summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2023-08-07wireguard: T5409: Added 'set interfaces wireguard wgX threaded'aapostoliuk
Added 'set interfaces wireguard wgX threaded' command. Process traffic from each peer in a dedicated thread.
2023-08-02Merge pull request #2122 from aapostoliuk/T5413Christian Breunig
wireguard: T5413: Blocked adding the peer with the router's public key
2023-08-02wireguard: T5413: Blocked adding the peer with the router's public keyaapostoliuk
Disabeled adding the peer with the same public key as the router has. Added smoketest
2023-08-01T5374: Add system option time-format 12 or 24 hoursViacheslav Hletenko
Ability to set locate time format 12|24-hour set system option time-format 12-hour|24-hour $ date Tue Aug 1 12:33:45 PM EEST 2023 $ date Tue 1 Aug 12:34:09 EEST 2023
2023-07-31login: T4790: sync number of max RADIUS servers with equuleus branch (8)Christian Breunig
2023-07-27Merge pull request #2105 from sever-sever/T5368Daniil Baturin
T5368: service ids ddos-protection add support sflow mode
2023-07-27Merge pull request #2114 from srividya0208/T5252Christian Breunig
T5127: vpnv4/v6 : warning for router-id
2023-07-27T5127: vpnv4/vpnv6 : warning for router-idsrividya0208
2023-07-27wwan: T3795: remove superfluous call to set_level()Christian Breunig
2023-07-27openvpn: T4974: move CLI node "enable-dco" -> "offload dco" to match other ↵Christian Breunig
inetfaces Keep a common CLI structure by re-using the already established offload node from ethernet.
2023-07-27openvpn: T4974: restructure get_config()Christian Breunig
Preparation to make the code flow look more intuitive and add room to add parsing of additional OpenVPN interfaces for DCO module load.
2023-07-26openvpn: T4974: dynamically load/unload kernel moduleChristian Breunig
2023-07-26Merge pull request #2078 from nicolas-fort/T5154Viacheslav Hletenko
T5154: NTP: allow maximum of one ipv4 and one ipv6 address on paramet…
2023-07-25static: T5398: do not mangle interface names in FRRJonathan Voss
2023-07-25T5154: NTP: allow maximum of one ipv4 and one ipv6 address on parameter ↵Nicolas Fort
<listen-address>. Also allow only one single value <interface>.
2023-07-22Merge pull request #2100 from nicolas-fort/T4889Christian Breunig
T4889: NAT Redirect: adddestination nat redirection (to local host) feature.
2023-07-22Merge pull request #2104 from c-po/t5377-ospf-grChristian Breunig
ospf: T5377: add graceful restart FRR feature (RFC 3623)
2023-07-21login: T5363: keep home when user is deletedChristian Breunig
Comply with the code comment and not remove the users home directory. This also fixes the issue that user homes get cleaned on system reboot
2023-07-21T5368: service ids ddos-protection add support sflow modeViacheslav Hletenko
sFlow mode requires fewer resources then mode "mirror" Integrate it into configuration mode set service ids ddos-protection mode 'sflow' set service ids ddos-protection sflow listen-address '127.0.0.1' set service ids ddos-protection sflow port '6343'
2023-07-20ospf: T5377: add graceful restart FRR feature (RFC 3623)Christian Breunig
New CLI commands: * set protocols ospf graceful-restart grace-period 300 * set protocols ospf graceful-restart helper planned-only * set protocols ospf graceful-restart helper no-strict-lsa-checking * set protocols ospf graceful-restart helper supported-grace-time 400 * set protocols ospf graceful-restart helper enable router-id 192.0.2.1 * set protocols ospf graceful-restart helper enable router-id 192.0.2.2 * set protocols ospfv3 graceful-restart grace-period 300 * set protocols ospfv3 graceful-restart helper planned-only * set protocols ospfv3 graceful-restart helper lsa-check-disable * set protocols ospfv3 graceful-restart helper supported-grace-time 400 * set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.1 * set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.2
2023-07-20bgp: T5328: Fixed verifying peer without AFI.aapostoliuk
Fixed verifying peer without AFI, if the peer is interface.
2023-07-19T4899: NAT Redirect: adddestination nat redirection (to local host) feature.Nicolas Fort
2023-07-18syslog: T2778: add missing argument for rsyslog.conf templateJohn Estabrook
2023-07-17syslog: T2778: fix dict indexJohn Estabrook
2023-07-16syslog: T2778: fix invalid handling of logrotate and default valuesChristian Breunig
There was no /var/log/messages handler for logrotate making rsyslog crash after a few days. In addition we had some JIna2 templating errors for hosts, user and file CLI nodes jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'facility' Looks like therey are used rarely ;) - lucky me!
2023-07-16T5195: fix remaining references to decommissioned vyos.utilChristian Breunig
2023-07-15T5195: vyos.util -> vyos.utils package refactoring part #2Christian Breunig
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-07-14Merge pull request #2089 from nicolas-fort/T5059Christian Breunig
T5059: relay: add disable options for dhcp-relay and dhcpv6-relay
2023-07-14bgp: T5338: bugfix MPLS VRF error handlingChristian Breunig
Commit 6e621e42f ("bgp: T5338: simplify XML and code handling") hat a wrong if branch when handling the check if an interface belongs to the proper VRF when MPLS forwarding is used. This has been fixed.
2023-07-13T5059: relay: add disable options for dhcp-relay and dhcpv6-relay. Also add ↵Nicolas Fort
validor for dhcpv6-relay which was missing.
2023-07-12T5195: drop sysctl_* implementation from vyos.util - prefer vyos.utils.systemChristian Breunig
2023-07-12T5195: move boot_* helpers to vyos.utils.bootChristian Breunig
2023-07-12bgp: T5338: simplify XML and code handlingChristian Breunig
2023-07-12Merge pull request #2085 from aapostoliuk/T5338-sagittaChristian Breunig
bgp: T5338: Added 'protocols bgp interface <int> mpls forwarding' feature
2023-07-11bgp: T5338: Added 'protocols bgp interface <int> mpls forwarding' featureaapostoliuk
Added 'protocols bgp interface <int> mpls forwarding' feature. It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected.
2023-07-11T5341: HA migrate virtual-server tag to node addressViacheslav Hletenko
Migrate: high-availability virtual-server 203.0.113.1 to: high-availability virtual-server <name> address 203.0.113.1
2023-07-07Merge pull request #2042 from sever-sever/T775Viacheslav Hletenko
T775: Add service config-sync between 2 routers
2023-07-06Merge pull request #2074 from zdc/T1797-sagittaChristian Breunig
VPP: T1797: Optimizations for VPP memory allocation during startup
2023-07-06VPP: T1797: Optimized memory allocation during startupzsdc
- changed memory requirement from total to available. This allows to start on systems with less total memory and protects from startup on systems with overloaded memory. - prevent startup if sysctl settings were not applied. This protects from situations when the system cannot allocate enough hugepages or apply other sysctl settings.
2023-07-05T5340: snmp: add checks while configuring snmp listen-address with and ↵Nicolas Fort
without vrf
2023-07-03ospf: T5334: add support for external route summarisation Type-5 and Type-7 LSAsChristian Breunig
* set protocols ospf aggregation timer <seconds> * set protocols ospf summary-address x.x.x.x/x [tag 1-4294967295] * set protocols ospf summary-address x.x.x.x/x no-advertise
2023-07-03VPP: T1797: Added interfaces reinitializationzsdc
After an interface is added/removed from VPP, it will be reinitialized, which allows reconfiguring IP addresses on it. Also modified VPP load priority to start before interfaces, and avoid reconfiguration during boot.
2023-07-01Merge pull request #2064 from sever-sever/T1797Christian Breunig
T1797: VPP verify minimal installed memory and apply sysctl
2023-07-01T1797: VPP verify minimal installed memory and apply sysctlViacheslav Hletenko
Do not allow configure VPP if on the systems with low amount installed memory Add sysctl VPP parameters (hugepages, kernel.shmmax)
2023-06-30bcast-relay: T5313: capitalize UDP protocol nameChristian Breunig
2023-06-30T775: Add service config-sync between 2 routersViacheslav Hletenko
Service config-sync allows synchronizing a section of the configuration. As PoC allow only nat, nat66 and firewall sections Rertreive the configuration for a section from self node and send this configuration to the section of the 'secondary' node. This feature adds a symlink from helper 'vyos_config_sync.py' to '/config/scripts/commit/post-hooks.d' and config that is located in '/run/config_sync_conf.conf' It will synchronyze the config only if the setcion was changed. set service config-sync secondary address 192.0.2.11 set service config-sync secondary key xxx set service config-sync section nat set service config-sync section nat66 set service config-sync section firewall set service config-sync mode load
2023-06-29Merge pull request #2059 from sever-sever/T1797-vppChristian Breunig
T1797: Add initial vpp configuration
2023-06-29VPP: T1797: Optimized interfaces add/removezsdc
- added extra renaming operation to be sure that interface has the same name as before in the system after it was moved from VPP to kernel - added extra check after PCI device removal/adding - added check for proper `retval` for CPI calls where it is available - replaced empty return with an error in `_get_pci_address_by_interface()` because not resolved address will lead to inconsistency of the system later
2023-06-28VPP: T1797: Improved VPP supportzsdc
- added ability to add/remove interfaces without system reboot - added `attempts` and `interval` to the VPP API connection. This is helpful in case of high system load or when VPP was just started and API is not yet available. - added exceptions to API calls. This allows handling errors in communication with API properly in conf-mode scripts. - fixed PCI address search in VPP to match Linux kernel and ethtool style - fixed systemd daemons control - first reload, then restart - removed debug prints - removed `vm.nr_hugepages` configuration. It is not required now but increases RAM requirements a lot.