Age | Commit message (Collapse) | Author |
|
T5055: Firewall: add packet-type matcher in firewall and route policy
|
|
Container registry CLI node changed from leafNode to tagNode with the same
defaults. In addition we can now configure an authentication option per
registry.
|
|
|
|
|
|
T5058: Fix range_to_regex list argument
|
|
Values of the list for the 'range_to_regex' could be not only range
values as ['10-20', '22-30'] but also and not range values like
['10-20', '30', '80']
Fix if we args is list and non range values are exists in ths list
% range_to_regex(['10-20', '80'])
'(1\\d|20|80)'
|
|
graphql: T5068: generate client operations for code generation tools
|
|
T5070: Added show bgp martian/show bgp nexthop to bgp in vrf
|
|
T4973: DHCP server fix output for long leases
|
|
util: T5074: Fixed decoding of certificate value to UTF-8 string
|
|
With long lease time for example lease '4294967295' seconds
it is impossible to get end lease as value is 'ends never;'
It cause error to get timestamp() from 'ends never' and remaining
time 'lease.end - datetime.utcnow()'
Set default remaining and end lease to '-' if we cannot get this
info
|
|
Fixed decoding of certificate value returned by vici
to UTF-8 string.
|
|
|
|
qos: T5018: Fix issues between QoS and interface mirror/redirect
|
|
This will check if mirror/redirect is present on a QoS interface and use `vyos.configdep` module to update the interface again after QoS is applied.
|
|
|
|
T5073: IPoE-server fix parse empty range option
|
|
|
|
T5063: IPoE-server ethX vlan must not be used with client-subnet
|
|
IPoE-server 'interface ethX vlan xxx' (aka vlan-mon) must not be
used with 'interface ethX client-subnet'
So instead of shared pool accel-ppp uses the same pool for each
dynamically added VLAN
eth1 client-subnet '192.0.2.0/24'
eth1 vlan '2000-2021'
It cause this issue:
eth1.2000 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
eth2.2001 range 192.0.2.0/24 (the first client gets address from 192.0.2.2)
Only named pools with vlan option must be used.
|
|
If the 'client-subnet' is not used we must exclude it
from the ipoe.config.j2 template.
Otherwise we get wrong empty parameter ',range=,'
|
|
|
|
T5066: Fix GRE tunnel variable name which checks keys
|
|
|
|
Lift the amount of allowed open file descriptors for the FRR process tree.
Required if there are hundreds to thousands interfaces on a system.
|
|
op-mode: T5051: use Literal types to provide op-mode CLI choices and API enums
|
|
T5057: Fix IPoE regex Jinja2 for interface
|
|
T5058: Extend template filter range_to_regex to allow list as arg
|
|
Fix incorrect regex '\d+' when used vlan ranges
For example 'ipoe-server interface eth1 vlan 2000-3000'
- replace 'interface=re:eth1\.\d+'
=> 'interface=re:^eth1\.(200\d|20[1-9]\d|2[1-9]\d{2}|3000)$'
|
|
|
|
Extend template filter 'range_to_regex'
Allow list of ranges as argument
% range_to_regex(['11-12', '14-15'])
'(1[1-2]|1[4-5])'
|
|
T5056: Fix IPoE server template for vlan-mon
|
|
After rewriting IPoE server for config.dict the ipoe.config.j2
template wasn't changed for 'vlan-mon' section
Fix it
|
|
Not all interfaces have valid entries in the speed file. PPPoE interfaces have
the appropriate speed file, but you can not read it:
cat: /sys/class/net/pppoe7/speed: Invalid argument
|
|
|
|
|
|
|
|
graphql: T5040: generate schema on installation, rather than dynamically
|
|
|
|
ipsec: T4916: Fixed migrations script
|
|
* removed unused `re` from imports
* replaced `return_value()` to `return_values()` for `remote-address`
because this is a multi-value configuration node
|
|
login: T5039: catch error on 'my_set' for auth plaintext-password
|
|
login: T5039: Support hashing rounds in `encrypted-password` values
|
|
|
|
Since glibc 2.7, the SHA-256 and SHA-512 implementations support
a user-supplied number of hashing rounds, defaulting to 5000. If
the "$id$" characters in the salt are followed by "rounds=xxx$",
where xxx is an integer, then the result has the form
$id$rounds=yyy$salt$encrypted
where yyy is the number of hashing rounds actually used. The
number of rounds actually used is 1000 if xxx is less than 1000,
999999999 if xxx is greater than 999999999, and is equal to xxx
otherwise.
|
|
|
|
Since 'key' field is no longer required, a missing key will register an
error in the resolver, instead of being rejected as bad request.
|
|
|
|
For type introspection of op-mode scripts, scripts are loaded as
modules. For generation of schema from type introspection, it is useful
to load scripts during package installation, hence to fail gracefully if
not on live system.
|
|
Schema had been dynamically generated, based on configuration setting
for authentication. Add nullable field 'key' for static generation of
schema regardless of key/token use.
|