summaryrefslogtreecommitdiff
path: root/interface-definitions/include
AgeCommit message (Collapse)Author
2023-08-23Merge pull request #2159 from c-po/t5491-wifiChristian Breunig
wifi: T5491: allow white-/blacklisting station MAC addresses for security
2023-08-23bgp: T3759: add l3vpn "import vrf default" completion helperChristian Breunig
2023-08-23Merge pull request #2142 from nicolas-fort/T5450Christian Breunig
T5450: allow inverted matcher for interface and interface-group
2023-08-23T5450: update smoketest and interface definition in order to work with new ↵Nicolas Fort
firewall cli
2023-08-23Merge pull request #2156 from giga1699/T5447Christian Breunig
T5447: Initial support for MACsec static keys
2023-08-20T5447: Implement maintainer feedbackGiga Murphy
2023-08-20wifi: T5491: allow white-/blacklisting station MAC addresses for securityChristian Breunig
Station MAC address-based authentication means: * 'allow' accept all clients except the one on the deny list * 'deny' accept only clients listed on the accept list New CLI commands: * set interfaces wireless wlan0 security station-address mode <accept|deny> * set interfaces wireless wlan0 security station-address accept mac <mac> * set interfaces wireless wlan0 security station-address deny mac <mac>
2023-08-19bgp: T5466: rename type on CLI per-nexhop -> per-nexthop for l3vpn MPLS labelsChristian Breunig
This fixes a CLI typo added in commit 77ef9f800 ("T5466: L3VPN label allocation mode").
2023-08-17Merge pull request #2130 from aapostoliuk/T5409-sagittaChristian Breunig
wireguard: T5409: Added 'set interfaces wireguard wgX threaded'
2023-08-17wireguard: T5409: rename threaded CLI not to per-client-threadChristian Breunig
Using threaded as CLI node is a very deep term used by kernel threads. To make this more understandable to users, rename the node to per-client-thread. It's also not necessary to test if any one peer is configured and probing if the option is set. There is a base test which requires at least one peer to be configured.
2023-08-17radius: T5490: add stricter validation for keyChristian Breunig
2023-08-16 T5466: L3VPN label allocation modefett0
2023-08-11ipv6: T5464: add support for per-interface dad (duplicate address detection) ↵Christian Breunig
setting
2023-08-11ipv6: T5464: use proper XML default for DAD transmitsChristian Breunig
This is only a cosmetic change so that the default value is properly retrieved from the defaultValue XML node.
2023-08-11T5460: remove config-trap from firewallNicolas Fort
2023-08-11T5160: firewall refactor: fix regexep for connection-status. Create new file ↵Nicolas Fort
with common matcher for ipv4 and ipv6, and use include on all chains for all this comman matchers
2023-08-11T5160: firewall refactor: change default value for <default-action> from ↵Nicolas Fort
<drop> to <accept> if default-action is not specified in base chains
2023-08-11T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵Nicolas Fort
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip.
2023-08-11T5160: firewall refactor: change firewall ip to firewall ipv4Nicolas Fort
2023-08-11T5160: firewall refactor: new cli structure. Update only all xmlNicolas Fort
2023-08-08Merge pull request #2119 from nicolas-fort/T5014-dnatChristian Breunig
T5014: nat: add source and destination nat options for configuring lo…
2023-08-07T5446: BGP: change <bgp paramater bestpath med> from node to leafNode, in ↵Nicolas Fort
order to avoid empty value and problems when removing such parameters
2023-08-02Merge pull request #2122 from aapostoliuk/T5413Christian Breunig
wireguard: T5413: Blocked adding the peer with the router's public key
2023-08-02wireguard: T5413: Blocked adding the peer with the router's public keyaapostoliuk
Disabeled adding the peer with the same public key as the router has. Added smoketest
2023-07-31Merge branch 'current' into T5014-dnatNicolás Fort
2023-07-31T5014: fix conflicts. Add code for redirection, which is causing conflicts. ↵Nicolas Fort
Change code for new syntax
2023-07-31T5014: nat: add source and destination nat options for configuring load ↵Nicolas Fort
balance within a single rule.
2023-07-31dhcpv6-pd: T5387: add support for no-release flag1vivy
When no-release is specified, dhcp6c client will not release allocated address or prefix on client exit. vyos.ifconfig: dhcpv6: T5387: re-use options_file for no release flag [WIP] * Todo: render Jinja2 template and fill it vyos.ifconfig: dhcpv6: T5387: finish options_file and no release flag in cli vyos.ifconfig: dhcpv6: T5387: fix missing/wrong end tag vyos.ifconfig: dhcpv6: T5387: fix options, no var for -n dhcpv6-client: T5387: fix missing / from filepaths
2023-07-26Merge pull request #2078 from nicolas-fort/T5154Viacheslav Hletenko
T5154: NTP: allow maximum of one ipv4 and one ipv6 address on paramet…
2023-07-25T5154: NTP: allow maximum of one ipv4 and one ipv6 address on parameter ↵Nicolas Fort
<listen-address>. Also allow only one single value <interface>.
2023-07-21ospf: T5377: add "capability opaque" supportChristian Breunig
2023-07-20ospf: T5377: add graceful restart FRR feature (RFC 3623)Christian Breunig
New CLI commands: * set protocols ospf graceful-restart grace-period 300 * set protocols ospf graceful-restart helper planned-only * set protocols ospf graceful-restart helper no-strict-lsa-checking * set protocols ospf graceful-restart helper supported-grace-time 400 * set protocols ospf graceful-restart helper enable router-id 192.0.2.1 * set protocols ospf graceful-restart helper enable router-id 192.0.2.2 * set protocols ospfv3 graceful-restart grace-period 300 * set protocols ospfv3 graceful-restart helper planned-only * set protocols ospfv3 graceful-restart helper lsa-check-disable * set protocols ospfv3 graceful-restart helper supported-grace-time 400 * set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.1 * set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.2
2023-07-12bgp: T5338: simplify XML and code handlingChristian Breunig
2023-07-12bgp: T2387: re-use XML building blocks to simplify CLI definitionChristian Breunig
2023-07-12Merge pull request #2085 from aapostoliuk/T5338-sagittaChristian Breunig
bgp: T5338: Added 'protocols bgp interface <int> mpls forwarding' feature
2023-07-11bgp: T5338: Added 'protocols bgp interface <int> mpls forwarding' featureaapostoliuk
Added 'protocols bgp interface <int> mpls forwarding' feature. It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected.
2023-07-11T5341: HA migrate virtual-server tag to node addressViacheslav Hletenko
Migrate: high-availability virtual-server 203.0.113.1 to: high-availability virtual-server <name> address 203.0.113.1
2023-07-06bgp: T5343: add ipv4-vpn and ipv6-vpn config options to peer-groupJonathan Voss
2023-07-05geneve: T5339: add option to use ipv4 instead of ethernetfett0
2023-07-03ospf: T5334: add support for external route summarisation Type-5 and Type-7 LSAsChristian Breunig
* set protocols ospf aggregation timer <seconds> * set protocols ospf summary-address x.x.x.x/x [tag 1-4294967295] * set protocols ospf summary-address x.x.x.x/x no-advertise
2023-07-03xml: policy: T2425: create building block for "tag" nodeChristian Breunig
2023-06-29policy: T4329: Fix regex for extcommunity rt #2Christian Breunig
The previous implementation did not iterate over the communit list, so only one match criteria was supported. set policy route-map FOO rule 10 action 'permit' set policy route-map FOO rule 10 set extcommunity rt '1111:2222222' worked but on the other hand this failed: set policy route-map FOO rule 20 action 'permit' set policy route-map FOO rule 20 set extcommunity rt '6500:24 6500:23 192.168.0.1:111 192.168.0.1:222'
2023-06-23T5312: Escape special characterJon Sanchez
2023-06-21xml: radius: T141: re-use common port building blockChristian Breunig
2023-06-12Merge pull request #2040 from nicolas-fort/T5283Christian Breunig
T5283: ipoe-server: add more flexibility in subnet parameter.
2023-06-12T5286: drop XDP support for ethernet and bonding interfacesChristian Breunig
... this is a step towards a new and better implementation that will utilize VPP.
2023-06-12T5283: ipoe-server: add more flexibility in subnet parameter.Nicolas Fort
2023-06-04dns: T5144: Apply migration for dynamic dns path updateIndrajit Raychaudhuri
Create migration and bump package version from 0 -> 1 for dynamic dns
2023-06-03dns: T5144: Modernize dynamic dns operationIndrajit Raychaudhuri
Apply next round of configuration tree updates to 'service dns dynamic' with the following changes: - Migrate `service dns dynamic interface <interface> [use-web]` to `service dns dynamic address <interface>` or `service dns dynamic address web [web-options]` This communicates the intent that dynamic dns IP address is detected in only one way - using the `<interface>` or using an external web request, not both. - When using external web request, (`service dns dynamic address web`), external url is optional (`web-options url`). Ddclient defaults are used when unspecified, - Rename all config `login` to `username` for consistency and also to align better with alternative ddclient backends in consideration. - Apply global 'ipv6-enable' to per service 'ip-version: ipv6'. Selecting usage of IPv4 or IPv6 (or both simultaneously) is now at per service (protocol) level instead of global level. This allows more control on the ability to select IPv4 in some cases and IPv6 in some other cases wherever supported by the underlying ddclient protocol. - While the IP address (and by extension, the detection mechanism) is global, the way it is applied to a particular ddclient protocol depends on whether it supports IPv4 or IPv6 or both. - Related to the above, this also prevents generating incorrect config file (`ddclient.conf`) with multiple global sections leading to an unpredictable behavior of ddclient. - Implement provider (protocol) specific custom tweaks whenever possible (e.g., `zone`, `username`, `server` are not necessary in all cases). - Move service name from a combination of 'protocol' (with protocol config autodetected) and custom (with protocol config specified) to a single 'service' key. This allows for consisent setup of multiple config for the same ddclient protocol (with different options and credentials). This also avoid ambiguity with usual networking term 'protocol' and ddclient specific term 'protocol' (and can change with a move to a different backend). - Apply upfront XML constraints and validations consistently wherever applicable. - RFC2136 specific change: Rename rfc2136 config `record` to `host-name` for consistency. - Cloudflare specific change: While ddclient still supports authenticating with email and global auth key, skipping `username` in config will indicate the intent to use API token authentication (with special 'token' literal as `username`).
2023-06-03netns: xml: T3829: fix format stringChristian Breunig