Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-08-23 | containers: T2216: add missing verify() step on environment variables | Christian Poessinger | |
A environment variable MUST always have a value specified. Non existing values will cause the following error: Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/containers.py", line 269, in <module> apply(c) File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in apply env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items()) File "/usr/libexec/vyos/conf_mode/containers.py", line 224, in <genexpr> env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items()) KeyError: 'value' | |||
2021-08-21 | pppoe: T3090: migrate to vyos.ifconfig library to use the full potential | Christian Poessinger | |
Now that MSS clamping is done on the "per-interface" level the entire PPPoE stuff would have needed to get a full copy in GNU BASH for this or, participate in the common library. Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the vyos.ifconfig.PPPoEIf.update() function to configure everything as done with all other interfaces. This removes duplicated code for VRF assignment and route installation when a PPPoE interface is brought up or down. | |||
2021-08-21 | wwan: T3620: remove superfluous import statement | Christian Poessinger | |
WWAN does no londer need to render any configuration files. | |||
2021-08-21 | interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" ↵ | Christian Poessinger | |
level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value. | |||
2021-08-21 | udev: T2490: fix substitution error reported by udev | Christian Poessinger | |
2021-08-21 | nhrp: T3599: move PID file to /run/opennhrp | Christian Poessinger | |
2021-08-20 | bgp: T3759: add IPv4/IPv6 unicast AFI route-map for VPN import/export | Christian Poessinger | |
This adds the following new commands: set protocols bgp address-family ipv4-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv4-unicast route-map vpn import foo-map-in set protocols bgp address-family ipv6-unicast route-map vpn export foo-map-out set protocols bgp address-family ipv6-unicast route-map vpn import foo-map-in | |||
2021-08-18 | bgp: evpn: T1513: VNI rt and rd are only supported under EVPN VRF | Christian Poessinger | |
2021-08-18 | nat: T2198: remove superfluous else clause on missing outbound-interface | Christian Poessinger | |
2021-08-18 | nptv6: T2518: remove superfluous else clause on missing outbound-interface | Christian Poessinger | |
2021-08-18 | nptv6: T2518: add missing verify() stage for mandatory translation address | Christian Poessinger | |
2021-08-18 | nat66: ndppd: T2518: rename Jinja2 template folder to match common naming ↵ | Christian Poessinger | |
convention | |||
2021-08-18 | policy: T2425: import exact Perl match criteria for large-community-list | Christian Poessinger | |
2021-08-17 | bgp: T3759: add l3vpn "import vrf" commands | Christian Poessinger | |
2021-08-17 | bgp: T2771: adjust verify() logic to common coding style for validation | Christian Poessinger | |
2021-08-17 | policy: T2425: add missing validator for large-community-lists | Christian Poessinger | |
without the validators FRR commit errors would happen. | |||
2021-08-16 | conntrack: T3579: bugfix when deleting non existent iptable rules | Christian Poessinger | |
We only delete iptables rules if they really exist - if we try to delete a non- existing rule a PermissionError exception is thrown. We could either ignore the error code (that is what the old Vyatta code did), or we check what we are doing beforehand. | |||
2021-08-16 | conntrack: T3579: remove debug print() | Christian Poessinger | |
2021-08-16 | ospf: T3757: verify() bugfix for interface area | Christian Poessinger | |
Commit 6f87d8c9 ("ospf: T3757: support to configure area at an interface level") did not allow the old way an area and netwokr was set-up as the if expression was missing a check if 'area' was set in both the interface and the ospf process. | |||
2021-08-15 | pbr: T3702: Fix incorrect splits for fwmark | Viacheslav | |
2021-08-15 | ospf: T3757: support to configure area at an interface level | Christian Poessinger | |
FRR supports configuring either network prefixes per area, or assign an interface to an area to participate in the routing process. This is already well known from other venders and supported by FRR. A valid VyOS OSPF configuration would then look like: vyos@vyos# show protocols ospf { interface dum0 { area 0 } interface eth0.201 { area 0 authentication { md5 { key-id 10 { md5-key vyos } } } dead-interval 40 hello-interval 10 priority 1 retransmit-interval 5 transmit-delay 1 } log-adjacency-changes { detail } parameters { abr-type cisco router-id 172.18.254.201 } passive-interface default passive-interface-exclude eth0.201 } | |||
2021-08-15 | wireguard: T3756: fix generated qr code header | Boris Manojlovic | |
2021-08-15 | Merge pull request #944 from sever-sever/T3702 | Christian Poessinger | |
pbr: T3702: Add rules match fwmark | |||
2021-08-15 | Merge pull request #970 from jack9603301/T3648 | Christian Poessinger | |
op-mode: nat: T3648: Modify the operation mode script implementation of NAT to fix the existing problem | |||
2021-08-15 | conntrack: T3275: migrate 'disable' syntax to 'enable' syntax for the new ↵ | Lulu Cathrinus Grimalkin | |
default behavior | |||
2021-08-14 | op-mode: ipsec: T3745: "show vpn ipse sa" improve sorting | Christian Poessinger | |
2021-08-14 | ospf: T3236: use proper daemon named template file | Christian Poessinger | |
2021-08-14 | op-mode: nat: T3648: Modify the operation mode script implementation of NAT ↵ | jack9603301 | |
to fix the existing problem | |||
2021-08-13 | vrf: T3734: T3728: vni must be configured with a higher priority then bgpd | Christian Poessinger | |
When removing bgp (vrf) instances the assigned VRF vni must be deleted from FRR prior the removal of the bgp settings (T3734). This is now done by moving the CLI command "set vrf name red vni 1000" to a dedicated Python script with a priority higher then bgp. | |||
2021-08-13 | Merge pull request #969 from sarthurdev/T3752 | Christian Poessinger | |
pki: T3752: Fix file output for certificate requests | |||
2021-08-13 | pki: T3752: Fix file output for certificate requests | sarthurdev | |
2021-08-13 | openvpn: T3738: Disable authentication option for server mode | Viacheslav | |
2021-08-13 | Merge pull request #967 from sever-sever/T3708-curr | Christian Poessinger | |
isis: T3708: Fix errors in MTU calculation | |||
2021-08-13 | isis: T3708: Fix errors in MTU calculation | Viacheslav | |
2021-08-12 | T3749: Moving some counters into the proper loop | Kroy | |
2021-08-12 | login: T3746: inform users about pending reboots | Christian Poessinger | |
2021-08-12 | Merge pull request #963 from FileGo/T3744 | Christian Poessinger | |
dns: T3744: fixed dns fwd statistics formatting | |||
2021-08-12 | dns: T3744: fixed dns fwd statistics formatting | FileGo | |
2021-08-10 | snmp: T3709: Allow enable oid ipCidrRouteTable | Viacheslav | |
2021-08-10 | pki: wireguard: T3642: strip private key | Christian Poessinger | |
Extend regex used by the "| strip-private" modifier to remove the WireGuard private key portion from stdout. | |||
2021-08-09 | ipsec: T3720: assigning vti secondary address caused interface in A/D state | Christian Poessinger | |
2021-08-08 | ipsec: l2tp: T2816: remove duplicate 3des-sha1-modp1024 proposal | Christian Poessinger | |
2021-08-08 | Merge pull request #956 from Cheeze-It/current | Christian Poessinger | |
PING: T3634: Fixing do not fragment to Ping | |||
2021-08-06 | http-api: T2768: add README.graphql | John Estabrook | |
2021-08-06 | http-api: T2768: example using GraphQL for high-level config operations | John Estabrook | |
2021-08-06 | Revert "http-api: T2768: example using GraphQL for high-level config operations" | John Estabrook | |
This reverts commit a2b959c50c96698da173b9c4720369a51442cc5c. | |||
2021-08-06 | Revert "http-api: T2768: add README.graphql" | John Estabrook | |
This reverts commit 4a9063f755b72786c3c5928b2fa74cf1aa935129. | |||
2021-08-06 | http-api: T2768: add README.graphql | John Estabrook | |
2021-08-06 | http-api: T2768: example using GraphQL for high-level config operations | John Estabrook | |
2021-08-06 | frr: T3694: temporary disable VRF VNI assignment | Christian Poessinger | |
Somehow we hit a priority inversion here as we need to remove the VRF assigned VNI before we can remove a BGP bound VRF instance. Maybe move this to an individual helper script that set's up the VNI for the given VRF after any routing protocol (in our case this was triggered by running "make testc" when building an ISO image by the bgp-rpki config). |