summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-22Merge branch 'nat-integration' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'nat-integration' of github.com:c-po/vyos-1x: nat: T2460: fix KeyError: 'sport' nat: T2460: migrate to new Python implementation nat: T2460: add src/op_mode/show_nat_translations.py
2020-05-22nat: T2460: fix KeyError: 'sport'Christian Poessinger
2020-05-22login: T2492: re-use code from vyos.utilChristian Poessinger
2020-05-22login: T2492: force setting of encrypted password on first bootChristian Poessinger
2020-05-22nat: T2460: migrate to new Python implementationChristian Poessinger
2020-05-22Merge branch 'T2460' of https://github.com/thomas-mangin/vyos-1x into ↵Christian Poessinger
nat-integration * 'T2460' of https://github.com/thomas-mangin/vyos-1x: nat: T2460: add src/op_mode/show_nat_translations.py
2020-05-22login: T2492: fix flake8 warningsChristian Poessinger
2020-05-22login: T2492: do not set encrypted user password when it is not changedChristian Poessinger
2020-05-22pppoe: T2488: bugfix, missing not in if condition prevented startupChristian Poessinger
Commit 39c53aadbf9e ("pppoe: T2488: remove logfile generation") accidently missed a not in an if statement.
2020-05-22pppoe: T2380: drop superfluous list_pppoe_peers.shChristian Poessinger
2020-05-22macsec: T2491: add replay window protectionChristian Poessinger
2020-05-22macsec: T2023: only render mka in template if encrypt enabledChristian Poessinger
2020-05-22macsec: T2023: flake8/autopep8 correctionsChristian Poessinger
2020-05-22macsec: T2023: fix wrong use or f-format stringChristian Poessinger
2020-05-22macsec: T2023: remove unused importChristian Poessinger
2020-05-21nat: T2460: add src/op_mode/show_nat_translations.pyThomas Mangin
2020-05-21macsec: T2023: add valueHelp for MKA keysChristian Poessinger
2020-05-21pppoe: T2380: fix NameError: name 'intf' is not definedChristian Poessinger
2020-05-21pppoe: T2380: dis-/connect should use proper systemd callsChristian Poessinger
2020-05-21pppoe: T2488: remove logfile generationChristian Poessinger
2020-05-21pppoe: wwan: T2488: drop individual ppp logsChristian Poessinger
2020-05-21wireless: T1627: remove get_conf_file()Christian Poessinger
2020-05-21macsec: T2023: delete wpa_supplicant config when interface is removedChristian Poessinger
2020-05-21macsec: T2023: stop wpa_supplicant on interface deletionChristian Poessinger
2020-05-21Merge branch 'macsec-t2023' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'macsec-t2023' of github.com:c-po/vyos-1x: macsec: T2023: cleanup wpa_supplicant config file name macsec: T2023: improve verify() when encryption is enabled macsec: T2023: support MACsec Key Agreement protocol actor priority macsec: T2023: rename "security key" node to "security mka" macsec: T2023: use wpa_supplicant for key management macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node macsec: T2023: extend key generator for CAK and CKN in operation mode macsec: T2023: remove gcm-aes-256 cipher type macsec: T2023: cipher suite is mandatory macsec: T2023: use list when working with Config() macsec: T2023: add 'show interfaces macsec' op-mode tree macsec: T2023: add optional encryption command macsec: T2023: generate secure channel keys in operation mode macsec: T2023: add initial XML and Python interfaces ifconfig: T2023: add initial MACsec abstraction interface: T2023: adopt _delete() to common style interface: T2023: remove superfluous at end of list macvlan: T2023: prepare common source interface include file
2020-05-21macsec: T2023: cleanup wpa_supplicant config file nameChristian Poessinger
2020-05-21macsec: T2023: improve verify() when encryption is enabledChristian Poessinger
With enabled encryption keys must be configured.
2020-05-21macsec: T2023: support MACsec Key Agreement protocol actor priorityChristian Poessinger
2020-05-21macsec: T2023: rename "security key" node to "security mka"Christian Poessinger
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that.
2020-05-21macsec: T2023: use wpa_supplicant for key managementChristian Poessinger
2020-05-21macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" nodeChristian Poessinger
This is best suited as a key is required, too.
2020-05-21macsec: T2023: extend key generator for CAK and CKN in operation modeChristian Poessinger
CAK - Connectivity Association Key CKN - Connectivity Association Name
2020-05-21macsec: T2023: remove gcm-aes-256 cipher typeChristian Poessinger
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2.
2020-05-21macsec: T2023: cipher suite is mandatoryChristian Poessinger
2020-05-21macsec: T2023: use list when working with Config()Christian Poessinger
2020-05-21macsec: T2023: add 'show interfaces macsec' op-mode treeChristian Poessinger
vyos@vyos# run show interfaces macsec 13: macsec1: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bf19260001 on SA 0 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0 vyos@vyos# run show interfaces macsec macsec2 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0
2020-05-21macsec: T2023: add optional encryption commandChristian Poessinger
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt
2020-05-21macsec: T2023: generate secure channel keys in operation modeChristian Poessinger
2020-05-21macsec: T2023: add initial XML and Python interfacesChristian Poessinger
2020-05-21ifconfig: T2023: add initial MACsec abstractionChristian Poessinger
2020-05-20interface: T2023: adopt _delete() to common styleChristian Poessinger
2020-05-20interface: T2023: remove superfluous at end of listChristian Poessinger
2020-05-20macvlan: T2023: prepare common source interface include fileChristian Poessinger
2020-05-20Merge pull request #417 from thomas-mangin/T2467Christian Poessinger
util: T2467: fix missing import
2020-05-20util: T2467: fix missing importThomas Mangin
2020-05-20Merge pull request #416 from kroy-the-rabbit/patch-5Daniil Baturin
T2465: Permissions on vyos-hostsd socket incorrect
2020-05-20Merge pull request #415 from kroy-the-rabbit/revert-413-patch-4Daniil Baturin
Revert "T2465: vyos-hostsd-client needs sudo"
2020-05-19T2465: Permissions on vyos-hostsd socket incorrectkroy-the-rabbit
The DHCP server is unable to apply entries to the hosts file because the permissions on the socket are getting created wrong. ``` $ ls -al /run/vyos-hostsd.sock srwxrwxrwx 1 root vyattacfg 0 May 20 01:38 /run/vyos-hostsd.sock ``` This gives it the correct permissions so that the nobody/nobody user/group can change it.
2020-05-19Revert "T2465: vyos-hostsd-client needs sudo"kroy-the-rabbit
2020-05-19bgp: T2387: rename new implementation else system will not bootChristian Poessinger
It is not possible to simply remove the node.def file in a tag node. Rather rename the tag node to take it out of order by default. Upcoming BGP developers simply need to remove this line in the Makefile added by the commit.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 14:29:55 +0000