Age | Commit message (Collapse) | Author |
|
Extend the way how we determine if interfaces exist in VyOS. In the past we
only validated if the interface in question really exists at the OS level.
This has some drawbacks as services (like OSPF or OSPFv3) can also handle
interfaces dynamically which appear or leaf the OS.
This commit not only checks for OS interfaces but also if the interface in
question was configured at the CLI level, this is proof enough to pass the
check. If it does not exist at the CLI level, we continue searching it it's
maybe a Kernel interface - useful for container networks.
In addition we can now not only raise() an error but simply show a warning if
an interface does not exist.
(cherry picked from commit f7250ecf1d119f14d72f99ee379deaaae0790f0e)
|
|
isis: T6160: NameError: name 'process' is not defined (backport #3169)
|
|
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain"
node identifying the IS-IS process name). Drop all references to "process"
variable.
Specifying:
set protocols isis interface eth1
set protocols isis net '49.0001.1921.6825.5255.00'
set protocols isis redistribute ipv4 bgp
Triggered an exception
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module>
verify(c)
File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify
f'"protocols isis {process} redistribute {afi} {proto}"!')
^^^^^^^
NameError: name 'process' is not defined
(cherry picked from commit 78212414e085d6261a32015553eb3e407f77792f)
|
|
policy: T6130: Revert commit 960cace (backport #3153)
|
|
This reverts commit 960cace189d7ace2bea0968646b1348b415e0363.
All community rules syntax was changed.
T5357 is invalid bug report.
VyOS cannot use new configuration syntax in the previous versions.
(cherry picked from commit 72378c67ef1eee01a06e2f9a194a0870c6a7fdd2)
|
|
conntrack: T6147: Enable conntrack when firewall state-policy is defined (backport #3159)
|
|
bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filtering (backport #3158)
|
|
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType
value of 0x88A8 is required.
Reusing CLI command from VIF-S (QinQ) interfaces:
set interfaces bridge br0 protocol 802.1ad
(cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
|
|
* Move global state-policy smoketest to it's own test, verify conntrack
(cherry picked from commit 62bda3b082a79c2f31483dba5bfeb19464f6dbe2)
|
|
T6143: Increase configurable timeout range for service config-sync (backport #3155)
|
|
The maximum timeout for the `service config-sync` is 300 seconds
(Connection API timeout). It could not be enough for the real massive
configurations.
Increase the maximum value to 3600
```
set service config-sync secondary address 192.0.2.1
set service config-sync secondary timeout 3600
```
(cherry picked from commit 4a90e00a886397d9f4202b78cc8995ed93d40014)
|
|
qos: T1871: add MTU option when configure limiter traffic-policy (backport #3131)
|
|
add mtu to default and specified class
update smoke test
(cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
|
|
T6138: Fix op-mode show conntrack table with flowtable offloads (backport #3150)
|
|
T6136: add error checks when using dynamic firewall groups (backport #3146)
|
|
The op-mode command `show conntrack table ipv4` fails if gets a
conntrack entrie with `flowtable` offload. Those entries do not
have key `timeout`
```
File "/usr/libexec/vyos/op_mode/conntrack.py", line 115, in get_formatted_output
timeout = meta['timeout']
~~~~^^^^^^^^^^^
```
Use the timeout `n/a` for those offload conntrack entries
(cherry picked from commit a75be3b6814dd39711c157c29405ee6bd83993f5)
|
|
T6127: Fixed show log firewall for rule with offload (backport #3145)
|
|
op-mode: T6133: add support to manually trigger commit-archive update (backport #3143)
|
|
(cherry picked from commit e2df1f4929774792c1d4bfb78c2dfa5bdf7f0825)
|
|
(cherry picked from commit d1fb9eddd9017ffbcd9e0d43209700649da2cc57)
|
|
(cherry picked from commit 326db209ab5c907ddb93f29b484c423c68f1ee36)
|
|
(cherry picked from commit 1f3df2d63561ea9c6dd64d1d9292920274964ca3)
|
|
Automatic update of the remote commit-archive could fail under certian
circumstances, add an op-mode command to manually trigger the update:
cpo@LR1.wue3# run force commit-archive
Archiving config...
git+https://git.FOOO.de/cpo/vyos-config-backup [edit]
(cherry picked from commit 09de453194e9f8e7aa5dcb2e5c8de5a89e82708d)
|
|
T6121: Extend service config-sync to new sections (backport #3132)
|
|
Extend `service config-sync` with new sections:
- LeafNodes: pki, policy, vpn, vrf (syncs the whole sections)
- Nodes: interfaces, protocols, service (syncs subsections)
In this cae the Node allows to uses the next level section
i.e subsection
For example any of the subsection of the node `interfaces`:
- set service config-sync section interfaces pseudo-ethernet
- set service config-sync section interfaces virtual-ethernet
Example of the config:
```
set service config-sync mode 'load'
set service config-sync secondary address '192.0.2.1'
set service config-sync secondary key 'xxx'
set service config-sync section firewall
set service config-sync section interfaces pseudo-ethernet
set service config-sync section interfaces virtual-ethernet
set service config-sync section nat
set service config-sync section nat66
set service config-sync section protocols static
set service config-sync section pki
set service config-sync section vrf
```
(cherry picked from commit 25b611f504521181f85cb4460bfdfd702c377b5e)
|
|
policy: T6129: add route-map option "as-path exclude all" (backport #3139)
|
|
T6133: append domain-name to commit-archive if defined (backport #3140)
|
|
Remove all AS numbers from the AS_PATH of the BGP path's NLRI.
set policy route-map <name> rule <rule> set as-path exclude all
(cherry picked from commit 16395c902ff79fcb34019a6d499467488ed45849)
|
|
(cherry picked from commit 4291a1a423c3cbbae9e4142575b36d6fbe1c126f)
|
|
T6090: policy: fix migration script (backport #3137)
|
|
occurs also if only <policy route> is defined.
(cherry picked from commit 1048f49e403d7ce3df379bbf48e7fcc60a74e67b)
|
|
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s (backport #3135)
|
|
xml: T3642: improve PKI CLI help string (backport #3133)
|
|
(cherry picked from commit 7ca0ad91744044f74690179eaec4160d9c4fee65)
|
|
(cherry picked from commit 63de63f43aaa720993faf06ba2789789d87d63c6)
|
|
(cherry picked from commit d6226d60dce4a46c9fa63adbf85f2df86c7bd1b1)
|
|
radvd: T6118: add nat64prefix support RFC8781 (backport #3125)
|
|
T2447: add configurable kernel boot option 'disable-power-saving' (backport #3093)
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
(cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
|
|
grub: T4548: Fixed GRUB configuration files order (backport #3126)
|
|
Lower available CPU C states to a minimum if this option set. This will set
Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1".
(cherry picked from commit 3a3e0dff4ff1f80835eca6b2362d792e3ecacc8e)
|
|
To iterate files on ext* file systems GRUB reads their inodes one by one,
ignoring names. This breaks our configuration logic that relies on proper
loading order.
This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB
configuration files are created. It recreates files, changing their inodes in a
way where inodes order matches alphabetical order.
(cherry picked from commit f74923202311e853b677e52cd83bae2be9605c26)
|
|
conntrack: T5080: Fix rule order for applied conntrack modules (backport #3123)
|
|
(cherry picked from commit 1fbda31623054ee944d063f738e4d1d4170341ef)
|
|
vrrp: T6020: vrrp health-check script not applied correctly in keepal…
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
dhcp-client: T6093: extend regex for client class-id's with DOT (backport #3117)
|
|
xml: T6098: relax description constraint to allow non-ascii characters (backport #3110)
|
|
A restriction to ascii in the constraint disallowed earlier support for
unicode bytes.
(cherry picked from commit 66b92e1cd4ec948c1e2df4bee9b21da9633f5bd8)
|
|
xml: T5738: revert invalid change from lower character limit - 0 length must be allowed (backport #3115)
|