Age | Commit message (Collapse) | Author |
|
dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally connected interfaces
|
|
connected interfaces
Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
|
|
ipsec: T5981: Strip '@' from migrated peer PKI name
|
|
init: T2044: fix "binary operator expected" when two or more RPKI caches are defined
|
|
defined
Fix commit 9b8e11e07 ("init: T2044: only start rpki if cache is configured")
which showed a disturbing error on tty0 after boot that a "binary operator
expected" when checking for RPKI caches when multiple results got returned.
|
|
|
|
T6019: fix smoketest after upgrading nftables and libnftnl packages.
|
|
|
|
srv6: T5849: add segment support to "protocols static route6"
|
|
bgp: T6010: support setting multiple values for neighbor path-attribute
|
|
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z'
* set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
|
|
|
|
rpki: T6004: add missing startup priority
|
|
xml: T5738: improve PKI building blocks for CLI
|
|
|
|
|
|
T6028: Fix QoS policy shaper wrong class_id_max and default_minor_id
|
|
The `class_id_max` is wrong due to `tmp.sort` of Strings
If we have class 5 and class 10 we get sorted max value 5, expected 10
```
>>> tmp = ['5', '10']
>>> tmp.sort()
>>> tmp
['10', '5']
>>>
>>> hex(5+1)
'0x6'
>>>
>>> hex(10+1)
'0xb'
>>>
```
This way we get wrong default maximum class value:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6
```
Expect:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b
```
Fix this converting Strings to Integers and get max value.
|
|
T5703: Fix reapply QoS for connection-oriented interfaces
|
|
After `disconnect` and `connect` connection-oriented interfaces
like PPPoE, QoS policy has to be reapplied
|
|
https: T5902: fix migration of virtual-host port
|
|
CLI source node is port and not listen-port.
|
|
rpki: T6023: add support for CLI knobs expire-interval and retry-interval
|
|
T5685: Keepalived VRRP prefix is not necessary for the virtual address
|
|
|
|
T5960: Rewritten authentication node in PPTP to a single view
|
|
T6026: QoS hide attempts to delete qdisc from devices
|
|
op-mode: T4038: Python rewrite of image tools
|
|
Hide unexpected output by attempts of deleting `qdisc` from
interfaces
[ qos ]
Error: Cannot find specified qdisc on specified device.
Error: Cannot delete qdisc with handle of zero.
|
|
vrf: T5973: module is now statically compiled into the kernel
|
|
bgp: T6024: add additional missing FRR features
|
|
init: T2044: only start rpki if cache is configured
|
|
xml: T302: replace references to Quagga with FRRouting
|
|
|
|
This extends commit 9199c87cf ("init: T2044: always start/stop rpki during
system boot") to check the bootup configuration if an RPKI cache is defined.
Only start RPKI if this is the case.
|
|
vpn: T3843: l2tp configuration not cleared after delete
|
|
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null>
* set protocols bgp parameters allow-martian-nexthop
* set protocols bgp parameters no-hard-administrative-reset"
|
|
|
|
T6021: Fix QoS shaper r2q calculation
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
|
|
Always enable VRF strict_mode
|
|
The current calculation `r2q` is wrong as it uses `Floor division`
but expecting `division`
This way `math.ceil` calculate wrong value as we expect
round a number upward to its nearest integer
For example for speed 710 mbits expected value `444` but we get `443`
```
from math import ceil
MAXQUANTUM = 200000
speed = 710000000
speed_bps = int(speed) // 8
>>> speed_bps // MAXQUANTUM
443
>>> speed_bps / MAXQUANTUM
443.75
>>>
>>>
>>> ceil(speed_bps // MAXQUANTUM)
443
>>> ceil(speed_bps / MAXQUANTUM)
444
>>>
```
|
|
image-tools: T6016: wait for umount in cleanup function
|
|
T5921: Fix OpenConnect verify for local users
|
|
Fix verify error for the VPN OpenConnect configuration with
local authentication and without any user
File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 94, in verify
if not ocserv["authentication"]["local_users"]:
KeyError: 'local_users'
|
|
vpn: T5926: IPSEC does not apply after l2tp configuration was changed
added dependency between l2tp and ipsec conf
added test for apply config to swanctl
|
|
op-mode:T6015:Fix for charon file generated by ipsec debug script (backport #2942)
|
|
(cherry picked from commit 0c9c496961dc88110da53943a14dd88086ea920d)
|
|
|
|
rpki: T6011: known-hosts-file is no longer supported by FRR
|