Age | Commit message (Collapse) | Author |
|
The op-mode command `show conntrack table ipv4` fails if gets a
conntrack entrie with `flowtable` offload. Those entries do not
have key `timeout`
```
File "/usr/libexec/vyos/op_mode/conntrack.py", line 115, in get_formatted_output
timeout = meta['timeout']
~~~~^^^^^^^^^^^
```
Use the timeout `n/a` for those offload conntrack entries
|
|
|
|
conntrack: T4022: add RTSP conntrack helper
|
|
T6121: Extend service config-sync to new sections
|
|
occurs also if only <policy route> is defined.
|
|
Extend `service config-sync` with new sections:
- LeafNodes: pki, policy, vpn, vrf (syncs the whole sections)
- Nodes: interfaces, protocols, service (syncs subsections)
In this cae the Node allows to uses the next level section
i.e subsection
For example any of the subsection of the node `interfaces`:
- set service config-sync section interfaces pseudo-ethernet
- set service config-sync section interfaces virtual-ethernet
Example of the config:
```
set service config-sync mode 'load'
set service config-sync secondary address '192.0.2.1'
set service config-sync secondary key 'xxx'
set service config-sync section firewall
set service config-sync section interfaces pseudo-ethernet
set service config-sync section interfaces virtual-ethernet
set service config-sync section nat
set service config-sync section nat66
set service config-sync section protocols static
set service config-sync section pki
set service config-sync section vrf
```
|
|
radvd: T6118: add nat64prefix support RFC8781
|
|
grub: T4548: Fixed GRUB configuration files order
|
|
To iterate files on ext* file systems GRUB reads their inodes one by one,
ignoring names. This breaks our configuration logic that relies on proper
loading order.
This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB
configuration files are created. It recreates files, changing their inodes in a
way where inodes order matches alphabetical order.
|
|
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime
must not be smaller than the "interface interval max" definition which defaults
to 600.
set service router-advert interface eth1 nat64prefix 64:ff9b::/96
|
|
|
|
conntrack: T5080: Fix rule order for applied conntrack modules
|
|
|
|
|
|
firewall: T6071: truncate rule description field to 255 characters
|
|
|
|
dhcp: T6102: Fix clear DHCP lease op-mode
|
|
vrrp: T6020: vrrp health-check script not applied correctly
|
|
config: T4919: Add support for encrypted config with TPM
|
|
Re-implements https://github.com/vyos/vyatta-cfg-system/pull/194
|
|
Re-implements https://github.com/vyos/vyatta-cfg/pull/54
|
|
|
|
* Add `clear dhcpv6-server lease`
* Standardize using vyos.opmode
|
|
T6075: firewall and NAT: check if interface-group exists when using them in firewall|nat rules.
|
|
T6096: Config commits are not synced properly because 00vyos-sync is deleted by vyos-router
|
|
http-api: T6069: fix allocation outside of thread lock
|
|
Lower available CPU C states to a minimum if this option set. This will set
Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1".
|
|
|
|
firewall|nat rules.
|
|
by vyos-router
|
|
T6084: Add NHRP dependency for IPsec and fix NHRP empty config bug
|
|
If we have any `vpn ipsec` and `protocol nhrp` configuration we
get the empty configuration file `/run/opennhrp/opennhrp.conf`
after rebooting the system.
Use config dependency instead of the old `resync_nhrp` function
fixes this issue
|
|
|
|
|
|
Example:
vyos@vyos# set protocols ospfv3 redistribute bgp
Possible completions:
metric OSPF default metric
metric-type OSPF metric type for default routes (default: 2)
route-map Specify route-map name to use
|
|
dhcp-server: T6079: Disable duplicate static-mappings on migration
|
|
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
configdep: T5839: remove trivially redundant config dependency calls
|
|
T5504: Keepalived VRRP ability to set more than one peer-address
|
|
banner: T6077: implement ASCII contest winner default logo
|
|
Added health-check to sync-group in CLI
Don't use instance health-check when instance in sync group member
Disallow wrong healtch-check configurations
New smoke test
|
|
|
|
|
|
|
|
Implement VyOS ASCII art contest winners logo as the default for our MOTD
|
|
vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is required
|
|
|
|
required
|
|
The current VyOS container image manipulation "delete container image" command
allows force removal of container images - even if they still have a container
running.
Drop the --force option from the op-mode script.
vyos@vyos:~$ delete container image 2636705a815a
Error: image used by 6adb0175d47f.. image is in use by a container: consider
listing external containers and force-removing image
|