summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-08-17op-mode: xml: bgp: fix large-community help stringChristian Poessinger
2021-08-17op-mode: T1513: bgp: add "show bgp large-community AA:BB:CC exat-match"Christian Poessinger
2021-08-17op-mode: T1513: bgp: xml: provide exact-match building blockChristian Poessinger
2021-08-17xml: proxy: use port-number building block for system proxyChristian Poessinger
2021-08-17xml: webproxy: use port-number building block for LDAP connectionChristian Poessinger
2021-08-17xml: wireguard: use port-number building blockChristian Poessinger
2021-08-17xml: syslog: use port-number building blockChristian Poessinger
2021-08-17xml: tftp: use port-number building blockChristian Poessinger
2021-08-17xml: bcast-relay: use port-number building blockChristian Poessinger
2021-08-17xml: vxlan: use port-number building blockChristian Poessinger
2021-08-17xml: include: add error message to port-numberChristian Poessinger
2021-08-17isis: T1316: use common redistribute XML building block for IPv4 and IPv6Christian Poessinger
2021-08-17Merge pull request #974 from sever-sever/T690Christian Poessinger
openvpn: T690: Add metric for pushed routes
2021-08-16openvpn: T690: Add metric for pushed routesViacheslav
2021-08-16smoketest: conntrack: fix function name disable -> enableChristian Poessinger
2021-08-16conntrack: T3579: bugfix when deleting non existent iptable rulesChristian Poessinger
We only delete iptables rules if they really exist - if we try to delete a non- existing rule a PermissionError exception is thrown. We could either ignore the error code (that is what the old Vyatta code did), or we check what we are doing beforehand.
2021-08-16conntrack: T3579: remove debug print()Christian Poessinger
2021-08-16ospf: T3757: verify() bugfix for interface areaChristian Poessinger
Commit 6f87d8c9 ("ospf: T3757: support to configure area at an interface level") did not allow the old way an area and netwokr was set-up as the if expression was missing a check if 'area' was set in both the interface and the ospf process.
2021-08-15Merge pull request #973 from sever-sever/T3702Christian Poessinger
pbr: T3702: Fix incorrect splits for fwmark
2021-08-15pbr: T3702: Fix incorrect splits for fwmarkViacheslav
2021-08-15Merge pull request #972 from erkin/currentChristian Poessinger
smoketest: conntrack: Update smoketests for new conntrack modules syntax
2021-08-15smoketest: ospf: add debug code for redistribution testChristian Poessinger
2021-08-15ospf: T3236: improve Jinja2 template - always use if before a loopChristian Poessinger
2021-08-15smoketest: ospf: fix type in testcase name #10Christian Poessinger
2021-08-15smoketest: ospf: T3757: test interface area configurationChristian Poessinger
2021-08-15smoketest: conntrack: Update smoketests for new conntrack modules syntaxerkin
2021-08-15ospf: T3757: support to configure area at an interface levelChristian Poessinger
FRR supports configuring either network prefixes per area, or assign an interface to an area to participate in the routing process. This is already well known from other venders and supported by FRR. A valid VyOS OSPF configuration would then look like: vyos@vyos# show protocols ospf { interface dum0 { area 0 } interface eth0.201 { area 0 authentication { md5 { key-id 10 { md5-key vyos } } } dead-interval 40 hello-interval 10 priority 1 retransmit-interval 5 transmit-delay 1 } log-adjacency-changes { detail } parameters { abr-type cisco router-id 172.18.254.201 } passive-interface default passive-interface-exclude eth0.201 }
2021-08-15conntrack: T3275: bugfix XML generationChristian Poessinger
This commit fixes an error introduced by 43fcc0db0 ("conntrack: T3275: migrate 'disable' syntax to 'enable' syntax for the new default behavior") as the <valueless/> option can only be used on leafNodes. THis triggered the following build error: ValueError: <valueless/> is only allowed in <leafNode>
2021-08-15wireguard: T3756: fix generated qr code headerBoris Manojlovic
2021-08-15Merge pull request #944 from sever-sever/T3702Christian Poessinger
pbr: T3702: Add rules match fwmark
2021-08-15Merge pull request #970 from jack9603301/T3648Christian Poessinger
op-mode: nat: T3648: Modify the operation mode script implementation of NAT to fix the existing problem
2021-08-15conntrack: T3275: migrate 'disable' syntax to 'enable' syntax for the new ↵Lulu Cathrinus Grimalkin
default behavior
2021-08-14smoketest: shim: wait for commit to be completedChristian Poessinger
This completes commit e7d841d285 ("smoketest: shim: remove superfluous sleep() in getFRRconfig()").
2021-08-14smoketest: shim: remove superfluous sleep() in getFRRconfig()Christian Poessinger
The sleep was intended to handle a FRR issue where the config was/is somehow now available in vtysh even with the commit was done. This rather feels like a race-condition and is fixed in the subsequent commit.
2021-08-14vyos.util: T1503: use build in methods to determine current user for ↵Christian Poessinger
commit_in_progress()
2021-08-14op-mode: ipsec: T3745: "show vpn ipse sa" improve sortingChristian Poessinger
2021-08-14op-mode: vpn: use over absolute pathChristian Poessinger
2021-08-14op-mode: combine two "show vpn" definitionsChristian Poessinger
2021-08-14ospf: T3236: use proper daemon named template fileChristian Poessinger
2021-08-14op-mode: nat: T3648: Modify the operation mode script implementation of NAT ↵jack9603301
to fix the existing problem
2021-08-13vyos.util: "harden" is_systemd_service_running() functionChristian Poessinger
Inspired by the comments of https://unix.stackexchange.com/a/435317 use a more robust approach. A service can be "active" but not "running" (e.g. restarting with a configuration error). We can now test if a systemd unit is "activated" and if it is "running" at all. >>> from vyos.util import is_systemd_service_active >>> from vyos.util import is_systemd_service_running >>> is_systemd_service_active('ssh') True >>> is_systemd_service_running('sshd') False >>> is_systemd_service_running('ssh') True
2021-08-13vrf: T3734: T3728: vni must be configured with a higher priority then bgpdChristian Poessinger
When removing bgp (vrf) instances the assigned VRF vni must be deleted from FRR prior the removal of the bgp settings (T3734). This is now done by moving the CLI command "set vrf name red vni 1000" to a dedicated Python script with a priority higher then bgp.
2021-08-13Merge pull request #969 from sarthurdev/T3752Christian Poessinger
pki: T3752: Fix file output for certificate requests
2021-08-13Merge pull request #968 from sever-sever/T3738Christian Poessinger
openvpn: T3738: Disable authentication option for server mode
2021-08-13pki: T3752: Fix file output for certificate requestssarthurdev
2021-08-13xml: T3234: update instead of overwrite on repeated pathJohn Estabrook
2021-08-13openvpn: T3738: Disable authentication option for server modeViacheslav
2021-08-13Merge pull request #914 from sever-sever/T3673Christian Poessinger
policy: T3673: Add set large-comm-list for route-map
2021-08-13Merge pull request #967 from sever-sever/T3708-currChristian Poessinger
isis: T3708: Fix errors in MTU calculation
2021-08-13policy: T3673: Add set large-comm-list-delete for route-mapViacheslav