Age | Commit message (Collapse) | Author |
|
In some cases `source_address` can be not defined in the conf
So we should to check list of `remote` vxlanX addresses
If remote address is IPv6 - add overhead +20 bytes to default
overhead 50. I.e. +70 bytes for IPv6
|
|
|
|
nhrp: T4546: Fixed gateway in route add command
|
|
bridge: T4569: Rewrite show bridge script of vyos.opmode format
|
|
Fixed incorrect key to get gateway for route add command
|
|
|
|
|
|
|
|
ipsec: T4568: Fix debug IPsec peer op-mode
|
|
hosts/networks that should be ignored.
|
|
nat: T4545: Rewrite show nat source rules script
|
|
IPsec: T4552: Fix reset vpn ipsec peer
|
|
vrf: T4562: Rewrite show vrf to vyos.opmode format
|
|
Debug Connections for a peer wasn't checked because of typo
in var `conns`
Replace ':' to '-' for IPv6 peers
|
|
When we use IPv6 peer we need to make a replacement ":" => "-"
for correct resetting as it doesn't match get_peer_connections()
regex
Use new format "vyos.opmode"
|
|
Update for T2719: Standardized op mode script structure
|
|
|
|
|
|
|
|
|
|
|
|
|
|
nhrp: T4546: Fixed route add command if MTU presented
|
|
Rewrite 'show nat source rules' due to a large number of bugs
in NAT rules statistics. Use new format 'vyos.opmode module'
Ability to get raw_data and formatted_output for the future
op-mode rewriting funcitonal
Ability to get raw and formatted data
|
|
Change op-mode "show conntrack table ipvX" script to work with
vyos.opmode module
Change name "show_conntrack.py" => "conntrack.py"
Ability to get IPv6 conntrack information
Ability to get raw and formatted data
|
|
|
|
|
|
|
|
T2719: prototype of an op mode command runner based on type hints and introspection
|
|
|
|
In case if `NHRP_DESTMTU` environment variable is presented, the
script uses an intermediate command to get the current route
before adding a new one. Then received data is used in the
`route add` command generation. This commit fixes this process,
so setting MTU becomes possible.
|
|
Signed-off-by: Daniil Baturin <daniil@vyos.io>
|
|
|
|
Commit 6cffe2aa82 ("bgp: T4490: Add informational message for peer withour AFI")
only checked if an address-family is configured under the neighbor statement.
This is not enough as the AFI can also be specified via a peer-group.
Add a new verify_afi() helper that checks both the neighbor and the assigned
peer-group.
|
|
conntrack: T4523: Extend conntrack output direciton, mark, zone
|
|
|
|
If SNAT source address in not exists use 'any'
Add check if 'port' exists in dictionary
|
|
|
|
It makes no sense to enslave an interface to a bond or a bridge device if it is
bound to a given VRF. If VRFs should be used - the encapuslating/master
interface should be part of the VRF.
Error out if the member interface is part of a VRF.
|
|
VRF names: "add, all, broadcast, default, delete, dev, get, inet,
mtu, link, type, vrf" are reserved and cannot be used for vrf name
|
|
Extent op-mode "show conntrack table ipv4"
Add ability to see direction of flow:
origianl - "Original src", "Original dst"
reply - "Reply src", "Reply dst"
Add "mark" and "zone" options
|
|
When is_member() is inspecting the bridge/Bond member interfaces it must work
with the real interface (e.g. eth1) under the "ethernet" node and not work on
the "member interface eth1" CLI tree, that makes no sense at all.
|
|
We must change dictionary if we get only onle flow entry
I.e one NAT record
With single entry we get:
OrderedDict([('meta', xxx]))
We expect:
[OrderedDict([('meta', xxx]))]
|
|
disable-directed-broadcast-forwarding"
|
|
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644.
By default Linux kernel doesn't forward directed broadcast
packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding`
and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
|
|
After firewall rewriting, we lost the ability to show conntrack
table as it used old code
Rewrite and add it to XML/Python
|
|
monitoring: T4411: Migrate influxdb options to influxdb node
|
|
op-mode: T4503: Prevent restart service if commit in progress
|
|
As we have specific configuration for each plugin:
set service monitoring telegraf xxx
- azure-data-explorer
- prometheus-client
- splunk
We should to move configuration that related to influxdb under
influxdb node
Replace:
set service monitoring telegraf
- authentication xxx
- bucket xxx
- port xxx
- url
To:
set service monitoring telegraf influxdb xxx
|
|
Prevent op-mode scripts from restarting services if commit in
progress
|