Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-08-01 | macsec: T3368: check key length for gcm-aes-128/gcm-aes-256 | Christian Poessinger | |
2022-08-01 | router-advert: T4582: fix preferred cannot equal valid lifetime | initramfs | |
Allows preferred lifetime for prefix advertisements to equal the configured valid lifetime as per RFC 4861. | |||
2022-07-30 | bridge: T4579: cleanup interface dict (remove empty keys) | Christian Poessinger | |
2022-07-29 | Merge pull request #1403 from sever-sever/T4518 | Christian Poessinger | |
lb-wan: T4518: Add XML for conf mode load-balancing wan | |||
2022-07-29 | Merge pull request #1440 from sever-sever/T4570 | Christian Poessinger | |
vxlan: T4570: Verify MTU for remote address if source not defined | |||
2022-07-29 | T4577: wwan: fix incorrect return value unpacking | Date Huang | |
Signed-off-by: Date Huang <tjjh89017@hotmail.com> | |||
2022-07-28 | vxlan: T4570: Verify MTU for remote address if source not defined | Viacheslav Hletenko | |
In some cases `source_address` can be not defined in the conf So we should to check list of `remote` vxlanX addresses If remote address is IPv6 - add overhead +20 bytes to default overhead 50. I.e. +70 bytes for IPv6 | |||
2022-07-26 | T4571: add sflow vrf to sflow agent address IP validation | David | |
2022-07-25 | bgp: T4560: neighbor/peer-group local-as option is only allowed for eBGP | Christian Poessinger | |
2022-07-25 | fastnetmon: T4556: Allow configure white_list_path and populate with ↵ | Adrian Almenar | |
hosts/networks that should be ignored. | |||
2022-07-24 | graphql: T3993: disable introspection unless set in CLI | John Estabrook | |
2022-07-24 | graphql: T3993: add interface-definition for gql | John Estabrook | |
2022-07-21 | fastnetmon: T2659: move configuration files to /run | Christian Poessinger | |
2022-07-21 | fastnetmon: T4555: add IPv6 support | Christian Poessinger | |
2022-07-21 | fastnetmon: T4553: add processing of XML defaultValue definitions | Christian Poessinger | |
2022-07-18 | macsec: T4537: support online ciper and source-interface re-configuration | Christian Poessinger | |
2022-07-18 | bgp: T4490: check peer-group for AFI/SAFI before issuing warning | Christian Poessinger | |
Commit 6cffe2aa82 ("bgp: T4490: Add informational message for peer withour AFI") only checked if an address-family is configured under the neighbor statement. This is not enough as the AFI can also be specified via a peer-group. Add a new verify_afi() helper that checks both the neighbor and the assigned peer-group. | |||
2022-07-17 | login: T4536: add all accounts to frr group | Christian Poessinger | |
2022-07-15 | interfaces: T4525: interfaces can not be member of a bridge/bond and a VRF | Christian Poessinger | |
2022-07-15 | bond: bridge: T4534: error out if member interface is assigned to a VRF instance | Christian Poessinger | |
It makes no sense to enslave an interface to a bond or a bridge device if it is bound to a given VRF. If VRFs should be used - the encapuslating/master interface should be part of the VRF. Error out if the member interface is part of a VRF. | |||
2022-07-12 | vrf: T4527: Prevent to create VRF with reserved names | Viacheslav Hletenko | |
VRF names: "add, all, broadcast, default, delete, dev, get, inet, mtu, link, type, vrf" are reserved and cannot be used for vrf name | |||
2022-07-10 | vyos.configdict(): T4228: is_member() must use the "real" hardware interface | Christian Poessinger | |
When is_member() is inspecting the bridge/Bond member interfaces it must work with the real interface (e.g. eth1) under the "ethernet" node and not work on the "member interface eth1" CLI tree, that makes no sense at all. | |||
2022-07-09 | ip: T4517: drop forwarding from CLI "system ip ↵ | Christian Poessinger | |
disable-directed-broadcast-forwarding" | |||
2022-07-09 | ip: T4517: add option to enable directed broadcast forwarding | Yuxiang Zhu | |
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644. By default Linux kernel doesn't forward directed broadcast packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding` and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1. | |||
2022-07-08 | lb-wan: T4518: Add XML for conf mode load-balancing wan | Viacheslav Hletenko | |
Add XML for configuration mode "load-balancing wan" for the future rewriting this to Python Remove node from Makefile as Python code is not yet completed | |||
2022-07-07 | monitoring: T4411: Migrate influxdb options to influxdb node | Viacheslav Hletenko | |
As we have specific configuration for each plugin: set service monitoring telegraf xxx - azure-data-explorer - prometheus-client - splunk We should to move configuration that related to influxdb under influxdb node Replace: set service monitoring telegraf - authentication xxx - bucket xxx - port xxx - url To: set service monitoring telegraf influxdb xxx | |||
2022-07-07 | dns: T4509: improve 6to4 error message | Christian Poessinger | |
2022-07-07 | syslog: T4500: Remove max-size from rsyslog leaving rotation to logrotate | sarthurdev | |
After discussion with @zsdc this was decided the better long term fix * Removes hourly logrotate cron in favour of systemd timer override | |||
2022-07-05 | Merge pull request #1389 from sever-sever/T4509 | Christian Poessinger | |
dns: T4509: Add dns64-prefix option | |||
2022-07-05 | dns: T4509: Add dns64-prefix option | Viacheslav Hletenko | |
rfc6147: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers set service dns forwarding dns64-prefix 2001:db8:aabb::/96 | |||
2022-07-04 | ntp: T4456: call verify_vrf() before individual interface validation | Christian Poessinger | |
It makes no sense to test against a VRF that might not exist at all. | |||
2022-07-04 | ntp: T4456: support listening on specified interface | Christian Poessinger | |
When clients only use DHCP for interface addressing we can not bind NTPd to an address - as it will fail if the address changes. This commit adds support to bind ntpd to a given interface in addition to a given address. set system ntp interface <name> | |||
2022-07-04 | Merge pull request #1382 from sever-sever/T4378 | Viacheslav Hletenko | |
dns: T4378: Allow wildcard A AAAA record with option all | |||
2022-07-04 | dns: T4378: Allow wildcard A AAAA record with option any | Viacheslav Hletenko | |
Ability to set wildcard record for authoritative-domain set authoritative-domain example.com records a any address 192.0.2.11 cat /run/powerdns/zone.example.com.conf * 300 A 192.0.2.11 | |||
2022-07-02 | ipoe: T4507: Add option rate-limit for RADIUS authentication | Viacheslav Hletenko | |
Add rate-limit options: attribute, muptiplier and vendor set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit' set service ipoe-server auth radius rate-limit enable set service ipoe-server auth radius rate-limit multiplier '0.001' set service ipoe-server auth radius rate-limit vendor 'Miktorik' | |||
2022-07-01 | bgp: T4490: use common vyos.base.Warning() wrapper | Christian Poessinger | |
2022-07-01 | Merge branch 'T4490' of https://github.com/sever-sever/vyos-1x into current | Christian Poessinger | |
* 'T4490' of https://github.com/sever-sever/vyos-1x: bgp: T4490: Add informational message for peer withour AFI | |||
2022-07-01 | Merge pull request #1380 from sarthurdev/ovpn-multi-ca | Christian Poessinger | |
openvpn: T4485: Accept multiple tls ca-certificate values | |||
2022-06-29 | router-advert: T4477: support RDNSS lifetime option | Christian Poessinger | |
set service router-advert interface eth0 name-server-lifetime <value> | |||
2022-06-29 | openvpn: T4485: Accept multiple `tls ca-certificate` values | sarthurdev | |
2022-06-28 | Merge pull request #1376 from sever-sever/T4473 | Christian Poessinger | |
containers: T4473: Fix create container with not exist network | |||
2022-06-28 | containers: T4486: Fix path for removing containers | Viacheslav Hletenko | |
Fix correct path for removing containers and container networks Reduce timoute from 10 (default) to 3 seconds for stopping containers | |||
2022-06-28 | containers: T4473: Fix create container with not exist network | Viacheslav Hletenko | |
Fix for setting container without or wrong network decalaration | |||
2022-06-28 | bgp: T4490: Add informational message for peer withour AFI | Viacheslav Hletenko | |
As we don't use addresss-family ipv4-unicast by default we should to send informational message about AFI for peer is required | |||
2022-06-15 | firewall: T4435: Verify parent config applied successfully | sarthurdev | |
2022-06-14 | firewall: T970: Use set prefix to domain groups | sarthurdev | |
2022-06-14 | firewall: T4147: Use named sets for firewall groups | sarthurdev | |
* Refactor nftables clean-up code * Adds policy route test for using firewall groups | |||
2022-06-11 | firewall: T4299: Add support for GeoIP filtering | sarthurdev | |
2022-06-10 | Merge pull request #1356 from sarthurdev/nested_groups | Christian Poessinger | |
firewall: T478: Add support for nesting groups | |||
2022-06-10 | firewall: T478: Add support for nesting groups | sarthurdev | |