Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
nhrp: T4546: Fixed route add command if MTU presented
|
|
Rewrite 'show nat source rules' due to a large number of bugs
in NAT rules statistics. Use new format 'vyos.opmode module'
Ability to get raw_data and formatted_output for the future
op-mode rewriting funcitonal
Ability to get raw and formatted data
|
|
Change op-mode "show conntrack table ipvX" script to work with
vyos.opmode module
Change name "show_conntrack.py" => "conntrack.py"
Ability to get IPv6 conntrack information
Ability to get raw and formatted data
|
|
|
|
|
|
|
|
T2719: prototype of an op mode command runner based on type hints and introspection
|
|
|
|
In case if `NHRP_DESTMTU` environment variable is presented, the
script uses an intermediate command to get the current route
before adding a new one. Then received data is used in the
`route add` command generation. This commit fixes this process,
so setting MTU becomes possible.
|
|
Signed-off-by: Daniil Baturin <daniil@vyos.io>
|
|
|
|
Commit 6cffe2aa82 ("bgp: T4490: Add informational message for peer withour AFI")
only checked if an address-family is configured under the neighbor statement.
This is not enough as the AFI can also be specified via a peer-group.
Add a new verify_afi() helper that checks both the neighbor and the assigned
peer-group.
|
|
conntrack: T4523: Extend conntrack output direciton, mark, zone
|
|
|
|
If SNAT source address in not exists use 'any'
Add check if 'port' exists in dictionary
|
|
|
|
It makes no sense to enslave an interface to a bond or a bridge device if it is
bound to a given VRF. If VRFs should be used - the encapuslating/master
interface should be part of the VRF.
Error out if the member interface is part of a VRF.
|
|
VRF names: "add, all, broadcast, default, delete, dev, get, inet,
mtu, link, type, vrf" are reserved and cannot be used for vrf name
|
|
Extent op-mode "show conntrack table ipv4"
Add ability to see direction of flow:
origianl - "Original src", "Original dst"
reply - "Reply src", "Reply dst"
Add "mark" and "zone" options
|
|
When is_member() is inspecting the bridge/Bond member interfaces it must work
with the real interface (e.g. eth1) under the "ethernet" node and not work on
the "member interface eth1" CLI tree, that makes no sense at all.
|
|
We must change dictionary if we get only onle flow entry
I.e one NAT record
With single entry we get:
OrderedDict([('meta', xxx]))
We expect:
[OrderedDict([('meta', xxx]))]
|
|
disable-directed-broadcast-forwarding"
|
|
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644.
By default Linux kernel doesn't forward directed broadcast
packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding`
and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
|
|
After firewall rewriting, we lost the ability to show conntrack
table as it used old code
Rewrite and add it to XML/Python
|
|
Add XML for configuration mode "load-balancing wan" for the future
rewriting this to Python
Remove node from Makefile as Python code is not yet completed
|
|
monitoring: T4411: Migrate influxdb options to influxdb node
|
|
op-mode: T4503: Prevent restart service if commit in progress
|
|
As we have specific configuration for each plugin:
set service monitoring telegraf xxx
- azure-data-explorer
- prometheus-client
- splunk
We should to move configuration that related to influxdb under
influxdb node
Replace:
set service monitoring telegraf
- authentication xxx
- bucket xxx
- port xxx
- url
To:
set service monitoring telegraf influxdb xxx
|
|
Prevent op-mode scripts from restarting services if commit in
progress
|
|
|
|
|
|
After discussion with @zsdc this was decided the better long term fix
* Removes hourly logrotate cron in favour of systemd timer override
|
|
|
|
|
|
|
|
|
|
|
|
|
|
dns: T4509: Add dns64-prefix option
|
|
|
|
|
|
rfc6147: DNS Extensions for Network Address Translation
from IPv6 Clients to IPv4 Servers
set service dns forwarding dns64-prefix 2001:db8:aabb::/96
|
|
It makes no sense to test against a VRF that might not exist at all.
|
|
Commit 19789463 ("dhclient: T2393: introduce 20 seconds stop timeout - required
for smoketesting on Qemu") assigned a string to a boolean field. This has been
fixed.
|
|
When clients only use DHCP for interface addressing we can not bind NTPd to
an address - as it will fail if the address changes. This commit adds support
to bind ntpd to a given interface in addition to a given address.
set system ntp interface <name>
|
|
dns: T4378: Allow wildcard A AAAA record with option all
|