Age | Commit message (Collapse) | Author |
|
(cherry picked from commit f29caa824c02c833a3978b9236391e4277c1a6ba)
|
|
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
|
|
generation
In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed
support for multiple CAs when dealing with the generation of Apple IOS profiles.
This commit extends support to properly include the common name of the server
certificate issuer and all it's paren't CAs. A list of parent CAs is
automatically generated from the "PKI" subsystem content and embedded into the
resulting profile.
|
|
To parse variables with `=` a variable name should be limited by alphanumerical
characters only.
|
|
T3900: Add support for raw tables in firewall
|
|
vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need it
|
|
|
|
|
|
|
|
`bridge vni show dev vxlanX` will exit with an error if no VNI filters
are installed, but the getter is used even when we haven't installed any.
This fix avoids fetching a list of VNI filters unless we know we've
created some.
|
|
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com>
|
|
|
|
suricata: T751: Initial support for suricata
|
|
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no
|
|
and return False if the user interrupts the prompt with Ctrl-C
|
|
after applying the diff
|
|
T6373: QoS Policy Limiter - classes for marked traffic do not work
|
|
|
|
Fixed broken logging for "show log nat"
Added the following commands:
show log nat source
show log nat source rule <ruleNum>
show log nat destination nat
show log nat destination nat rule <ruleNum>
show log nat static
show log nat static rule <ruleNum>
|
|
|
|
|
|
|
|
They were never supported by VyOS,
that was just for very old systens upgraded from Vyatta Core
|
|
|
|
|
|
|
|
Bond: T6303: add system mac address on interfaces bond
|
|
|
|
|
|
|
|
|
|
template directory
as a more convenient and secure alternative to environment variable
|
|
Fix import for `rc_cmd`
|
|
Fix default values for random-detect
Remove dsmakr qdisc from gred cofig because dsmark was deleted from kernel
|
|
<set table> option in policy route.
|
|
qos: T4248: Allow to remove the only rule from the qos class
|
|
Add abiilty to change `base_reachable_time_ms` option
/proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms
|
|
|
|
We only supported calculating seconds to weeks but not seconds to years. This
has been added.
Testcase:
from vyos.utils.convert import seconds_to_human
minute = 60
hour = minute * 60
day = hour * 24
week = day * 7
year = day * 365.25
for separator in ['', ' ', '-', '/']:
print(f'----- Using separator "{separator}" -----')
print(seconds_to_human(10, separator))
print(seconds_to_human(5* minute, separator))
print(seconds_to_human(3* hour, separator))
print(seconds_to_human(4* day, separator))
print(seconds_to_human(7 * week, separator))
print(seconds_to_human(10 * year, separator))
print(seconds_to_human(5*year + 4*week + 3*day + 2*hour + minute + 5, separator))
print()
cpo@LR1.wue3:~$ ./foo.py
----- Using separator "" -----
10s
5m
3h
4d
7w
10y
5y4w3d2h1m5s
----- Using separator " " -----
10s
5m
3h
4d
7w
10y
5y 4w 3d 2h 1m 5s
----- Using separator "-" -----
10s
5m
3h
4d
7w
10y
5y-4w-3d-2h-1m-5s
----- Using separator "/" -----
10s
5m
3h
4d
7w
10y
5y/4w/3d/2h/1m/5s
|
|
When handling optional separators rather build up a list and join the list
with the requested delimiter to form the resulting human readable time string.
|
|
T6191: do not append action policy route|route6 when its not specified
|
|
|
|
specified, in order to ensure same behavior as in Equuleus
|
|
|
|
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt
|
|
Added params for configuration red on the shaper policy
|
|
If we use rfc3768-compatibility with long interface names like
eth1.100.200 it converts the VRRP interface name name
to `<interface>v<VRID><IP version>`
For example `eth2.100.200v10v4`
The limit for interface name is 15 symbols and it causes that
interface name is ignoring by keepalived
VMAC interface name 'eth2.100.200v10v4' too long or invalid characters - ignoring
And it uses the default prefix `vrrp` for such cases.
It works fine, but such interfaces are not displayed in the op-mode
Allow prefix `vrrp` for the op-mode for `show interfaces`
|
|
|
|
There are cloud environments available where the maximum supported ethernet
MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value
or 1500 bytes - whatever is lower.
|