Age | Commit message (Collapse) | Author |
|
rpki: T6034: move file based SSH keys for authentication to PKI subsystem (backport #2988)
|
|
T6019: Fix smoketest test_system_conntrack custom timeout (backport #3005)
|
|
(cherry picked from commit 3bfbbef22954488541abd3cad262b1e196d4c240)
|
|
(cherry picked from commit 4d76e9ef3e7773ed96c037108021c292675b101c)
|
|
(cherry picked from commit 78820752b936e77d30f995498ff36487c5c6af87)
|
|
(cherry picked from commit 0f8bf6bd0fb29cfd638e9920674e7ad1d1d25350)
|
|
(cherry picked from commit ac2d7dfac6073d0f232191ec494f78a8d12889e4)
|
|
set pki openssh rpki private key ...
set pki openssh rpki public key ...
set pki openssh rpki public type 'ssh-rsa'
(cherry picked from commit 8c78ef0879f22ffd4a5f7fdb175e9109b46e9d7b)
|
|
After updateing netfilter in the commit https://github.com/vyos/vyos-build/commit/b31f5fe934bcb37534d49acdb5f7756bf05422e8
The nftables format for conntrack timeouts is different.
Fix this.
(cherry picked from commit 24860e092426bf0bb09c2d164d66330be13bcd77)
|
|
T5064: Firewall fix RegEx for for domain-group (backport #3000)
|
|
T5928: Change firewall priority to 319 (backport #2999)
|
|
Improve RegEx for firewall domain-groups.
This domain group looks good, but the current RegEx validation
fils:
```
set firewall group domain-group a_aa
```
(cherry picked from commit b67049edab41e8714aec087b81d589fdb03a350b)
|
|
(cherry picked from commit ef87bd7320da2750de4d93c14314965704f3dfbd)
|
|
Change the firewall priority to 319, after interface ethernet
configuration
For example if we use VLANs and the vlan interface must be
created before we can use it in the firewall/flowtable
The current priority
```
199 firewall
300 interfaces/dummy
300 interfaces/loopback
300 interfaces/virtual-ethernet
310 interfaces/bridge
310 interfaces/input
318 interfaces/ethernet
...
```
(cherry picked from commit f1dcd2d23f89251b0a96c61f8186002cb0d50d18)
|
|
bgp: T6032: add EVPN MAC-VRF Site-of-Origin support (backport #2987)
|
|
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2
domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP
topology-independent means of marking and import-filtering EVPN routes
originated from a particular L2 domain. One situation where this is valuable
is when deploying EVPN using anycast VTEPs
set protocols bgp address-family l2vpn-evpn mac-vrf soo
(cherry picked from commit f308df322bd62024e29dd458642cb6bcac8a5ad6)
|
|
ipsec: T5981: Strip '@' from migrated peer PKI name (backport #2993)
|
|
(cherry picked from commit 8238f8cdae3ae14bd8bd95158c218c45285df478)
|
|
init: T2044: fix "binary operator expected" when two or more RPKI caches are defined (backport #2994)
|
|
defined
Fix commit 9b8e11e07 ("init: T2044: only start rpki if cache is configured")
which showed a disturbing error on tty0 after boot that a "binary operator
expected" when checking for RPKI caches when multiple results got returned.
(cherry picked from commit a5ac522f8c675ee2b2c2f4f08be7c41943632e94)
|
|
T6019: fix smoketest after upgrading nftables and libnftnl packages. (backport #2991)
|
|
(cherry picked from commit f3205d6dd1ea04adecbd8c857c80015ed53f2140)
|
|
srv6: T5849: add segment support to "protocols static route6" (backport #2980)
|
|
bgp: T6010: support setting multiple values for neighbor path-attribute (backport #2986)
|
|
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z'
* set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z'
(cherry picked from commit b84f7de453f3951945298d95a8a27345ba7d28c3)
|
|
(cherry picked from commit a22e0ee09ff4750de004090f1f55ee75a12dc821)
|
|
rpki: T6004: add missing startup priority (backport #2983)
|
|
xml: T5738: improve PKI building blocks for CLI (backport #2982)
|
|
(cherry picked from commit 4c2acb970c62478cf1139fcf66b0de341d46f7fc)
|
|
(cherry picked from commit d4278cde2b153e163fe41e1bc461891397336bc3)
|
|
T6028: Fix QoS policy shaper wrong class_id_max and default_minor_id (backport #2978)
|
|
The `class_id_max` is wrong due to `tmp.sort` of Strings
If we have class 5 and class 10 we get sorted max value 5, expected 10
```
>>> tmp = ['5', '10']
>>> tmp.sort()
>>> tmp
['10', '5']
>>>
>>> hex(5+1)
'0x6'
>>>
>>> hex(10+1)
'0xb'
>>>
```
This way we get wrong default maximum class value:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6
```
Expect:
```
tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b
```
Fix this converting Strings to Integers and get max value.
(cherry picked from commit 2e8fa45c7f0663549edd118622b3381e7c428b2e)
|
|
T5703: Fix reapply QoS for connection-oriented interfaces (backport #2967)
|
|
After `disconnect` and `connect` connection-oriented interfaces
like PPPoE, QoS policy has to be reapplied
(cherry picked from commit ffc6dc28780f4d3e8c548f3709c7f3d17babda68)
|
|
T5828: fix grub installation on arm64-efi machines (backport #2643)
|
|
https: T5902: fix migration of virtual-host port (backport #2975)
|
|
CLI source node is port and not listen-port.
(cherry picked from commit 63d53a17274349fd68defdbf9f7ce16be63fc9b1)
|
|
T5960: Rewritten authentication node in PPTP to a single view (backport #2950)
|
|
Since the migration of GRUB handling to vyos-1x, the grub install
sequence has hardcoded references to x86.
Change the GRUB sequence so it can work on arm64 as well.
(cherry picked from commit 37bd574c4e1f49b03f985c4293513ff7107ae82f)
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
(cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
|
|
rpki: T6023: add support for CLI knobs expire-interval and retry-interval (backport #2955)
|
|
(cherry picked from commit 17894f6f5d97df7d3ac1cf37ce0e1a96b8fa8e8b)
|
|
T5685: Keepalived VRRP prefix is not necessary for the virtual address (backport #2968)
|
|
T6026: QoS hide attempts to delete qdisc from devices (backport #2969)
|
|
Hide unexpected output by attempts of deleting `qdisc` from
interfaces
[ qos ]
Error: Cannot find specified qdisc on specified device.
Error: Cannot delete qdisc with handle of zero.
(cherry picked from commit 6dcb68ba5553ac94eb3a9da4a915999500b00ab2)
|
|
(cherry picked from commit 1cb52f758cec78b9ac19f47448064b8e9e722b67)
|
|
vrf: T5973: module is now statically compiled into the kernel (backport #2952)
|
|
bgp: T6024: add additional missing FRR features (backport #2957)
|
|
init: T2044: only start rpki if cache is configured (backport #2959)
|
|
This extends commit 9199c87cf ("init: T2044: always start/stop rpki during
system boot") to check the bootup configuration if an RPKI cache is defined.
Only start RPKI if this is the case.
(cherry picked from commit 9b8e11e078c42e3ae86ebfa45fec57336f25a0af)
|