Age | Commit message (Collapse) | Author |
|
In case if `NHRP_DESTMTU` environment variable is presented, the
script uses an intermediate command to get the current route
before adding a new one. Then received data is used in the
`route add` command generation. This commit fixes this process,
so setting MTU becomes possible.
|
|
|
|
|
|
|
|
Commit 6cffe2aa82 ("bgp: T4490: Add informational message for peer withour AFI")
only checked if an address-family is configured under the neighbor statement.
This is not enough as the AFI can also be specified via a peer-group.
Add a new verify_afi() helper that checks both the neighbor and the assigned
peer-group.
|
|
conntrack: T4523: Extend conntrack output direciton, mark, zone
|
|
|
|
op-mode: T3435: Fix SNAT any address and DNAT port dict check
|
|
If SNAT source address in not exists use 'any'
Add check if 'port' exists in dictionary
|
|
|
|
When adding a new component version file, one must also include the file
in xml-component-version.xml.in
|
|
netflow: T4532: replace dot and colons to dash
|
|
|
|
Fix for IPv6 netflow_plugin name
When we use IPv6 uacctd.conf doesnt expect coluns in the plugin
name. Replace dots and colons to dash.
|
|
|
|
When removing a VRF from an ethernet interface and adding the interface to a
bond in the same commit led to an OSError: [Errno 16] Device or resource busy!
|
|
This extends commit 39157912 ("vyos.configdict(): T4228: is_member() must use
the "real" hardware interface") and returns the config dict of the used member
interfaces.
|
|
It makes no sense to enslave an interface to a bond or a bridge device if it is
bound to a given VRF. If VRFs should be used - the encapuslating/master
interface should be part of the VRF.
Error out if the member interface is part of a VRF.
|
|
interface: T4056: Fix unexpected delete tc qdisc
|
|
|
|
op-mode: T4493: Incorrect completion help of "show bgp neighbors"
|
|
the operational command "show bgp neighbors" is common for ipv4 and ipv6
so "IPv4" keyword in the help description might mislead.
|
|
vrf: T4527: Prevent to create VRF with reserved names
|
|
VRF names: "add, all, broadcast, default, delete, dev, get, inet,
mtu, link, type, vrf" are reserved and cannot be used for vrf name
|
|
Extent op-mode "show conntrack table ipv4"
Add ability to see direction of flow:
origianl - "Original src", "Original dst"
reply - "Reply src", "Reply dst"
Add "mark" and "zone" options
|
|
|
|
Commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real"
hardware interface") added a bugfix on calling is_member() to retrieve the real
physical information about an interface. It did not include a code path to also
split up VLAN interfaces.
This has been fixed.
|
|
Linux Kernel supports to specify the MII link monitoring frequency in
milliseconds. This determines how often the link state of each slave is
inspected for link failures. A value of zero disables MII link monitoring.
A value of 100 is a good starting point.
The default value is 100.
set interfaces bonding bond0 mii-mon-interval <n>
|
|
|
|
When is_member() is inspecting the bridge/Bond member interfaces it must work
with the real interface (e.g. eth1) under the "ethernet" node and not work on
the "member interface eth1" CLI tree, that makes no sense at all.
|
|
|
|
The code path for changing the interval is never executed.
|
|
A bond member can not also be used as a member of a bridge interface.
|
|
A bond member is not allowed to also be used as a source interface for
e.g. PPPoE or MACsec.
|
|
nat: T4499: Fix NAT not showing a single flow entry
|
|
We must change dictionary if we get only onle flow entry
I.e one NAT record
With single entry we get:
OrderedDict([('meta', xxx]))
We expect:
[OrderedDict([('meta', xxx]))]
|
|
|
|
disable-directed-broadcast-forwarding"
|
|
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644.
By default Linux kernel doesn't forward directed broadcast
packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding`
and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
|
|
definitions
|
|
conntrack: T4145: Add show conntrack table ipv4
|
|
After firewall rewriting, we lost the ability to show conntrack
table as it used old code
Rewrite and add it to XML/Python
|
|
monitoring: T4411: Migrate influxdb options to influxdb node
|
|
|
|
op-mode: T4503: Prevent restart service if commit in progress
|
|
As we have specific configuration for each plugin:
set service monitoring telegraf xxx
- azure-data-explorer
- prometheus-client
- splunk
We should to move configuration that related to influxdb under
influxdb node
Replace:
set service monitoring telegraf
- authentication xxx
- bucket xxx
- port xxx
- url
To:
set service monitoring telegraf influxdb xxx
|
|
Prevent op-mode scripts from restarting services if commit in
progress
|
|
|
|
|
|
|