| Age | Commit message (Collapse) | Author |
|---|
|
FRR 10.2 will use "[no] ip forwarding" and "[no] ipv6 forwarding" to enable or
disable IP(v6) forwarding. We no longer rely on sysctl as this was overridden
by FRR later on.
Remove code path for sysctl setting and solely rely on FRR.
|
|
|
|
When running under vyos-configd only a single apply() is done as last step in
the commit algorithm. FRRender class address is provided via an attribute from
vyos-configd process.
|
|
A lot of services have dynamic debug capabilities which will be turned on by
creating a file in /tmp. These scripts have the path hardcoded and sometimes
accross multiple places (bad).
This commit introduces vyos.defaults.frr_debug_enable to get the path for the
debug file from a single location.
|
|
With FRR 10.0 daemons started to be migrated to integrated FRR mgmtd and a
northbound interface. This led to some drawbacks in the current state how
changes to FRR are handled. The current implementation will use frr-reload.py
and specifies excatly WHICH daemon needs a config update and will only replace
this part inside FRR.
With FRR10 and mgmtd when a partial configuration is sent to mgmtd, it will
remove configuration parts from other daemons like bgpd or ospfd which have
not yet been migrated to mgmtd.
It's not possible to call frr-reload.py with daemon mgmtd - it will error out.
This commit will also change the CLI for static routes:
CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
source 1.1.1.1" will be split into:
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd source-address 1.1.1.1
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
To make the XML blocks reusable, and comply with the FRR CLI - this was actually
a wrong implementation from the beginning as you can not have multiple BFD
source addresses.
CLI command "set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd multi-hop
source 1.1.1.1 profile bar" is changed to:
* set protocols static route 10.0.0.0/8 next-hop 1.2.3.4 bfd profile bar
CLI commands "set protocols static multicast interface-route" is moved to:
* set protocols static multicast route <x.x.x.x/x> interface
To have an identical look and feel with regular static routes.
|
|
|
|
|
|
As we are generating the reference tree from the XML definitions during
build, save an internal representation for vyconfd to load on startup.
|
|
Adjust signature of reference_tree_to_json for change in the ctypes
binding.
|
|
The maximun value theat could be written for the 'rpc_cpu'
is 4294967295 or 0xffffffff in the chunk splitted by commas
|
|
|
|
T264: IPsec add base64 encoded secret-type feature
|
|
|
|
Add the ability to configure base64 encoded passwords for
VPN IPSec site-to-site peers
authentication psk PSK secret 'xxxxx=='
authentication psk PSK secret-type <base64|plaintext>
|
|
- Removed default `m1` and `m2` values from interface definitions
- Adjusted filter priorities for shapers
- Fixed SFQ qdisc and HFSC class creation to fully support `m1`, `d`, and `m2` parameters
- Added validation logic similar to VyOS 1.3 to improve error handling and user experience
|
|
|
|
- Fixed handling of flow isolation parameters.
- Corrected support for `nat` and `nonat` in flow isolation.
- Extended RTT values to cover the full range supported by `tc`.
- Make migration script 2-to-3 qos
|
|
* T6490: Allow creation of wireguard interfaces without requiring peers
|
|
|
|
Signed-off-by: Date Huang <tjjh89017@hotmail.com>
|
|
`mokutil --sb-state` will output "This system doesn't support Secure Boot" to stderr.
and return error code 255 if the UEFI system doesn't support secure boot.
Signed-off-by: Date Huang <tjjh89017@hotmail.com>
|
|
- Resolved unhandled exception occurring with default round-robin policy config.
- Added default filter to ensure proper round-robin policy.
|
|
T6695: Machine-readable operational mode support for traceroute
|
|
Not all NICs could provide ring-buffers info requested by ethtool
in JSON format
For example 'vif' Xen/XCP-NG interfaces
Fix it
|
|
T4583: Rewrite VRRP op-mode to vyos.opmode format
|
|
|
|
|
|
reformat file by linter rules
|
|
|
|
|
|
|
|
|
|
config-mgmt: T5976: add option for commit-confirm to use 'soft' rollback
|
|
|
|
vyos.configtree: T4318: Allow set tag flag to true or false
|
|
|
|
cli: T6740: add a converter from set commands to config
|
|
Signed-off-by: Daniil Baturin <daniil@baturin.org>
|
|
Commit-confirm will restore a previous configuration if a confirmation
is not received in N minutes. Traditionally, this was restored by a
reboot into the last configuration on disk; add a configurable option to
reload the last completed commit without a reboot. The default setting
is to reboot.
|
|
|
|
T6760: firewall: add packet modifications existing in policy route to regular firewall ruleset.
|
|
|
|
regular firewall ruleset.
|
|
(#4109)
|
|
T6687: add fqdn support to nat rules.
|
|
Recent ethtool 6.10 supports JSON output for the base driver features. Remove
our old text based processing code and use the machine readable output of
ethtool.
|
|
|
|
Commit 0ee8d5e35 ("ethernet: T6709: move EAPoL support to common framework")
added support to also have EAPoL on other interface types then ethernet. This
introduced a regression where the wireless interface wpa_supplicant configuration
would get deleted.
|
|
T861: op-mode: initial parts for UEFI secure boot CLI
|
|
vyos@vyos:~$ show ver
...
Architecture: x86_64
Boot via: installed image
System type: KVM guest
Secure Boot: enabled
...
|
