summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-08-13Fix missing dict_search import in interfaces-macsec.pyDaniil Baturin
2022-08-04Merge pull request #1450 from c-po/bridge-fixes-equuleusChristian Poessinger
bridge: bugfixes for equuleus
2022-08-01macsec: T3368: check key length for gcm-aes-128/gcm-aes-256Christian Poessinger
(cherry picked from commit a09359828e38c5b51a4579af16b5ea263a98233f)
2022-08-01router-advert: T4582: fix preferred cannot equal valid lifetimeinitramfs
Allows preferred lifetime for prefix advertisements to equal the configured valid lifetime as per RFC 4861. (cherry picked from commit f6efe3035d352970dc492450c3c9ddf710dda5fe)
2022-07-31bridge: T4579: cleanup interface dict (remove empty keys)Christian Poessinger
(cherry picked from commit 54227591a0eb3c7aa8c896c6ec8b1826ce070ddf)
2022-07-24Merge pull request #1416 from sever-sever/T2763-eqDaniil Baturin
snmp: T2763: Add protocol TCP for service SNMP
2022-07-18Merge pull request #1406 from c-po/equuleus-interface-fixesDaniil Baturin
equuleus: Bond and Bridge interface fixes + new smoketests
2022-07-18interfaces: T4525: interfaces can not be member of a bridge/bond and a VRFChristian Poessinger
(cherry picked from commit 81e0f4a8dece85da7169ba05448e870206aaf57b)
2022-07-18bond: bridge: T4534: error out if member interface is assigned to a VRF instanceChristian Poessinger
It makes no sense to enslave an interface to a bond or a bridge device if it is bound to a given VRF. If VRFs should be used - the encapuslating/master interface should be part of the VRF. Error out if the member interface is part of a VRF. (cherry picked from commit 87d2dff241d9ab4de9f3a2c7fbf9852934557aef)
2022-07-18vrf: T4527: Prevent to create VRF with reserved namesViacheslav Hletenko
VRF names: "add, all, broadcast, default, delete, dev, get, inet, mtu, link, type, vrf" are reserved and cannot be used for vrf name (cherry picked from commit 52342f389af2da2995b858d026e6fbcad5c8bfaa)
2022-07-18vyos.configdict(): T4228: is_member() must use the "real" hardware interfaceChristian Poessinger
When is_member() is inspecting the bridge/Bond member interfaces it must work with the real interface (e.g. eth1) under the "ethernet" node and not work on the "member interface eth1" CLI tree, that makes no sense at all. (cherry picked from commit 3915791216998a18bf6831450df68ee199e2e4f8)
2022-07-15snmp: T2763: Add protocol TCP for service SNMPViacheslav Hletenko
Ability to listen TCP port for service SNMP set service snmp protocol tcp
2022-07-12vrf: T4527: Prevent to create VRF with reserved namesViacheslav Hletenko
VRF names: "add, all, broadcast, default, delete, dev, get, inet, mtu, link, type, vrf" are reserved and cannot be used for vrf name (cherry picked from commit 52342f389af2da2995b858d026e6fbcad5c8bfaa)
2022-07-09Merge pull request #1392 from sever-sever/T4507-eqChristian Poessinger
accel-ppp: T4373: T4507: Add options multiplier for shaper
2022-07-07Merge pull request #1390 from c-po/t4456-ntp-equuleusChristian Poessinger
ntp: T4456: support listening on specified interface (equuleus)
2022-07-07Merge pull request #1400 from c-po/t4509-pdns-6to4-equuleusChristian Poessinger
dns: T4509: Add dns64-prefix option (equuleus)
2022-07-07dns: T4509: improve 6to4 error messageChristian Poessinger
(cherry picked from commit ee603b3a0f9f3add72c1e5ac2277c013d40cf5a4)
2022-07-07dns: T4509: Add dns64-prefix optionViacheslav Hletenko
rfc6147: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers set service dns forwarding dns64-prefix 2001:db8:aabb::/96 (cherry picked from commit 2bdf4798570222b57af2de2f0b443529abdc3feb)
2022-07-05ipoe: T4507: Add option rate-limit for RADIUS authenticationViacheslav Hletenko
Add rate-limit options: attribute, muptiplier and vendor set service ipoe-server auth radius rate-limit attribute 'Mikrotik-Rate-Limit' set service ipoe-server auth radius rate-limit enable set service ipoe-server auth radius rate-limit multiplier '0.001' set service ipoe-server auth radius rate-limit vendor 'Miktorik'
2022-07-05Merge pull request #1391 from c-po/t4510-static-host-equuleusChristian Poessinger
hosts: T2683: Allow multiple entries for static-host-mapping (equuleus)
2022-07-05Merge pull request #1381 from sever-sever/T4313-eqChristian Poessinger
T4313: handle exceptions in the "generate public-key-command" script
2022-07-05hosts: T3979: Change address to a listCharles Surett
This fixes `hostfile-update` in the dhcp-server (cherry picked from commit 39d6ca61c50f70171b2f7bcccbba2c70d102cb7f)
2022-07-05hosts: T2683: Allow multiple entries for static-host-mappingViacheslav
(cherry picked from commit b1db3de80b8b5f4e2dcbc6d687d342986345c4b2)
2022-07-04ntp: T4456: call verify_vrf() before individual interface validationChristian Poessinger
It makes no sense to test against a VRF that might not exist at all. (cherry picked from commit 171b224c1cf1303a608725ec74b545902daa243e)
2022-07-04ntp: T4456: support listening on specified interfaceChristian Poessinger
When clients only use DHCP for interface addressing we can not bind NTPd to an address - as it will fail if the address changes. This commit adds support to bind ntpd to a given interface in addition to a given address. set system ntp interface <name> (cherry picked from commit 6732df1edd632b56d3d02970939f51d05d4262e9)
2022-07-01Merge pull request #1372 from sever-sever/T1375-eqDaniil Baturin
op-mode: T1375: Allow to clear dhcp-server lease
2022-06-30T4313: handle exceptions in the "generate public-key-command" scriptDaniil Baturin
(cherry picked from commit c37829f1e902b84a5bc3bc5618ee97ae1ba0dd86)
2022-06-28op-mode: T1375: Allow to clear dhcp-server leaseViacheslav Hletenko
Allow to reset dhcp-leases per ip Parse file '/config/dhcpd.leases' find match section 'lease x.x.x.x {}' And remove this section clear dhcp-server lease 192.0.2.21 (cherry picked from commit a83eecfeee1f925c914a46623dd35f96b48389f8)
2022-06-19Merge pull request #1349 from kajiuray/equuleusDaniil Baturin
http-api: T4459: Fix to set VRF in http(s) service
2022-06-09Merge pull request #1271 from sever-sever/T2580-equChristian Poessinger
ipoe: T2580: Add pools and gateway options
2022-06-05http-api: T4459: Fix to set VRF in http(s) serviceYuki Kajiura
The http service doesn't use VRF info in conf mode. Even if users set any VRF, the info isn't propagated to the process. This commit set VRF parameter in http service.
2022-05-26http-api: T4442: Add action resetViacheslav Hletenko
Add action 'reset' (op-mode) for HTTP-API http://localhost/reset curl --unix-socket /run/api.sock -X POST -Fkey=mykey \ -Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \ http://localhost/reset
2022-05-25wwan: T4441: use is_node_changed() over leaf_node_changed()Christian Poessinger
2022-05-25ipoe: T2580: Add pools and gateway optionsViacheslav Hletenko
Add new feature to allow to use named pools Can be used also with Radius attribute 'Framed-Pool' set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2022-05-19Merge pull request #1315 from sever-sever/T4315-equDaniil Baturin
monitoring: T4315: Add telegraf output plugin prometheus-client
2022-05-12ldp: T4082: Add restart ldp command for op-modeDevon Mar
(cherry picked from commit 0ef775ab6563af8c20d72d3e30751d50946ab704)
2022-05-09monitoring: T4315: Add telegraf output plugin prometheus-clientViacheslav Hletenko
Add output Plugin "prometheus-client" for telegraf set service monitoring telegraf prometheus-client xxx
2022-05-05T4405: Fix administrative distance of DHCP routesDmitri Toubelis
- Default dhclient script only uses value of `$IF_MERIC` envvar for default route recived via `router` option. - This variable has no effect on rotes received via `rfc3442-classless-static-routes` option - Considering that Vyos overrrides `ip` command originating from `dhclient` this can be easily fixed in `iptovtysh()` function by using the `$IF_METRIC` envvar directly in the dhclient hook.
2022-05-01Merge pull request #1284 from c-po/t4363-salt-equuleusChristian Poessinger
T4363: salt-minion: default mine_interval option is not set
2022-04-29openvpn: T4369: enforce daemon-restart on openvpn-option CLI changeChristian Poessinger
(cherry picked from commit e36efa6b5df764982678a470b7aa82a33c1c369c)
2022-04-28Merge pull request #1286 from c-po/t4633-geneve-equuleusChristian Poessinger
geneve: T4366: prevent interface re-creation when not required
2022-04-26op-mode: T4395: Extend show vpn debug for IPSec add vpn_ipsec.pyViacheslav Hletenko
Add python script for op-mode 'show vpn debug'
2022-04-18dhcp-server: T4344: Fix underscores for shared network nameViacheslav Hletenko
Shared network name should not be handled by tag node mangling I.e. should not replace underscores with dashed set service dhcp-server shared-network-name NET_01 shared-network NET_01 { authoritative; ... on commit { set shared-networkname = "NET_01"; } } (cherry picked from commit b75b351b7dd2ec87407f98668468b1fc146428bf)
2022-04-18geneve: T4366: prevent interface re-creation on nasic parameter changeChristian Poessinger
Changing the geneve interface description does destroy the interface on the kernel level - this should be avoided as it's ... stupid! (cherry picked from commit 3cbe7878bcadc0f3ecbaeab46d745b5510c26b0d)
2022-04-15salt-minion: T4363: mine_interval option is not setChristian Poessinger
(cherry picked from commit 3ec3c7f5b523b464a3bc7168b2362611d9c2c153)
2022-04-08Merge pull request #1263 from c-po/wwan-t4324-equuleusDaniil Baturin
T4324, T4338, T4339 WWAN interface bugfixes
2022-04-07ipv6: T4346: deprecate CLI command to disable IPv6 address familyChristian Poessinger
(cherry picked from commit 0f7e5371e702d4e2389f6fa6dfbda11bc9da6257)
2022-04-07Merge pull request #1268 from c-po/t4341-ssh-loginDaniil Baturin
T4341 SSH and system login fixes + smoketests
2022-04-07Merge pull request #1261 from c-po/t4319-disable-ipv6-equuleusDaniil Baturin
T4319: bugfixes for disabled IPv6 (equuleus)
2022-04-05dns: forwarding: T3804: bugfix DHCP name-servers used for recursionChristian Poessinger
Commit 2ecf7a9f9c ('name-server: T3804: merge "system name-servers-dhcp" into "system name-server"') missed out an old dictionary key "system_name_server_dhcp" and thus system nameservers configured via DHCP did not get used for the DNS forwar recursor. (cherry picked from commit 806ff50bf1a970d731c2227f9d2cd2342b8a1b4e)