summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-12-20srv6: T591: enable SR enabled packet processing on defined interfacesChristian Breunig
The Linux Kernel needs to be told if IPv6 SR enabled packets whether should be processed or not. This is done using /proc/sys/net/conf/<iface>/seg6_* variables: seg6_enabled - BOOL Accept or drop SR-enabled IPv6 packets on this interface. Relevant packets are those with SRH present and DA = local. 0 - disabled (default) not 0 - enabled Or the VyOS CLI command: * set protocols segment-routing interface eth0 srv6
2023-12-20vrf: T591: define sysctl setting for net.vrf.strict_modeChristian Breunig
Enable/Disable VRF strict mode, when net.vrf.strict_mode=0 (default) it is possible to associate multiple VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a table can be associated to a single VRF device. A VRF table can be used by the VyOS CLI only once (ensured by verify()), this simply adds an additional Kernel safety net, but a requirement for IPv6 segment routing headers.
2023-12-19smoketest: bgp: T4163: use explicit kill to respawn bgpd processChristian Breunig
2023-12-19smoketest: bgp: T4163: add explicit timeout when starting BMPChristian Breunig
2023-12-19Revert "smoketest: bgp: temporary disable BMP test"Christian Breunig
This reverts commit 7036c761e74bcd48e3ba714dec4545208ee0e313.
2023-12-19Merge pull request #2655 from jestabro/called_as_dependentChristian Breunig
configdep: T5836: add boolean check whether script called as dependency
2023-12-18configdep: T5836: add boolean check whether script called as dependencyJohn Estabrook
2023-12-18Merge pull request #2649 from jestabro/image-version-orderDaniil Baturin
image-tools: T5831: show system image reverse ordered by date
2023-12-18image-tools: T5831: show system image reverse ordered by dateJohn Estabrook
2023-12-17smoketesT: bgp: temporary disable BMP testChristian Breunig
2023-12-17Merge pull request #2596 from sever-sever/T5249Viacheslav Hletenko
T5249: Add rollback-soft feature
2023-12-17Merge pull request #2647 from indrajitr/kea-hook-fixChristian Breunig
dhcp: T3316: Adjust dhcp-run script to align with kea hooks
2023-12-17Merge pull request #2646 from sarthurdev/kea_fixesChristian Breunig
dhcp: T3316: Kea DHCP and DHCPv6 fixes
2023-12-17dhcp: T3316: Adjust dhcp-run script to align with kea hooksIndrajit Raychaudhuri
The hook arguments passed to `on-dhcp-event.sh` have changed in Kea. Adjust the script to align with the new arguments. Additionally, remove FQDN mangling from the script. No need to extract the domain name from `LEASE4_HOSTNAME` only to append it again. See: https://kea.readthedocs.io/en/latest/arm/hooks.html#hooks-run-script
2023-12-17dhcp: T3316: Kea DHCP and DHCPv6 fixessarthurdev
* Move Kea socket permission change on-demand and speed up conf scripts * Fix issue with DHCP reservations when no `ip-address` value
2023-12-16Merge pull request #2617 from indrajitr/ddclient-improvement-round-3-2023-12-11Christian Breunig
ddclient: T5144,T5791: Fix migration to avoid config name conflict
2023-12-16Merge pull request #2644 from c-po/ocserv-T5796Viacheslav Hletenko
ocserv: T5796: add CLI knob "http-security-headers"
2023-12-16ocserv: T5796: add smoketest for new "http-security-headers" featureChristian Breunig
2023-12-16ocserv: T5796: add CLI knob "http-security-headers"fett0
OCserv manual recommended HTTP headers tobe included in the configuration. (cherry picked from commit ad65d37ddf92ec8416c84707d7d41e63346b550c)
2023-12-15ddclient: T5791: Fix migration to normalize config name and avoid configIndrajit Raychaudhuri
Since `service dns dynamic address <address> service <service> ...` changed to `service dns dynamic name <service> address <address> ...`, the resulting service and address config flip can result in conflicting `service` name. Additionally, since dynamic DNS service name now have name constraint, we need to normalize the service name to conform with the constraint. We now migrate the service name to (service|rfc2136)-<service>-<address> to avoid the conflict and optionally append an index if there is still a name conflict after normalization.
2023-12-15Merge pull request #2639 from c-po/frr-t4020Viacheslav Hletenko
frr: T4020: add option to define number of open file descriptors
2023-12-15frr: T4020: add option to define number of open file descriptorsChristian Breunig
This allows the operator to control the number of open file descriptors each daemon is allowed to start with. The current assumed value on most operating systems is 1024. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen. set system frr descriptors <n>
2023-12-15firewall: T4502: add ofload to firewall table actionsGurliGebis
2023-12-14Merge pull request #2637 from sever-sever/5823Christian Breunig
T5823: Add recursive_defaults for BGP get_config dictionary
2023-12-14T5823: Add recursive_defaults for BGP get_config dictionaryViacheslav Hletenko
Add recursive_defaults values for BGP "get_config" dictionary.
2023-12-14Merge pull request #2635 from sever-sever/T5749Christian Breunig
T5749: Add a more scrict search for get_vrf method
2023-12-14T5749: Add a more scrict search for get_vrf methodViacheslav Hletenko
The current implementation is wrong as it searches `master` in the iproute2 JSON output. It is a worng as it could include bridges or bonding interfaces Add the more strict search `info_slave_kind == vrf`
2023-12-14Merge pull request #2627 from sever-sever/T4163Christian Breunig
T4163: Add BGP Monitoring Protocol BMP feature
2023-12-14Merge pull request #2590 from sever-sever/T5798Christian Breunig
T5798: load-balancing revese-proxy add multiple SSL certificates
2023-12-14T4163: Add BGP Monitoring Protocol BMP featureViacheslav Hletenko
Add BMP feature. BMP (BGP Monitoring Protocol, RFC 7854) is used to send monitoring data from BGP routers to network management entities https://docs.frrouting.org/en/latest/bmp.html Example: set system frr bmp commit run restart bgp set protocols bgp system-as '65001' set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast set protocols bgp neighbor 192.0.2.11 remote-as '65001' set protocols bgp bmp mirror-buffer-limit '256000000' set protocols bgp bmp target foo address '127.0.0.1' set protocols bgp bmp target foo port '5000' set protocols bgp bmp target foo min-retry '1000' set protocols bgp bmp target foo max-retry '2000' set protocols bgp bmp target foo mirror set protocols bgp bmp target foo monitor ipv4-unicast post-policy set protocols bgp bmp target foo monitor ipv4-unicast pre-policy set protocols bgp bmp target foo monitor ipv6-unicast post-policy set protocols bgp bmp target foo monitor ipv6-unicast pre-policy
2023-12-14Merge pull request #2630 from jestabro/authentication-add-imageChristian Breunig
image-tools: T5825: restore authentication for add system image
2023-12-14Merge pull request #2634 from Trae32566/T5827Christian Breunig
T5827: made show system image alphabetical
2023-12-14image-tools: T5825: restore authentication for add system imageJohn Estabrook
2023-12-14T5827: reversed version listingTrae Santiago
2023-12-14T5827: moved sys image sort to grub version_listTrae Santiago
2023-12-14T5827: made show system image alphabeticalTrae Santiago
2023-12-14T5827: made show system image alphabeticalTrae Santiago
2023-12-14Merge pull request #2624 from jestabro/vrf-aware-add-imageChristian Breunig
image-tools: T5821: restore vrf-aware add system image
2023-12-14Merge pull request #2631 from mcbridematt/t5826-add-dmidecode-depChristian Breunig
T5826: ensure dmidecode is installed as a dependency of vyos-1x
2023-12-14T5826: ensure dmidecode is installed as a dependency of vyos-1xMathew McBride
dmicode is used in the "show hardware dmi" and to derive synthetic MAC addresses (see python/vyos/ifconfig/interface.py). On non-x86 platforms like arm64 it may not be pulled in explictly by other packages (like libparted2) so add it as an explicit dependency.
2023-12-13image-tools: T5821: restore vrf-aware add system imageJohn Estabrook
2023-12-13Merge pull request #2621 from jestabro/clear-raid-on-installJohn Estabrook
image-tools: T5806: clear previous raid configs on install
2023-12-13ddclient: T5791: Enforce alphanumeric constraint on service nameIndrajit Raychaudhuri
Enforce constraint on Dynamic DNS service name to be alphanumeric (including hyphens and underscores).
2023-12-13ddclient: T5144: Fix migration to avoid config name conflictIndrajit Raychaudhuri
When migrating from `service dns dynamic interface <interface> ...` to `service dns dynamic address <address> ...`, the config name can potentially have a conflict when `address == 'web'`. Although the `/run/ddclient/ddclient.conf` that was generated earlier was incorrect, one could still potentially have misconfigured VyOS config without realizing it. We now append the old <interface> name to the config name to avoid conflict.
2023-12-13image-tools: T5806: deactive raid arraysJohn Estabrook
2023-12-13Merge pull request #2628 from jestabro/ftp-archiveJohn Estabrook
T5774: fix regression in remote.upload
2023-12-13T5774: fix regressions in remote.upload and use in config_mgmtJohn Estabrook
2023-12-13Merge pull request #2606 from c-po/srv6Christian Breunig
SRv6: T591: initial implementation to support locator definition
2023-12-13Merge pull request #2607 from indrajitr/ddclient-improvement-round-3-2023-12-10Christian Breunig
ddclient: T5791: Adjust warning messages, minor refactor and smoketest updates
2023-12-13Merge pull request #2622 from jestabro/obscure-passwd-on-installChristian Breunig
image-tools: T5819: do not echo password on image install