summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-01-01nat: T2199: rename iptables -> nftables variable prefixChristian Poessinger
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python
2021-12-30snmp: T4124: migrate to get_config_dict()Christian Poessinger
2021-12-30Merge pull request #1128 from zdc/T4121-sagittaKim
dhclient: T4121: Fixed resolv.conf generation at early boot stage
2021-12-30dhclient: T4121: Fixed resolv.conf generation at early boot stagezsdc
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils.
2021-12-29configd: T4086: use 'copy' on mutable global var default_config_dataJohn Estabrook
2021-12-27snmp: T4093: add missing verify() step for required group per snmp v3 userChristian Poessinger
2021-12-26ospfv3: T4107: add support for "default-information originate"Christian Poessinger
2021-12-26ospfv3: T4108: add support for auto-cost parameterChristian Poessinger
2021-12-26ospfv3: T4102: nssa area support both no-summary and default-originateChristian Poessinger
2021-12-26flow-accounting: T4097: move configuration file to /runChristian Poessinger
2021-12-26flow-accounting: T4097: bugfix removing service from CLIChristian Poessinger
2021-12-26http: api: T4055: add VRF supportChristian Poessinger
2021-12-25https: T1443: remove duplicate CLI definitionChristian Poessinger
2021-12-25flow-accounting: T4106: support specification of capture packet lengthChristian Poessinger
2021-12-25flow-accounting: T4105: drop "sflow agent-address auto"Christian Poessinger
The implementation of the "auto" option to specify the sflow/netflow agent-address is very error prone. The current implementation will determine the IP address used for the "auto" value as follow: Get BGP router-id 1) If not found use OSPF router-id 2) If not found use OSPFv3 router-id 3) If not found use "the first IP address found on the system Well, what is the "first IP address found"? Also this changes if DHCP is in use. Also another disadvantage is when the BGP/OSPF/OSPFv3 router-id is changed, the agent-address is not updated upon the next reboot of the system. This task is about removing the "auto" keyword from the CLI at all and make it either entirely configurable by the user and hardcode the value in CLI, or not use this at all. If "auto" is specified we will query the system in the above order and set the proper router-id in the CLI. If none can be found the CLI node is removed.
2021-12-25flow-accounting: T4099: rename "netflow source-ip" to source-addressChristian Poessinger
sFlow uses the source-address CLI node and netflow uses source-ip this is just confusing and should be synced to the common source-address CLI node.
2021-12-25flow-accounting: T4097: move to get_config_dict()Christian Poessinger
2021-12-25ospfv3: T4102: add support for NSSA area-typeChristian Poessinger
2021-12-23conntrack-sync: T3854: Add missed statistics for op-modeViacheslav
After rewriting conntrack-sync to XML/python part of op-mode parameters was missed Add "status" and "statistics" for conntrack-sync
2021-12-21nat: T3435: Fix for op-mode concatenate strViacheslav
Can only concatenate str (not "int") to str
2021-12-19vxlan: T3700: add support for Generic Protocol extension (VXLAN-GPE)Christian Poessinger
2021-12-19T4084: dehardcode the post-login bannerDaniil Baturin
2021-12-17Merge pull request #1103 from zdc/T3774-sagittaChristian Poessinger
logs: T3774: Added CLI options to control atop logs rotation
2021-12-17logs: T3774: Optimization for logrotate configszsdc
* Added proper handling of default values from CLI. * Replaced rsyslog restart postrotate action to native `rsyslog-rotate` script. * Removed unnecessary checks for `None` instead `dict` - with default values the situation becomes impossible. * Fixed default value from 10 to 1 in the rsyslog CLI.
2021-12-16Add restart ldp commandDevon Mar
2021-12-15http-api: T4076: allow setting CORS option 'Access-Control-Allow-Origin'John Estabrook
2021-12-13logs: T3774: Added new CLI itemzsdc
Added the ability to control the `/var/log/messages` rotation. Renamed the option `maxsize` to `max-size`.
2021-12-13logs: T3774: Improved logs config renderingzsdc
Switched to `vyos.util.dict_search()` to keep the style common with the rest components. Removed config file comparison - almost the same result may be reached by removing a configuration file with each boot, we already have such a feature in the `vyos-router`.
2021-12-13http-api: T4071: allow API to bind to unix domain socketJohn Estabrook
2021-12-12graphql: T3993: add requests for firewall ipv6-address-groupJohn Estabrook
2021-12-12graphql: T3993: distinguish queries and mutations; update README.graphqlJohn Estabrook
2021-12-12validator: T4036: validate if multicast address is single (no netmask)Christian Poessinger
2021-12-12bgp: T3967: add support for conditional advertisementChristian Poessinger
The BGP conditional advertisement feature uses the non-exist-map or the exist-map and the advertise-map keywords of the neighbor advertise-map command in order to track routes by the route prefix. non-exist-map ============= * If a route prefix is not present in the output of non-exist-map command, then advertise the route specified by the advertise-map command. * If a route prefix is present in the output of non-exist-map command, then do not advertise the route specified by the addvertise-map command. exist-map ========= * If a route prefix is present in the output of exist-map command, then advertise the route specified by the advertise-map command. * If a route prefix is not present in the output of exist-map command, then do not advertise the route specified by the advertise-map command. This feature is useful when some prefixes are advertised to one of its peers only if the information from the other peer is not present (due to failure in peering session or partial reachability etc). The conditional BGP announcements are sent in addition to the normal announcements that a BGP router sends to its peer. CLI nodes can be found under: * set protocols bgp neighbor <ip> address-family <afi> conditional-advertisement * set protocols bgp peer-group <p> address-family <afi> conditional-advertisement
2021-12-11T3912: migrate "Welcome to VyOS" from issue file to motd to not silently ↵Christian Poessinger
expose OS
2021-12-11vyos.util: T4061: fix typo in function nameJohn Estabrook
2021-12-11bfd: T3310: bugfix on profile names using hyphensChristian Poessinger
2021-12-10vxlan: T3700: unindent other tunnels cleanup codeChristian Poessinger
2021-12-10wwan: T3795: remove superfluous import (render)Christian Poessinger
(cherry picked from commit 5e7243db4ced47dbad48913f86909ba284fcc24d)
2021-12-10wwan: T3795: only enable cron helper when interface is in useChristian Poessinger
(cherry picked from commit e73b40a04ee90a91b778ce72a60cbb751f42a306)
2021-12-10wwan: T3795: only run ModemManager when interface is in useChristian Poessinger
(cherry picked from commit a8ebb4817955b3f33f773a4d05c753dfc77958cd)
2021-12-10vxlan: T3700: can not specify both "external" and "VNI"Christian Poessinger
2021-12-10vxlan: T3700: add support for external controlled FDBChristian Poessinger
Background information [1]. Specifies whether an external control plane (e.g. ip route encap/EVPN) or the internal FDB should be used. [1]: https://legacy.netdevconf.info/2.2/slides/prabhu-linuxbridge-tutorial.pdf
2021-12-10T562: bugfix missing "," on variable listingChristian Poessinger
This prevented VyOS to actually boot as the configuration could not be loaded, as "system host-name" was unable to commit.
2021-12-09Revert "vrrp: T4059: do "late" read of the CLI configuration as this fails ↵Christian Poessinger
in __init__" This reverts commit bcfe967f607a83192d75c01e7f414655891eec60.
2021-12-09Merge pull request #1024 from lucasec/dns-authoritativeChristian Poessinger
T562: Config syntax for defining DNS forward authoritative zones
2021-12-08vyos.util: T4061: add function to check for completion of boot configJohn Estabrook
2021-12-08vrrp: T4059: do "late" read of the CLI configuration as this fails in __init__Christian Poessinger
... thus we simply read the configuration the first time it really becomes necessary and a message requireing the data needs it actually.
2021-12-07logs: T3774: Added CLI options to control atop logs rotationzsdc
Added CLI options to generate logrotate configuration file for atop logs
2021-12-08Merge pull request #1100 from DmitriyEshenko/sg-1x-03122021-02Daniil Baturin
pppoe-server: T3006: Add range to regex generator