Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-01-07 | xml: T1579: merge generic-description.xml.i and interface/description.xml.i | Christian Poessinger | |
No need to have two distinct include blocks as one superseeds the other. Also this makes the entire behavior of "description" CLI node simpler. | |||
2022-11-11 | policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵ | sarthurdev | |
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle | |||
2022-09-13 | firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵ | sarthurdev | |
firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script | |||
2022-07-18 | macsec: T4537: allow 32-byte keys for gcm-aes-256 | Christian Poessinger | |
2022-04-29 | xml: T4047: use full string match in the regex validator | Christian Poessinger | |
2022-04-07 | qos: T4284: rename "traffic-policy" node to "qos policy" | Christian Poessinger | |
"set traffic-policy" now becomes "set qos policy" "set interface ethernet eth0 traffic-policy" now bvecomes "set qos interface eth0" | |||
2022-04-07 | qos: T4284: support mirror and redirect on all interface types | Christian Poessinger | |
2022-03-21 | qos: T4284: initial XML interface definitions for rewrite | Christian Poessinger | |
2022-02-24 | scripts: T4269: node.def generator should automatically add default values | Christian Poessinger | |
Since introducing the XML <defaultValue> node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help. | |||
2022-02-20 | macsec: T4261: add dhcp client support | Christian Poessinger | |
2021-12-06 | policy: T2199: Migrate policy route to XML/Python | sarthurdev | |
2021-12-06 | firewall: T2199: Migrate firewall to XML/Python | sarthurdev | |
2021-08-29 | xml: add missing "u32:" value declarator on integer ranges | Christian Poessinger | |
2021-08-20 | xml: remove superfluous "interface" prefix from interface includes | Christian Poessinger | |
2021-03-14 | xml: T1579: re-arrange xml interface include building blocks | Christian Poessinger | |
As the amount of include files now has reached a certain amount, it is getting more and more crowsded, thuse introducing "per topic" subdirectories on the filesystem to keep a clean structure makes sense. | |||
2021-02-28 | macsec: T3368: add support for gcm-aes-256 cipher | Christian Poessinger | |
2021-01-21 | xml: T3239: override default mtu values and remove workarounds | John Estabrook | |
2020-11-07 | macsec: T2653: include common "ip" and "ipv6" interface options | Christian Poessinger | |
2020-10-28 | mtu: T2630: add support for ethernet MTU up to 16000 bytes | Christian Poessinger | |
There is a Myricom 10G card with 16k MTU available. | |||
2020-09-26 | macsec: T2023: shift priority to run on vxlan/geneve source-interface | Christian Poessinger | |
2020-09-20 | macsec: T2023: add missing mtu CLI option | Christian Poessinger | |
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for 802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not make the user juggle with the MTU bytes if he enables VLAN support later on, which is yet to come. | |||
2020-06-27 | ifconfig: T2653: move macsec interface to get_config_dict() | Christian Poessinger | |
2020-05-22 | macsec: T2491: add replay window protection | Christian Poessinger | |
2020-05-21 | macsec: T2023: add valueHelp for MKA keys | Christian Poessinger | |
2020-05-21 | macsec: T2023: support MACsec Key Agreement protocol actor priority | Christian Poessinger | |
2020-05-21 | macsec: T2023: rename "security key" node to "security mka" | Christian Poessinger | |
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that. | |||
2020-05-21 | macsec: T2023: use wpa_supplicant for key management | Christian Poessinger | |
2020-05-21 | macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node | Christian Poessinger | |
This is best suited as a key is required, too. | |||
2020-05-21 | macsec: T2023: remove gcm-aes-256 cipher type | Christian Poessinger | |
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2. | |||
2020-05-21 | macsec: T2023: add optional encryption command | Christian Poessinger | |
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt | |||
2020-05-21 | macsec: T2023: add initial XML and Python interfaces | Christian Poessinger | |