diff options
-rw-r--r-- | docs/_include/interface-xdp.txt | 32 | ||||
m--------- | docs/_include/vyos-1x | 0 | ||||
-rw-r--r-- | docs/changelog/1.4.rst | 42 | ||||
-rw-r--r-- | docs/configuration/interfaces/bonding.rst | 7 | ||||
-rw-r--r-- | docs/configuration/interfaces/ethernet.rst | 23 | ||||
-rw-r--r-- | docs/configuration/interfaces/wireguard.rst | 2 | ||||
-rw-r--r-- | docs/configuration/vpn/l2tp.rst | 22 |
7 files changed, 56 insertions, 72 deletions
diff --git a/docs/_include/interface-xdp.txt b/docs/_include/interface-xdp.txt deleted file mode 100644 index cee9933b..00000000 --- a/docs/_include/interface-xdp.txt +++ /dev/null @@ -1,32 +0,0 @@ -.. cfgcmd:: set interfaces {{ var0 }} <interface> xdp - - Enable support for Linux :abbr:`XDP (eXpress Data Path)` on recent 1.4 rolling - releases. You must enable it for every interface which should participate in - the XDP forwarding. - - XDP is an eBPF based high performance data path merged in the Linux kernel - since version 4.8. The idea behind XDP is to add an early hook in the RX path - of the kernel, and let a user supplied eBPF program decide the fate of the - packet. The hook is placed in the NIC driver just after the interrupt - processing, and before any memory allocation needed by the network stack - itself, because memory allocation can be an expensive operation. - - .. warning:: This is highly experimental! - - .. note:: Enabling this feature will break any form of NAT or Firewalling on - this interface, as XDP is handled way earlier in the driver then iptables/ - nftables. - - Enabling this feature will only load the XDP router code as described here: - - .. stop_vyoslinter - - https://blog.apnic.net/2020/04/30/how-to-build-an-xdp-based-bgp-peering-router/ - - .. start_vyoslinter - - Example: - - .. code-block:: none - - set interfaces {{ var0 }} {{ var1 }} xdp diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 12b7da289665c75c3839b32c77a491d8909f3e7 +Subproject 062b1e857bb70f75315826fee756784244fbd46 diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index d7c75ee6..233fe0fd 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,48 @@ _ext/releasenotes.py +2023-06-18 +========== + +* :vytask:`T5295` ``(bug): QoS shaper incorrect rate limit the traffic`` +* :vytask:`T5256` ``(bug): QoS expects protocol number but not protocol name`` + + +2023-06-13 +========== + +* :vytask:`T5258` ``(bug): git Actions use ubuntu-22.04 instead of deprecated ubuntu-18.04 for PR conflicts checker`` +* :vytask:`T5222` ``(feature): Add load-balancing reverse-proxy based on haproxy`` +* :vytask:`T5213` ``(feature): Accel-ppp sending accounting interim updates acct-interim-interval option`` +* :vytask:`T5171` ``(feature): Use XML for conf-mode "load-balancing wan" instead of legacy templates`` + + +2023-06-12 +========== + +* :vytask:`T5282` ``(bug): Poweroff now does not work`` +* :vytask:`T5264` ``(feature): Add Mellanox Technologies firmware flash module mlxfw to kernel`` +* :vytask:`T5286` ``(feature): Remove XDP support`` + + +2023-06-10 +========== + +* :vytask:`T5231` ``(feature): Add op-mode for load-balancing reverse-proxy`` + + +2023-06-09 +========== + +* :vytask:`T5253` ``(bug): MPLS config removed at boot when wireguard interfaces present`` + + +2023-06-05 +========== + +* :vytask:`T5259` ``(bug): Openconnect cannot pass migration 1-to-2`` + + 2023-06-02 ========== diff --git a/docs/configuration/interfaces/bonding.rst b/docs/configuration/interfaces/bonding.rst index 3d30f1a5..3c8ebd0d 100644 --- a/docs/configuration/interfaces/bonding.rst +++ b/docs/configuration/interfaces/bonding.rst @@ -271,13 +271,6 @@ Bond options The maximum number of targets that can be specified is 16. The default value is no IP address. -Offloading ----------- - -.. cmdinclude:: /_include/interface-xdp.txt - :var0: bondinging - :var1: bond0 - VLAN ==== diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst index 76f02d6d..4eb1b5f4 100644 --- a/docs/configuration/interfaces/ethernet.rst +++ b/docs/configuration/interfaces/ethernet.rst @@ -289,26 +289,3 @@ Operation .. stop_vyoslinter -.. opcmd:: show interfaces ethernet <interface> xdp - - Display XDP forwarding statistics - - .. code-block:: none - - vyos@vyos:~$ show interfaces ethernet eth1 xdp - - Collecting stats from BPF map - - BPF map (bpf_map_type:6) id:176 name:xdp_stats_map key_size:4 value_size:16 max_entries:5 - XDP-action - XDP_ABORTED 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250340 - XDP_DROP 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250317 - XDP_PASS 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250314 - XDP_TX 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250313 - XDP_REDIRECT 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250313 - - XDP-action - XDP_ABORTED 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000410 - XDP_DROP 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 - XDP_PASS 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 - XDP_TX 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 - XDP_REDIRECT 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000414 diff --git a/docs/configuration/interfaces/wireguard.rst b/docs/configuration/interfaces/wireguard.rst index 18a888df..5eb10fe8 100644 --- a/docs/configuration/interfaces/wireguard.rst +++ b/docs/configuration/interfaces/wireguard.rst @@ -194,6 +194,7 @@ traffic. set interfaces wireguard wg01 peer to-wg01 port '51820' set interfaces wireguard wg01 peer to-wg01 public-key 'EKY0dxRrSD98QHjfHOK13mZ5PJ7hnddRZt5woB3szyw=' set interfaces wireguard wg01 port '51820' + set interfaces wireguard wg01 private-key 'OLTQY3HuK5qWDgVs6fJR093SwPgOmCKkDI1+vJLGoFU=' set protocols static route 192.168.1.0/24 interface wg01 @@ -291,6 +292,7 @@ value needs to be lower than the UDP timeout. pubkey BknHcLFo8nOo8Dwq2CjaC/TedchKQ0ebxC7GYn7Al00= } port 2224 + private-key OLTQY3HuK5qWDgVs6fJR093SwPgOmCKkDI1+vJLGoFU= } The following is the config for the iPhone peer above. It's important to diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index 8dc34ee4..6ea1cc7d 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -73,15 +73,16 @@ parameter to the client. set vpn l2tp remote-access name-server '198.51.100.8' set vpn l2tp remote-access name-server '198.51.100.4' -Established sessions can be viewed using the **show vpn remote-access** -operational command, or **show l2tp-server sessions** +Established sessions can be viewed using the **show l2tp-server sessions** +operational command .. code-block:: none - vyos@vyos:~$ show vpn remote-access - ifname | username | calling-sid | ip | rate-limit | type | comp | state | uptime - --------+----------+--------------+---------------+------------+------+------+--------+---------- - ppp0 | vyos | 192.168.0.36 | 192.168.255.1 | | l2tp | | active | 00:06:13 + vyos@vyos:~$ show l2tp-server sessions + ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes + --------+----------+---------------+-----+--------+-------------+------------+--------+----------+----------+---------- + l2tp0 | test | 192.168.255.3 | | | 192.168.0.36 | | active | 02:01:47 | 7.7 KiB | 1.2 KiB + LNS (L2TP Network Server) @@ -128,10 +129,11 @@ The rate-limit is set in kbit/sec. set vpn l2tp remote-access authentication local-users username test rate-limit download 20480 set vpn l2tp remote-access authentication local-users username test rate-limit upload 10240 - vyos@vyos:~$ show vpn remote-access - ifname | username | calling-sid | ip | rate-limit | type | comp | state | uptime - -------+----------+--------------+---------------+-------------+------+------+--------+----------- - ppp0 | test | 192.168.0.36 | 192.168.255.2 | 20480/10240 | l2tp | | active | 00:06:30 + vyos@vyos:~$ show l2tp-server sessions + ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes + --------+----------+---------------+-----+--------+-------------+------------+--------+----------+----------+---------- + l2tp0 | test | 192.168.255.3 | | | 192.168.0.36 | | active | 02:01:47 | 7.7 KiB | 1.2 KiB + RADIUS authentication ====================== |