Age | Commit message (Collapse) | Author |
|
This prevents any stale override files when the system is beeing rebooted,
but the actual configuration was not saved. /run is a tmpfs and thus
always fresh after boot.
|
|
|
|
|
|
|
|
|
|
It should be possible to send the gathered data via a VRF bound interface to
the collector. This is somehow related to T3981 but it's the opposite side of
the netflow process.
set system flow-accounting vrf <name>
|
|
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
|
|
|
|
|
|
|
|
The implementation of the "auto" option to specify the sflow/netflow
agent-address is very error prone. The current implementation will determine
the IP address used for the "auto" value as follow:
Get BGP router-id
1) If not found use OSPF router-id
2) If not found use OSPFv3 router-id
3) If not found use "the first IP address found on the system
Well, what is the "first IP address found"? Also this changes if DHCP is in use.
Also another disadvantage is when the BGP/OSPF/OSPFv3 router-id is changed,
the agent-address is not updated upon the next reboot of the system.
This task is about removing the "auto" keyword from the CLI at all and make it
either entirely configurable by the user and hardcode the value in CLI, or not
use this at all.
If "auto" is specified we will query the system in the above order and set the
proper router-id in the CLI. If none can be found the CLI node is removed.
|
|
sFlow uses the source-address CLI node and netflow uses source-ip this is just
confusing and should be synced to the common source-address CLI node.
|
|
|
|
|
|
|
|
error
|
|
(cherry picked from commit 95cc2e4b4c11414cc71749af12abb575e96e5bd4)
|
|
|
|
|
|
airbag must now be explicitly installed.
the patch also allow to fully disables the installation of the logging
code at setup (and not just installing and doing nothing)
|
|
|
|
|
|
|
|
|
|
convert all call to jinja to use template.render
|
|
util: T2226: improvement and fixes
|
|
update all code using the API. Interface.interfaces() could be
used but the code was change to use Section.interfaces() which
make more sense when reading it.
|
|
|
|
The failure are now reported slightly differently using the
cmd "raising" feature which will allow down the line to
intercept the issue and present them better to the user
|
|
|
|
|
|
* fixed improper `process.returncode` invokes
* added check for if an in-memory table is active before using IMT for flows show
* replaced `--nflog-range` to `--nflog-size` in iptables rules, as `--nflog-range` had never works. **WARNING: this change break compatibility with Debian 8!**
|
|
|
|
This patch keep compatibility with old configuration and software, but now it is much easier to add a lot of other useful things
Completely replaces vyatta-netflow package (except some outdated and not available via CLI parts)
|