| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-09-16 | T861: op-mode: add "show secure-boot [keys]" CLI command | Christian Breunig | |
| Support getting current system secure boot state. In addition add optional suppor tto list all enrolled MOK (Machine Owner Keys) in the UEFI variable store. | |||
| 2024-09-16 | T861: op-mode: "show version" will display secure boot state | Christian Breunig | |
| vyos@vyos:~$ show ver ... Architecture: x86_64 Boot via: installed image System type: KVM guest Secure Boot: enabled ... | |||
| 2024-09-12 | Merge pull request #4047 from natali-rs1985/T6676-current | Christian Breunig | |
| policy: T6676: Invalid route-map caused bgpd to crash | |||
| 2024-09-12 | Merge pull request #4046 from nvollmar/T6703 | Christian Breunig | |
| T6703: Adds option to configure AMD pstate driver | |||
| 2024-09-12 | Merge pull request #4021 from natali-rs1985/T6652-current | Daniil Baturin | |
| openfabric: T6652: Add support for OpenFabric protocol | |||
| 2024-09-12 | T6711: Fix restart vrrp missed comma between services | Viacheslav Hletenko | |
| Missing comma in the list between services 'ssh', 'suricata' 'vrrp', 'webproxy' Fix it | |||
| 2024-09-12 | Merge pull request #4042 from natali-rs1985/T6694-current | Christian Breunig | |
| op-mode: T6694: Move some op-mode commands to the "execute" family | |||
| 2024-09-12 | Merge pull request #4032 from dvlogic/Allow_Container_DNS_Disable | Christian Breunig | |
| T6701: Added ability to disable the container DNS plugin | |||
| 2024-09-11 | policy: T6676: Invalid route-map caused bgpd to crash | Nataliia Solomko | |
| 2024-09-11 | T6703: fix unrelated lint issues | Nicolas Vollmar | |
| 2024-09-11 | T6703: Adds option to configure AMD pstate driver | Nicolas Vollmar | |
| 2024-09-11 | T6294: Service dns forwarding add the ability to configure ZonetoCache | khramshinr | |
| 2024-09-11 | Merge pull request #4023 from nvollmar/T6679 | Christian Breunig | |
| T6679: add group option for nat66 | |||
| 2024-09-11 | container: T6701: add support to disable container network DNS support | Dave Vogel | |
| Add ability to set the container network with a disable-dns setting to disable the DNS plugin that is on be default. set container network <network> no-name-server | |||
| 2024-09-10 | Merge pull request #4038 from natali-rs1985/T6181-current | Daniil Baturin | |
| op_mode: T6181: A feature for checking ports | |||
| 2024-09-10 | op-mode: T6694: Move some op-mode commands in the "execute" family | Nataliia Solomko | |
| 'force netns' — move to 'execute shell netns'. 'force vrf'— move to 'execute shell vrf'. 'force owping' — move to 'execute owping'. 'force twping' — move to 'execute twping'. 'monitor bandwidth-test' — move to 'execute bandwidth-test`. 'telnet' — move to 'execute telnet' | |||
| 2024-09-10 | op_mode: T6181: A feature for checking ports | Nataliia Solomko | |
| 2024-09-06 | container: T6702: re-add missing UNIX API socket | Christian Breunig | |
| During podman upgrade and a build from the original source the UNIX socket definition for systemd got lost in translation. This commit re-adds the UNIX socket which is started on boot to interact with Podman. Example: curl --unix-socket /run/podman/podman.sock -H 'content-type: application/json' \ -sf http://localhost/containers/json | |||
| 2024-09-04 | openfabric: T6652: Add support for OpenFabric protocol | Nataliia Solomko | |
| OpenFabric is a routing protocol providing link-state routing with efficient flooding for topologies like spine-leaf networks. FRR implements OpenFabric in a daemon called fabricd | |||
| 2024-09-02 | T6679: add destination groups | Nicolas Vollmar | |
| 2024-08-25 | configd: T6671: track scripts proposed and scripts called | John Estabrook | |
| 2024-08-24 | dhclient: T6667: Added workaround for communication with FRR | zsdc | |
| To increase the chance for dhclient to configure routes in FRR, added a workaround. Now 10 attempts are performed with 1 second delay and only after this dhclient gives up. | |||
| 2024-08-22 | T6561: Add vrf aware for show ntp | Viacheslav Hletenko | |
| 2024-08-21 | T6672: Fix system option ssh-client source-interface | Viacheslav Hletenko | |
| Fix for system option ssh-client source-interface For the `verify_source_interface` the key `ifname` if required | |||
| 2024-08-20 | Merge pull request #3975 from lucasec/t6183 | Christian Breunig | |
| T6183: interfaces openvpn: suppport specifying IP protocol version | |||
| 2024-08-20 | Merge pull request #3977 from natali-rs1985/T5743-current | Christian Breunig | |
| T5743: HTTPS API ability to import PKI certificates | |||
| 2024-08-18 | op_mode: T3961: Generate PKI expect 2 character country code | Nataliia Solomko | |
| 2024-08-16 | Merge pull request #3987 from natali-rs1985/T6649-current | Daniil Baturin | |
| ipoe_server: T6649: Accel-ppp separate vlan-mon from listen interfaces | |||
| 2024-08-15 | T6649: Accel-ppp separate vlan-mon from listen interfaces | Nataliia Solomko | |
| 2024-08-14 | op_mode: T6651: Add a top level op mode word "execute" | Nataliia Solomko | |
| 2024-08-13 | T6183: interfaces openvpn: suppport specifying IP protocol version | Lucas Christian | |
| 2024-08-13 | T5743: HTTPS API ability to import PKI certificates | Nataliia Solomko | |
| 2024-08-12 | suricata: T6624: Fix for service suricata address-groups cannot be used in ↵ | Nataliia Solomko | |
| each other | |||
| 2024-08-12 | T6648: dhcpv6-server: align stateless DHCPv6 options with stateful | Lucas Christian | |
| 2024-08-12 | configd: T6633: inject missing env vars for configfs utility | John Estabrook | |
| 2024-08-12 | configverify: T6642: verify_interface_exists requires config_dict arg | John Estabrook | |
| The function verify_interface_exists requires a reference to the ambient config_dict rather than creating an instance. As access is required to the 'interfaces' path, provide as attribute of class ConfigDict, so as not to confuse path searches of script-specific config_dict instances. | |||
| 2024-08-08 | qos: T6638: require interface state existence in verify conditional | John Estabrook | |
| 2024-08-07 | configd: T6640: enforce in_session returns False under configd | John Estabrook | |
| The CStore in_session check is a false positive outside of a config session if a specific environment variable is set with an existing referent in unionfs. To allow extensions when running under configd and avoid confusion, enforce in_session returns False. | |||
| 2024-08-05 | sysctl: T3204: restore sysctl setttings overwritten by tuned | Christian Breunig | |
| 2024-08-05 | Merge branch 'current' into feature/T4694/gre-match-fields | Christian Breunig | |
| 2024-08-05 | Merge pull request #3920 from fett0/T6555 | Christian Breunig | |
| OPENVPN: T6555: add server-bridge options in mode server | |||
| 2024-08-05 | Merge pull request #3939 from c-po/unused-imports | Christian Breunig | |
| T5873: T6619: remove unused imports | |||
| 2024-08-04 | firewall: T4694: Adding GRE flags & fields matches to firewall rules | Andrew Topp | |
| * Only matching flags and fields used by modern RFC2890 "extended GRE" - this is backwards-compatible, but does not match all possible flags. * There are no nftables helpers for the GRE key field, which is critical to match individual tunnel sessions (more detail in the forum post) * nft expression syntax is not flexible enough for multiple field matches in a single rule and the key offset changes depending on flags. * Thus, clumsy compromise in requiring an explicit match on the "checksum" flag if a key is present, so we know where key will be. In most cases, nobody uses the checksum, but assuming it to be off or automatically adding a "not checksum" match unless told otherwise would be confusing * The automatic "flags key" check when specifying a key doesn't have similar validation, I added it first and it makes sense. I would still like to find a workaround to the "checksum" offset problem. * If we could add 2 rules from 1 config definition, we could match both cases with appropriate offsets, but this would break existing FW generation logic, logging, etc. * Added a "test_gre_match" smoketest | |||
| 2024-08-04 | Merge pull request #3901 from nicolas-fort/T4072-extend-bridge-fwall | Christian Breunig | |
| T4072: firewall extend bridge firewall | |||
| 2024-08-04 | ipsec: T5873: remove unused imports | Christian Breunig | |
| 2024-08-04 | multicast: T6619: remove unused imports | Christian Breunig | |
| 2024-08-02 | Merge pull request #3933 from jestabro/add-missing-standard-func | Daniil Baturin | |
| T6632: add missing standard functions to config scripts | |||
| 2024-08-02 | Merge pull request #3932 from jestabro/check-kmod-under-configd | Daniil Baturin | |
| T6629: call check_kmod within a standard config function | |||
| 2024-08-02 | T6619: Remove the remaining uses of per-protocol FRR configs (#3916) | Roman Khramshin | |
| 2024-08-02 | T6486: generate OpenVPN use data-ciphers instead of ncp-ciphers (#3930) | Viacheslav Hletenko | |
| In the PR https://github.com/vyos/vyos-1x/pull/3823 the ncp-ciphers were replaced with `data-ciphers` fix template for "generate openvpn client-config" | |||
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) |
| summaryrefslogtreecommitdiff |