Age | Commit message (Collapse) | Author |
|
The Linux Kernel needs to be told if IPv6 SR enabled packets whether should be
processed or not. This is done using
/proc/sys/net/conf/<iface>/seg6_* variables:
seg6_enabled - BOOL
Accept or drop SR-enabled IPv6 packets on this interface.
Relevant packets are those with SRH present and DA = local.
0 - disabled (default)
not 0 - enabled
Or the VyOS CLI command:
* set protocols segment-routing interface eth0 srv6
|
|
Enable/Disable VRF strict mode, when net.vrf.strict_mode=0 (default) it is
possible to associate multiple VRF devices to the same table. Conversely, when
net.vrf.strict_mode=1 a table can be associated to a single VRF device.
A VRF table can be used by the VyOS CLI only once (ensured by verify()), this
simply adds an additional Kernel safety net, but a requirement for IPv6 segment
routing headers.
|
|
|
|
|
|
This reverts commit 7036c761e74bcd48e3ba714dec4545208ee0e313.
|
|
configdep: T5836: add boolean check whether script called as dependency
|
|
|
|
image-tools: T5831: show system image reverse ordered by date
|
|
|
|
|
|
T5249: Add rollback-soft feature
|
|
dhcp: T3316: Adjust dhcp-run script to align with kea hooks
|
|
dhcp: T3316: Kea DHCP and DHCPv6 fixes
|
|
The hook arguments passed to `on-dhcp-event.sh` have changed in Kea.
Adjust the script to align with the new arguments.
Additionally, remove FQDN mangling from the script. No need to extract
the domain name from `LEASE4_HOSTNAME` only to append it again.
See: https://kea.readthedocs.io/en/latest/arm/hooks.html#hooks-run-script
|
|
* Move Kea socket permission change on-demand and speed up conf scripts
* Fix issue with DHCP reservations when no `ip-address` value
|
|
ddclient: T5144,T5791: Fix migration to avoid config name conflict
|
|
ocserv: T5796: add CLI knob "http-security-headers"
|
|
|
|
OCserv manual recommended HTTP headers tobe included in the configuration.
(cherry picked from commit ad65d37ddf92ec8416c84707d7d41e63346b550c)
|
|
Since `service dns dynamic address <address> service <service> ...`
changed to `service dns dynamic name <service> address <address> ...`,
the resulting service and address config flip can result in conflicting
`service` name.
Additionally, since dynamic DNS service name now have name constraint,
we need to normalize the service name to conform with the constraint.
We now migrate the service name to (service|rfc2136)-<service>-<address>
to avoid the conflict and optionally append an index if there is still a
name conflict after normalization.
|
|
frr: T4020: add option to define number of open file descriptors
|
|
This allows the operator to control the number of open file descriptors each
daemon is allowed to start with. The current assumed value on most operating
systems is 1024.
If the operator plans to run bgp with several thousands of peers then this is
where we would modify FRR to allow this to happen.
set system frr descriptors <n>
|
|
|
|
T5823: Add recursive_defaults for BGP get_config dictionary
|
|
Add recursive_defaults values for BGP "get_config" dictionary.
|
|
T5749: Add a more scrict search for get_vrf method
|
|
The current implementation is wrong as it searches `master` in the
iproute2 JSON output. It is a worng as it could include bridges
or bonding interfaces
Add the more strict search `info_slave_kind == vrf`
|
|
T4163: Add BGP Monitoring Protocol BMP feature
|
|
T5798: load-balancing revese-proxy add multiple SSL certificates
|
|
Add BMP feature.
BMP (BGP Monitoring Protocol, RFC 7854) is used to send monitoring
data from BGP routers to network management entities
https://docs.frrouting.org/en/latest/bmp.html
Example:
set system frr bmp
commit
run restart bgp
set protocols bgp system-as '65001'
set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast
set protocols bgp neighbor 192.0.2.11 remote-as '65001'
set protocols bgp bmp mirror-buffer-limit '256000000'
set protocols bgp bmp target foo address '127.0.0.1'
set protocols bgp bmp target foo port '5000'
set protocols bgp bmp target foo min-retry '1000'
set protocols bgp bmp target foo max-retry '2000'
set protocols bgp bmp target foo mirror
set protocols bgp bmp target foo monitor ipv4-unicast post-policy
set protocols bgp bmp target foo monitor ipv4-unicast pre-policy
set protocols bgp bmp target foo monitor ipv6-unicast post-policy
set protocols bgp bmp target foo monitor ipv6-unicast pre-policy
|
|
image-tools: T5825: restore authentication for add system image
|
|
T5827: made show system image alphabetical
|
|
|
|
|
|
|
|
|
|
|
|
image-tools: T5821: restore vrf-aware add system image
|
|
T5826: ensure dmidecode is installed as a dependency of vyos-1x
|
|
dmicode is used in the "show hardware dmi" and to derive
synthetic MAC addresses (see python/vyos/ifconfig/interface.py).
On non-x86 platforms like arm64 it may not be pulled in explictly
by other packages (like libparted2) so add it as an explicit dependency.
|
|
|
|
image-tools: T5806: clear previous raid configs on install
|
|
Enforce constraint on Dynamic DNS service name to be alphanumeric
(including hyphens and underscores).
|
|
When migrating from `service dns dynamic interface <interface> ...` to
`service dns dynamic address <address> ...`, the config name can
potentially have a conflict when `address == 'web'`.
Although the `/run/ddclient/ddclient.conf` that was generated earlier
was incorrect, one could still potentially have misconfigured VyOS
config without realizing it.
We now append the old <interface> name to the config name to avoid
conflict.
|
|
|
|
T5774: fix regression in remote.upload
|
|
|
|
SRv6: T591: initial implementation to support locator definition
|
|
ddclient: T5791: Adjust warning messages, minor refactor and smoketest updates
|
|
image-tools: T5819: do not echo password on image install
|