-mode command `generate firewall rule-resequence` Generates output with new sequences for firewall rules set firewall ipv4 input filter rule 1 action 'accept' set firewall ipv4 input filter rule 1 description 'Allow loopback' $ generate firewall rule-resequence start 10 step 10 set firewall ipv4 input filter rule 10 action 'accept' set firewall ipv4 input filter rule 10 description 'Allow loopback' (cherry picked from commit 7ad1e8c7d3440046dce2ffa7bcb70a38bfddc298)
2023-09-22op-mode: raid: T5608: define add/delete raid memberJohn Estabrook
(cherry picked from commit 2d3f3297b575f88662495e14a7c7324ff73b6bfc)