| Age | Commit message (Collapse) | Author |
|---|
|
firewall: T5493: Implement remote-group
|
|
|
|
wireguard: T7246: verify Base64 encoded 32byte boundary on keys
|
|
Not 31 bytes or 33 bytes, but exactly 32. This matters, because 32 does not
divide evenly by .75, so there's a padding character and the penultimate
character does not include the whole base64 alphabet.
Extend the base64 validator with an optional argument to define the length
to match of the decrypted Base64 encoded string.
Source: https://lists.zx2c4.com/pipermail/wireguard/2020-December/006222.html
|
|
T7252: Allow vpptun and vpptap for constraint validator
|
|
* bgp: T7157: Allow using route-maps for VRF route leaking in BGP
Added the possibility of using route-map in route leaking.
* Improve the constraint error message
---------
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
It fixes cases whey we want to use VPP kernel interfaces for OSPF
But VPP kernel interface is not exists on this step
set vpp interfaces loopback lo0 kernel-interface 'vpptun0'
set protocols ospf interface vpptun0 area '0'
Incorrect path /sys/class/net/vpptun0: no such file or directory
|
|
policy: T7116: Remove unsupported use of BGP community "internet"
|
|
T7118: Added the ability to redistribute NHRP routes to other protocols
|
|
* wlb: T7196: Migrate interface wildcards to nftables format
* wlb: T7196: Fix exclude/interface verify check
* wlb: T7196: Extra sanity check on ipv4 address function
|
|
Added the ability to redistribute NHRP routes to:
OSPF
BGP
Babel
RIP
IS-IS
|
|
This has been split into a separate commit in case this is overkill for
the fix. 1.2 and 1.3 installs predate the change to FRR that removed support,
but "internet" is already broken on 1.4.
|
|
"internet"
|
|
lldp: T7165: add support to enable only rx/tx on specific interfaces
|
|
LLDP is a stateless protocol which does not necessitate sending to receive
advertisements. There are multiple scenarios such as provider peering links in
which it is advantageous to receive LLDP but not disclose internal information
to the provider.
Add new CLI command:
* set service lldp interface <name> mode [disable|rx-tx|rx|tx]
The default is unchanged and will be rx-tx.
Furthermore if an interface has an explicit LLDP disable configured under
"set service lldp interface <name> disable" this will be migrated to
"set service lldp interface <name> mode disable"
|
|
Add the ability to configurate default timeout and frontend
client timeout
```
set load-balancing haproxy service web timeout client '600'
set load-balancing haproxy timeout check '4'
set load-balancing haproxy timeout client '600'
set load-balancing haproxy timeout connect '12'
set load-balancing haproxy timeout server '120'
```
|
|
firewall: T7177: Update interface-name constraint to allow "pod-" interface names
|
|
support pod interfaces from containers
|
|
|
|
* set protocols bgp address-family <ipv4-unicast|ipv6-unicast> redistribute
table <n> [metric <n>] [route-map <name>]
|
|
Re-use existing XML constraint added via commit 8f6246da6 ("xml: T7161: provide
re-usable building block for alternative routing tables") and add handy CLI
completion helper.
FRRouting supports redistribution of multiple non-main tables, thus make this
a multi node in addition, too.
|
|
|
|
|
|
|
|
|
|
T6641: Add vyos-network-event-logger Service
|
|
|
|
The service parses and logs network events for improved monitoring and diagnostics.
Supported event types include:
- `RTM_NEWROUTE`, `RTM_DELROUTE`
- `RTM_NEWLINK`, `RTM_DELLINK`
- `RTM_NEWADDR`, `RTM_DELADDR`
- `RTM_NEWNEIGH`, `RTM_DELNEIGH`, `RTM_GETNEIGH`
- `RTM_NEWRULE`, `RTM_DELRULE`
Added operational mode commands for filtered log retrieval:
- `show log network-event <event-type> <interface>`: Retrieve logs filtered by event type and interface.
- `show interfaces <type> <name> event-log <event-type>`: Display interface-specific logs filtered by event type.
|
|
nhrp: T2326: NHRP migration to FRR
|
|
NHRP migration to FRR
|
|
haproxy: T5222: Enable backend completion in service ruleset
|
|
|
|
Enable completion for backend in haproxy service ruleset like so:
```
set load-balancing haproxy service NAME rule 10 set backend
```
|
|
interfaces attached to VRFs
|
|
* T6949: adds blackbox exporter
* T6949: adds basic config generation
* T6949: extract shared module config options
* T6949: switch to ipv4/6 literals
* T6949: moves config file to /run
* T6949: adds dns query name option
* T6949: adds dns query type values
* T6949: adds blackbox exporter to debian/control
|
|
Change XML definitions to re-use already existing building blocks, or merge
two building block sinto one (e.g. static route interfaces).
|
|
T6953: merges node and frr exporter under prometheus section
|
|
|
|
T6934: Add preshared key for zabbix-agent monitoring service
|
|
T6874: [QoS] Add class filter by ether
|
|
T6918: Accept invalid PPPoE Session in stateful bridge firewall.
|
|
Implement a command to configure QoS policy filters by ether properties.
The supported match types include:
- Destination: Specify the Ethernet destination address.
- Protocol: Define the Ethernet protocol.
- Source: Set the Ethernet source address.
`set qos policy <type> <name> class <id> match <match-id> ether <destination|protocol|source> <val>`
|
|
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
Migrate "set protocols static route <x.x.x.x/x> next-hop <y.y.y.y> bfd multi-hop
source <z.z.z.z> profile <NAME>" to: "set protocols static route <x.x.x.x/x>
next-hop <y.y.y.y> bfd profile bar"
FRR supports only one source IP address per BFD multi-hop session. VyOS
had CLI cupport for multiple source addresses which made no sense.
|
|
With FRR 10.0 daemons started to be migrated to integrated FRR mgmtd and a
northbound interface. This led to some drawbacks in the current state how
changes to FRR are handled. The current implementation will use frr-reload.py
and specifies excatly WHICH daemon needs a config update and will only replace
this part inside FRR.
With FRR10 and mgmtd when a partial configuration is sent to mgmtd, it will
remove configuration parts from other daemons like bgpd or ospfd which have
not yet been migrated to mgmtd.
It's not possible to call frr-reload.py with daemon mgmtd - it will error out.
This commit will also change the CLI for static routes:
CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
source 1.1.1.1" will be split into:
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd source-address 1.1.1.1
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
To make the XML blocks reusable, and comply with the FRR CLI - this was actually
a wrong implementation from the beginning as you can not have multiple BFD
source addresses.
CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
source 1.1.1.1 profile bar" is changed to:
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd profile bar
CLI commands "set protocols static multicast interface-route" is moved to:
* set protocols static multicast route <x.x.x.x/x> interface
To have an identical look and feel with regular static routes.
|
|
|
|
static: T4214: Allow several dhcp-interfaces to the same static rote
|
|
- Allow configure preshared key for zabbix-agent
- Added op mode command for generatre random psk secret
- Removed duplicate xml definition for psk settings
Configure authentication mode:
```
# set service monitoring zabbix-agent authentication mode
Possible completions:
pre-shared-secret Use a pre-shared secret key
```
Configure PSK Settings:
```
# set service monitoring zabbix-agent authentication psk
Possible completions:
id ID for authentication
secret pre-shared secret key
```
Generate Random PSK:
```
$ generate psk random
Possible completions:
<Enter> Execute the current command
size Key size in bytes
```
|
|
|
|
set `default-route-distance` to 1
|
