Age | Commit message (Collapse) | Author |
|
T6366: CGNAT add ability to get external and internal allocations
|
|
T6375: Fix/Update NAT logging
|
|
Fixed broken logging for "show log nat"
Added the following commands:
show log nat source
show log nat source rule <ruleNum>
show log nat destination nat
show log nat destination nat rule <ruleNum>
show log nat static
show log nat static rule <ruleNum>
|
|
op-mode: T6367: fix "force commit-archive" TypeError
|
|
Add the ability to show port allocation per external or internal address
With huge entries, it is necessary to filter it by specific
external/internal IP address
|
|
/usr/bin/config-mgmt requires an argument OR to be symbolically linked to
*commit-revision or *commit-archive, for which it interprets argv[0] through
the useful trickery:
https://github.com/vyos/vyos-1x/blob/current/python/vyos/config_mgmt.py#L693-L700
Traceback (most recent call last):
File "/usr/bin/config-mgmt", line 33, in <module>
sys.exit(load_entry_point('vyos==1.3.0', 'console_scripts', 'config-mgmt')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/config_mgmt.py", line 746, in run
func = getattr(config_mgmt, args['subcommand'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: attribute name must be string, not 'NoneType'
|
|
T6372: added codeowners
|
|
|
|
T6364: CGNAT drop hard limit that allows only one translation rule
|
|
|
|
Allow to set multiple CGNAT internal pools
```
set nat cgnat pool internal int-01 range '100.64.0.0/28'
set nat cgnat pool internal int-01 range '100.64.222.11-100.64.222.14'
```
|
|
As PoC for CGNAT had a hard limit of using only one translation
rule for one internal pool.
Drop this limit and extend the usage number of the rules.
```
set nat cgnat rule 100 source pool 'int-01'
set nat cgnat rule 100 translation pool 'ext-01'
set nat cgnat rule 120 source pool 'vyos-int-02'
set nat cgnat rule 120 translation pool 'vyos-ext-02'
```
|
|
T5169: Add smoketest for CGNAT
|
|
T6354: do an explicit read from version file to avoid circular reference
|
|
* T6349: updated conflict workflow
* T6349: updated conflict workflow
* T6349: updated all workflows to use reusable workflows
* T6349: updated all workflows to use reusable workflows
|
|
|
|
|
|
op mode: T6348: SNAT op-mode fails with flowtable offload entries
|
|
T6354: Get rid of the custom boot type check in version.py
|
|
T6358: Container config option to enable host pid
|
|
|
|
|
|
|
|
T6350: CGNAT add op-mode to show allocation
|
|
T6351: CGNAT add verification if the pool exists
|
|
|
|
T6347: CGNAT fix error if pool contain dashes in the name
|
|
Add op-mode command `show nat cgnat allocation` to get CGNAT
allocations (internal address, external address, port-range)
|
|
T6335: Add/Update EVPN op commands
|
|
Add verification if the external/internal pools are exists before we
can use them in the source and translation rules
|
|
|
|
Converted completion helpers from python to bash for performance
Previous commit:
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
|
|
op mode: T3355: remove the mention of legacy non-image installations
|
|
T5756: L2TP RADIUS backup and weight settings
|
|
op mode: T6339: display build flavor and comment in "show version"
|
|
Added the following commands:
show evpn
show evpn es
show evpn es <es-id>
show evpn es detail
show evpn es-evi
show evpn es-evi detail
show evpn es-evi vni <num>
show evpn vni
show evpn vni detail
show evpn vni <num>
Updated the following commands:
show evpn access-vlan
show evpn arp-cache
show evpn mac
show evpn next-hops
show evpn rmac
|
|
They were never supported by VyOS,
that was just for very old systens upgraded from Vyatta Core
|
|
|
|
|
|
smoketest: ospf: T4739: add timeout in ldp test
|
|
|
|
T3420: Remove service upnp
|
|
Remove `service upnp` as it never worked as expected, nft rules do
not integrated and custom patches do not seem like a suitable
solution for now.
Security:
UPnP has been historically associated with security risks due to its automatic
and potentially unauthenticated nature.
UPnP devices might be vulnerable to unauthorized access or exploitation.
|
|
T6251: Extend table number limits for policy route-map set table
|
|
|
|
ethernet: T6306: add support for EVPN MH uplink/core tracking
|
|
T6329: firewall: add a patch for op-mode command <show firewall group>
|
|
|
|
When all the underlay links go down the PE no longer has access to the VxLAN
+overlay.
To prevent blackholing of traffic the server/ES links are protodowned on the PE.
A link can be setup for uplink tracking via the following configuration:
set interfaces ethernet eth0 evpn uplink
|
|
image-tools: T6176: addendum to fixes for boot console
|