Age | Commit message (Collapse) | Author |
|
Added 'set interfaces wireguard wgX threaded' command.
Process traffic from each peer in a dedicated thread.
|
|
wireguard: T5413: Blocked adding the peer with the router's public key
|
|
Disabeled adding the peer with the same public key as the router has.
Added smoketest
|
|
Ability to set locate time format 12|24-hour
set system option time-format 12-hour|24-hour
$ date
Tue Aug 1 12:33:45 PM EEST 2023
$ date
Tue 1 Aug 12:34:09 EEST 2023
|
|
|
|
T5368: service ids ddos-protection add support sflow mode
|
|
T5127: vpnv4/v6 : warning for router-id
|
|
|
|
|
|
inetfaces
Keep a common CLI structure by re-using the already established offload
node from ethernet.
|
|
Preparation to make the code flow look more intuitive and add room to add
parsing of additional OpenVPN interfaces for DCO module load.
|
|
|
|
T5154: NTP: allow maximum of one ipv4 and one ipv6 address on paramet…
|
|
|
|
<listen-address>. Also allow only one single value <interface>.
|
|
T4889: NAT Redirect: adddestination nat redirection (to local host) feature.
|
|
ospf: T5377: add graceful restart FRR feature (RFC 3623)
|
|
Comply with the code comment and not remove the users home directory.
This also fixes the issue that user homes get cleaned on system reboot
|
|
sFlow mode requires fewer resources then mode "mirror"
Integrate it into configuration mode
set service ids ddos-protection mode 'sflow'
set service ids ddos-protection sflow listen-address '127.0.0.1'
set service ids ddos-protection sflow port '6343'
|
|
New CLI commands:
* set protocols ospf graceful-restart grace-period 300
* set protocols ospf graceful-restart helper planned-only
* set protocols ospf graceful-restart helper no-strict-lsa-checking
* set protocols ospf graceful-restart helper supported-grace-time 400
* set protocols ospf graceful-restart helper enable router-id 192.0.2.1
* set protocols ospf graceful-restart helper enable router-id 192.0.2.2
* set protocols ospfv3 graceful-restart grace-period 300
* set protocols ospfv3 graceful-restart helper planned-only
* set protocols ospfv3 graceful-restart helper lsa-check-disable
* set protocols ospfv3 graceful-restart helper supported-grace-time 400
* set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.1
* set protocols ospfv3 graceful-restart helper enable router-id 192.0.2.2
|
|
Fixed verifying peer without AFI, if the peer is interface.
|
|
|
|
|
|
|
|
There was no /var/log/messages handler for logrotate making rsyslog
crash after a few days.
In addition we had some JIna2 templating errors for hosts, user and file
CLI nodes
jinja2.exceptions.UndefinedError: 'dict object' has no attribute 'facility'
Looks like therey are used rarely ;) - lucky me!
|
|
|
|
|
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
T5059: relay: add disable options for dhcp-relay and dhcpv6-relay
|
|
Commit 6e621e42f ("bgp: T5338: simplify XML and code handling") hat a wrong if
branch when handling the check if an interface belongs to the proper VRF when
MPLS forwarding is used.
This has been fixed.
|
|
validor for dhcpv6-relay which was missing.
|
|
|
|
|
|
|
|
bgp: T5338: Added 'protocols bgp interface <int> mpls forwarding' feature
|
|
Added 'protocols bgp interface <int> mpls forwarding' feature.
It is possible to permit BGP install VPN prefixes without transport labels.
This configuration will install VPN prefixes originated from an e-bgp session,
and with the next-hop directly connected.
|
|
Migrate:
high-availability virtual-server 203.0.113.1
to: high-availability virtual-server <name> address 203.0.113.1
|
|
T775: Add service config-sync between 2 routers
|
|
VPP: T1797: Optimizations for VPP memory allocation during startup
|
|
- changed memory requirement from total to available. This allows to start on
systems with less total memory and protects from startup on systems with
overloaded memory.
- prevent startup if sysctl settings were not applied. This protects from
situations when the system cannot allocate enough hugepages or apply other
sysctl settings.
|
|
without vrf
|
|
* set protocols ospf aggregation timer <seconds>
* set protocols ospf summary-address x.x.x.x/x [tag 1-4294967295]
* set protocols ospf summary-address x.x.x.x/x no-advertise
|
|
After an interface is added/removed from VPP, it will be reinitialized, which
allows reconfiguring IP addresses on it.
Also modified VPP load priority to start before interfaces, and avoid
reconfiguration during boot.
|
|
T1797: VPP verify minimal installed memory and apply sysctl
|
|
Do not allow configure VPP if on the systems with low amount
installed memory
Add sysctl VPP parameters (hugepages, kernel.shmmax)
|
|
|
|
Service config-sync allows synchronizing a section of
the configuration.
As PoC allow only nat, nat66 and firewall sections
Rertreive the configuration for a section from self node and
send this configuration to the section of the 'secondary' node.
This feature adds a symlink from helper 'vyos_config_sync.py'
to '/config/scripts/commit/post-hooks.d' and config that is
located in '/run/config_sync_conf.conf'
It will synchronyze the config only if the setcion
was changed.
set service config-sync secondary address 192.0.2.11
set service config-sync secondary key xxx
set service config-sync section nat
set service config-sync section nat66
set service config-sync section firewall
set service config-sync mode load
|
|
T1797: Add initial vpp configuration
|
|
- added extra renaming operation to be sure that interface has the same name as
before in the system after it was moved from VPP to kernel
- added extra check after PCI device removal/adding
- added check for proper `retval` for CPI calls where it is available
- replaced empty return with an error in `_get_pci_address_by_interface()`
because not resolved address will lead to inconsistency of the system later
|
|
- added ability to add/remove interfaces without system reboot
- added `attempts` and `interval` to the VPP API connection. This is helpful in
case of high system load or when VPP was just started and API is not yet
available.
- added exceptions to API calls. This allows handling errors in communication
with API properly in conf-mode scripts.
- fixed PCI address search in VPP to match Linux kernel and ethtool style
- fixed systemd daemons control - first reload, then restart
- removed debug prints
- removed `vm.nr_hugepages` configuration. It is not required now but increases
RAM requirements a lot.
|