Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-12-30 | configdiff: T4900: cache diff_tree and diff_dict in Config instance | John Estabrook | |
2022-12-19 | T4886: Firewall and route policy: Add connection-mark feature to vyos. | Nicolas Fort | |
2022-12-17 | Merge pull request #1626 from nicolas-fort/fwall_group_interface | Christian Poessinger | |
T4780: Firewall: add firewall groups in firewall. Extend matching cri… | |||
2022-12-12 | Merge pull request #1699 from jestabro/op-mode-openvpn | John Estabrook | |
openvpn: T4770: rewrite op-mode show/reset to use vyos.opmode | |||
2022-12-12 | opmode: T4770: add CommitInProgess error | John Estabrook | |
2022-12-11 | sstp: T4384: initial implementation of SSTP client CLI | Christian Poessinger | |
vyos@vyos# show interfaces sstpc sstpc sstpc10 { authentication { password vyos user vyos } server sstp.vyos.net ssl { ca-certificate VyOS-CA } } | |||
2022-12-10 | vyos.util: T4770: add precision arg, fix typo in bytes_to_human | John Estabrook | |
This is useful in general, but we will add in this context to replace the use of 'bytes2HR' in show_openvpn.py with util.bytes_to_human, while maintaining compatability with original precision=1. | |||
2022-12-04 | T4804: Fix check for PPPoE server local-users | Viacheslav Hletenko | |
We check if local_users is None Check also and empty dict {'access_concentrator': 'vyos-ac', 'authentication': {'local_users': {}, | |||
2022-11-29 | conf-mode: T4820: add support for tagnode argument | John Estabrook | |
2022-11-29 | conf-mode: T4820: add full type hints | John Estabrook | |
2022-11-28 | conf-mode: T4845: add external file for dict of config-mode dependencies | John Estabrook | |
2022-11-28 | frr: T3753: extend ConfigurationNotValid() with failing daemon | Christian Poessinger | |
2022-11-24 | Merge pull request #1641 from Rain/T4612-arbitrary-netmasks | Christian Poessinger | |
firewall: T4612: Support arbitrary netmasks | |||
2022-11-24 | Merge branch 'T4825' of https://github.com/sever-sever/vyos-1x into t4825-veth | Christian Poessinger | |
* 'T4825' of https://github.com/sever-sever/vyos-1x: T4825: Add basic smoketest for veth interfaces T4825: Add interface type veth | |||
2022-11-24 | T4825: Add interface type veth | Viacheslav Hletenko | |
Add interface type veth (Virtual ethernet) One of the usecases it's interconnect different vrf's and default vrf via bridge set interfaces virtual-ethernet veth0 peer-name 'veth1010' set interfaces virtual-ethernet veth1010 address '10.0.0.10/24' set interfaces virtual-ethernet veth1010 peer-name 'veth0' set interfaces virtual-ethernet veth1010 vrf 'foo' set interfaces bridge br0 address '10.0.0.1/24' set interfaces bridge br0 member interface veth0 | |||
2022-11-20 | macvlan: pseudo-ethernet: T2104: _create() should place interface in A/D state | Christian Poessinger | |
2022-11-20 | T4830: nat66: remove external IPv6 check on bracketize_ipv6() | Christian Poessinger | |
vyos.template.bracketize_ipv6() has a build-in check if the supplied address is of IPv6 AFI. No need to code an external check arround that. | |||
2022-11-19 | T4830: nat66: fix how nat66 rules are written in nftables, so translation ↵ | Nicolas Fort | |
works as expected | |||
2022-11-19 | T4780: Firewall: add firewall groups in firewall. Extend matching criteria ↵ | Nicolas Fort | |
so this new group can be used in inbound and outbound matcher | |||
2022-11-18 | IPsec: T4828: raise op-mode error on incorrect value | John Estabrook | |
2022-11-18 | Merge pull request #1662 from jestabro/config-script-dependency | Daniil Baturin | |
firewall: T4821: correct calling of conf_mode script dependencies | |||
2022-11-17 | firewall: T4821: add support for adding conf_mode script dependencies | John Estabrook | |
2022-11-16 | firewall: T4821: add utility to load script as module | John Estabrook | |
2022-11-16 | T4819: Allow printing Warning messages in multiple lines with \n | aapostoliuk | |
Allow printing Warning messages and DeprecationWarning in multiple lines with \n | |||
2022-11-10 | migration: T4808: print configtree operations during migration | John Estabrook | |
Print configtree operations to stdout during migration; the migrator will log the output. | |||
2022-11-10 | migration: T4808: replace custom logging with standard Python logging | John Estabrook | |
2022-11-10 | T4789: Ability to get op-mode raw data for PPPoE L2TP SSTP IPoE | Viacheslav Hletenko | |
Ability to get 'raw' data sessions and statistics for accel-ppp protocols IPoE/PPPoE/L2TP/PPTP/SSTP server | |||
2022-11-03 | Merge pull request #1633 from sarthurdev/fqdn | Christian Poessinger | |
firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT | |||
2022-11-03 | nat: T1877: T970: Add firewall groups to NAT | sarthurdev | |
2022-11-03 | firewall: T970: Refactor domain resolver, add firewall source/destination ↵ | sarthurdev | |
`fqdn` node | |||
2022-11-01 | op-mode: T4791: decamelize raw output of 'show_*' before normalization | John Estabrook | |
2022-10-28 | Merge pull request #1624 from dmbaturin/op-mode-bytes | Viacheslav Hletenko | |
T4779: output raw memory and storage values in bytes | |||
2022-10-28 | Merge pull request #1619 from jestabro/component-version-string | John Estabrook | |
T4291: consolidate component version string read/write functions | |||
2022-10-28 | T4765: handle non-string fields in the raw op mode output normalizer | Daniil Baturin | |
2022-10-28 | T4779: add vyos.util.human_to_bytes | Daniil Baturin | |
2022-10-28 | T4291: consolidate component version string read/write functions | John Estabrook | |
2022-10-25 | vyos.util: T4773: add camel_to_snake_case conversion | John Estabrook | |
2022-10-21 | T4765: support list and primitives in op mode output normalization | create with ansible | |
2022-10-20 | T4765: normalize fields only if 'raw' is true; output must be dict | John Estabrook | |
2022-10-20 | T4765: normalize dict fields in op mode ouputs | Daniil Baturin | |
2022-10-14 | http-api: T4749: transition to config_dict | John Estabrook | |
2022-10-09 | firewall: T3907: Fix firewall state-policy logging | sarthurdev | |
When log-level was introduced node `state-policy x log` was removed without migrator. This commit adds it back and improves log handling. | |||
2022-10-08 | firewall: T4612: Support arbitrary netmasks | Rain | |
Add support for arbitrary netmasks on source/destination addresses in firewall rules. This is particularly useful with DHCPv6-PD when the delegated prefix changes periodically. | |||
2022-09-27 | Merge pull request #1560 from nicolas-fort/T4700 | Christian Poessinger | |
T4700: Firewall: add interface matching criteria | |||
2022-09-26 | ethernet: T4689: support asymetric RFS configuration on multiple interfaces | Christian Poessinger | |
The initial implementation from commit ac4e07f9 ("rfs: T4689: Support RFS (Receive Flow Steering)") always adjusted the global rps_sock_flow_entries configuration. So if RFS was enabled for one NIC but not the other - it did not work. According to the documentation: RFS is only available if the kconfig symbol CONFIG_RPS is enabled (on by default for SMP). The functionality remains disabled until explicitly configured. The number of entries in the global flow table is set through: /proc/sys/net/core/rps_sock_flow_entries The number of entries in the per-queue flow table are set through: /sys/class/net/<dev>/queues/rx-<n>/rps_flow_cnt Both of these need to be set before RFS is enabled for a receive queue. Values for both are rounded up to the nearest power of two. The suggested flow count depends on the expected number of active connections at any given time, which may be significantly less than the number of open connections. We have found that a value of 32768 for rps_sock_flow_entries works fairly well on a moderately loaded server. This commit sets rps_sock_flow_entries via sysctl on bootup leafing the RFS configuration to the interface level. | |||
2022-09-26 | T4700: Firewall: add interface matching criteria | Nicolas Fort | |
2022-09-25 | wireguard: ifconfig: T2653: move Config() import to be local to consumer | Christian Poessinger | |
2022-09-25 | wireguard: ifconfig: T2653: use NamedTemporaryFile() when dealing with ↵ | Christian Poessinger | |
private key This prevents habing any leftover private-key files in /tmp directory. | |||
2022-09-24 | ethernet: T3171: enable RPS (Receive Packet Steering) for all RX queues | Christian Poessinger | |
The initial implementation in commit 9fb9e5cade ("ethernet: T3171: add CLI option to enable RPS (Receive Packet Steering)" only changed the CPU affinity for RX queue 0. This commit takes all RX queues into account. | |||
2022-09-22 | Merge pull request #1521 from sever-sever/T3476 | Christian Poessinger | |
update-check: T3476: Allow update-check for VyOS images |