Age | Commit message (Collapse) | Author |
|
Files which are included by others whouls have the ".xml.i" extension.
|
|
|
|
|
|
|
|
|
|
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for
802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not
make the user juggle with the MTU bytes if he enables VLAN support later on,
which is yet to come.
|
|
Both PPPoE and WWAN interfaces are dialer interfaces handled by ppp, but use
different CLI nodes for the same functionality. PPPoE has "connect-on-demand"
to initiate an "on-demand" dialing and WWAN uses "ondemand" for this purpose.
Rename WWAN "ondemand" node to "connect-on-demand".
|
|
In the past we had to provide the ethertype value used for the VLAN
protocol (0x88A8 -> 802.1ad or 0x8100 -> 802.1q).
This should be changed to a more user friendly CLI node (protocol over
ethertype) and 802.1ad over it's raw value 0x88A8. There is no need in
presenting RAW information from the ethernet header to the user. Also iproute2
calls it protocol which makes way more sense over the "raw" value.
|
|
ethernet: T2891: Add ethernet ring-buffer CLI commands
|
|
|
|
|
|
VyOS 1.2 confirmed it was a regular node - copy/paste error.
|
|
Specifies the minimum number of links that must be active before asserting
carrier. It is similar to the Cisco EtherChannel min-links feature. This allows
setting the minimum number of member ports that must be up (link-up state)
before marking the bond device as up (carrier on). This is useful for situations
where higher level services such as clustering want to ensure a minimum number
of low bandwidth links are active before switchover.
This option only affects 802.3ad mode.
The default value is 0. This will cause carrier to be asserted (for 802.3ad
mode) whenever there is an active aggregator, regardless of the number of
available links in that aggregator. Note that, because an aggregator cannot be
active without at least one available link, setting this option to 0 or to 1
has the exact same effect.
|
|
|
|
|
|
PPPoE server supports setting the MPPE preferences, it is implemented as node
with leafNodes for require, prefer and deny. This will render a wrong AccelPPP
configuration as it will be "None" if specified.
pppoe-server {
ppp-options {
mppe {
deny
require
}
}
}
instead it must be:
pppoe-server {
ppp-options {
mppe require
}
}
|
|
When rapid-commit is specified, dhcp6c will include a rapid-commit option in
solicit messages and wait for an immediate reply instead of advertisements.
|
|
The current CLI did not support multiple prefix-delegations per interface. Some
ISPs only send one /64 to a client per prefix-delegation request, but they
allow the customer to request multiple prefixes.
The 'dhcpv6-options prefix-delegation' node has been renamed and converted to a
tag node named 'dhcpv6-options pd'. The tag node specifies a PD request (>=0).
In the past the user needed to know what prefix will be assigned and required
to calculate the sla-len by himself. The 'sla-len' node was dropped and is now
calculated in the background from the 'dhcpv6-options pd 0 length' node.
It is no longer mandatory to supply the 'sla-id' node, if sla-id is not
specified it is 'guessed' by counting upwards.
Example configuration:
----------------------
ethernet eth1 {
address dhcpv6
dhcpv6-options {
pd 0 {
length 56
interface eth2 {
address 1
}
}
}
}
This will request a /56 assignment from the ISP and will delegate a /64 network
to interface eth2. VyOS will use the interface address ::1 on the delegate
interface (eth2) as its local address.
|
|
|
|
|
|
|
|
nat: T2764: increase maximum rule number to 999999
|
|
* set system lcd device <device>
* set system lcd model <modeml>
Both device and model have completion helpers for supported interfaces and LCD
displays.
|
|
t2564-lcd
* 'system-display' of https://github.com/fmertz/vyos-1x:
system display: T2564: Added test model
system display: T2564: Dictionary code update
system display: T2564: Conf files to /run
system display: T2564: Changed "duration" to "time"
system display: T2564: py code cleanup
system display: T2564: Replace "config (enabled|disabled)" with "display disabled"
system display: T2564: Lowercase model names
system display: T2564 Extend VyOS to support appliance LCDs
|
|
|
|
When running SSH from the VyOS system the source IP address can be set by:
set system options ssh-client source-address x.x.x.x
|
|
|
|
|
|
Make the port used for RADIUS accounting user configurable. This is now
valid for the following services which are based on Accel-PPP:
* ipoe-server
* pppoe-server
* l2tp
* pptp
* sstp
|
|
|
|
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
|
|
|
|
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
While providing a new update() method in vyos.ifconfig.interfaces() this is
extended for pdeudo-ethernet interfaces in the derived class.
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
While providing a new update() method in vyos.ifconfig.interfaces() this is
extended for bridge interfaces in the derived bridge class.
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
|
The current VyOS CLI parser code written in Python contains a ton of duplicates
which I can also hold myself accountable for - or maybe mainly me - depends on
the angle of judge.
While providing a new update() method in vyos.ifconfig.interfaces() this is
extended for ethernet based interfaces which also supports 802.1q, 802.1ad
VLANs. This commit migrates the existing codebase for an ethernet based
interfaces and implements the missing parts for VLANs. Adding or migrating other
interfaces (e.g. bridge or bond) will become much easier as they must reuse
the entire functionality - we now walk towards a single codepath.
Thanks for all who made this combined effort possible!
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
|
|
|
Please note that either interface or address can be configured.
system {
options {
http-client {
source-interface eth0
source-address 1.1.1.1
}
}
}
|
|
|
|
|
|
As of now when adding new credentials for any SNMPv3 user we submit the
credential either plaintext or encrypted. A plaintext credential will be hashed
by SNMPd in the background and then passed back into the CLI so it's not stored
in cleartext. This feels like the wrong way in changing the CLI content with
data produced by a 3rd party daemon which implements the service.
It feels like the tail wiggles the entire dog.
This should be changed in the following way:
- After retrieving the plaintext password from CLI, use Python to hash the key
in advance
- Re-populate the encrypted key into the CLI and drop the plaintext one
- Generate service configuration and continue startup of SNMPd
This also fixes a race condition when SNMPd started up but not properly
provided the hasehd keys in the configuration resulting in a ConfigurationError.
Now as we also support binding SNMPd to a VRF this fixes a deadlock situation
on bootup as we can only bind late to the VRF and require up to 5 restarts of
the service - but the service will never start.
|
|
Match the full input string in regex validation. Previosly "sha123456" was
allowed by the validator but we only support "sha".
|
|
When migrating the conf from VyOS 1.2 to 1.3 a configuration error could appear
if the user specified "info" as loglevel instead of "INFO". There was no input
validation done in 1.2 but this is now enforced in 1.3.
In VyOS 1.3 loglevel will be always lowercase on the CLI and when migrating the
config this is transformed. Also VyOS 1.2 accpeted any arbitrary loglevel. If
an invalid loglevel is found it will be set to info.
|