summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2023-07-27Merge pull request #2105 from sever-sever/T5368Daniil Baturin
T5368: service ids ddos-protection add support sflow mode
2023-07-27openvpn: T4974: move CLI node "enable-dco" -> "offload dco" to match other ↵Christian Breunig
inetfaces Keep a common CLI structure by re-using the already established offload node from ethernet.
2023-07-26Merge pull request #2078 from nicolas-fort/T5154Viacheslav Hletenko
T5154: NTP: allow maximum of one ipv4 and one ipv6 address on paramet…
2023-07-25T5154: NTP: allow maximum of one ipv4 and one ipv6 address on parameter ↵Nicolas Fort
<listen-address>. Also allow only one single value <interface>.
2023-07-22Merge pull request #2107 from fett0/T4974Christian Breunig
T4974:add/fixed enable ovpn-dco by default
2023-07-21 T4974:add/fixed enable ovpn-dco by defaultfett0
2023-07-21ospf: T5377: add "capability opaque" supportChristian Breunig
2023-07-21T5368: service ids ddos-protection add support sflow modeViacheslav Hletenko
sFlow mode requires fewer resources then mode "mirror" Integrate it into configuration mode set service ids ddos-protection mode 'sflow' set service ids ddos-protection sflow listen-address '127.0.0.1' set service ids ddos-protection sflow port '6343'
2023-07-20ospf: T5377: add graceful restart FRR feature (RFC 3623)Christian Breunig
New CLI commands: * set protocols ospf graceful-restart grace-period 300 * set protocols ospf graceful-restart helper planned-only * set protocols ospf graceful-restart helper no-strict-lsa-checking * set protocols ospf graceful-restart helper supported-grace-time 400 * set protocols ospf graceful-restart helper enable router-id 192.0.2.1 * set protocols ospf graceful-restart helper enable router-id 192.0.2.2 * set protocols ospfv3 graceful-restart grace-period 300 * set protocols ospfv3 graceful-restart helper planned-only * set protocols ospfv3 graceful-restart helper lsa-check-disable * set protocols ospfv3 graceful-restart helper supported-grace-time 400 * set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.1 * set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.2
2023-07-20T5373: LLDP is running even with disable option bugViacheslav Hletenko
Fix template do not add interfaces with 'disable' option to the lldp.conf
2023-07-19high-availability: T5362: Fixed setting vrrp versionaapostoliuk
Fixed setting vrrp version
2023-07-16syslog: T2778: fix invalid handling of logrotate and default valuesChristian Breunig
There was no /var/log/messages handler for logrotate making rsyslog crash after a few days. In addition we had some JIna2 templating errors for hosts, user and file CLI nodes jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'facility' Looks like therey are used rarely ;) - lucky me!
2023-07-12bgp: T5338: simplify XML and code handlingChristian Breunig
2023-07-12Merge pull request #2085 from aapostoliuk/T5338-sagittaChristian Breunig
bgp: T5338: Added 'protocols bgp interface <int> mpls forwarding' feature
2023-07-11bgp: T5338: Added 'protocols bgp interface <int> mpls forwarding' featureaapostoliuk
Added 'protocols bgp interface <int> mpls forwarding' feature. It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected.
2023-07-11T5341: HA migrate virtual-server tag to node addressViacheslav Hletenko
Migrate: high-availability virtual-server 203.0.113.1 to: high-availability virtual-server <name> address 203.0.113.1
2023-07-06VPP: T1797: Optimized memory allocation during startupzsdc
- changed memory requirement from total to available. This allows to start on systems with less total memory and protects from startup on systems with overloaded memory. - prevent startup if sysctl settings were not applied. This protects from situations when the system cannot allocate enough hugepages or apply other sysctl settings.
2023-07-03Merge pull request #2069 from sever-sever/T5333Christian Breunig
T5333: Set prefix UD for PBR generated user-defined chain names
2023-07-03ospf: T5334: add support for external route summarisation Type-5 and Type-7 LSAsChristian Breunig
* set protocols ospf aggregation timer <seconds> * set protocols ospf summary-address x.x.x.x/x [tag 1-4294967295] * set protocols ospf summary-address x.x.x.x/x no-advertise
2023-07-03VPP: T1797: Added interfaces reinitializationzsdc
After an interface is added/removed from VPP, it will be reinitialized, which allows reconfiguring IP addresses on it. Also modified VPP load priority to start before interfaces, and avoid reconfiguration during boot.
2023-07-03T5333: Set prefix UD for PBR generated user-defined chain namesViacheslav Hletenko
We cannot use some specific names like POSTROUTING/PREROUTING as for PBR they overlaps with VyOS defined chains Chains aftoconfigured by VyOS itself: chain VYOS_PBR_PREROUTING chain VYOS_PBR_POSTROUTING If we try to use chain name "POSTROUTING" it generates 2 chains with the same name "chain VYOS_PBR_POSTROUTING" one is autoconfigured and the second defined by user set policy route POSTROUTING rule 100 Add the user-defined (UD) prefix to separate user defined names That allows to use any user-defined names
2023-07-01T1797: VPP verify minimal installed memory and apply sysctlViacheslav Hletenko
Do not allow configure VPP if on the systems with low amount installed memory Add sysctl VPP parameters (hugepages, kernel.shmmax)
2023-06-29Merge pull request #2059 from sever-sever/T1797-vppChristian Breunig
T1797: Add initial vpp configuration
2023-06-27T1797: Add initial vpp configurationViacheslav Hletenko
Add initial configuration mode for VPP (PoC) set vpp cpu corelist-workers '2' set vpp cpu main-core '1' set vpp interface eth1 num-rx-desc '256' set vpp interface eth1 num-rx-queues '512' set vpp interface eth1 num-tx-desc '256' set vpp interface eth1 num-tx-queues '512' set vpp interface eth1 pci '0000:02:00.0' set vpp interface eth1 rx-mode 'polling' set vpp interface eth2 pci '0000:08:00.0' Limitation: - 'set vpp interface ethX pci auto' works only per first commit, then interface detached from default stack and creates tun interface 'ethX' to communicate with default stack. In this case we can't get PCI address via ethtool for 'tun' interfaces. But we can set pci address manualy. - Interface sync between default stack and VPP-DPDK stack After vpp change it doesn't trigger iproute2 for changes (should be written later) I.e. if we change something in vpp per each commit it restarts vpp.service it gets empty interface config as we don't configure vpp directly and it should be configured via iproute2 But then if we do any change on interface (for example description) it gets IP address, MTU, state, etc.
2023-06-26vrrp: T5315: add support to explicitly specify versionChristian Breunig
set high-availability vrrp group <name> version 2|3
2023-06-22tacacs: T141: initial implementationChristian Breunig
2023-06-14http-api: T5292: do not include https.py in scripts run by configdJohn Estabrook
2023-06-10Merge pull request #2015 from sever-sever/T5231Christian Breunig
T5231: Add op-mode for show reverse-proxy
2023-06-09dns: T5144: Explicitly override ddclient global options for reliabilityIndrajit Raychaudhuri
- For option 'web', ddclient defaults to 'dyndns' which doesn't support ssl. This results ddclient process lockup till connection to checkip.dyndns.org:443 times out. - For option 'use', ddclient defaults 'ip'. This results in confusing message "WARNING: '' is not a valid IPv4 or IPv6 address" in log.
2023-06-09dns: T5144: Skip clearing 'PIDFile' in ddclient systemd overrideIndrajit Raychaudhuri
'PIDFile' option in 'Service' isn't multi-value and thus doesn't need to be cleared before overriding.
2023-06-06mdns: T5227: Refactor smoke tests for mdns-repeaterIndrajit Raychaudhuri
Changes: - Load generate 'avahi-daemon.conf' and validate basic configs - Add tests for browsing domains and reflect-filter services
2023-06-06dns: T5144: update conf script nameJohn Estabrook
2023-06-04dns: T5144: Streamline ddclient systemd service overrideIndrajit Raychaudhuri
Templatize systemd override for ddclient service and move the generated override files in /run. This ensures that the override files are always generated afresh after boot. Additionally, simplify the systemd override file by removing the redundant/superfluous overrides.
2023-06-04dns: T5144: Add pid and cache config as ddclient globalIndrajit Raychaudhuri
2023-06-04dns: T5144: Relocate ddclient template path for consistency with config pathIndrajit Raychaudhuri
2023-06-03dns: T5144: Modernize dynamic dns operationIndrajit Raychaudhuri
Apply next round of configuration tree updates to 'service dns dynamic' with the following changes: - Migrate `service dns dynamic interface <interface> [use-web]` to `service dns dynamic address <interface>` or `service dns dynamic address web [web-options]` This communicates the intent that dynamic dns IP address is detected in only one way - using the `<interface>` or using an external web request, not both. - When using external web request, (`service dns dynamic address web`), external url is optional (`web-options url`). Ddclient defaults are used when unspecified, - Rename all config `login` to `username` for consistency and also to align better with alternative ddclient backends in consideration. - Apply global 'ipv6-enable' to per service 'ip-version: ipv6'. Selecting usage of IPv4 or IPv6 (or both simultaneously) is now at per service (protocol) level instead of global level. This allows more control on the ability to select IPv4 in some cases and IPv6 in some other cases wherever supported by the underlying ddclient protocol. - While the IP address (and by extension, the detection mechanism) is global, the way it is applied to a particular ddclient protocol depends on whether it supports IPv4 or IPv6 or both. - Related to the above, this also prevents generating incorrect config file (`ddclient.conf`) with multiple global sections leading to an unpredictable behavior of ddclient. - Implement provider (protocol) specific custom tweaks whenever possible (e.g., `zone`, `username`, `server` are not necessary in all cases). - Move service name from a combination of 'protocol' (with protocol config autodetected) and custom (with protocol config specified) to a single 'service' key. This allows for consisent setup of multiple config for the same ddclient protocol (with different options and credentials). This also avoid ambiguity with usual networking term 'protocol' and ddclient specific term 'protocol' (and can change with a move to a different backend). - Apply upfront XML constraints and validations consistently wherever applicable. - RFC2136 specific change: Rename rfc2136 config `record` to `host-name` for consistency. - Cloudflare specific change: While ddclient still supports authenticating with email and global auth key, skipping `username` in config will indicate the intent to use API token authentication (with special 'token' literal as `username`).
2023-06-03T5257: Fix netflow VRF and bracketize v6 source addresses for netflow/sflowWered
2023-05-28container: T5003: add new mandatory option runrootChristian Breunig
2023-05-25T5231: Add op-mode for show reverse-proxyViacheslav Hletenko
Add op-mode CLI for reverse-proxy "show reverse-proxy" Ability to get JSON and formatted output
2023-05-19T5230: remove trailing tabs causing j2lint errorJohn Estabrook
2023-05-19Merge pull request #2014 from ServerForge/currentChristian Breunig
T5230: Added missing enforce-first-as option to bgp protocol common c…
2023-05-19T5230: Added missing enforce-first-as option to bgp protocol common config ↵Wered
and frr bgp jinja template.
2023-05-19T5222: reverse-proxy add send-proxy option for backend serverViacheslav Hletenko
To accept a Proxy Protocol header on incoming TCP connections, add an accept-proxy parameter to the bind line in a frontend section. This parameter detects both Proxy Protocol version 1 (text format) and Proxy Protocol version 2 (binary format). set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
2023-05-19T5222: reverse-proxy fix template for listen-addressViacheslav Hletenko
Load-balancing reverse-proxy listen-address is multi-value node Use bracketize for correct set bind config for IPv6 addresses Listen by default IPv4 and IPv6 if listen-address is not defined
2023-05-19T5222: Refactoring load-balancing reverse-proxyViacheslav Hletenko
Improve and refactoring "load-balancing reverse-proxy" - replace 'reverse-proxy server <tag>' => 'reverse-proxy service <tag>' - replace 'reverse-proxy global-parameters tls <xxx>' => 'reverse-proxy global-parameters tls-version-min xxx' => 'reverse-proxy global-parameters ssl-bind-ciphers xxx' - replace 'reverse-proxy service https rule <tag> set server 'xxx' => 'reverse-proxy service https rule <tag> set backend 'xxx' 'service https rule <tag> domain-name xxx' set as multinode
2023-05-17Merge pull request #2004 from sever-sever/T5222Christian Breunig
T5222: Add load-balancing for web traffic
2023-05-17T5222: Add load-balancing for web trafficViacheslav Hletenko
2023-05-17mdns: T5227: Add support for browse domains and service filtersIndrajit Raychaudhuri
Allow listing additional browse domains (in addition to the default 'local') so that custom domains can be reflected. Additionally, allow filtering the services that are allowed to be reflected across multiple (V)LANs.
2023-05-12ocserv: T3896: improve XML definition and add warning about 3rd party configsChristian Breunig
When enabling identity-based-config, users can add arbitrary config keys that are processed by ocserv. The user "must know" what he is been doing, as invalid config option will make the ocserv daemon go ... whoop! Thus add a warning and inform the user about this setting.
2023-05-12T2778: Fix syslog octet_counted formatBᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs