Age | Commit message (Collapse) | Author |
|
|
|
|
|
T6679: add group option for nat66
|
|
Add ability to set the container network with a disable-dns setting to disable
the DNS plugin that is on be default.
set container network <network> no-name-server
|
|
op_mode: T6181: A feature for checking ports
|
|
'force netns' — move to 'execute shell netns'.
'force vrf'— move to 'execute shell vrf'.
'force owping' — move to 'execute owping'.
'force twping' — move to 'execute twping'.
'monitor bandwidth-test' — move to 'execute bandwidth-test`.
'telnet' — move to 'execute telnet'
|
|
|
|
During podman upgrade and a build from the original source the UNIX socket
definition for systemd got lost in translation.
This commit re-adds the UNIX socket which is started on boot to interact with
Podman.
Example:
curl --unix-socket /run/podman/podman.sock -H 'content-type: application/json' \
-sf http://localhost/containers/json
|
|
OpenFabric is a routing protocol providing link-state routing with efficient flooding for topologies like spine-leaf networks.
FRR implements OpenFabric in a daemon called fabricd
|
|
|
|
|
|
To increase the chance for dhclient to configure routes in FRR, added a
workaround. Now 10 attempts are performed with 1 second delay and only after
this dhclient gives up.
|
|
|
|
Fix for system option ssh-client source-interface
For the `verify_source_interface` the key `ifname` if required
|
|
T6183: interfaces openvpn: suppport specifying IP protocol version
|
|
T5743: HTTPS API ability to import PKI certificates
|
|
|
|
ipoe_server: T6649: Accel-ppp separate vlan-mon from listen interfaces
|
|
|
|
|
|
|
|
|
|
each other
|
|
|
|
|
|
The function verify_interface_exists requires a reference to the ambient
config_dict rather than creating an instance. As access is required to
the 'interfaces' path, provide as attribute of class ConfigDict, so as
not to confuse path searches of script-specific config_dict instances.
|
|
|
|
The CStore in_session check is a false positive outside of a config
session if a specific environment variable is set with an existing
referent in unionfs. To allow extensions when running under configd and
avoid confusion, enforce in_session returns False.
|
|
|
|
|
|
OPENVPN: T6555: add server-bridge options in mode server
|
|
T5873: T6619: remove unused imports
|
|
* Only matching flags and fields used by modern RFC2890 "extended GRE" -
this is backwards-compatible, but does not match all possible flags.
* There are no nftables helpers for the GRE key field, which is critical
to match individual tunnel sessions (more detail in the forum post)
* nft expression syntax is not flexible enough for multiple field
matches in a single rule and the key offset changes depending on flags.
* Thus, clumsy compromise in requiring an explicit match on the "checksum"
flag if a key is present, so we know where key will be. In most cases,
nobody uses the checksum, but assuming it to be off or automatically
adding a "not checksum" match unless told otherwise would be confusing
* The automatic "flags key" check when specifying a key doesn't have similar
validation, I added it first and it makes sense. I would still like
to find a workaround to the "checksum" offset problem.
* If we could add 2 rules from 1 config definition, we could match
both cases with appropriate offsets, but this would break existing
FW generation logic, logging, etc.
* Added a "test_gre_match" smoketest
|
|
T4072: firewall extend bridge firewall
|
|
|
|
|
|
T6632: add missing standard functions to config scripts
|
|
T6629: call check_kmod within a standard config function
|
|
|
|
In the PR https://github.com/vyos/vyos-1x/pull/3823 the ncp-ciphers
were replaced with `data-ciphers`
fix template for "generate openvpn client-config"
|
|
|
|
|
|
|
|
Move the remaining calls to check_kmod within a standard function,
with placement determined by the needs of the config script.
|
|
nat64: T6627: call check_kmod within standard config function
|
|
Functions called from config scripts outside of the standard functions
get_config/verify/generate/apply will not be called when run under
configd. Move as appropriate for the general config script structure and
the specific script requirements.
|
|
prerouting chain; re introduce <set vrf> in policy; change global options for passing traffic to IPvX firewall; update smoketest
|
|
console: T3334: remove unused directories imported from vyos.defaults
|
|
enabling/disabling sending traffic from bridge layer to ipvX layer
|
|
wrong. Use nft -c option to check temporary file, and use output provided by nftables to parse the error if possible, or print it as it is if it's an unknown error
|