Age | Commit message (Collapse) | Author |
|
T5729: firewall: switch to valueless in
|
|
dhclient: T5724: run user hooks using run_hookdir
|
|
User hooks are executed using run_hookdir (defined in the /sbin/dhclient-script script) instead of run-parts. That allows user hooks to modify variables set by the dhcp client (e.g., the new_routers variable to avoid the installation of the default routes).
|
|
ddclient: T5708: Fix VRF table generation in smoketest
|
|
<enable|disable> commands; log and state moved to new syntax.
|
|
Ensure that the random VRF table name is 4 digits long, not 5 and stays
within the the range of 100 - 65535.
|
|
T5727: Use native URL validator instead of regex-based validator
|
|
ddclient: T5708: Additional smoketests for web-options
|
|
Add additional smoketests for web-options validation.
Also, format error messages to optionally include protocol name.
|
|
Replace regex-based URL validator with native validator from vyos-utils.
Also, move `include/url.xml.i` to `include/url-http-https.xml.i` to
reflect the fact that it is used only for HTTP(S) URLs.
|
|
T1797: Remove vpp packages and mentions
|
|
|
|
T5412: Beautify config dependencies JSON
|
|
There are only cosmetic "changes" without functional changes
|
|
ddclient: T5708: Ensure password is always wrapped in quotes
|
|
Migration to 3.11.1 follow-up: This should make `ddclient.conf` parsing
more resilient to edge cases (particularly when `password` isn't the
last option right before the host parameter).
ddclient config parser applies special treatment to the password field
and would unwrap the quotes automatically.
Also, switch from now deprecated `use=no` to `use=disabled`.
|
|
mdns: T5723: Always reload systemd daemon before applying changes
|
|
T5681: firewall: bump firewall cli version to 12
|
|
change.
|
|
Additionally, templatize system service override and move it to the
runtime path.
|
|
T5559: Add static neighbor-proxy feature
|
|
T5702: SNMP add interface-mib max-interfaces-number and prefix
|
|
T5706: Add custom systemd udev rules to exclude dynamic interfaces
|
|
T5713: Strip string after "secret" in IPSEC configs
|
|
T5720: Fix for PPPoE-server adding new interfaces
|
|
If we add a new interface for PPPoe-server we MUST restart the
`accel-ppp@pppoe.service` as `reload` is not implemented for
accel-ppp daemon
Otherwise we have listen interface in the /run/accel-pppd/pppoe.conf
which does not work
|
|
T5716: Fix smoketest for accel-ppp limiter tbf
|
|
Limiter in the commit cf92295 was changed to `tbf`
Fix smoketest
|
|
mdns: T5719: Add op-mode commands to mDNS repeater
|
|
The following ones are available now:
- restart mdns repeater
- show log mdns repeater
- monitor log mdns repeater
|
|
ddclient: T5708: Migration to 3.11.1 and related improvements
|
|
Fix execution bit for migration script
|
|
T5716: Fix accel-ppp template down-limiter does not rely on fwmark
|
|
show bgp l2vpn evpn es-vrf
show bgp l2vpn evpn next-hops
|
|
|
|
Commit 30eb308149 ("T5713: Strip string after "secret" in IPSEC config") had
good intention but this will happen:
use-secret foo CLI node will become " secret xxxxxx" so the output of
strip-private invalidates the configuration.
This has been changed to an exact match of "secret" only
|
|
vxlan: T3700: add bridge dependency call when altering member interfaces
|
|
ddclient: T5708: Upgrade to ddclient 3.11.1
|
|
accel-ppp template shaper `down-limiter` does not rely on `fwmark`
Fix it
|
|
- Allow to configure only required interface prefixes
set service snmp mib interface 'eth'
set service snmp mib interface 'bond'
include_ifmib_iface_prefix eth bond
Sets the interface name prefixes to include in the IF-MIB data collection.
For servers with a large number of interfaces (ppp, dummy, bridge, etc)
the IF-MIB processing will take a large chunk of CPU for ioctl calls.
A set of space separated interface name prefixes will reduce the CPU
load for IF-MIB processing. For example, configuring
"include_ifmib_iface_prefix eth dummy lo" will include only interfaces
with these prefixes and ignore all others for IF-MIB processing.
- Allow to configure maximum interface number
set service snmp mib interface-max '100'
ifmib_max_num_ifaces NUM
Sets the maximum number of interfaces included in IF-MIB data collection.
For servers with a large number of interfaces (ppp, dummy, bridge, etc)
the IF-MIB processing will take a large chunk of CPU for ioctl calls
(on Linux). Setting a reasonable maximum for the CPU used will
reduce the CPU load for IF-MIB processing. For example, configuring
"ifmib_max_num_ifaces 500" will include only the first 500 interfaces
based on ifindex and ignore all others for IF-MIB processing.
|
|
Commit 7f6624f5a6f8bd ("vxlan: T3700: support VLAN tunnel mapping of VLAN aware
bridges") added support for Single VXLAN Device (SVD) containers supported by
the Linux Kernel.
When working with bridge VIFs it turned out that when deleting a VIF all the
VXLAN tunnel mappings got deleted, too. In order to avoid this, if the bridge
has a VXLAN member interface which vlan-to-vni mapping enabled, we add a
dependency that we call VXLAN conf-mode script after messing arround with the
bridge VIFs and re-create tunnel mappings.
|
|
- Migrate to ddclient 3.11.1 and enforce debian/control dependency
- Add dual stack support for additional protocols
- Restrict usage of `porkbun` protocol, VyOS configuration structure
isn't compatible with porkbun yet
- Improve and cleanup error messages
|
|
`web-options` is only applicable when using HTTP(S) web request to
obtain the IP address. Apply guard for that.
|
|
Time interval in seconds to wait between DNS updates would be a bit
more intuitive as `interval` than `timeout`.
|
|
Make "strip-private" strip the string after "secret"
|
|
Add custom systemd udev rules to exclude some regular and dynamic
interfaces from "systemd-sysctl" calls.
It fixes high CPU utilization (100%) as we have a lot of calls per
interface for dynamic interfaces like ppp|ipoe|sstp etc.
/lib/systemd/systemd-udevd should not be called for those interfaces
|
|
wireguard: T5707: remove previously deconfigured peer
|
|
Changing the public key of a peer (updating the key material) left the old
WireGuard peer in place, as the key removal command used the new key.
WireGuard only supports peer removal based on the configured public-key, by
deleting the entire interface this is the shortcut instead of parsing out all
peers and removing them one by one.
Peer reconfiguration will always come with a short downtime while the WireGuard
interface is recreated.
|
|
T5698 EVPN ESI Multihoming
|
|
T5704: PPPoE L2TP SSTP IPoE add option max-concurrent-sessions
|