summaryrefslogtreecommitdiff
path: root/interface-definitions
AgeCommit message (Collapse)Author
2020-09-26xml: interface-definitions: fix wrong file extension of inlcude filesChristian Poessinger
Files which are included by others whouls have the ".xml.i" extension.
2020-09-25dns: forwarding: T2921: migrate to get_config_dict()Christian Poessinger
2020-09-24wireless: T2241: add "wds" CLI optionChristian Poessinger
2020-09-22openvpn: T2907: add 'none' encryption option to not encrypt any dataMarcus Hoff
2020-09-22conf-mode: T2915: Adding lost option proxy-arp-pvlan for vlansever-sever
2020-09-20macsec: T2023: add missing mtu CLI optionChristian Poessinger
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for 802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not make the user juggle with the MTU bytes if he enables VLAN support later on, which is yet to come.
2020-09-20wwan: ifconfig: T2905: sync CLI nodes in dialup interfacesChristian Poessinger
Both PPPoE and WWAN interfaces are dialer interfaces handled by ppp, but use different CLI nodes for the same functionality. PPPoE has "connect-on-demand" to initiate an "on-demand" dialing and WWAN uses "ondemand" for this purpose. Rename WWAN "ondemand" node to "connect-on-demand".
2020-09-20vif-s: ifconfig: T2903: use explicit VLAN protocol over raw numbersChristian Poessinger
In the past we had to provide the ethertype value used for the VLAN protocol (0x88A8 -> 802.1ad or 0x8100 -> 802.1q). This should be changed to a more user friendly CLI node (protocol over ethertype) and 802.1ad over it's raw value 0x88A8. There is no need in presenting RAW information from the ethernet header to the user. Also iproute2 calls it protocol which makes way more sense over the "raw" value.
2020-09-17Merge pull request #546 from DmitriyEshenko/cur-1x-rbChristian Poessinger
ethernet: T2891: Add ethernet ring-buffer CLI commands
2020-09-17ethernet: T2891: Add ethernet ring-buffer CLI commandsDmitriyEshenko
2020-09-16wireless: T1627: "capabilities ht smps" is not a multi nodeChristian Poessinger
2020-09-16wireless: T1627: "capabilities ht max_amsdu" is not a multi nodeChristian Poessinger
VyOS 1.2 confirmed it was a regular node - copy/paste error.
2020-09-13bonding: T2877: support configuration of minimum number of active linksChristian Poessinger
Specifies the minimum number of links that must be active before asserting carrier. It is similar to the Cisco EtherChannel min-links feature. This allows setting the minimum number of member ports that must be up (link-up state) before marking the bond device as up (carrier on). This is useful for situations where higher level services such as clustering want to ensure a minimum number of low bandwidth links are active before switchover. This option only affects 802.3ad mode. The default value is 0. This will cause carrier to be asserted (for 802.3ad mode) whenever there is an active aggregator, regardless of the number of available links in that aggregator. Note that, because an aggregator cannot be active without at least one available link, setting this option to 0 or to 1 has the exact same effect.
2020-09-13ddclient: T2858: migrate to get_config_dict()Christian Poessinger
2020-09-09openconnect: T2036: Move CLI commands under vpn openconnectDmitriyEshenko
2020-08-26pppoe-server: bugfix MPPE node definitionChristian Poessinger
PPPoE server supports setting the MPPE preferences, it is implemented as node with leafNodes for require, prefer and deny. This will render a wrong AccelPPP configuration as it will be "None" if specified. pppoe-server { ppp-options { mppe { deny require } } } instead it must be: pppoe-server { ppp-options { mppe require } }
2020-08-23dhcpv6-pd: T2677: add support for rapid-commit optionChristian Poessinger
When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements.
2020-08-22dhcpv6-pd: T2677: optimize CLI interface for PD configurationChristian Poessinger
The current CLI did not support multiple prefix-delegations per interface. Some ISPs only send one /64 to a client per prefix-delegation request, but they allow the customer to request multiple prefixes. The 'dhcpv6-options prefix-delegation' node has been renamed and converted to a tag node named 'dhcpv6-options pd'. The tag node specifies a PD request (>=0). In the past the user needed to know what prefix will be assigned and required to calculate the sla-len by himself. The 'sla-len' node was dropped and is now calculated in the background from the 'dhcpv6-options pd 0 length' node. It is no longer mandatory to supply the 'sla-id' node, if sla-id is not specified it is 'guessed' by counting upwards. Example configuration: ---------------------- ethernet eth1 { address dhcpv6 dhcpv6-options { pd 0 { length 56 interface eth2 { address 1 } } } } This will request a /56 assignment from the ISP and will delegate a /64 network to interface eth2. VyOS will use the interface address ::1 on the delegate interface (eth2) as its local address.
2020-08-19mpls-ldp: T915: Add discovery hello timerssever-sever
2020-08-18anyconnect: T2036: add anyconnect VPN supportEshenko Dmitriy
2020-08-18lcd: T2564: add support for Lanner, Watchguard, Symantec boxesChristian Poessinger
2020-08-16Merge pull request #523 from jjakob/increase-max-nat-rule-number-T2764Christian Poessinger
nat: T2764: increase maximum rule number to 999999
2020-08-15lcd: T2564: flatten CLI interfaceChristian Poessinger
* set system lcd device <device> * set system lcd model <modeml> Both device and model have completion helpers for supported interfaces and LCD displays.
2020-08-12Merge branch 'system-display' of https://github.com/fmertz/vyos-1x into ↵Christian Poessinger
t2564-lcd * 'system-display' of https://github.com/fmertz/vyos-1x: system display: T2564: Added test model system display: T2564: Dictionary code update system display: T2564: Conf files to /run system display: T2564: Changed "duration" to "time" system display: T2564: py code cleanup system display: T2564: Replace "config (enabled|disabled)" with "display disabled" system display: T2564: Lowercase model names system display: T2564 Extend VyOS to support appliance LCDs
2020-08-06nat: T2764: increase maximum rule number to 999999Jernej Jakob
2020-08-04ssh: T2651: add cli options for source addressChristian Poessinger
When running SSH from the VyOS system the source IP address can be set by: set system options ssh-client source-address x.x.x.x
2020-08-04cleanup: convert multiple files from DOS to UNIX line endingChristian Poessinger
2020-08-03lldp: T393: improve all completion helperChristian Poessinger
2020-08-02accel-ppp: T2756: make RADIUS accounting port configurableChristian Poessinger
Make the port used for RADIUS accounting user configurable. This is now valid for the following services which are based on Accel-PPP: * ipoe-server * pppoe-server * l2tp * pptp * sstp
2020-07-30router-advert: T2745: migrate to get_config_dict()Christian Poessinger
2020-07-29mdns-repeater: T2742: migrate to get_config_dict()Christian Poessinger
2020-07-26wireguard: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-26wireguard: T2734: fwmark is a 32bit value - fix validatorChristian Poessinger
2020-07-26vxlan: ifconfig: T2653: move to get_interface_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-26pseudo-ethernet: ifconfig: T2733: support MTU configurationChristian Poessinger
2020-07-26Merge branch 'current' of https://github.com/vyos/vyos-1x into currentDaniil Baturin
2020-07-26Fix a typo in BFD command help.Daniil Baturin
2020-07-25l2tpv3: ifconfig: T2653: move implementation to get_interface_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25wireless: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25bonding: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25pseudo-ethernet: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. While providing a new update() method in vyos.ifconfig.interfaces() this is extended for pdeudo-ethernet interfaces in the derived class.
2020-07-25bridge: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. While providing a new update() method in vyos.ifconfig.interfaces() this is extended for bridge interfaces in the derived bridge class. Signed-off-by: Christian Poessinger <christian@poessinger.com>
2020-07-25ethernet: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. While providing a new update() method in vyos.ifconfig.interfaces() this is extended for ethernet based interfaces which also supports 802.1q, 802.1ad VLANs. This commit migrates the existing codebase for an ethernet based interfaces and implements the missing parts for VLANs. Adding or migrating other interfaces (e.g. bridge or bond) will become much easier as they must reuse the entire functionality - we now walk towards a single codepath. Thanks for all who made this combined effort possible! Signed-off-by: Christian Poessinger <christian@poessinger.com>
2020-07-25ifconfig: T2653: set arp-cache-timeout default value of 30msChristian Poessinger
2020-07-15http-client: T2651: support specifying source-interface/address for curlChristian Poessinger
Please note that either interface or address can be configured. system { options { http-client { source-interface eth0 source-address 1.1.1.1 } } }
2020-07-15xml: T2651: provide general source-interface include fileChristian Poessinger
2020-07-12nat: T2699: rename interface includeChristian Poessinger
2020-07-11snmp: T2687: precalculate snmpv3 encrypted keysChristian Poessinger
As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.
2020-07-11snmp: T2687: enforce beginning and end of string match for regexChristian Poessinger
Match the full input string in regex validation. Previosly "sha123456" was allowed by the validator but we only support "sha".
2020-07-07ssh: T2691: bugfix loglevel config migrationChristian Poessinger
When migrating the conf from VyOS 1.2 to 1.3 a configuration error could appear if the user specified "info" as loglevel instead of "INFO". There was no input validation done in 1.2 but this is now enforced in 1.3. In VyOS 1.3 loglevel will be always lowercase on the CLI and when migrating the config this is transformed. Also VyOS 1.2 accpeted any arbitrary loglevel. If an invalid loglevel is found it will be set to info.