Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-10-18 | pki: T4914: Rewrite the PKI op mode in the new style | Nataliia Solomko | |
2024-10-09 | pki: T6766: Add support for ECDSA private keys | sarthurdev | |
2024-10-08 | Merge pull request #4128 from jestabro/commit-confirm-soft-rollback | John Estabrook | |
config-mgmt: T5976: add option for commit-confirm to use 'soft' rollback | |||
2024-10-08 | config-mgmt: T5976: display message when reverting to previous config | John Estabrook | |
2024-10-07 | Merge pull request #4138 from natali-rs1985/T4318-current | John Estabrook | |
vyos.configtree: T4318: Allow set tag flag to true or false | |||
2024-10-07 | vyos.configtree: T4318: Allow set tag flag to true or false | Nataliia Solomko | |
2024-10-07 | Merge pull request #4124 from dmbaturin/T6740-set-to-config-converter | John Estabrook | |
cli: T6740: add a converter from set commands to config | |||
2024-10-07 | cli: T6740: set_tag on created paths and add parse step for ordering | John Estabrook | |
Signed-off-by: Daniil Baturin <daniil@baturin.org> | |||
2024-10-05 | config-mgmt: T5976: add option for commit-confirm to use 'soft' rollback | John Estabrook | |
Commit-confirm will restore a previous configuration if a confirmation is not received in N minutes. Traditionally, this was restored by a reboot into the last configuration on disk; add a configurable option to reload the last completed commit without a reboot. The default setting is to reboot. | |||
2024-10-05 | config-mgmt: T5976: normalize formatting | John Estabrook | |
2024-10-04 | Merge pull request #4123 from nicolas-fort/fwall_set_commands | Daniil Baturin | |
T6760: firewall: add packet modifications existing in policy route to regular firewall ruleset. | |||
2024-10-03 | cli: T6740: add a converter from set commands to config | Daniil Baturin | |
2024-10-03 | T6760: firewall: add packet modifications existing in policy route to ↵ | Nicolas Fort | |
regular firewall ruleset. | |||
2024-10-03 | vyos.configtree: T6742: add bindings for create_node and is_leaf/set_leaf ↵ | Daniil Baturin | |
(#4109) | |||
2024-09-30 | Merge pull request #4024 from nicolas-fort/T6687 | Daniil Baturin | |
T6687: add fqdn support to nat rules. | |||
2024-09-21 | ethtool: T6729: drop text based feature parsing in favour of JSON | Christian Breunig | |
Recent ethtool 6.10 supports JSON output for the base driver features. Remove our old text based processing code and use the machine readable output of ethtool. | |||
2024-09-20 | op-mode: T4833: Include wireguard peer name in interface summary report | Nataliia Solomko | |
2024-09-19 | wireless: T6709: fix missing wpa_supplicant configuration | Christian Breunig | |
Commit 0ee8d5e35 ("ethernet: T6709: move EAPoL support to common framework") added support to also have EAPoL on other interface types then ethernet. This introduced a regression where the wireless interface wpa_supplicant configuration would get deleted. | |||
2024-09-16 | Merge pull request #4020 from c-po/secure-boot | Christian Breunig | |
T861: op-mode: initial parts for UEFI secure boot CLI | |||
2024-09-16 | T861: op-mode: "show version" will display secure boot state | Christian Breunig | |
vyos@vyos:~$ show ver ... Architecture: x86_64 Boot via: installed image System type: KVM guest Secure Boot: enabled ... | |||
2024-09-16 | T6687: add fqdn support to nat rules. | Nicolas Fort | |
2024-09-14 | ethernet: T6709: move EAPoL support to common framework | Christian Breunig | |
Instead of having EAPoL (Extensible Authentication Protocol over Local Area Network) support only available for ethernet interfaces, move this to common ground at vyos.ifconfig.interface making it available for all sorts of interfaces by simply including the XML portion #include <include/interface/eapol.xml.i> | |||
2024-09-14 | T861: add dependency to enable UEFI secure boot support | Christian Breunig | |
2024-09-12 | Merge pull request #4021 from natali-rs1985/T6652-current | Daniil Baturin | |
openfabric: T6652: Add support for OpenFabric protocol | |||
2024-09-11 | T6294: Service dns forwarding add the ability to configure ZonetoCache | khramshinr | |
2024-09-11 | Merge pull request #4023 from nvollmar/T6679 | Christian Breunig | |
T6679: add group option for nat66 | |||
2024-09-10 | T6698: firewall: add matcher for vlan type. (#4027) | Nicolás Fort | |
2024-09-04 | openfabric: T6652: Add support for OpenFabric protocol | Nataliia Solomko | |
OpenFabric is a routing protocol providing link-state routing with efficient flooding for topologies like spine-leaf networks. FRR implements OpenFabric in a daemon called fabricd | |||
2024-09-02 | T6679: add destination groups | Nicolas Vollmar | |
2024-09-02 | Merge pull request #4018 from nicolas-fort/T6647 | Daniil Baturin | |
T6647: firewall. Introduce patch for accepting invalid ARP and DHCP | |||
2024-08-28 | T6647: firewall. Introduce patch for accepting ARP and DHCP replies on ↵ | Nicolas Fort | |
stateful bridge firewall. This patch is needed because ARP and DHCP are marked as invalid connections. Also, add ehternet-type matcher in bridge firewall. | |||
2024-08-25 | configdep: T6671: run dependency only if not scheduled by priority | John Estabrook | |
2024-08-25 | configdiff: T5666: provide list of scripts scheduled for proposed commit | John Estabrook | |
2024-08-25 | xml: T5666: add with_tag keyword arg to owner | John Estabrook | |
2024-08-20 | Merge pull request #3977 from natali-rs1985/T5743-current | Christian Breunig | |
T5743: HTTPS API ability to import PKI certificates | |||
2024-08-18 | xml: T6650: fix unused ArgumentTypeError imported from argparse | Christian Breunig | |
2024-08-15 | utils: T6658: fix write_file check in case of empty directory path | John Estabrook | |
2024-08-14 | Merge pull request #3980 from natali-rs1985/T6651-current | Christian Breunig | |
op_mode: T6651: Add a top level op mode word "execute" | |||
2024-08-14 | Merge pull request #3981 from nicolas-fort/T6646 | Daniil Baturin | |
T6646: conntrack: in ignore rules, if protocols=all, do not append it to the rule | |||
2024-08-14 | Merge pull request #3971 from jestabro/op-mode-cache | Daniil Baturin | |
xml: T6650: add initial op-mode cache support | |||
2024-08-14 | T6646: conntrack: in ignore rules, if protocols=all, do not append it to the ↵ | Nicolas Fort | |
rule | |||
2024-08-14 | op_mode: T6651: Add a top level op mode word "execute" | Nataliia Solomko | |
2024-08-13 | T5743: HTTPS API ability to import PKI certificates | Nataliia Solomko | |
2024-08-12 | T6648: dhcpv6-server: align stateless DHCPv6 options with stateful | Lucas Christian | |
2024-08-12 | configverify: T6642: verify_interface_exists requires config_dict arg | John Estabrook | |
The function verify_interface_exists requires a reference to the ambient config_dict rather than creating an instance. As access is required to the 'interfaces' path, provide as attribute of class ConfigDict, so as not to confuse path searches of script-specific config_dict instances. | |||
2024-08-12 | xml: T6650: add initial op-mode cache support | John Estabrook | |
2024-08-09 | T6643: firewall: fix ip address range parsing on firewall rules. | Nicolas Fort | |
2024-08-08 | qos: T6638: require interface state existence in verify conditional | John Estabrook | |
2024-08-07 | configd: T6640: enforce in_session returns False under configd | John Estabrook | |
The CStore in_session check is a false positive outside of a config session if a specific environment variable is set with an existing referent in unionfs. To allow extensions when running under configd and avoid confusion, enforce in_session returns False. | |||
2024-08-04 | firewall: T4694: Adding GRE flags & fields matches to firewall rules | Andrew Topp | |
* Only matching flags and fields used by modern RFC2890 "extended GRE" - this is backwards-compatible, but does not match all possible flags. * There are no nftables helpers for the GRE key field, which is critical to match individual tunnel sessions (more detail in the forum post) * nft expression syntax is not flexible enough for multiple field matches in a single rule and the key offset changes depending on flags. * Thus, clumsy compromise in requiring an explicit match on the "checksum" flag if a key is present, so we know where key will be. In most cases, nobody uses the checksum, but assuming it to be off or automatically adding a "not checksum" match unless told otherwise would be confusing * The automatic "flags key" check when specifying a key doesn't have similar validation, I added it first and it makes sense. I would still like to find a workaround to the "checksum" offset problem. * If we could add 2 rules from 1 config definition, we could match both cases with appropriate offsets, but this would break existing FW generation logic, logging, etc. * Added a "test_gre_match" smoketest |