summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2024-04-20gre: T6252: allow tunnel MTU to exceed 8024 bytesfett0
(cherry picked from commit 4cde677e9e128bc9b62fad720b1b6f6cac506954)
2024-04-16Merge pull request #3318 from vyos/mergify/bp/sagitta/pr-3315Christian Breunig
T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify server certificates (backport #3315)
2024-04-16T5722: Failover route add option onlinkViacheslav Hletenko
onlink pretend that the nexthop is directly attached to this link, even if it does not match any interface prefix. Useful when gateway not in the same interface network set interfaces ethernet eth0 vif 10 address '10.20.30.1/32' set protocols static route 10.20.30.0/32 interface eth0.10 set protocols failover route 192.0.2.11/32 next-hop 10.20.30.0 onlink ``` vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 metric 1 proto failover Error: Nexthop has invalid gateway. [edit] vyos@r4# [edit] vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 onlink metric 1 proto failover [edit] vyos@r4# ``` (cherry picked from commit bb832acb97881d747a57da2728eab3ad138b8129)
2024-04-16T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵Alex W
server certificates (cherry picked from commit aafe22d08bb38a579dd5075fd27a1b88beeca791)
2024-04-15T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵Nicolas Fort
to firewall global-optinos (cherry picked from commit 76dcecafca977b640dd16d8e68c4a050ca1af4fb)
2024-04-13qos: T6035: QoS policy shaper queue-type random-detect requires limit avpktkhramshinr
Added params for configuration red on the shaper policy (cherry picked from commit 31cd75aec6d035b36537046ae0d034c03009a3fc)
2024-04-11T6214: T6213: change constraint <alpha-numeric-hyphen-underscore-dot.xml.i> ↵Nicolas Fort
in order to not allow string starting with dot character; use such constraint in firewall group definitions. (cherry picked from commit c455a1f71674300b8a74863ddfe6e551fe8fd252)
2024-04-09container: T6210: add capability sys-nicetheflakes
(cherry picked from commit b8f3c61ca514cacdfc2495f16869c1b1e07d2bbc)
2024-04-07xml: T5862: drop defaultValue from mtu-68-16000.xml.i - use individual valuesChristian Breunig
In order to lower the Ethernet default MTU we need to drop the common defaultValue from the XML mtu-68-16000.xml.i building block. Per interface default MTU is later overloaded by XML. (cherry picked from commit e86761fa1307596c721c3ddf3a61d263e8f5177b)
2024-04-07container: T6208: rename "cap-add" CLI node to "capability"Christian Breunig
Containers have the ability to add Linux system capabilities to them, this is done using the "set container name <name> cap-add" command. The CLI node sounds off and rather should be "set container name <name> capability" instead as we use and pass a capability to a container and not add/invent new ones. (cherry picked from commit b30faa43c28b592febd83a7fd3a58247de6b27bc)
2024-04-06conntrack-sync: T1244: add CLI support for StartupResyncNataliia Solomko
(cherry picked from commit 2eb7f96ca2038bf37dc1d274821ca6f619489b58)
2024-04-03T6068: T6171: change <fail-over> node from dhcp-server to ↵Nicolas Fort
<high-availability>. Also, add <mode> parameter in order to configure active-active or active-passive behavior for HA.
2024-04-02ssh: T6192: allow binding to multiple VRF instancesChristian Breunig
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF. (cherry picked from commit e5af1f0905991103b12302892e6f0070bbb7b770)
2024-04-02xml: T5738: extend VRF building blocks with common constraint definitionChristian Breunig
(cherry picked from commit 32d6a693de99021d2cd44fb4235e929caf7b4a6d)
2024-04-01bgp: T6151: Fix description in PEER disable-connected-checkfett0
(cherry picked from commit 24d0400b9c55cadef1eb99b3e84a363dd6ad5033)
2024-04-01bgp: T6151: Fix description in PEER disable-connected-checkfett0
(cherry picked from commit 84b6f6bcf59d526c35928c974e3f2d03c4d5ec06)
2024-04-01bgp: T6151: Allow configuration of disable-ebgp-connected-route-checkfett0
(cherry picked from commit 85e5ccbab85c8ded426896d61bcf64d329768f2c)
2024-04-01bgp: T6010: Allow configuration of disable-ebgp-connected-route-checkfett0
(cherry picked from commit 010c4061a8884a3617368f3618a425dc517d0675)
2024-03-28Merge pull request #3197 from vyos/mergify/bp/sagitta/pr-3193Christian Breunig
T6121: Extend config-sync for QoS and system options (backport #3193)
2024-03-28T5832: VRRP allow set interface for exluded-addressViacheslav Hletenko
Ability to set interface for `excluded-address` The excluded-addresses are not listed in the VRRP packet (adverts packets). We have this ability for `address`, add the same feature for the excluded-address ``` set high-availability vrrp group GRP-01 excluded-address 192.0.2.202 interface 'dum2' set high-availability vrrp group GRP-01 excluded-address 192.0.2.203 interface 'dum3' ``` (cherry picked from commit 0daf445abcd00446da21fe0220d41d5fdde95ebd)
2024-03-28Merge pull request #3204 from vyos/mergify/bp/sagitta/pr-2965Daniil Baturin
T5872: ipsec remote access VPN: support dhcp-interface. (backport #2965)
2024-03-28ipsec: T5606: T5871: Use multi node for CA certificatessarthurdev
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates. Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended. (cherry picked from commit 952b1656f5164f6cfc601e040b48384859e7a222)
2024-03-28T5872: ipsec remote access VPN: support dhcp-interface.Lucas Christian
(cherry picked from commit f7834324d3d9edd7e161e7f2f3868452997c9c81)
2024-03-28T6121: Extend config-sync for QoS and system optionsViacheslav Hletenko
Extent the service config-sync for sections: - qos interface - qos policy - system conntrack - system flow-accounting - system option - system sflow - system static-host-mapping - system sysctl (cherry picked from commit 9d5ad172034ae510288b11313d307f0a24bb4b7d)
2024-03-25Merge pull request #3183 from vyos/mergify/bp/sagitta/pr-3181Daniil Baturin
xml: T5738: use common constraint include for container network (backport #3181)
2024-03-24container: T6062: add image name completion helperChristian Breunig
(cherry picked from commit 37a4fdf229a7ab74718655f1d6e35fd94e5ad69a)
2024-03-24xml: T5738: use common constraint include for container networkChristian Breunig
(cherry picked from commit 6be463fcca574e051420ae7549bed72e74486470)
2024-03-21bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filteringChristian Breunig
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType value of 0x88A8 is required. Reusing CLI command from VIF-S (QinQ) interfaces: set interfaces bridge br0 protocol 802.1ad (cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
2024-03-20T6143: Increase configuratble timeout range for service config-syncViacheslav Hletenko
The maximum timeout for the `service config-sync` is 300 seconds (Connection API timeout). It could not be enough for the real massive configurations. Increase the maximum value to 3600 ``` set service config-sync secondary address 192.0.2.1 set service config-sync secondary timeout 3600 ``` (cherry picked from commit 4a90e00a886397d9f4202b78cc8995ed93d40014)
2024-03-20qos: T1871: add MTU option when configure limiter traffic-policykhramshinr
add mtu to default and specified class update smoke test (cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
2024-03-18T6121: Extend service config-sync to new sectionsViacheslav Hletenko
Extend `service config-sync` with new sections: - LeafNodes: pki, policy, vpn, vrf (syncs the whole sections) - Nodes: interfaces, protocols, service (syncs subsections) In this cae the Node allows to uses the next level section i.e subsection For example any of the subsection of the node `interfaces`: - set service config-sync section interfaces pseudo-ethernet - set service config-sync section interfaces virtual-ethernet Example of the config: ``` set service config-sync mode 'load' set service config-sync secondary address '192.0.2.1' set service config-sync secondary key 'xxx' set service config-sync section firewall set service config-sync section interfaces pseudo-ethernet set service config-sync section interfaces virtual-ethernet set service config-sync section nat set service config-sync section nat66 set service config-sync section protocols static set service config-sync section pki set service config-sync section vrf ``` (cherry picked from commit 25b611f504521181f85cb4460bfdfd702c377b5e)
2024-03-17policy: T6129: add route-map option "as-path exclude all"Christian Breunig
Remove all AS numbers from the AS_PATH of the BGP path's NLRI. set policy route-map <name> rule <rule> set as-path exclude all (cherry picked from commit 16395c902ff79fcb34019a6d499467488ed45849)
2024-03-15Merge pull request #3136 from vyos/mergify/bp/sagitta/pr-3135Christian Breunig
xml: T2518: T160: improve NAT66/NPTv6 and NAT64 help string s (backport #3135)
2024-03-14xml: T160: improve NAT64 help stringChristian Breunig
(cherry picked from commit 7ca0ad91744044f74690179eaec4160d9c4fee65)
2024-03-14xml: T2518: improve NAT66/NPTv6 help stringChristian Breunig
(cherry picked from commit 63de63f43aaa720993faf06ba2789789d87d63c6)
2024-03-14xml: T3642: improve PKI CLI help stringChristian Breunig
(cherry picked from commit d6226d60dce4a46c9fa63adbf85f2df86c7bd1b1)
2024-03-13Merge pull request #3129 from vyos/mergify/bp/sagitta/pr-3125Daniil Baturin
radvd: T6118: add nat64prefix support RFC8781 (backport #3125)
2024-03-13radvd: T6118: add nat64prefix support RFC8781Christian Breunig
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime must not be smaller than the "interface interval max" definition which defaults to 600. set service router-advert interface eth1 nat64prefix 64:ff9b::/96 (cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
2024-03-13T2447: add configurable kernel boot option 'disable-power-saving'Christian Breunig
Lower available CPU C states to a minimum if this option set. This will set Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1". (cherry picked from commit 3a3e0dff4ff1f80835eca6b2362d792e3ecacc8e)
2024-03-12vrrp: T6020: vrrp health-check script not applied correctly in keepalived.confkhramshinr
Added health-check to sync-group in CLI Don't use instance health-check when instance in sync group member Disallow wrong healtch-check configurations New smoke test
2024-03-11Merge pull request #3118 from c-po/T6093-sagittaChristian Breunig
dhcp-client: T6093: extend regex for client class-id's with DOT (backport #3117)
2024-03-10xml: T6098: relax description constraint to allow non-ascii charactersJohn Estabrook
A restriction to ascii in the constraint disallowed earlier support for unicode bytes. (cherry picked from commit 66b92e1cd4ec948c1e2df4bee9b21da9633f5bd8)
2024-03-10dhcp-client: T6093: extend regex for client class-id's with DOTLucas
The regex used is not working if the string contains dots. Originally authored by: Lucas <pinheirolucas@pm.me> (cherry picked from commit c8670ae7941a8bac31e2174d4c6426b47272bfcc)
2024-03-10xml: T5738: revert invalid change from lower character limit - 0 length must ↵Christian Breunig
be allowed This reverts a change from commit a72ededa0 ("xml: T5738: lower maximum description to 255 characters") which incresaed the lower limit from 0 to 1. We actually require 0 length value for description nodes as introduced in commit 6eea12512e ("xml: T1579: allow zero length for description"). (cherry picked from commit 724c685cba423758bece827d6d286815933ba912)
2024-03-10xml: T5738: lower maximum description to 255 charactersChristian Breunig
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field. (cherry picked from commit a72ededa0b29c25efaab52f2db170c34eba50248)
2024-03-07http-api: T6107: add an option to increase the request body size limitDaniil Baturin
(cherry picked from commit 4792d39bb84991768404f69ff807e43a9979a79e)
2024-03-07snmp: T2998: SNMP v3 oid "exclude" option fixNataliia Solomko
(cherry picked from commit 77a25e95da48549f2791b677f4ba187e547b1c6a)
2024-03-06conntrack-sync: T6057: Add ability to disable syslog for conntrackdNataliia Solomko
(cherry picked from commit c37fb4010c50a18029d6c680c42fceb3b8930dbd)
2024-03-06wifi: T6095: incorrect country-code "uk" it's actually "gb"Christian Breunig
All valid country codes can be retrieved from [1] and extracted which resulted in the completion helper list of this commit. 1: https://git.kernel.org/pub/scm/linux/kernel/git/wens/wireless-regdb.git/tree/db.txt (cherry picked from commit 45cd735f89a4b6c7419a26d2800d832c9da9f735)
2024-03-05xml: T5738: use generic-disable-node building block for "disable" CLI nodesChristian Breunig
Make the code more uniform and maintainable. (cherry picked from commit 21b0bf0168697fdbe514ae49a4a28b39a91ec777)