| Age | Commit message (Collapse) | Author |
|---|
|
Support getting current system secure boot state.
In addition add optional suppor tto list all enrolled MOK (Machine Owner Keys)
in the UEFI variable store.
|
|
vyos@vyos:~$ show ver
...
Architecture: x86_64
Boot via: installed image
System type: KVM guest
Secure Boot: enabled
...
|
|
|
|
bond: T6709: add EAPoL support
|
|
op-mode: T6682: Fix for show vpn ike sa peer that always shows all SAs
|
|
|
|
Instead of having EAPoL (Extensible Authentication Protocol over Local Area
Network) support only available for ethernet interfaces, move this to common
ground at vyos.ifconfig.interface making it available for all sorts of
interfaces by simply including the XML portion
#include <include/interface/eapol.xml.i>
|
|
Add CLI option to include the systems timezone in the syslog message sent to
a collector. This can be enabled using:
set system syslog host <hostname> format include-timezone
|
|
policy: T6676: Invalid route-map caused bgpd to crash
|
|
T6703: Adds option to configure AMD pstate driver
|
|
openfabric: T6652: Add support for OpenFabric protocol
|
|
|
|
Missing comma in the list between services
'ssh', 'suricata' 'vrrp', 'webproxy'
Fix it
|
|
op-mode: T6694: Move some op-mode commands to the "execute" family
|
|
T6701: Added ability to disable the container DNS plugin
|
|
|
|
|
|
|
|
|
|
T6679: add group option for nat66
|
|
Add ability to set the container network with a disable-dns setting to disable
the DNS plugin that is on be default.
set container network <network> no-name-server
|
|
op_mode: T6181: A feature for checking ports
|
|
'force netns' — move to 'execute shell netns'.
'force vrf'— move to 'execute shell vrf'.
'force owping' — move to 'execute owping'.
'force twping' — move to 'execute twping'.
'monitor bandwidth-test' — move to 'execute bandwidth-test`.
'telnet' — move to 'execute telnet'
|
|
|
|
During podman upgrade and a build from the original source the UNIX socket
definition for systemd got lost in translation.
This commit re-adds the UNIX socket which is started on boot to interact with
Podman.
Example:
curl --unix-socket /run/podman/podman.sock -H 'content-type: application/json' \
-sf http://localhost/containers/json
|
|
OpenFabric is a routing protocol providing link-state routing with efficient flooding for topologies like spine-leaf networks.
FRR implements OpenFabric in a daemon called fabricd
|
|
|
|
|
|
To increase the chance for dhclient to configure routes in FRR, added a
workaround. Now 10 attempts are performed with 1 second delay and only after
this dhclient gives up.
|
|
|
|
Fix for system option ssh-client source-interface
For the `verify_source_interface` the key `ifname` if required
|
|
T6183: interfaces openvpn: suppport specifying IP protocol version
|
|
T5743: HTTPS API ability to import PKI certificates
|
|
|
|
ipoe_server: T6649: Accel-ppp separate vlan-mon from listen interfaces
|
|
|
|
|
|
|
|
|
|
each other
|
|
|
|
|
|
The function verify_interface_exists requires a reference to the ambient
config_dict rather than creating an instance. As access is required to
the 'interfaces' path, provide as attribute of class ConfigDict, so as
not to confuse path searches of script-specific config_dict instances.
|
|
|
|
The CStore in_session check is a false positive outside of a config
session if a specific environment variable is set with an existing
referent in unionfs. To allow extensions when running under configd and
avoid confusion, enforce in_session returns False.
|
|
|
|
|
|
OPENVPN: T6555: add server-bridge options in mode server
|
|
T5873: T6619: remove unused imports
|
|
* Only matching flags and fields used by modern RFC2890 "extended GRE" -
this is backwards-compatible, but does not match all possible flags.
* There are no nftables helpers for the GRE key field, which is critical
to match individual tunnel sessions (more detail in the forum post)
* nft expression syntax is not flexible enough for multiple field
matches in a single rule and the key offset changes depending on flags.
* Thus, clumsy compromise in requiring an explicit match on the "checksum"
flag if a key is present, so we know where key will be. In most cases,
nobody uses the checksum, but assuming it to be off or automatically
adding a "not checksum" match unless told otherwise would be confusing
* The automatic "flags key" check when specifying a key doesn't have similar
validation, I added it first and it makes sense. I would still like
to find a workaround to the "checksum" offset problem.
* If we could add 2 rules from 1 config definition, we could match
both cases with appropriate offsets, but this would break existing
FW generation logic, logging, etc.
* Added a "test_gre_match" smoketest
|
