Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-08-18 | firewall: T4622: Add TCP MSS option | Viacheslav Hletenko | |
Ability to drop|accept packets based on TCP MSS size set firewall name <tag> rule <tag> tcp mss '501-1460' | |||
2022-08-05 | Merge pull request #1459 from dmbaturin/genop-exn | Viacheslav Hletenko | |
T2719: add an exception hierarchy for op mode errors | |||
2022-08-04 | T2719: add an exception hierarchy for op mode errors | Daniil Baturin | |
2022-08-04 | vyos.config.configdict: T4592: only print interface name, not interface dict ↵ | Christian Poessinger | |
on error | |||
2022-08-01 | bridge: T4565: bugfix error message when member interface contains an address | Christian Poessinger | |
We should not print the entire dictionary - we only need the bridge interface name: Bug: Cannot assign address to interface "eth1" as it is a member of bridge "{'br0': {'allowed_vlan': ['5-50', '101'], 'native_vlan': '101'}}"! Fixed: Cannot assign address to interface "eth1" as it is a member of bridge "br0"! | |||
2022-08-01 | mtu: T4572: Add DHCP-option MTU to get values from DHCP-server | Viacheslav Hletenko | |
Ability to get MTU from DHCP-server and don't touch it per any interface change if interface 'dhcp-options mtu' is configured | |||
2022-07-30 | bridge: T4565: is_member() must return the dict of the member interface | Christian Poessinger | |
... otherwise functionality like bridge VLANs will loose configuration on membe rinterface update (e.g. description) | |||
2022-07-30 | bridge: T4579: cleanup interface dict (remove empty keys) | Christian Poessinger | |
2022-07-30 | bridge: T4579: remove duplicate code path already handled by base class | Christian Poessinger | |
Interface() base class already takes care about VLAN creation/removal of newly added or no longer required interfaces. No need to code this logic again. | |||
2022-07-30 | Revert "vyos.configdict(): T4228: is_member() must split VLAN interfaces" | Christian Poessinger | |
This reverts commit fdeae251431cb747e8f60d96269b4365b7401807. | |||
2022-07-28 | vyos.util: T4575: Add new wrapper "rc_cmd" | Viacheslav Hletenko | |
It is useful to have both a return code and output of the command Add a new wrapper "rc_cmd" that returns both % rc_cmd('uname') (0, 'Linux') % rc_cmd('ip link show dev fake') (1, 'Device "fake" does not exist.') | |||
2022-07-24 | graphql: T4413: add support for a system status query | John Estabrook | |
2022-07-24 | graphql: T3993: disable introspection unless set in CLI | John Estabrook | |
2022-07-20 | Merge pull request #1351 from dmbaturin/genop | John Estabrook | |
T2719: prototype of an op mode command runner based on type hints and introspection | |||
2022-07-20 | T2719: fix indentation in vyos.opmode | Daniil Baturin | |
2022-07-20 | T2719: fix a stray empty key in the CPU data dict | Daniil Baturin | |
2022-07-19 | T2719: patch for general support for boolean options | John Estabrook | |
Signed-off-by: Daniil Baturin <daniil@vyos.io> | |||
2022-07-15 | interfaces: T4525: interfaces can not be member of a bridge/bond and a VRF | Christian Poessinger | |
2022-07-15 | bond: T4525: fix adding member interface to bond after removing VRF | Christian Poessinger | |
When removing a VRF from an ethernet interface and adding the interface to a bond in the same commit led to an OSError: [Errno 16] Device or resource busy! | |||
2022-07-15 | vyos.configdict(): T4228: is_member() must return member interface config dict | Christian Poessinger | |
This extends commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real" hardware interface") and returns the config dict of the used member interfaces. | |||
2022-07-15 | bond: bridge: T4534: error out if member interface is assigned to a VRF instance | Christian Poessinger | |
It makes no sense to enslave an interface to a bond or a bridge device if it is bound to a given VRF. If VRFs should be used - the encapuslating/master interface should be part of the VRF. Error out if the member interface is part of a VRF. | |||
2022-07-14 | interface: T4056: Fix unexpected delete tc qdisc | DaniilHarun | |
2022-07-11 | vyos.configdict(): T4228: is_member() must split VLAN interfaces | Christian Poessinger | |
Commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real" hardware interface") added a bugfix on calling is_member() to retrieve the real physical information about an interface. It did not include a code path to also split up VLAN interfaces. This has been fixed. | |||
2022-07-10 | bond: T4522: add ability to specify mii monitor interval via CLI | Christian Poessinger | |
Linux Kernel supports to specify the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failures. A value of zero disables MII link monitoring. A value of 100 is a good starting point. The default value is 100. set interfaces bonding bond0 mii-mon-interval <n> | |||
2022-07-10 | vyos.configdict(): T4228: is_member() must use the "real" hardware interface | Christian Poessinger | |
When is_member() is inspecting the bridge/Bond member interfaces it must work with the real interface (e.g. eth1) under the "ethernet" node and not work on the "member interface eth1" CLI tree, that makes no sense at all. | |||
2022-07-10 | bond: T1557: re-add miimon configuration - lost in translation | Christian Poessinger | |
2022-07-10 | bond: T4521: ARP monitor interval is not configured despite set via CLI | Christian Poessinger | |
The code path for changing the interval is never executed. | |||
2022-07-09 | ip: T4517: add option to enable directed broadcast forwarding | Yuxiang Zhu | |
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644. By default Linux kernel doesn't forward directed broadcast packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding` and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1. | |||
2022-07-05 | T2719: add general support for boolean options to generative op mode | Daniil Baturin | |
Since Python as of 3.9 doesn't give us an option to look up argument's default value by its name, this implementation requires that all boolean options must default to false. | |||
2022-07-04 | firewall: T4299: Add ability to inverse match country codes | sarthurdev | |
2022-07-01 | Merge pull request #1380 from sarthurdev/ovpn-multi-ca | Christian Poessinger | |
openvpn: T4485: Accept multiple tls ca-certificate values | |||
2022-07-01 | vti: T2455: add link-local IPv6 address support | Christian Poessinger | |
Interface should receive an auto generated link-local IPv6 address as we do with all VyOS interfaces by default. | |||
2022-06-29 | openvpn: T4485: Update PKI migrator to handle full CA chain migration | sarthurdev | |
* Also determines and maps to correct CA for migrated CRL | |||
2022-06-29 | bridge: add option to enable/disable IGMP/MLD snooping | Yuxiang Zhu | |
This PR adds an config option to enable/disable IGMP/MLD snooping. ``` set interfaces bridge brN igmp snooping ``` | |||
2022-06-29 | openvpn: T4485: Accept multiple `tls ca-certificate` values | sarthurdev | |
2022-06-25 | interfaces: dhcp: T4482: toggle of "dhcp-options no-default-route" has no effect | Christian Poessinger | |
Error introduced by commit 85d6c8f7c ("vyos.configdict: T4391: enable get_interface_dict() ti be used with ConfigTreeQuery()"). Reason was the still in use relative path on calls to node_changed(), these got replaced with absolute config paths and the new implementation if is_node_changed(). | |||
2022-06-25 | dhcp: pppoe: T4384: bugfix not honoring no-default-route CLI option | Christian Poessinger | |
Commit a2ab95ff68b ("pppoe: T4384: replace default-route CLI option with common CLI nodes already present for DHCP") had an issue as the PPPoE interface options and also DHCP interface options did not honor the no-default-route option. This has been fixed. | |||
2022-06-20 | T2719: use _is_show for detecting show functions | Daniil Baturin | |
2022-06-16 | vyos.ifconfig: T4384: fix file permission (664) on interface.py | Christian Poessinger | |
2022-06-16 | T2719: make re functions usage in vyos.opmode more consistent | Daniil Baturin | |
2022-06-15 | T2719: correctly handle the raw argument for all show_* commands | Daniil Baturin | |
2022-06-15 | T2719: handle the case when script subcommand is not given | Daniil Baturin | |
2022-06-14 | firewall: T970: Use set prefix to domain groups | sarthurdev | |
2022-06-14 | firewall: T4147: Use named sets for firewall groups | sarthurdev | |
* Refactor nftables clean-up code * Adds policy route test for using firewall groups | |||
2022-06-11 | firewall: T4299: Add support for GeoIP filtering | sarthurdev | |
2022-06-10 | Merge pull request #1356 from sarthurdev/nested_groups | Christian Poessinger | |
firewall: T478: Add support for nesting groups | |||
2022-06-10 | firewall: T478: Add support for nesting groups | sarthurdev | |
2022-06-10 | Firewall:T4458: Add ttl match option in firewall | Nicolas Fort | |
2022-06-10 | Merge pull request #1322 from nicolas-fort/T3907-fwall-log | Daniil Baturin | |
Firewall: T3907: add log-level options in firewall | |||
2022-06-09 | Merge pull request #1327 from sever-sever/T970 | Christian Poessinger | |
firewall: T970: Add firewall group domain-group |