vyos-1x.git - VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git)

Age	Commit message (Collapse)	Author
2023-09-09	vxlan: T3700: support VLAN tunnel mapping of VLAN aware bridges	Christian Breunig
	FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a VNI is configured against a container VXLAN interface which is referred to as a 'Single VXLAN device (SVD)'. Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI. Sample configuration of SVD with VLAN to VNI mappings is shown below. set interfaces bridge br0 member interface vxlan0 set interfaces vxlan vxlan0 external set interfaces vxlan vxlan0 source-interface 'dum0' set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010' set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011' set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030' set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031'
2023-09-08	Merge pull request #2222 from nicolas-fort/T4072-fwall-bridge	Christian Breunig
	T4072: add firewall bridge filtering.
2023-09-07	T4072: add firewall bridge filtering. First implementation only applies for ↵	Nicolas Fort
	forward chain and few matchers. Should be extended in the future.
2023-09-07	config-mgmt: T5556: fix bug in revision to archive update	John Estabrook

2023-09-06	conf-mode: T5412: add support for supplemental dependency definitions	John Estabrook
	Add support for defining config-mode dependencies in add-on packages.
2023-09-06	Merge pull request #2199 from sarthurdev/T4309	Christian Breunig
	conntrack: T4309: T4903: Refactor `system conntrack ignore`, add IPv6 support and firewall groups
2023-09-06	Merge pull request #2208 from sarthurdev/T5550	Christian Breunig
	interface: T5550: Interface source-validation priority over global value
2023-09-05	config-mgmt: T5353: after updated save-config, one can include init rev	John Estabrook
	The legacy config-mgmt/save-config tools had an abiding bug that would raise an error if comparing/reading the init archive; this is no longer an issue.
2023-09-05	config-mgmt: T5353: correct update check during boot	John Estabrook

2023-09-05	config-mgmt: T5353: only add log entry if archiving	John Estabrook

2023-09-05	interface: T5550: Interface source-validation priority over global value	sarthurdev
	- Migrate IPv4 source-validation to nftables - Interface source-validation value takes priority, fallback to global value
2023-09-05	Merge branch 'netns' into current	Christian Breunig
	* netns: smoketest: T5241: re-work netns assertions and provide common utility helper netns: T5241: simplify network namespace handling netns: T5241: improve get_interface_namespace() robustness netns: T5241: use common interface_exists() helper netns: T5241: provide is_netns_interface utility helper T5241: Support netns for veth and dummy interfaces
2023-09-05	smoketest: T5241: re-work netns assertions and provide common utility helper	Christian Breunig

2023-09-05	netns: T5241: simplify network namespace handling	Christian Breunig

2023-09-04	conntrack: T4309: T4903: Refactor `system conntrack ignore` rule generation, ↵	sarthurdev
	add IPv6 support and firewall groups
2023-09-04	T5533: Fix VRRP IPv6 group enters in FAULT state	Viacheslav Hletenko
	Checks if an IPv6 address on a specific network interface is in the tentative state. IPv6 tentative addresses are not fully configured and are undergoing Duplicate Address Detection (DAD) to ensure they are unique on the network. inet6 2001:db8::3/125 scope global tentative It tentative state the group enters in FAULT state. Fix it
2023-09-03	netns: T5241: improve get_interface_namespace() robustness	Christian Breunig

2023-09-03	netns: T5241: use common interface_exists() helper	Christian Breunig

2023-09-03	netns: T5241: provide is_netns_interface utility helper	Christian Breunig

2023-09-03	Merge branch 'T5241-control-edition' of ↵	Christian Breunig
	https://github.com/sever-sever/vyos-1x into netns * 'T5241-control-edition' of https://github.com/sever-sever/vyos-1x: T5241: Support netns for veth and dummy interfaces
2023-08-31	Merge pull request #2190 from sarthurdev/T4782	Christian Breunig
	eapol: T4782: Support multiple CA chains
2023-08-31	eapol: T4782: Support multiple CA chains	sarthurdev

2023-08-28	T5519: Fix `vyos.utils.process.call` hangs	Yuxiang Zhu
	See https://vyos.dev/T5519 for more information.
2023-08-25	interface: T3509: Add per-interface IPv6 source validation	sarthurdev

2023-08-23	save-config: T4292: rewrite vyatta-save-config.pl to Python	John Estabrook

2023-08-23	Merge pull request #2162 from nicolas-fort/T5472	Christian Breunig
	T5472: nat redirect: allow redirection without defining redirected port
2023-08-23	vrf: T5428: move helpers to common vyos.utils.network module	Christian Breunig
	Helper functions can and will be re-use din different code places.
2023-08-23	Merge pull request #2142 from nicolas-fort/T5450	Christian Breunig
	T5450: allow inverted matcher for interface and interface-group
2023-08-23	T5472: nat redirect: allow redirection without defining redirected port	Nicolas Fort

2023-08-23	T5450: update smoketest and interface definition in order to work with new ↵	Nicolas Fort
	firewall cli
2023-08-23	Merge pull request #2156 from giga1699/T5447	Christian Breunig
	T5447: Initial support for MACsec static keys
2023-08-20	T5447: Remove redundant self.set_admin_state	Giga Murphy

2023-08-20	T5447: Update copyright years	Giga Murphy

2023-08-20	T5447: Corrected comment in _create header	Giga Murphy

2023-08-20	T5447: Corrected comment for interface down	Giga Murphy

2023-08-20	T5447: Implement maintainer feedback	Giga Murphy

2023-08-18	T5447: Initial support for MACsec static keys	Giga Murphy

2023-08-17	Merge pull request #2130 from aapostoliuk/T5409-sagitta	Christian Breunig
	wireguard: T5409: Added 'set interfaces wireguard wgX threaded'
2023-08-17	wireguard: T5409: rename threaded CLI not to per-client-thread	Christian Breunig
	Using threaded as CLI node is a very deep term used by kernel threads. To make this more understandable to users, rename the node to per-client-thread. It's also not necessary to test if any one peer is configured and probing if the option is set. There is a base test which requires at least one peer to be configured.
2023-08-12	Merge pull request #2117 from zdc/T5410-sagitta	Daniil Baturin
	utils: T5410: Extended supported types in `convert_data()`
2023-08-11	ipv6: T5464: add support for per-interface dad (duplicate address detection) ↵	Christian Breunig
	setting
2023-08-11	ipv6: T5464: use proper XML default for DAD transmits	Christian Breunig
	This is only a cosmetic change so that the default value is properly retrieved from the defaultValue XML node.
2023-08-11	T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵	Nicolas Fort
	firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip.
2023-08-11	T5160: firewal refactor: fix tabulation for geo-ip parsing code. Typo fix in ↵	Nicolas Fort
	firewall smoketest
2023-08-11	T5160: firewall refactor: change firewall ip to firewall ipv4	Nicolas Fort

2023-08-11	T5160: firewall refactor: re-add missing code in template.py which was ↵	Nicolas Fort
	accidentaly removed. Update smokestest: remove zone test and fix test_sysfs test
2023-08-11	T5160: firewall refactor: new cli structure. Update jinja templates, python ↵	Nicolas Fort
	scripts and src firewall
2023-08-10	T5434: use get_defaults instead of defaults	John Estabrook

2023-08-10	T5434: remove unneeded import	John Estabrook

2023-08-10	T5434: replace import of component_version	John Estabrook